last executing test programs:

1m17.517508025s ago: executing program 0 (id=676):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x80000000, 0x4)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r0, &(0x7f0000000080)="ac", 0xfffd, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0x8, @loopback, 0xc5f}, 0x1c)

1m17.147217567s ago: executing program 0 (id=679):
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000002c0)={0x0, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfe, 0x2, 0x0, 0x0, 0x0, 0x40, 0x11}, 0xe)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x2000884c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000140016"], 0x4c}}, 0x0)

1m16.960129754s ago: executing program 0 (id=682):
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r1, &(0x7f0000000480)={0x18, 0x2, {0x0, @multicast2}}, 0x1e)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0xffff, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)

1m16.78049175s ago: executing program 0 (id=684):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000b80)={[{@errors_remount}, {@nobh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@dioread_lock}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
symlink(&(0x7f00000005c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000002c0)='.\x02\x00')
chdir(&(0x7f0000000000)='./file0\x00')
open(&(0x7f0000000740)='.\x02\x00', 0x2, 0x0)

1m16.226320909s ago: executing program 0 (id=688):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'hsr0\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)

1m13.872054128s ago: executing program 0 (id=698):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x16)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000300)={'some', 0x20, 0xffffffffffffffff, 0x20, 0x200100001}, 0x2f)

1m13.361998816s ago: executing program 32 (id=698):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x16)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000300)={'some', 0x20, 0xffffffffffffffff, 0x20, 0x200100001}, 0x2f)

3.770310562s ago: executing program 1 (id=1108):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
syz_clone(0x648e7000, 0x0, 0x0, 0x0, 0x0, 0x0)

3.155831763s ago: executing program 4 (id=1109):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
read$FUSE(r0, &(0x7f0000004900)={0x2020}, 0x2020)

3.153414973s ago: executing program 1 (id=1119):
r0 = socket(0x11, 0x3, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0x2762, 0x4)
sendmmsg(r0, &(0x7f0000000bc0)=[{{&(0x7f0000000400)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000040)="d479183d7d98d181a4b5f3e38100", 0xe}], 0x1}}], 0x1, 0x24044015)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x200000000000000)

3.152752773s ago: executing program 3 (id=1110):
r0 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'sit0\x00', <r2=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
bind$xdp(r0, &(0x7f0000000040)={0x2c, 0x9, r2, 0x2e, r0}, 0x10)

3.036820397s ago: executing program 1 (id=1111):
r0 = fanotify_init(0x2, 0x8000)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x800000, 0x0)
fanotify_mark(r0, 0x1, 0x1018, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
umount2(&(0x7f0000000180)='./file0\x00', 0xb)

2.835496524s ago: executing program 3 (id=1113):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=")
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, 0x0)
quotactl_fd$Q_SETINFO(r0, 0xffffffff80000600, 0xee00, &(0x7f0000000380)={0x228, 0x1, 0x0, 0x6})

2.814423835s ago: executing program 1 (id=1114):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc800}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1030000080003400000000114000000110007"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

2.553690313s ago: executing program 5 (id=1116):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000840)="0b8b780140f34dfd15f379dc4e6c66b6e41a7e11ed3bec293fb99065461846d5b06b16a7e27fa83e7780b66411c639f38a6c5772ff76c2055694a87f4312ea75c088d3196ac5f8dbadb555c9fbb5b5b1e67daed816c9c8157600cdcd7457f892ee162f778c2c9997a3cc7491b7ca7d37fe219930c5ded284da818f2c9ea763229035f0f5d9f61a10469d3d0e0ab37275b7e61507766a4ff82d73afdd191cb0c49aae5fbe9cc9671c919ac426cf73bf332b4d874787f5ffc85f1b4caf9d585d579f003840fade57a4a0bd16509b90e41918b8e40eb5cf8037548248f2c66db94f558de0d9ba64f75c6f3aad67288d5a2a253d96c3707bbebbe8db649f5a30fd1c7b4bc6e791c30d6bee7ec0fcb37c4c0a53956c07b16112b7d771cabcaade3e898730b246a0002d3000d2d5e7348e7df9f1cdbc3392412f6c41fbc4d8b25bd50d46512c25d33d68cf8de868b5153b0001264fcb405bdd52d4e2d09b782fe27ab435044fbfb1851df0d77ad033c779fa80ee6b2585c58e0faaa1253130c1b7da21ab4ac7c45f2cbef8d37f31704ff96fae9ea16e3260cc032056127ede9e0ccd09cbd208c5464bbb17af9d260cb2740d9ff907d6227d4258bc2df8b3ac0fe486215702d4d2fc8d546bbf6de68fc1d86b7f4aaf9d9daca636a97762fa998b26059a5f8ba96f1d503d417074ddec852e1d811e3150dd92f57607db03c129778216edca8797cff0974834e01047a572304f959d4cc9bf357bda79a096eae101a73f33f910cab5fc09173bbe6afdbffe0f8019d077074cb7896d4cef33865f1374e45e6946c2a124e4d495d925f542c2cf048e8ce36b41f865d500ce5e1acbb25b4c0c8c9e500c34a9da68c85bade9e496995eceb4153dfa9daf5caa68e0174c0d4faaec041307046ecd872a578942f6fbaa648d02bdc63b2131148c7cff74833a6e303672bbd9f759a8b1d6acdb799354bdb38679ab1f8f0f6131187c6b9b64aa06fbb5287f634f17dafc89a2896a778c1b8542f1339ab1ce122fec4f99853624fafcb43aa57793c6b67d46b470054dfd9cbc80759320d96d496ab52051f60835f3b8307eeff1f80501889fbd08919c37b5413b51ce1ec5ef5fa8502dc0e4fecf87ef95d58cc39e8d207b36b7e68672e5c157ecde1e7f857c406cbd065dc32db75ed5a6b150c2b1afe6dd879c9baeed6e9f0a9b000a321de2a0bd703dc44f73c0ec7fd952cafc0405d0c47f8f5acd48fe669fa2f8a6026d4660b2d9921857c82320208f81fab53d28ceaf2f7f4f14a5c9074178a838a54934da0e83ef303c9dcb08f1b5b9289004a3f0bffcf53114b0833b957f02b217b64a2e8a8271240b5c0d08f3b7d6385da5ac0038abe9b032155e2bf567dbad45f25ec17b22bad34b2151aec6cf0ab692c76fc6e5af1dbfe97fa6d3999e236c064497e70d8fc4930f111a07678f893bda6b9584f808dc2c036a15d4ecc006a06d2f00b64000554c397522590d431024caac195a1f1537bc81bd694fd19f3372396ad43697dd315171ac778021e3964d3bcfc2bdb1e09bf3e2f24b397d06f68fe3b827b6c1e049c51330035c699133d0fac9661781cdb8e33780c2558acba3120077df7e715a6a705c75873160af6caea20b85821f1dd6511666483df09897cdb13fab75bee3b6df63898a2871873a4a5c8a1dc9b3347831f20ba15a94d521fb20f5d9a4bf1d17c1e370fc8fc833d00ee6c091b2f6e52f5b09a1f66cd6a7cd1433fb5409aaa18b00fc40650817fa7ae2b2b3bfe6ecd2acfcca46ccb53bc98cd1f1b3f9845361ae914323eed60a0b5afc645fec49bdb96a3e2663cfcd8de03ba9cae9ccc69c75737791ad71118a153f6aef8409fd3fe28ac0c3c690a79cfe77aad599be48476eafbcf3a5b866040c44aa060021517c4c4e369e6f4934009676b627a9192d73d13291fb18e50469fbf6e337dccb3059610ada624ae64597bb605295ea290e67ae8d9de10607b2ea5f5866b08d985ab52840f0e24236df1d3eceeb331e4cf23f267a9a7e", 0x59c}], 0x1}, 0x4048003)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c)

2.473120246s ago: executing program 1 (id=1117):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
pipe2$9p(&(0x7f0000000480)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000001540), 0x1000000, &(0x7f0000001640)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2.375963849s ago: executing program 3 (id=1118):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

2.0772877s ago: executing program 4 (id=1122):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x8, 0x6, 0x7}, 0x51, [0xd4, 0x6, 0xb4e, 0x8a4, 0x2, 0x2, 0x7fffffff, 0x80000001, 0x80005, 0x1, 0x101, 0x3c6, 0x7, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x421, 0xbc5e, 0x7, 0x1, 0x8, 0xffff, 0xe, 0x8001, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1ff4, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0x6, 0x2, 0x5, 0x9, 0x5, 0x9, 0x0, 0x3a23, 0x1000, 0x57f5, 0x2, 0x6, 0x4aef, 0xb8547353], [0x80000000, 0xffffffff, 0x4, 0x5, 0x7fffffff, 0x1, 0x553, 0x7, 0x2, 0x6, 0x8, 0xc, 0x36, 0xa, 0x6, 0x1, 0x9, 0x98, 0xb4, 0xe56c, 0xa4, 0x4, 0x99d, 0x8, 0x3, 0xd, 0x5, 0x0, 0x6e38, 0x8000, 0xa, 0x202, 0x3, 0x0, 0x5, 0x7, 0x2, 0xd, 0x7, 0xfff, 0x4, 0x200000, 0x40, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x801ff, 0x4, 0x1b2c5a17, 0x1, 0x9, 0x8, 0x0, 0xffffffff, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0x6], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x25, 0x45, 0x3, 0x5, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0xfffffffe, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x8, 0x2, 0x4, 0x800, 0x7, 0x9, 0x0, 0x100, 0x1, 0xfffffffe, 0x7, 0x0, 0x9, 0x8c0, 0x9, 0x2, 0x6, 0x7, 0x6, 0x5, 0x81, 0xf7b4, 0xffffff20, 0x55f2, 0xdf46, 0x9, 0x7f, 0x9, 0x8000, 0x40, 0xf, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7fffffff, 0x3, 0x10], [0x0, 0x896, 0x8, 0x246d, 0x6, 0x101, 0xfffff412, 0xd, 0x7ff, 0x606, 0x4, 0x9, 0x80000001, 0x2, 0x8000000b, 0x2, 0x7, 0x5, 0x80000000, 0x2, 0x7ff, 0x3ff, 0x0, 0x2, 0x6, 0x100, 0x2, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xd, 0x5, 0x7, 0x1, 0xa38, 0x1, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x1000, 0x3, 0x2, 0x15, 0x8000, 0xa5a, 0x81, 0x5, 0x7, 0xfffffffc, 0x4, 0x7, 0x701a7e2b]}, 0x45c)

1.809128488s ago: executing program 4 (id=1123):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x42, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc)

1.517848238s ago: executing program 3 (id=1124):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0xfffe)
preadv(r1, &(0x7f0000000100), 0xa, 0x0, 0x0)

1.48376302s ago: executing program 5 (id=1125):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket(0x11, 0x2, 0x0)
setsockopt(r1, 0x107, 0x14, &(0x7f0000000000)="11106e00", 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r2=>0x0})
sendmsg$can_j1939(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1d, r2, 0x0, {0x0, 0xf0, 0x1}}, 0x18, &(0x7f0000000280)={&(0x7f0000000200)="85", 0x1}, 0x1, 0x0, 0x0, 0x50}, 0x40)

1.4799434s ago: executing program 4 (id=1126):
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file7\x00', 0x200008, &(0x7f0000000340)=ANY=[], 0x1, 0x1d3, &(0x7f0000000100)="$eJzs3cFqE1EUBuAzsTapIHYniOCAG1dBfYKKRBAHRCULXSm0bhoRks3oxvoWPqAPIF11IyNmxsaWZGxjzJj0+zb5yTmTey+ESTY5eX3z3f7u+9Hbr9e/RKeTRGsnduIoie1oxS8HAQCsk6OiiG9FsdH0PgCA5ak+/8dmtHyvu94XBwBYPS9evnryIMt6z9O0E3F4kPfzfvlY1h89znp307HtyVWHed6/dFy/V9bTk/XLcSUitiLr3Z9a34w7t8fXf/5Ze/g0O1Vvx+6/Pz4AAAAAAAAAAAAAAAAAAAAAADSimx6bOt+n251VL9Nv84FOze/ZiBuGAwIAAAAAAAAAAAAAAAAAAMCZjD583H8zGOwNJ6EdESefmS8U12YuMS2kEfH3i543tGJ5a61aSP6PbZwzRDV1oqbn1mLe4c+u/qkn5nvlzYio79mqP+AiwuQe0W7m1gQAAAAAAAAAAAAAAAAAABdO9VvfZDhqeicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Jzy//8He8N5wqeIOENztVTS8FEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYYz8CAAD//x8yIRo=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1ff)
r0 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x18)
fcntl$notify(r0, 0x402, 0x8000003d)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0)

1.448130391s ago: executing program 2 (id=1127):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, 0x0, 0xd9842d6b3f8636a0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

1.295830566s ago: executing program 1 (id=1128):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0db7)
fchown(r0, 0x0, 0xee01)

1.17110002s ago: executing program 3 (id=1129):
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000308040800000000000000000a00000205000300210000000900010073797a310000000004000480140004800800014000000400080001"], 0x40}, 0x1, 0x0, 0x0, 0x8000080}, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018"], 0x4c}}, 0x4000804)

1.142527951s ago: executing program 5 (id=1130):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0)
fcntl$notify(r0, 0x402, 0x80000011)
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f0000000240)='oom_score_adj\x00')
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)

1.118984562s ago: executing program 2 (id=1131):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x8}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc0051}, 0x8050)

977.063387ms ago: executing program 4 (id=1132):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t', 0x5)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000140)={0x1, 0x3, 0x200, 0x835, 0x7ff, 0x92, 0xd25, 0x7fffffff, r2}, &(0x7f00000005c0)=0x20)

872.70428ms ago: executing program 3 (id=1133):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYRES16], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/217, 0xd9}], 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

833.300532ms ago: executing program 5 (id=1134):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000001840)="18"})

798.346213ms ago: executing program 2 (id=1135):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x3}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000480)={@in6={{0xa, 0x4e22, 0x4, @private2, 0x9}}, 0x0, 0x0, 0xb, 0x0, "9ecf3315567f14d56a87d134cc409e2a652dbbf6c50480937c6fa85af81bc6fc54b71f03985ac33e31d612d976a6efcda8853b8a4430503621f06679995d916cb4361795dd7dbae51d07384b7c2e6949"}, 0xd8)
syz_emit_ethernet(0x5e, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00@\x00', 0x28, 0x6, 0x1, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @local, {[], {{0x4e24, 0x4e28, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x2, 0x0, 0x0, {[@md5sig={0x13, 0x12, "d4c466fb19f71e96642faa2300"}]}}}}}}}}, 0x0)

612.822469ms ago: executing program 4 (id=1136):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000840)="0b8b780140f34dfd15f379dc4e6c66b6e41a7e11ed3bec293fb99065461846d5b06b16a7e27fa83e7780b66411c639f38a6c5772ff76c2055694a87f4312ea75c088d3196ac5f8dbadb555c9fbb5b5b1e67daed816c9c8157600cdcd7457f892ee162f778c2c9997a3cc7491b7ca7d37fe219930c5ded284da818f2c9ea763229035f0f5d9f61a10469d3d0e0ab37275b7e61507766a4ff82d73afdd191cb0c49aae5fbe9cc9671c919ac426cf73bf332b4d874787f5ffc85f1b4caf9d585d579f003840fade57a4a0bd16509b90e41918b8e40eb5cf8037548248f2c66db94f558de0d9ba64f75c6f3aad67288d5a2a253d96c3707bbebbe8db649f5a30fd1c7b4bc6e791c30d6bee7ec0fcb37c4c0a53956c07b16112b7d771cabcaade3e898730b246a0002d3000d2d5e7348e7df9f1cdbc3392412f6c41fbc4d8b25bd50d46512c25d33d68cf8de868b5153b0001264fcb405bdd52d4e2d09b782fe27ab435044fbfb1851df0d77ad033c779fa80ee6b2585c58e0faaa1253130c1b7da21ab4ac7c45f2cbef8d37f31704ff96fae9ea16e3260cc032056127ede9e0ccd09cbd208c5464bbb17af9d260cb2740d9ff907d6227d4258bc2df8b3ac0fe486215702d4d2fc8d546bbf6de68fc1d86b7f4aaf9d9daca636a97762fa998b26059a5f8ba96f1d503d417074ddec852e1d811e3150dd92f57607db03c129778216edca8797cff0974834e01047a572304f959d4cc9bf357bda79a096eae101a73f33f910cab5fc09173bbe6afdbffe0f8019d077074cb7896d4cef33865f1374e45e6946c2a124e4d495d925f542c2cf048e8ce36b41f865d500ce5e1acbb25b4c0c8c9e500c34a9da68c85bade9e496995eceb4153dfa9daf5caa68e0174c0d4faaec041307046ecd872a578942f6fbaa648d02bdc63b2131148c7cff74833a6e303672bbd9f759a8b1d6acdb799354bdb38679ab1f8f0f6131187c6b9b64aa06fbb5287f634f17dafc89a2896a778c1b8542f1339ab1ce122fec4f99853624fafcb43aa57793c6b67d46b470054dfd9cbc80759320d96d496ab52051f60835f3b8307eeff1f80501889fbd08919c37b5413b51ce1ec5ef5fa8502dc0e4fecf87ef95d58cc39e8d207b36b7e68672e5c157ecde1e7f857c406cbd065dc32db75ed5a6b150c2b1afe6dd879c9baeed6e9f0a9b000a321de2a0bd703dc44f73c0ec7fd952cafc0405d0c47f8f5acd48fe669fa2f8a6026d4660b2d9921857c82320208f81fab53d28ceaf2f7f4f14a5c9074178a838a54934da0e83ef303c9dcb08f1b5b9289004a3f0bffcf53114b0833b957f02b217b64a2e8a8271240b5c0d08f3b7d6385da5ac0038abe9b032155e2bf567dbad45f25ec17b22bad34b2151aec6cf0ab692c76fc6e5af1dbfe97fa6d3999e236c064497e70d8fc4930f111a07678f893bda6b9584f808dc2c036a15d4ecc006a06d2f00b64000554c397522590d431024caac195a1f1537bc81bd694fd19f3372396ad43697dd315171ac778021e3964d3bcfc2bdb1e09bf3e2f24b397d06f68fe3b827b6c1e049c51330035c699133d0fac9661781cdb8e33780c2558acba3120077df7e715a6a705c75873160af6caea20b85821f1dd6511666483df09897cdb13fab75bee3b6df63898a2871873a4a5c8a1dc9b3347831f20ba15a94d521fb20f5d9a4bf1d17c1e370fc8fc833d00ee6c091b2f6e52f5b09a1f66cd6a7cd1433fb5409aaa18b00fc40650817fa7ae2b2b3bfe6ecd2acfcca46ccb53bc98cd1f1b3f9845361ae914323eed60a0b5afc645fec49bdb96a3e2663cfcd8de03ba9cae9ccc69c75737791ad71118a153f6aef8409fd3fe28ac0c3c690a79cfe77aad599be48476eafbcf3a5b866040c44aa060021517c4c4e369e6f4934009676b627a9192d73d13291fb18e50469fbf6e337dccb3059610ada624ae64597bb605295ea290e67ae8d9de10607b2ea5f5866b08d985ab52840f0e24236df1d3eceeb331e4cf23f267a9a7e", 0x59c}], 0x1}, 0x4048003)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c)

570.634991ms ago: executing program 5 (id=1137):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000000)=[{r0, 0x20d6}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f6003300", 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000200)=0x2, 0x43)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)

495.937953ms ago: executing program 2 (id=1138):
r0 = io_uring_setup(0x560e, &(0x7f00000003c0)={0x0, 0xb589, 0x0, 0x0, 0x3bd})
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
listen(r1, 0x3)
accept4(r1, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

262.818571ms ago: executing program 5 (id=1139):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$OCFS2_IOC_REFLINK(r0, 0x40186f04, &(0x7f00000000c0)={0x0, &(0x7f0000000080)='ext4\x00', 0x4})
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5bc, &(0x7f0000001440)="$eJzs3V2IXGcdB+D/md1N87E1H7Zqa2xWQ20gdGez2YREvLDEj1qTWlG8CIWwZKe7IbM7a3YD3algizeiIII3IggVe2FFNJCbSqntRYs3Ckr9oKIxoIIIRSsFEdSRdz620+akCe7uHJrzPHBm3/Oe2X3f2eE355w57zkngNIaSw9ZxGhEXIyI7Z3Z1z9hrPOjefDCXJqyaLU+/bes/byZgxfmek/t/d629DAcsTkidh3LYu/Ile0urTTPTtfrtXPd+ery/GJ1aaV595n56dnabG3h0JGpo5OHp45Mrd9rnfjZ1lv/fOf9l594/p///tZvDv8g9Xe0u6z/dayXsRjr/k9GYmdf/XAWcd96N1aQoc5bHXf21WXDBXaI69Zq7fp+ev/eHhF72/nfHkPRefNeevrBf2yPX91bdB+BjdPqyV/8Sgu4YVXa28BZZTwiOuVKZXy8sw1/S2yt1BtLy/sfapxfmOlsK++IkcpDZ+q1ie6+wo4YydL8gXb5tfnJN8wfjGhvA39paEt7fvx0oz4z6A87oG004tLFz53etO0N+f/LUCf/wI0r5f+XLzz1bCq/OlR0b4BBSvn/3qvznwj5h9KRfygv+Yfykn8oL/mH8pJ/KC/5h/KSfygv+Yfykn8or17+HzhxIh44caLV7J7/vtCYPXN2bvHo5MT4/PnT46cb5xbHZxuN2fYZO/PX/rv1RmPxwGScf7i6XFtari6tNE/NN84vLJ9qn9d/qpZzKQCgACcvb75v557nXsoi4tEPbGlPyabuclmFG1urlUXR5yADxbDrD+XlUm1QXvbxgewayzdfbUF9/fsCDEal6A4AhbnrNsf/oKx8/w/l5ft/KC/b+IDv/6F8fP8P5TV6lft/3dx3766JiHhbRPx0aOSm3r2+gLeU1+3qj0ZcuvSdz1ZX78OtoKCgsFoo7oMKGIzXQl90T4CizBy8MNebBtXmM7ODagnI8/I9nUFAKffN7tRZMrx6bGBkg8YJ7bwjPf7o94/vmxtKU3Q/hzagKSDHo49FxLvy1v9Z+9jAju7zdnWeFrdExK0R8Y6IeOca2/7GpyLG4oVaf538w+Bcb/5vi4i0ur49It4dEbsj4j1rbPsXF1P+f72lv07+oRw+/3zRPQCK8vGniu4BUJSTxhhAaX33kaJ7ABTl6R8W3QOgKF99segeQLk9d09ETOQd/6u0j/f3jHSvC3hT91oAWyJia0Rs655DeHP3HMHtfccMr+XUJyPG4o4f99c5/geD0xv/17xi/F9ldfzfUETsWUMbz3xw9Ct59dO7U/6feKQ3/i9Nqf3eWEBgY738WMTtufnPVsf8ZpFyGvHe/7ONsS9cfjKv/sX7098d+bn8QzFa3454f+TnvyeVqsvzi9Wllebd7ft4z9YWDh2ZOjp5eOrIVLV9iZBq70IhOY7//ZX9efW/m0z5/+Yh+YdipPX/1qvkv3/7/31raOPY1798Mq9+9I8p/7ufffP8V/66KftMe753X4KHp5eXzx2I2JQdv7J+cg0dhRtcLyO9DKX879ubv/+/q/s7af1/LCI+nLYXIuI/EfHfiPhIRHw0Ij4WEfe+SZtfu2v2cl79H55M+X/8rPU/FCPlf+Ya6//0819raGP/vp98Ma/+Q3tS/sd/+6fjDw6nSf4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1t/SSvPsdL1eO7eBhaJfIwAAAAAAAJTF/wIAAP//d8Uzog==")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000340)='./file1\x00', 0x20fffbfffc)

240.284312ms ago: executing program 2 (id=1140):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00')
fchdir(r0)
creat(&(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x94)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)

0s ago: executing program 2 (id=1141):
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000000200)=ANY=[], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getdents64(r0, 0xfffffffffffffffe, 0xff80)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)

kernel console output (not intermixed with test programs):

pt to access beyond end of device
[  164.846453][ T6069] loop1: rw=2049, sector=2050, nr_sectors = 2 limit=2048
[  164.867346][ T6069] Buffer I/O error on dev loop1, logical block 1025, lost async page write
[  164.876544][ T6069] syz.1.570: attempt to access beyond end of device
[  164.876544][ T6069] loop1: rw=2049, sector=2050, nr_sectors = 2 limit=2048
[  164.902952][ T6069] Buffer I/O error on dev loop1, logical block 1025, lost async page write
[  164.955113][ T5547] usb 5-1: USB disconnect, device number 3
[  164.989987][ T6068] UDF-fs: warning (device loop1): udf_truncate_tail_extent: Too long extent after EOF in inode 818: i_size: 134220898 lbcount: 134222848 extent 0+133338112
[  164.995025][ T5546] usb 4-1: USB disconnect, device number 10
[  165.152157][ T2897] kworker/u4:5: attempt to access beyond end of device
[  165.152157][ T2897] loop1: rw=1, sector=2050, nr_sectors = 4 limit=2048
[  165.436303][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  165.505558][ T5548] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  165.666103][ T5546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  165.707474][ T5548] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  165.727340][ T5548] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.763727][ T5548] usb 2-1: config 0 descriptor??
[  165.772977][ T5548] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  166.370649][ T6080] loop4: detected capacity change from 0 to 32768
[  166.430309][ T6080] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  166.449621][ T6080] JBD2: Ignoring recovery information on journal
[  166.466164][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.583468][ T6080] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  166.614279][ T5548] gspca_stv06xx: I2C: Read error writing address: -71
[  166.646983][ T5548] usb 2-1: USB disconnect, device number 7
[  166.816162][ T5546] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  166.874788][ T4274] ocfs2: Unmounting device (7,4) on (node local)
[  167.005544][ T5546] usb 1-1: Using ep0 maxpacket: 16
[  167.012897][ T5546] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.055526][ T5546] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  167.085559][ T5546] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  167.106555][ T5546] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.157459][ T5546] usb 1-1: config 0 descriptor??
[  167.351921][ T6115] loop4: detected capacity change from 0 to 512
[  167.391960][ T6115] EXT4-fs: Ignoring removed bh option
[  167.439582][ T6115] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  167.494299][ T6115] EXT4-fs (loop4): 1 truncate cleaned up
[  167.512717][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  167.530014][ T6115] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  167.621401][ T6113] loop2: detected capacity change from 0 to 8192
[  167.652830][ T6115] EXT4-fs (loop4): shut down requested (1)
[  167.855160][ T4274] EXT4-fs (loop4): unmounting filesystem.
[  167.963676][ T5546] usbhid 1-1:0.0: can't add hid device: -71
[  167.980454][ T5546] usbhid: probe of 1-1:0.0 failed with error -71
[  168.027205][ T5546] usb 1-1: USB disconnect, device number 7
[  168.410652][ T6136] team0: Port device syz_tun added
[  168.471563][ T6140] team0: Port device syz_tun removed
[  168.535273][ T6140] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  168.555695][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  168.572315][ T6140] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  168.606162][ T6140] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  168.647132][ T6140] device bridge_slave_0 left promiscuous mode
[  168.684863][ T6140] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.706892][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  168.710059][ T6140] device bridge_slave_1 left promiscuous mode
[  168.710221][ T6140] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.752565][ T6140] bond0: (slave bond_slave_0): Releasing backup interface
[  168.765184][ T6140] bond0: (slave bond_slave_1): Releasing backup interface
[  168.820335][ T6140] team0: Port device team_slave_0 removed
[  168.857157][ T6140] team0: Port device team_slave_1 removed
[  168.857841][ T6140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  168.857878][ T6140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  168.903490][ T6140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  168.903527][ T6140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  168.911109][ T6146] loop0: detected capacity change from 0 to 4096
[  168.931913][ T6146] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512)
[  169.052474][ T6146] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  169.590044][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  169.654393][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.1.607'.
[  169.696051][ T6161] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  169.735958][ T6161] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1)
[  169.781357][   T22] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  169.945202][ T6167] loop3: detected capacity change from 0 to 512
[  169.969198][ T6167] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  169.987161][   T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.015515][   T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.034937][ T6167] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.610: invalid indirect mapped block 9 (level 0)
[  170.043302][   T22] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  170.085291][ T6167] EXT4-fs (loop3): 1 truncate cleaned up
[  170.125606][ T6167] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  170.150321][   T22] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  170.205647][ T5553] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  170.226040][   T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.283958][ T4270] EXT4-fs (loop3): unmounting filesystem.
[  170.292690][   T22] usb 3-1: config 0 descriptor??
[  170.371894][ T6176] netlink: 'syz.3.614': attribute type 1 has an invalid length.
[  170.417793][ T5553] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.435480][ T5553] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  170.479561][ T5553] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  170.547721][ T5630] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  170.635927][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  170.729528][   T22] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  170.778559][ T5630] usb 2-1: Using ep0 maxpacket: 16
[  170.797383][   T22] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  170.813366][ T5630] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.852635][ T6178] loop4: detected capacity change from 0 to 32768
[  170.859346][ T5553] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  170.862020][ T5630] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  170.867519][ T5553] usb 1-1: SerialNumber: syz
[  170.903491][ T6178] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  170.912299][ T6178] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  170.973183][ T5630] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  170.986406][ T6178] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 2ms
[  171.000110][ T5546] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  171.009647][ T5546] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  171.015291][ T5630] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.065598][ T5546] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 55ms
[  171.069369][ T5630] usb 2-1: Product: syz
[  171.094123][ T5546] gfs2: fsid=syz:syz.0: jid=0: Done
[  171.106290][ T6178] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  171.126868][ T5553] usb 1-1: 0:2 : does not exist
[  171.139231][ T5553] usb 1-1: USB disconnect, device number 8
[  171.174507][ T5630] usb 2-1: Manufacturer: syz
[  171.203351][ T5630] usb 2-1: SerialNumber: syz
[  171.251183][   T22] usb 3-1: USB disconnect, device number 5
[  171.344607][ T6185] fido_id[6185]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  171.380832][ T6178] gfs2: fsid=syz:syz.0: found 1 quota changes
[  171.417859][ T5564] udevd[5564]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  171.469395][ T5630] usb 2-1: 0:2 : does not exist
[  171.487210][ T5630] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  171.559318][ T5630] usb 2-1: USB disconnect, device number 8
[  171.585192][ T4274] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  171.585192][ T4274]   inode = 11 2339
[  171.585192][ T4274]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  171.613778][ T4274] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  171.624679][ T4274] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:4274 [syz-executor] gfs2_quota_sync+0x32c/0x700
[  171.668112][ T4274] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  171.668258][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  171.705565][ T4274] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  171.748920][ T5553] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  171.757558][ T4274] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  171.773682][ T6189] loop3: detected capacity change from 0 to 128
[  171.783070][ T4274] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  171.805013][ T6189] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  171.812970][ T4274] gfs2: fsid=syz:syz.0: File system withdrawn
[  171.824629][ T6191] netlink: 14 bytes leftover after parsing attributes in process `syz.2.620'.
[  171.835008][ T4274] CPU: 1 PID: 4274 Comm: syz-executor Not tainted syzkaller #0
[  171.842628][ T4274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  171.852882][ T4274] Call Trace:
[  171.856193][ T4274]  <TASK>
[  171.859139][ T4274]  dump_stack_lvl+0x188/0x24e
[  171.863837][ T4274]  ? kobject_uevent_env+0x35f/0x8a0
[  171.869049][ T4274]  ? show_regs_print_info+0x12/0x12
[  171.874398][ T4274]  ? load_image+0x400/0x400
[  171.879042][ T4274]  ? kobject_uevent_env+0x35f/0x8a0
[  171.884274][ T4274]  gfs2_withdraw+0xde6/0x15d0
[  171.889075][ T4274]  ? gfs2_lm+0x240/0x240
[  171.893339][ T4274]  ? gfs2_consist_inode_i+0xf1/0x110
[  171.898644][ T4274]  gfs2_inode_refresh+0xb64/0xfd0
[  171.903694][ T4274]  ? gfs2_inode_metasync+0xf0/0xf0
[  171.908831][ T4274]  ? gfs2_glock_nq+0xcf0/0x14e0
[  171.913694][ T4274]  gfs2_instantiate+0x15e/0x210
[  171.918566][ T4274]  gfs2_glock_wait+0x1d0/0x2a0
[  171.923443][ T4274]  do_sync+0x4bf/0xc40
[  171.927624][ T4274]  ? gfs2_quota_sync+0x32c/0x700
[  171.932665][ T4274]  ? slot_put+0x1e0/0x1e0
[  171.937021][ T4274]  ? gfs2_quota_sync+0x32c/0x700
[  171.942077][ T4274]  ? do_raw_spin_unlock+0x11d/0x230
[  171.947474][ T4274]  gfs2_quota_sync+0x32c/0x700
[  171.952321][ T4274]  gfs2_sync_fs+0x48/0xb0
[  171.956704][ T4274]  sync_filesystem+0xe6/0x220
[  171.961427][ T4274]  generic_shutdown_super+0x6b/0x340
[  171.966915][ T4274]  kill_block_super+0x7c/0xe0
[  171.971610][ T4274]  deactivate_locked_super+0x93/0xf0
[  171.976949][ T4274]  cleanup_mnt+0x42c/0x4b0
[  171.981592][ T4274]  ? lockdep_hardirqs_on+0x94/0x140
[  171.986830][ T4274]  task_work_run+0x1d0/0x260
[  171.991799][ T4274]  ? task_work_cancel+0x220/0x220
[  171.996848][ T4274]  ? exit_to_user_mode_loop+0x3b/0x110
[  172.002327][ T4274]  exit_to_user_mode_loop+0xe6/0x110
[  172.007894][ T4274]  exit_to_user_mode_prepare+0xee/0x180
[  172.013470][ T4274]  syscall_exit_to_user_mode+0x16/0x40
[  172.018945][ T4274]  do_syscall_64+0x58/0xa0
[  172.023376][ T4274]  ? clear_bhb_loop+0x60/0xb0
[  172.028064][ T4274]  ? clear_bhb_loop+0x60/0xb0
[  172.032759][ T4274]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  172.038663][ T4274] RIP: 0033:0x7ffb5eb9da57
[  172.043089][ T4274] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  172.062703][ T4274] RSP: 002b:00007ffffa9565c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  172.071136][ T4274] RAX: 0000000000000000 RBX: 00007ffb5ec32048 RCX: 00007ffb5eb9da57
[  172.079126][ T4274] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffffa956680
[  172.087119][ T4274] RBP: 00007ffffa956680 R08: 00007ffffa957680 R09: 00000000ffffffff
[  172.095099][ T4274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffffa957710
[  172.103083][ T4274] R13: 00007ffb5ec32048 R14: 0000000000029db7 R15: 00007ffffa957750
[  172.111091][ T4274]  </TASK>
[  172.132777][ T4393] udevd[4393]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  172.344783][   T40] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  172.432142][ T4274] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  172.466568][ T4274] CPU: 1 PID: 4274 Comm: syz-executor Not tainted syzkaller #0
[  172.474209][ T4274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  172.484432][ T4274] Call Trace:
[  172.487734][ T4274]  <TASK>
[  172.490700][ T4274]  dump_stack_lvl+0x188/0x24e
[  172.495420][ T4274]  ? gfs2_assert_warn_i+0xc3/0x2c0
[  172.500558][ T4274]  ? show_regs_print_info+0x12/0x12
[  172.505864][ T4274]  ? load_image+0x400/0x400
[  172.510418][ T4274]  ? do_raw_spin_unlock+0x11d/0x230
[  172.515635][ T4274]  gfs2_assert_warn_i+0x18f/0x2c0
[  172.520685][ T4274]  gfs2_quota_cleanup+0x4b4/0x6a0
[  172.525744][ T4274]  gfs2_put_super+0x22f/0x8c0
[  172.530441][ T4274]  ? gfs2_evict_inode+0x11d0/0x11d0
[  172.535781][ T4274]  generic_shutdown_super+0x130/0x340
[  172.541256][ T4274]  kill_block_super+0x7c/0xe0
[  172.545984][ T4274]  deactivate_locked_super+0x93/0xf0
[  172.551319][ T4274]  cleanup_mnt+0x42c/0x4b0
[  172.555774][ T4274]  ? lockdep_hardirqs_on+0x94/0x140
[  172.561029][ T4274]  task_work_run+0x1d0/0x260
[  172.565816][ T4274]  ? task_work_cancel+0x220/0x220
[  172.570862][ T4274]  ? exit_to_user_mode_loop+0x3b/0x110
[  172.576429][ T4274]  exit_to_user_mode_loop+0xe6/0x110
[  172.581818][ T4274]  exit_to_user_mode_prepare+0xee/0x180
[  172.587386][ T4274]  syscall_exit_to_user_mode+0x16/0x40
[  172.592881][ T4274]  do_syscall_64+0x58/0xa0
[  172.597317][ T4274]  ? clear_bhb_loop+0x60/0xb0
[  172.602143][ T4274]  ? clear_bhb_loop+0x60/0xb0
[  172.606872][ T4274]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  172.612809][ T4274] RIP: 0033:0x7ffb5eb9da57
[  172.617445][ T4274] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  172.637340][ T4274] RSP: 002b:00007ffffa9565c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  172.645777][ T4274] RAX: 0000000000000000 RBX: 00007ffb5ec32048 RCX: 00007ffb5eb9da57
[  172.653894][ T4274] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffffa956680
[  172.661901][ T4274] RBP: 00007ffffa956680 R08: 00007ffffa957680 R09: 00000000ffffffff
[  172.669920][ T4274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffffa957710
[  172.678017][ T4274] R13: 00007ffb5ec32048 R14: 0000000000029db7 R15: 00007ffffa957750
[  172.686023][ T4274]  </TASK>
[  172.716055][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.346103][ T5546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.385487][ T5553] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  173.385611][ T6218] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  173.575638][ T5553] usb 2-1: Using ep0 maxpacket: 16
[  173.585118][ T5553] usb 2-1: config 0 has no interfaces?
[  173.604160][ T5553] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  173.630805][ T5553] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.664865][ T5553] usb 2-1: config 0 descriptor??
[  173.745651][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.770313][ T6232] device batadv_slave_1 entered promiscuous mode
[  173.790575][ T6232] device batadv_slave_1 left promiscuous mode
[  173.807518][ T5548] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  173.941053][ T5553] usb 2-1: USB disconnect, device number 9
[  174.005458][ T5548] usb 4-1: Using ep0 maxpacket: 8
[  174.012773][ T5548] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  174.037762][ T5548] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  174.068109][ T5548] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  174.098220][ T5548] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  174.125523][ T5548] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  174.155347][ T5548] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  174.174720][ T5548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.397643][ T5548] usb 4-1: usb_control_msg returned -32
[  174.403426][ T5548] usbtmc 4-1:16.0: can't read capabilities
[  174.601726][ T6251] loop4: detected capacity change from 0 to 1024
[  174.785700][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  174.794068][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  174.981467][ T4317] usb 4-1: USB disconnect, device number 11
[  175.131581][ T6251] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  175.201711][ T6251] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  175.848599][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  175.930481][ T5546] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  175.940817][ T6297] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 7: comm kworker/u4:17: lblock 7 mapped to illegal pblock 7 (length 1)
[  175.994504][ T6297] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 1 with error 117
[  176.025459][ T6297] EXT4-fs (loop4): This should not happen!! Data will be lost
[  176.025459][ T6297] 
[  176.039299][ T4274] EXT4-fs (loop4): unmounting filesystem.
[  176.148455][ T5546] usb 1-1: unable to get BOS descriptor or descriptor too short
[  176.161516][ T5546] usb 1-1: not running at top speed; connect to a high speed hub
[  176.180016][ T5546] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.197945][ T5546] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  176.221240][ T5546] usb 1-1: string descriptor 0 read error: -22
[  176.227604][ T6327] loop4: detected capacity change from 0 to 2048
[  176.247942][ T5546] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  176.268658][ T5546] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.284386][ T6327] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  176.302887][ T5546] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  176.368438][ T6327] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  176.396929][ T6327] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 1 with error 28
[  176.417536][ T6327] EXT4-fs (loop4): This should not happen!! Data will be lost
[  176.417536][ T6327] 
[  176.433280][ T6327] EXT4-fs (loop4): Total free blocks count 0
[  176.451432][ T6327] EXT4-fs (loop4): Free/Dirty block details
[  176.459223][ T6327] EXT4-fs (loop4): free_blocks=2415919104
[  176.465362][ T6327] EXT4-fs (loop4): dirty_blocks=32
[  176.480814][ T6327] EXT4-fs (loop4): Block reservation details
[  176.484852][ T6302] loop1: detected capacity change from 0 to 40427
[  176.491573][ T6327] EXT4-fs (loop4): i_reserved_data_blocks=2
[  176.514537][ T6302] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  176.531871][ T6302] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  176.570307][ T5546] usb 1-1: USB disconnect, device number 9
[  176.592555][ T6302] F2FS-fs (loop1): invalid crc value
[  176.638746][ T6302] F2FS-fs (loop1): Found nat_bits in checkpoint
[  176.688726][ T4274] EXT4-fs (loop4): unmounting filesystem.
[  176.742289][ T6302] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  176.765979][ T6302] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  176.796274][ T6338] netlink: 20 bytes leftover after parsing attributes in process `syz.4.653'.
[  176.865816][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.826193][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.867918][ T6358] loop0: detected capacity change from 0 to 2048
[  177.915675][ T5553] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  177.920887][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.944399][ T6358] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  178.027336][   T26] kauditd_printk_skb: 81 callbacks suppressed
[  178.027356][   T26] audit: type=1804 audit(1775176054.152:103): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.663" name="/newroot/120/file1/file1" dev="loop0" ino=1415 res=1 errno=0
[  178.107953][ T5553] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 511, setting to 64
[  178.130015][ T5553] usb 4-1: config 0 interface 0 has no altsetting 0
[  178.152296][ T5553] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  178.165560][ T5548] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  178.189105][ T5553] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  178.201180][ T5553] usb 4-1: Product: syz
[  178.205520][ T5553] usb 4-1: Manufacturer: syz
[  178.210399][ T5553] usb 4-1: SerialNumber: syz
[  178.217532][ T5553] usb 4-1: config 0 descriptor??
[  178.279235][ T5553] usb 4-1: selecting invalid altsetting 0
[  178.362771][ T5548] usb 5-1: unable to get BOS descriptor or descriptor too short
[  178.405600][ T5548] usb 5-1: not running at top speed; connect to a high speed hub
[  178.435605][ T5548] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  178.498682][ T5548] usb 5-1: New USB device found, idVendor=15ca, idProduct=1806, bcdDevice= 0.40
[  178.516105][ T5548] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.553913][ T4317] usb 4-1: USB disconnect, device number 12
[  178.556505][ T5548] usb 5-1: Product: syz
[  178.596054][ T5548] usb 5-1: Manufacturer: syz
[  178.611035][ T5548] usb 5-1: SerialNumber: syz
[  178.642348][ T6360] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  178.886562][ T5548] usb 5-1: MIDIStreaming interface descriptor not found
[  178.937024][ T6384] loop0: detected capacity change from 0 to 1024
[  178.964067][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  178.968912][ T5548] usb 5-1: USB disconnect, device number 4
[  179.072324][   T26] audit: type=1800 audit(1775176055.212:104): pid=6384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.674" name=80E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080
[  179.120052][ T4350] udevd[4350]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  179.208152][    C1] vkms_vblank_simulate: vblank timer overrun
[  179.215645][ T5547] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  179.239383][ T6291] hfsplus: b-tree write err: -5, ino 4
[  179.258630][ T6291] hfsplus: b-tree write err: -5, ino 2
[  179.446190][ T5547] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  179.465557][ T5547] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  179.501065][ T5547] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  179.516711][ T5547] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  179.524955][ T5547] usb 2-1: SerialNumber: syz
[  179.705534][ T5548] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  179.770193][ T5547] usb 2-1: 0:2 : does not exist
[  179.791672][ T5547] usb 2-1: USB disconnect, device number 10
[  179.895530][ T5548] usb 3-1: Using ep0 maxpacket: 16
[  179.902737][ T5548] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  179.937826][ T5548] usb 3-1: config 0 has no interface number 0
[  179.950929][ T6403] loop0: detected capacity change from 0 to 512
[  179.963186][ T6403] EXT4-fs: Ignoring removed nobh option
[  179.969685][ T5548] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  179.985656][ T5548] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.991722][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  180.002393][ T4317] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  180.003231][ T5548] usb 3-1: Product: syz
[  180.017941][ T5548] usb 3-1: Manufacturer: syz
[  180.022604][ T5548] usb 3-1: SerialNumber: syz
[  180.028654][ T4393] udevd[4393]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  180.038210][ T5548] usb 3-1: config 0 descriptor??
[  180.058069][ T6403] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  180.081631][ T5548] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  180.129857][ T6403] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  180.156172][ T6403] EXT4-fs (loop0): 1 truncate cleaned up
[  180.162016][ T6403] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  180.211276][ T4317] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.227727][ T4317] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  180.245661][ T4317] usb 4-1: config 1 has no interface number 0
[  180.262198][ T4317] usb 4-1: too many endpoints for config 1 interface 1 altsetting 0: 222, using maximum allowed: 30
[  180.284057][ T4317] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.319668][ T4317] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 222
[  180.363300][ T4317] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  180.383250][ T4317] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 6
[  180.409596][ T4317] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  180.460187][ T4269] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /128/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  180.583526][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  180.613735][ T4269] EXT4-fs error (device loop0): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  180.730804][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  180.753704][ T4269] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /128/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  180.836221][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  180.862771][ T4269] EXT4-fs error (device loop0): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  180.884014][ T5547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  180.986148][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  180.993611][ T4269] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /128/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  181.094804][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  181.103817][ T5548] gspca_spca1528: reg_w err -71
[  181.122728][ T5548] spca1528: probe of 3-1:0.1 failed with error -71
[  181.144775][ T4269] EXT4-fs error (device loop0): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  181.192370][ T5548] usb 3-1: USB disconnect, device number 6
[  181.285940][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  181.320398][ T4269] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /128/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  181.389765][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  181.404618][ T4269] EXT4-fs error (device loop0): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  181.431857][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  181.442759][ T4269] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /128/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  181.444590][ T6411] loop4: detected capacity change from 0 to 131072
[  181.474278][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.488076][ T6411] F2FS-fs (loop4): invalid crc value
[  181.495239][ T4317] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=17.40
[  181.499019][ T4269] EXT4-fs (loop0): Remounting filesystem read-only
[  181.504740][ T4317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.519237][ T4317] usb 4-1: Product: syz
[  181.523471][ T4317] usb 4-1: Manufacturer: syz
[  181.528249][ T4317] usb 4-1: SerialNumber: syz
[  181.555932][ T4269] EXT4-fs error (device loop0): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  181.593989][ T6411] F2FS-fs (loop4): Found nat_bits in checkpoint
[  181.660626][ T6411] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  181.754803][ T6398] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  182.097732][ T6429] loop2: detected capacity change from 0 to 512
[  182.212891][ T6429] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.694: inode has both inline data and extents flags
[  182.321291][ T6429] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.694: couldn't read orphan inode 15 (err -117)
[  182.396050][ T6429] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  182.439962][ T6398] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  182.472942][ T4317] cdc_ncm 4-1:1.1: bind() failure
[  182.554773][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  182.625092][ T4283] EXT4-fs (loop2): unmounting filesystem.
[  182.786201][ T5553] usb 4-1: USB disconnect, device number 13
[  182.924409][ T6299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.945942][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  183.123576][ T6299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.359361][ T6299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.508396][ T6299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.585867][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  183.599874][ T6443] loop3: detected capacity change from 0 to 764
[  183.924536][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  184.171781][   T22] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  184.365550][   T22] usb 2-1: Using ep0 maxpacket: 32
[  184.383193][   T22] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 1536, setting to 1024
[  184.438124][   T22] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024
[  184.454694][ T4282] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  184.465338][ T4282] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  184.476540][ T4282] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  184.486847][ T4282] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  184.491917][   T22] usb 2-1: string descriptor 0 read error: -22
[  184.508278][ T4282] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  184.515901][ T4282] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  185.476502][   T22] usb 2-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  185.485697][   T22] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.495842][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  185.506677][ T6449] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  185.589801][ T6468] loop4: detected capacity change from 0 to 131072
[  185.599785][   T22] usb 2-1: MIDIStreaming interface descriptor not found
[  185.695907][ T6468] F2FS-fs (loop4): Found nat_bits in checkpoint
[  185.763388][ T6468] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  185.909877][ T6468] F2FS-fs (loop4): recover xattr in inode (7), error(0)
[  185.912189][ T5546] usb 2-1: USB disconnect, device number 11
[  185.917699][ T6468] F2FS-fs (loop4): set inode (7) has corrupted xattr
[  185.979825][ T6468] F2FS-fs (loop4): set inode (7) has corrupted xattr
[  186.554140][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  186.595599][ T5630] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  186.625634][ T4285] Bluetooth: hci0: command 0x0409 tx timeout
[  186.797613][ T5630] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  186.849081][ T5630] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  186.893886][ T5630] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  186.939695][ T5630] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  186.979074][ T5630] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  187.016605][ T5630] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  187.045665][ T5553] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  187.050868][ T5630] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  187.086265][ T5630] usb 4-1: Product: syz
[  187.090611][ T5630] usb 4-1: Manufacturer: syz
[  187.110804][ T5630] cdc_wdm 4-1:1.0: skipping garbage
[  187.119193][ T5630] cdc_wdm 4-1:1.0: skipping garbage
[  187.127196][ T5630] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  187.133647][ T5630] cdc_wdm 4-1:1.0: Unknown control protocol
[  187.249564][ T6462] chnl_net:caif_netlink_parms(): no params data found
[  187.339438][ T6511] loop4: detected capacity change from 0 to 128
[  187.379860][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  187.386577][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  187.394378][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  187.401487][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  187.415797][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  187.422841][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  187.429491][ T5546] usb 4-1: USB disconnect, device number 14
[  187.447175][   T26] audit: type=1800 audit(1775176063.592:105): pid=6511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.717" name="file2" dev="loop4" ino=1048620 res=0 errno=0
[  187.450427][ T6511] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  187.596109][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  187.604869][ T6511] FAT-fs (loop4): Filesystem has been set read-only
[  187.645524][ T6511] syz.4.717: attempt to access beyond end of device
[  187.645524][ T6511] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  187.737026][ T6511] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  187.745353][ T6511] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  187.781213][ T6462] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.811214][ T6511] syz.4.717: attempt to access beyond end of device
[  187.811214][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  187.863479][ T6511] syz.4.717: attempt to access beyond end of device
[  187.863479][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  187.871732][ T6462] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.916534][ T6462] device bridge_slave_0 entered promiscuous mode
[  187.925769][ T6511] syz.4.717: attempt to access beyond end of device
[  187.925769][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  187.970256][ T6511] syz.4.717: attempt to access beyond end of device
[  187.970256][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  188.035655][ T6511] syz.4.717: attempt to access beyond end of device
[  188.035655][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  188.049424][ T6462] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.068126][ T6462] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.087131][ T6462] device bridge_slave_1 entered promiscuous mode
[  188.123028][ T6511] syz.4.717: attempt to access beyond end of device
[  188.123028][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  188.225702][ T6511] syz.4.717: attempt to access beyond end of device
[  188.225702][ T6511] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  188.627462][ T6462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.631274][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  188.687975][ T6462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.706312][ T4285] Bluetooth: hci0: command 0x041b tx timeout
[  189.205026][ T6462] team0: Port device team_slave_0 added
[  189.305593][ T6299] device hsr_slave_0 left promiscuous mode
[  189.330925][ T6299] device hsr_slave_1 left promiscuous mode
[  189.374364][ T6299] device veth1_macvtap left promiscuous mode
[  189.381837][ T6299] device veth0_macvtap left promiscuous mode
[  189.389185][ T6299] device veth1_vlan left promiscuous mode
[  189.396394][ T6299] device veth0_vlan left promiscuous mode
[  189.667372][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.003155][ T6562] loop2: detected capacity change from 0 to 512
[  190.048363][ T6562] EXT4-fs (loop2): Test dummy encryption mode enabled
[  190.070999][ T5546] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.127185][ T6562] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.733: inode has both inline data and extents flags
[  190.171646][ T6562] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.733: couldn't read orphan inode 15 (err -117)
[  190.186029][ T6562] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  190.457771][ T6566] loop4: detected capacity change from 0 to 4096
[  190.557201][ T6566] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  190.581179][ T6566] ntfs3: loop4: Failed to load $Extend.
[  190.706642][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.785610][ T4285] Bluetooth: hci0: command 0x040f tx timeout
[  190.832854][ T6557] loop3: detected capacity change from 0 to 40427
[  190.862683][ T4283] EXT4-fs (loop2): unmounting filesystem.
[  190.867437][ T6557] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  190.929091][ T4274] ntfs3: loop4: ino=1b, "file0" directory corrupted
[  190.956480][ T6557] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  191.010586][ T4274] ntfs3: loop4: ntfs_sync_fs r=9 failed, -22.
[  191.026190][ T6557] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  191.034440][ T6557] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3ffff
[  191.057335][ T4274] ntfs3: loop4: ntfs_evict_inode r=9 failed, -22.
[  191.109795][ T6557] F2FS-fs (loop3): invalid crc value
[  191.132909][ T6574] block nbd2: shutting down sockets
[  191.146562][ T6557] F2FS-fs (loop3): Found nat_bits in checkpoint
[  191.248816][ T6557] F2FS-fs (loop3): Start checkpoint disabled!
[  191.289890][ T6557] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  191.322512][ T6557] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  191.406617][ T6557] syz.3.731: attempt to access beyond end of device
[  191.406617][ T6557] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  191.425756][ T4285] Bluetooth: hci3: command 0x0406 tx timeout
[  191.427883][ T4282] Bluetooth: hci2: command 0x0406 tx timeout
[  191.431918][ T4285] Bluetooth: hci4: command 0x0406 tx timeout
[  191.437928][ T4282] Bluetooth: hci1: command 0x0406 tx timeout
[  191.488120][ T6557] syz.3.731: attempt to access beyond end of device
[  191.488120][ T6557] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  191.753727][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  191.785183][   T26] audit: type=1326 audit(1775176067.922:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6584 comm="syz.2.740" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f95c319c819 code=0x0
[  192.548125][ T5553] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  192.793223][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  192.865723][ T4285] Bluetooth: hci0: command 0x0419 tx timeout
[  192.867470][ T6299] bond0 (unregistering): Released all slaves
[  193.046450][ T6462] team0: Port device team_slave_1 added
[  193.088375][ T6569] netlink: 'syz.1.735': attribute type 39 has an invalid length.
[  193.106140][ T5553] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  193.264459][ T6462] batman_adv: batadv0: Adding interface: batadv_slave_0
[  193.272237][ T6462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.315513][ T6462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  193.353071][ T6462] batman_adv: batadv0: Adding interface: batadv_slave_1
[  193.413706][ T6462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.517262][ T6462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  193.531712][ T6604] ieee802154 phy0 wpan0: encryption failed: -22
[  193.610491][ T6604] ieee802154 phy0 wpan0: encryption failed: -22
[  193.694185][ T6609] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  193.738288][ T6462] device hsr_slave_0 entered promiscuous mode
[  193.754858][ T6462] device hsr_slave_1 entered promiscuous mode
[  193.773348][ T6462] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  193.815617][ T6462] Cannot create hsr debugfs directory
[  193.826150][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.027680][ T6618] loop4: detected capacity change from 0 to 512
[  194.468757][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.480181][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.486785][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  194.876361][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.894797][ T6462] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  194.963563][ T6602] loop2: detected capacity change from 0 to 32768
[  194.974231][ T6462] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  195.032863][ T6462] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  195.089972][ T6462] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  195.114259][ T6602] XFS (loop2): Mounting V5 Filesystem
[  195.277149][ T6602] XFS (loop2): Ending clean mount
[  195.303023][ T6602] XFS (loop2): Quotacheck needed: Please wait.
[  195.412559][ T6462] 8021q: adding VLAN 0 to HW filter on device bond0
[  195.427511][ T6602] XFS (loop2): Quotacheck: Done.
[  195.481491][ T6462] 8021q: adding VLAN 0 to HW filter on device team0
[  195.519131][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  195.540846][ T6602] XFS (loop2): User initiated shutdown received.
[  195.546479][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  195.571553][ T6602] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:499).  Shutting down filesystem.
[  195.596249][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  195.622623][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  195.645577][ T6602] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  195.676136][ T6299] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.683299][ T6299] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.756347][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  195.804442][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  195.836574][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  195.862944][ T4283] XFS (loop2): Unmounting Filesystem
[  195.878175][ T6299] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.885503][ T6299] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.905918][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  195.995940][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  196.073542][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  196.122090][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  196.149979][ T5556] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  196.155137][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  196.182668][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  196.213590][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  196.251429][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  196.288440][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  196.325597][   T22] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  196.334853][ T6462] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  196.386716][ T6462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  196.421924][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  196.438656][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  196.457823][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  196.548714][   T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.585588][   T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.623642][   T22] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  196.661577][   T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.701262][   T22] usb 2-1: config 0 descriptor??
[  196.885721][ T5548] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  196.964988][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  197.081013][ T5548] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  197.106620][ T5548] usb 5-1: config 0 has no interfaces?
[  197.124314][ T5548] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  197.133692][   T22] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor
[  197.141248][   T22] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0007/input/input11
[  197.150588][ T6683] block nbd2: shutting down sockets
[  197.159727][ T5548] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  197.168053][ T5548] usb 5-1: Manufacturer: syz
[  197.183879][ T5548] usb 5-1: config 0 descriptor??
[  197.371492][   T22] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  197.400354][ T5553] usb 5-1: USB disconnect, device number 5
[  197.457482][   T22] usb 2-1: USB disconnect, device number 12
[  197.466378][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  197.484408][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  197.511275][ T6462] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.723268][ T6689] fido_id[6689]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  197.986239][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  198.455751][ T5553] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  198.655476][ T5553] usb 5-1: Using ep0 maxpacket: 8
[  198.671223][ T5553] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  198.695734][ T5553] usb 5-1: config 179 has no interface number 0
[  198.725536][ T5553] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  198.767351][ T5553] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  198.819382][ T5553] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  198.851493][ T5553] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  198.885142][ T5553] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  198.907380][ T5553] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  198.924094][ T5553] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.948902][ T6702] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  198.993309][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  199.014681][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  199.036182][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  199.110096][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  199.131511][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  199.172360][ T6462] device veth0_vlan entered promiscuous mode
[  199.186189][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  199.204515][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  199.248849][ T6299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  199.303899][ T6462] device veth1_vlan entered promiscuous mode
[  199.353792][ T5553] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input12
[  199.453581][ T6291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  199.507033][ T6291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  199.537216][ T6291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  199.551022][ T4317] usb 5-1: USB disconnect, device number 6
[  199.551135][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  199.565545][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  199.574847][ T4317] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  199.591767][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  199.611439][ T6291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  199.634383][ T6462] device veth0_macvtap entered promiscuous mode
[  199.670749][ T6462] device veth1_macvtap entered promiscuous mode
[  199.771708][ T6462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.784070][ T6462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.804007][ T6462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.845789][ T6462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.865673][ T6462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.885506][ T6462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.919566][ T6462] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.964030][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  199.982101][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  200.005705][ T6745] input: syz0 as /devices/virtual/input/input13
[  200.009739][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  200.040315][ T6278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  200.079371][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  200.102646][ T6462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.122643][ T6462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.167004][ T6462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.214707][ T6462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.248349][ T6462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.306223][ T6462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.320176][ T6462] batman_adv: batadv0: Interface activated: batadv_slave_1
[  200.334427][ T6462] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.351255][ T6462] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.371541][ T6462] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.382995][ T6462] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.408389][ T6295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  200.420399][ T6295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  200.529004][ T5630] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  200.667901][ T6295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.689487][ T6295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.720685][ T5630] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.742584][ T6297] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  200.748917][ T5630] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.785457][ T5630] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  200.785778][ T6299] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.799293][ T5630] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  200.817615][ T5630] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.836420][ T4340] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  200.864590][ T5630] usb 3-1: config 0 descriptor??
[  200.894123][ T6299] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.905445][ T6295] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  201.058663][ T4340] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  201.097750][ T4340] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.112608][ T4340] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  201.124299][ T4340] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.139585][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  201.316235][ T5630] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  201.339739][ T6771] input: syz1 as /devices/virtual/input/input14
[  201.356133][ T5630] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  201.586385][ T4340] mcp2221 0003:04D8:00DD.0009: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  201.638281][ T5548] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  201.682079][ T5553] usb 3-1: USB disconnect, device number 7
[  201.807361][ T6777] fido_id[6777]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  201.837771][ T5548] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  201.841149][ T4340] usb 5-1: USB disconnect, device number 7
[  201.852731][ T5548] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  201.917095][ T5548] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  201.919486][ T6784] netlink: 20 bytes leftover after parsing attributes in process `syz.3.792'.
[  201.982285][ T5548] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.011336][ T5548] usb 2-1: Product: syz
[  202.026626][ T5548] usb 2-1: Manufacturer: syz
[  202.031311][ T5548] usb 2-1: SerialNumber: syz
[  202.110041][ T6788] device dummy0 entered promiscuous mode
[  202.117930][ T6788] device gretap0 entered promiscuous mode
[  202.130392][ T6304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr2: link becomes ready
[  202.146317][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  202.226226][ T5553] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  202.275828][ T5548] usb 2-1: 0:2 : does not exist
[  202.299836][ T5548] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  202.362426][ T5548] usb 2-1: USB disconnect, device number 13
[  202.429248][ T6797] loop3: detected capacity change from 0 to 512
[  202.466519][ T6797] EXT4-fs: Ignoring removed nomblk_io_submit option
[  202.486121][ T6797] EXT4-fs: Ignoring removed i_version option
[  202.581237][ T6797] EXT4-fs (loop3): 1 orphan inode deleted
[  202.605672][ T6797] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  202.687161][ T6487] udevd[6487]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  202.822811][ T4270] EXT4-fs (loop3): unmounting filesystem.
[  203.033549][ T6810] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  203.042537][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  203.182461][ T6817] loop5: detected capacity change from 0 to 16
[  203.189862][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  203.271039][ T6817] erofs: (device loop5): mounted with root inode @ nid 36.
[  203.416417][ T5548] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  203.641617][ T5548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.675330][ T5548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.728844][ T5548] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  203.769054][ T5548] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  203.798236][ T6828] netlink: 12 bytes leftover after parsing attributes in process `syz.4.807'.
[  203.808897][ T5548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.811490][ T6803] loop2: detected capacity change from 0 to 32768
[  203.846634][ T5548] usb 4-1: config 0 descriptor??
[  203.864304][ T6803] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.797 (6803)
[  203.957366][ T6803] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  204.000743][ T6803] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  204.035810][ T6803] BTRFS info (device loop2): using free space tree
[  204.228116][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  204.294261][ T5548] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  204.363826][ T6803] BTRFS info (device loop2): enabling ssd optimizations
[  204.364032][ T5548] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  204.444009][ T6803] BTRFS error (device loop2): balance: mixed groups data and metadata options must be the same
[  204.636577][ T5553] usb 4-1: USB disconnect, device number 15
[  204.674939][ T4283] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  204.890394][ T6864] fido_id[6864]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  205.141769][ T6872] loop1: detected capacity change from 0 to 4096
[  205.224562][ T6872] EXT4-fs (loop1): Test dummy encryption mode enabled
[  205.266684][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  205.286455][ T6872] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  205.294723][ T6872] System zones: 0-5
[  205.398843][ T6872] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  205.484858][   T14] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  205.678044][ T4272] EXT4-fs (loop1): unmounting filesystem.
[  205.745682][ T4340] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  205.968980][ T4340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.031751][ T4340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.083158][ T4340] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  206.129752][ T4340] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.180530][ T4340] usb 5-1: config 0 descriptor??
[  206.365845][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  206.639184][ T4340] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0
[  206.671868][ T4340] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0
[  206.724051][ T4340] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.000B/input/input15
[  206.826678][ T4340] cm6533_jd 0003:0D8C:0022.000B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  206.913177][ T4340] usb 5-1: USB disconnect, device number 8
[  207.334863][ T6920] loop5: detected capacity change from 0 to 4096
[  207.411633][ T6918] fido_id[6918]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  207.426767][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  207.532872][ T6926] device syzkaller1 entered promiscuous mode
[  207.594900][ T6929] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  207.700768][   T26] audit: type=1804 audit(1775176083.842:107): pid=6935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.830" name="/newroot/12/file1/file1" dev="loop5" ino=15 res=1 errno=0
[  207.776282][   T26] audit: type=1800 audit(1775176083.872:108): pid=6920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.830" name="file1" dev="loop5" ino=15 res=0 errno=0
[  207.804861][ T6937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.836'.
[  207.871709][ T6920] syz.5.830 (6920) used greatest stack depth: 19832 bytes left
[  208.185435][ T4529] NILFS (loop5): nilfs_palloc_commit_free_entry (ino=6): entry number 15 already freed
[  208.465879][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  208.546622][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  208.628652][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.843'.
[  208.690257][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.843'.
[  209.186073][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  209.463765][ T6969] loop3: detected capacity change from 0 to 8192
[  209.509768][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  209.810484][ T5548] kernel read not supported for file /dsp1 (pid: 5548 comm: kworker/0:12)
[  209.858591][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  209.895727][ T4529] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  210.024324][ T6984] netlink: 4 bytes leftover after parsing attributes in process `syz.3.853'.
[  210.115632][ T4529] usb 2-1: Using ep0 maxpacket: 8
[  210.128653][ T4529] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  210.167687][ T4529] usb 2-1: config 179 has no interface number 0
[  210.195621][ T4529] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  210.274072][ T4529] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  210.316252][ T4529] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  210.348257][ T4529] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  210.414100][ T4529] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  210.495665][ T4529] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  210.543909][ T4529] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.557954][ T6994] loop5: detected capacity change from 0 to 1024
[  210.585846][ T6979] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  210.595031][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  210.632660][ T6994] EXT4-fs: Ignoring removed bh option
[  210.638854][ T6994] ext4: Unknown parameter 'noacl'
[  210.917782][ T4317] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input16
[  210.935623][ T4529] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  211.139861][ T4317] usb 2-1: USB disconnect, device number 14
[  211.139936][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  211.144501][ T6981] loop2: detected capacity change from 0 to 40427
[  211.146019][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  211.172563][ T4529] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  211.195904][ T4529] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  211.215605][ T4529] usb 6-1: config 1 has no interface number 0
[  211.226792][ T4317] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  211.227562][ T6981] F2FS-fs (loop2): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  211.246250][ T4529] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  211.246292][ T4529] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  211.330500][ T4529] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  211.342316][ T7000] loop3: detected capacity change from 0 to 16
[  211.370706][ T4529] usb 6-1: too many endpoints for config 1 interface 1 altsetting 1: 48, using maximum allowed: 30
[  211.382802][ T7000] erofs: (device loop3): mounted with root inode @ nid 36.
[  211.405601][ T6981] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  211.410259][ T4529] usb 6-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  211.455031][   T26] audit: type=1800 audit(1775176087.592:109): pid=7000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.867" name="file1" dev="loop3" ino=86 res=0 errno=0
[  211.463397][ T4529] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  211.496452][ T6981] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x35f7
[  211.508118][ T4529] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.540241][ T6981] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3ffff
[  211.545905][ T4529] usb 6-1: Product: syz
[  211.571613][ T4529] usb 6-1: Manufacturer: syz
[  211.583098][ T4529] usb 6-1: SerialNumber: syz
[  211.591707][ T6981] F2FS-fs (loop2): invalid crc value
[  211.620025][ T6994] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  211.647174][ T6981] F2FS-fs (loop2): Found nat_bits in checkpoint
[  211.666037][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  211.820346][ T6981] F2FS-fs (loop2): Start checkpoint disabled!
[  211.868682][ T6981] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  211.885290][ T6981] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  212.084019][ T6981] bio_check_eod: 1 callbacks suppressed
[  212.084072][ T6981] syz.2.852: attempt to access beyond end of device
[  212.084072][ T6981] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  212.168899][ T6981] syz.2.852: attempt to access beyond end of device
[  212.168899][ T6981] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  212.290895][ T6994] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  212.406792][ T6291] kworker/u4:14: attempt to access beyond end of device
[  212.406792][ T6291] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  212.509521][ T4529] cdc_ncm 6-1:1.1: failed GET_NTB_PARAMETERS
[  212.516810][ T4529] cdc_ncm 6-1:1.1: bind() failure
[  212.555729][ T4529] usb 6-1: USB disconnect, device number 2
[  212.711501][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  212.774249][ T7011] loop4: detected capacity change from 0 to 32768
[  212.867174][ T5545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  212.915506][ T4317] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  212.925113][ T7011] XFS (loop4): Mounting V5 Filesystem
[  213.076449][ T7011] XFS (loop4): Ending clean mount
[  213.097815][ T7011] XFS (loop4): Quotacheck needed: Please wait.
[  213.148034][ T4317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.181193][ T4317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.236469][ T4317] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  213.263446][ T4317] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.304130][ T4317] usb 2-1: config 0 descriptor??
[  213.367819][ T7011] XFS (loop4): Quotacheck: Done.
[  213.481350][ T7042] loop5: detected capacity change from 0 to 2048
[  213.539947][ T7042] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  213.724383][   T26] audit: type=1800 audit(1775176089.862:110): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.868" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=1367 res=0 errno=0
[  213.730146][ T7045] loop2: detected capacity change from 0 to 256
[  213.795447][ T4317] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  213.805352][ T4317] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  213.833920][ T4317] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.000C/input/input17
[  213.859678][ T4317] cm6533_jd 0003:0D8C:0022.000C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  213.925787][ T4274] XFS (loop4): Unmounting Filesystem
[  213.932973][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  213.950875][ T7045] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  214.024970][ T7045] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  214.074341][ T7045] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  214.096813][ T4317] usb 2-1: USB disconnect, device number 15
[  214.283870][ T7048] fido_id[7048]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  214.290887][ T7050] loop5: detected capacity change from 0 to 512
[  214.351239][ T7050] EXT4-fs: Ignoring removed mblk_io_submit option
[  214.370374][ T7050] EXT4-fs: Ignoring removed i_version option
[  214.456388][ T7050] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  214.485544][ T7050] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  214.562107][ T7050] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  214.661370][ T7050] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  214.771591][   T26] audit: type=1800 audit(1775176090.912:111): pid=7050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.872" name="file2" dev="loop5" ino=16 res=0 errno=0
[  214.950804][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  214.959037][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  215.001030][ T6462] EXT4-fs (loop5): unmounting filesystem.
[  215.762186][ T7083] loop3: detected capacity change from 0 to 164
[  215.906068][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  215.996532][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  216.918539][ T7112] loop5: detected capacity change from 0 to 256
[  217.027414][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  217.511301][ T7118] loop3: detected capacity change from 0 to 40427
[  217.520847][ T7118] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  217.528661][ T7118] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  217.550289][ T7118] F2FS-fs (loop3): invalid crc value
[  217.558726][ T7118] F2FS-fs (loop3): Found nat_bits in checkpoint
[  217.803774][ T7118] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  217.811119][ T7118] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  218.062834][ T7129] loop2: detected capacity change from 0 to 1024
[  218.084770][ T7118] syz.3.896: attempt to access beyond end of device
[  218.084770][ T7118] loop3: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[  218.099981][ T7118] syz.3.896: attempt to access beyond end of device
[  218.099981][ T7118] loop3: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[  218.222333][ T7118] F2FS-fs (loop3): Issue discard(4614, 4614, 1019) failed, ret: -5
[  218.222395][ T7118] F2FS-fs (loop3): Issue discard(5637, 5637, 10747) failed, ret: -5
[  218.253286][ T7132] loop1: detected capacity change from 0 to 512
[  218.542262][ T7132] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.900: inode has both inline data and extents flags
[  218.605311][ T7125] loop5: detected capacity change from 0 to 131072
[  218.625808][ T7125] F2FS-fs (loop5): invalid crc value
[  218.634544][ T7125] F2FS-fs (loop5): Found nat_bits in checkpoint
[  218.673625][ T7132] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.900: couldn't read orphan inode 15 (err -117)
[  218.715110][ T7125] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  218.742103][ T7132] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  218.918069][ T6297] hfsplus: b-tree write err: -5, ino 25
[  218.934171][ T6297] hfsplus: b-tree write err: -5, ino 4
[  218.946020][ T5545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  218.979257][ T6297] hfsplus: b-tree write err: -5, ino 2
[  219.040367][ T4272] EXT4-fs (loop1): unmounting filesystem.
[  219.105873][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  219.606088][ T7154] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  219.620130][ T7157] netlink: 36 bytes leftover after parsing attributes in process `syz.5.908'.
[  220.068550][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  220.127389][ T6278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  220.137876][ T5545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  220.149993][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  220.159129][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  220.452014][ T7150] loop3: detected capacity change from 0 to 32768
[  220.825144][ T4317] hid-generic 0005:9C3F:0006.000D: hidraw0: BLUETOOTH HID v0.05 Device [syz0] on aa:aa:aa:aa:aa:aa
[  220.984013][ T7155] loop2: detected capacity change from 0 to 32768
[  221.164892][ T7155] XFS (loop2): Mounting V5 Filesystem
[  221.195776][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  221.327826][ T7178] fido_id[7178]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  221.368344][ T7183] loop3: detected capacity change from 0 to 4096
[  221.408084][ T7155] XFS (loop2): Ending clean mount
[  221.458491][ T7183] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  221.556937][ T7155] XFS (loop2): User initiated shutdown received.
[  221.635991][ T7155] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495).  Shutting down filesystem.
[  221.732944][ T4270] EXT4-fs (loop3): unmounting filesystem.
[  221.755156][ T7155] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  221.941042][ T7167] loop1: detected capacity change from 0 to 40427
[  222.027817][ T7167] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  222.052833][ T4283] XFS (loop2): Unmounting Filesystem
[  222.065226][ T7167] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  222.143358][ T7167] F2FS-fs (loop1): Found nat_bits in checkpoint
[  222.236083][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  222.429079][ T7167] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  222.455708][ T7167] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  222.720608][ T5545] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  222.736722][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.736805][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.745053][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.812863][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.866215][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.898305][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.917557][ T5545] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.956891][ T7224] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  222.967009][ T5545] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.984102][ T7229] loop4: detected capacity change from 0 to 512
[  223.023890][ T7229] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  223.028825][ T5545] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  223.057197][ T5545] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.084539][ T5545] usb 4-1: config 0 descriptor??
[  223.191499][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  223.208625][ T7229] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  223.254820][ T7229] ext4 filesystem being mounted at /201/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  223.266412][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  223.413483][ T7238] loop2: detected capacity change from 0 to 512
[  223.477249][ T7238] EXT4-fs (loop2): Test dummy encryption mode enabled
[  223.526208][ T5545] cm6533_jd 0003:0D8C:0022.000E: unknown main item tag 0x0
[  223.544558][ T5545] cm6533_jd 0003:0D8C:0022.000E: unknown main item tag 0x0
[  223.553936][ T7238] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  223.576670][ T5545] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.000E/input/input18
[  223.616783][ T7238] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.927: bad orphan inode 131083
[  223.642370][ T5545] cm6533_jd 0003:0D8C:0022.000E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  223.681410][ T7238] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  223.760869][ T5545] usb 4-1: USB disconnect, device number 16
[  223.797218][ T4274] EXT4-fs (loop4): unmounting filesystem.
[  224.056480][ T4283] EXT4-fs (loop2): unmounting filesystem.
[  224.078338][ T7248] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  224.220361][ T7246] fido_id[7246]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  224.307247][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  224.463344][ T7256] loop4: detected capacity change from 0 to 512
[  224.527313][ T7256] EXT4-fs: Ignoring removed nobh option
[  224.626360][ T7256] EXT4-fs error (device loop4): __ext4_iget:5091: inode #11: block 1: comm syz.4.930: invalid block
[  224.709850][ T7256] EXT4-fs (loop4): Remounting filesystem read-only
[  224.716965][ T7256] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.930: couldn't read orphan inode 11 (err -117)
[  224.730100][ T7256] EXT4-fs (loop4): Remounting filesystem read-only
[  224.737299][ T7256] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  224.855673][ T5545] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  224.933475][ T7270] device batadv_slave_1 entered promiscuous mode
[  224.948810][ T7270] device batadv_slave_1 left promiscuous mode
[  224.961466][ T7256] EXT4-fs error (device loop4): htree_dirblock_to_tree:1083: inode #2: comm syz.4.930: Directory hole found for htree leaf block 0
[  224.989482][ T7256] EXT4-fs (loop4): Remounting filesystem read-only
[  225.083017][ T5545] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.145508][ T5545] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.169084][ T4274] EXT4-fs error (device loop4): htree_dirblock_to_tree:1083: inode #2: comm syz-executor: Directory hole found for htree leaf block 0
[  225.193823][ T5545] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  225.234646][ T5545] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  225.256608][ T5545] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.264723][ T4274] EXT4-fs (loop4): Remounting filesystem read-only
[  225.272322][ T7276] netlink: 20 bytes leftover after parsing attributes in process `syz.2.936'.
[  225.302275][ T5545] usb 4-1: config 0 descriptor??
[  225.310928][ T6882] net_ratelimit: 1 callbacks suppressed
[  225.310946][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.336312][ T4274] EXT4-fs (loop4): unmounting filesystem.
[  225.382188][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.391313][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.401156][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.411904][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.759748][ T7278] binder: 7277:7278 ioctl c0306201 200000001a80 returned -14
[  225.761074][ T5545] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  225.823949][ T5545] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  225.841098][ T6295] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.850348][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  225.860003][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  226.025284][ T7296] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  226.081922][ T5545] usb 4-1: USB disconnect, device number 17
[  226.126626][ T7299] loop1: detected capacity change from 0 to 512
[  226.175904][ T7299] EXT4-fs (loop1): Test dummy encryption mode enabled
[  226.182932][ T7299] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  226.286256][ T7299] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.940: bad orphan inode 131083
[  226.339746][ T7297] fido_id[7297]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  226.357901][ T7299] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  226.396177][ T4317] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  226.533763][ T7313] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  226.694190][ T4272] EXT4-fs (loop1): unmounting filesystem.
[  227.432677][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  227.512968][   T26] audit: type=1326 audit(1775176103.652:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696ab9c819 code=0x7ffc0000
[  227.528269][ T7342] loop3: detected capacity change from 0 to 256
[  227.610895][   T26] audit: type=1326 audit(1775176103.652:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696ab9c819 code=0x7ffc0000
[  227.653524][ T7345] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  227.665051][   T26] audit: type=1326 audit(1775176103.652:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f696ab9c819 code=0x7ffc0000
[  227.714301][ T7347] Bluetooth: MGMT ver 1.22
[  227.848847][   T26] audit: type=1326 audit(1775176103.652:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f696ab9c582 code=0x7ffc0000
[  227.963979][   T26] audit: type=1326 audit(1775176103.652:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f696ab5d04e code=0x7ffc0000
[  228.076499][ T6284] wlan1: Trigger new scan to find an IBSS to join
[  228.094098][   T26] audit: type=1326 audit(1775176103.652:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f696ab9c647 code=0x7ffc0000
[  228.202920][   T26] audit: type=1326 audit(1775176103.652:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f696ab5d04e code=0x7ffc0000
[  228.335471][   T26] audit: type=1326 audit(1775176103.652:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f696ab9c4ab code=0x7ffc0000
[  228.403982][ T7367] loop3: detected capacity change from 0 to 256
[  228.429422][   T26] audit: type=1326 audit(1775176103.782:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f696ab5d04e code=0x7ffc0000
[  228.469572][ T7367] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  228.572148][   T26] audit: type=1326 audit(1775176103.782:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7341 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f696ab5d04e code=0x7ffc0000
[  228.678116][ T7373] block nbd0: Unsupported socket: should be TCP or UNIX.
[  229.305569][ T4529] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  229.340250][ T7388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.972'.
[  229.385564][ T7388] netlink: 16 bytes leftover after parsing attributes in process `syz.2.972'.
[  229.517914][ T4529] usb 6-1: unable to get BOS descriptor or descriptor too short
[  229.531353][ T4529] usb 6-1: not running at top speed; connect to a high speed hub
[  229.577139][ T4529] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  229.612601][ T4529] usb 6-1: New USB device found, idVendor=15ca, idProduct=1806, bcdDevice= 0.40
[  229.655539][ T4529] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.681086][ T4529] usb 6-1: Product: syz
[  229.688115][ T4529] usb 6-1: Manufacturer: syz
[  229.692799][ T4529] usb 6-1: SerialNumber: syz
[  229.709192][ T7382] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  229.745579][ T4285] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  229.753612][ T4285] Bluetooth: hci0: command 0x1407 tx timeout
[  229.945402][ T4529] usb 6-1: MIDIStreaming interface descriptor not found
[  230.028403][ T4529] usb 6-1: USB disconnect, device number 3
[  230.066129][ T6284] wlan1: Trigger new scan to find an IBSS to join
[  230.331300][ T7385] loop3: detected capacity change from 0 to 40427
[  230.355652][ T4340] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  230.378523][ T4371] udevd[4371]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  230.399638][ T7385] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  230.415223][ T7385] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  230.490159][ T7385] F2FS-fs (loop3): Found nat_bits in checkpoint
[  230.546360][   T22] net_ratelimit: 3 callbacks suppressed
[  230.546385][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.562602][ T4340] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  230.597368][ T4340] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.633619][ T4340] usb 2-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00
[  230.662402][ T4340] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.703065][ T4340] usb 2-1: config 0 descriptor??
[  230.709098][ T7385] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  230.723557][ T7385] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  230.916091][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  230.916129][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  230.925689][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  230.946323][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  230.948733][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.972480][ T5545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.984873][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  231.032286][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  231.032323][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  231.096019][ T7385] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  231.105839][ T6284] wlan1: Trigger new scan to find an IBSS to join
[  231.138713][ T4340] hid (null): report_id 7532 is invalid
[  231.150238][ T7418] loop5: detected capacity change from 0 to 512
[  231.170287][ T4340] sigmamicro 0003:1C4F:0059.0010: unknown main item tag 0x0
[  231.206048][ T4340] sigmamicro 0003:1C4F:0059.0010: unknown main item tag 0x0
[  231.225037][ T4340] sigmamicro 0003:1C4F:0059.0010: unknown main item tag 0x0
[  231.238545][ T7418] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  231.251828][ T4340] sigmamicro 0003:1C4F:0059.0010: unknown main item tag 0x0
[  231.280711][ T7415] loop4: detected capacity change from 0 to 4096
[  231.295332][ T4340] sigmamicro 0003:1C4F:0059.0010: unknown main item tag 0x0
[  231.331246][ T4340] sigmamicro 0003:1C4F:0059.0010: unknown main item tag 0x0
[  231.367945][ T7418] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  231.402356][ T4340] sigmamicro 0003:1C4F:0059.0010: report_id 7532 is invalid
[  231.415948][ T7418] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  231.457513][ T4340] sigmamicro 0003:1C4F:0059.0010: item 0 4 1 8 parsing failed
[  231.511835][ T4340] sigmamicro: probe of 0003:1C4F:0059.0010 failed with error -22
[  231.584178][ T4340] usb 2-1: USB disconnect, device number 16
[  231.625659][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  231.824259][ T6462] EXT4-fs (loop5): unmounting filesystem.
[  232.068320][ T7435] netlink: 'syz.5.982': attribute type 39 has an invalid length.
[  232.084100][ T6297] wlan1: Creating new IBSS network, BSSID da:8e:69:74:13:3b
[  232.715835][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  232.843026][ T7458] loop2: detected capacity change from 0 to 2048
[  232.920017][ T7458] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  232.981912][ T7458] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  232.995510][ T6882] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  233.084943][ T7458] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 1 with error 28
[  233.105912][ T6291] wlan1: Trigger new scan to find an IBSS to join
[  233.161119][ T7458] EXT4-fs (loop2): This should not happen!! Data will be lost
[  233.161119][ T7458] 
[  233.182796][ T7458] EXT4-fs (loop2): Total free blocks count 0
[  233.208069][ T6882] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  233.225616][ T7458] EXT4-fs (loop2): Free/Dirty block details
[  233.242834][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.245570][ T7458] EXT4-fs (loop2): free_blocks=2415919104
[  233.272669][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.284229][ T7458] EXT4-fs (loop2): dirty_blocks=32
[  233.293589][ T7458] EXT4-fs (loop2): Block reservation details
[  233.315602][ T7458] EXT4-fs (loop2): i_reserved_data_blocks=2
[  233.324471][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.342475][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.373581][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.391734][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.417659][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.429281][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.451316][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.473174][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.494536][ T7478] Invalid argument reading file caps for ./file0
[  233.495274][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.530421][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.549396][ T4283] EXT4-fs (loop2): unmounting filesystem.
[  233.562631][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.581495][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.616058][ T5545] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  233.627709][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.687651][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.708919][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.720588][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.732548][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.745859][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  233.762653][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.768685][ T7482] loop3: detected capacity change from 0 to 512
[  233.804458][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.811541][ T5545] usb 6-1: Using ep0 maxpacket: 32
[  233.820015][ T5545] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 1536, setting to 1024
[  233.824884][ T7482] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.996: inode has both inline data and extents flags
[  233.843104][ T6882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.854806][ T7482] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.996: couldn't read orphan inode 15 (err -117)
[  233.877222][ T5545] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024
[  233.899043][ T6882] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.911049][ T7482] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  233.944741][ T5545] usb 6-1: string descriptor 0 read error: -22
[  233.975708][ T6882] usb 5-1: config 0 interface 0 has no altsetting 0
[  233.982770][ T5545] usb 6-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  234.010949][ T6882] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=66.8e
[  234.025468][ T5545] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.047116][ T6882] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  234.067467][ T7474] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  234.079499][ T5545] usb 6-1: MIDIStreaming interface descriptor not found
[  234.095735][ T6882] usb 5-1: Product: syz
[  234.105511][ T6882] usb 5-1: Manufacturer: syz
[  234.121854][ T6882] usb 5-1: SerialNumber: syz
[  234.137267][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  234.155206][ T4270] EXT4-fs (loop3): unmounting filesystem.
[  234.158952][ T6882] usb 5-1: config 0 descriptor??
[  234.236447][ T6882] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  234.245733][   T22] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  234.381323][ T7494] netlink: 2 bytes leftover after parsing attributes in process `syz.2.999'.
[  234.409690][ T7494] netlink: 2 bytes leftover after parsing attributes in process `syz.2.999'.
[  234.436433][ T6882] usb 6-1: USB disconnect, device number 4
[  234.437958][ T7496] netlink: 2 bytes leftover after parsing attributes in process `syz.2.999'.
[  234.463517][   T22] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  234.468551][ T4286] Bluetooth: hci0: command 0x1407 tx timeout
[  234.479951][ T4285] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  234.492755][   T22] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  234.510037][ T7496] netlink: 2 bytes leftover after parsing attributes in process `syz.2.999'.
[  234.530926][   T22] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  234.551851][   T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  234.602828][   T22] usb 2-1: SerialNumber: syz
[  234.785936][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  234.796641][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  234.832372][   T22] usb 2-1: 0:2 : does not exist
[  234.863893][ T7503] loop3: detected capacity change from 0 to 1024
[  234.878820][   T22] usb 2-1: USB disconnect, device number 17
[  234.958169][ T7503] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  235.128923][ T6487] udevd[6487]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  235.300640][ T4270] EXT4-fs (loop3): unmounting filesystem.
[  235.753917][ T7523] loop1: detected capacity change from 0 to 1024
[  235.775038][ T7525] loop5: detected capacity change from 0 to 512
[  235.825894][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  235.911938][ T7525] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  235.934395][ T4340] usb 5-1: USB disconnect, device number 9
[  235.968387][ T7525] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  235.986049][ T4340] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  236.055162][ T7525] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  236.066371][ T6304] wlan1: Creating new IBSS network, BSSID e2:4e:b9:8e:db:48
[  236.078799][ T7525] System zones: 0-1, 15-15, 18-18, 34-34
[  236.091900][ T6291] hfsplus: b-tree write err: -5, ino 25
[  236.097857][ T6291] hfsplus: b-tree write err: -5, ino 4
[  236.101582][ T7525] EXT4-fs (loop5): orphan cleanup on readonly fs
[  236.103904][ T6291] hfsplus: b-tree write err: -5, ino 2
[  236.114696][ T7525] __quota_error: 13 callbacks suppressed
[  236.114713][ T7525] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=0
[  236.132282][ T7525] EXT4-fs warning (device loop5): ext4_enable_quotas:7087: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  236.165559][ T7525] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  236.196670][ T7525] EXT4-fs (loop5): 1 truncate cleaned up
[  236.236391][ T7525] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  236.341639][ T7525] fscrypt (loop5, inode 16): Error -61 getting encryption context
[  236.502309][ T6462] EXT4-fs (loop5): unmounting filesystem.
[  236.595590][ T7546] input: syz0 as /devices/virtual/input/input19
[  236.707674][ T6284] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  236.716897][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  236.727729][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  236.865684][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  236.926326][ T7559] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1015'.
[  237.015774][ T6882] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  237.224310][ T6882] usb 6-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  237.235093][ T6882] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.252926][ T6882] usb 6-1: Product: syz
[  237.260181][ T6882] usb 6-1: Manufacturer: syz
[  237.265056][ T6882] usb 6-1: SerialNumber: syz
[  237.290997][ T6882] usb 6-1: config 0 descriptor??
[  237.311941][ T6882] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  237.471094][ T5545] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  237.678143][ T5545] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  237.695516][ T5545] usb 5-1: config 0 has no interface number 0
[  237.719697][ T5545] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  237.741062][ T5545] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  237.772899][ T5545] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  237.793182][ T5545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.811507][ T5545] usb 5-1: config 0 descriptor??
[  237.826410][ T7567] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  237.841774][ T5545] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  237.909265][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  238.107197][ T4340] usb 5-1: USB disconnect, device number 10
[  238.107298][    C0] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  238.323432][ T6882] gspca_sunplus: reg_w_riv err -71
[  238.336591][ T6882] sunplus: probe of 6-1:0.0 failed with error -71
[  238.358996][ T6882] usb 6-1: USB disconnect, device number 5
[  238.422642][ T7574] loop2: detected capacity change from 0 to 40427
[  238.435689][ T5548] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  238.450313][ T7574] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  238.465937][ T7574] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  238.480897][ T7574] F2FS-fs (loop2): Found nat_bits in checkpoint
[  238.552391][ T7574] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  238.565611][ T7574] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  238.628637][ T5548] usb 2-1: Using ep0 maxpacket: 32
[  238.645068][ T5548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.646142][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.662018][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.665750][ T5548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  238.670365][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.693870][ T5548] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  238.714051][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.714081][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.725461][ T5548] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.732464][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.742330][ T7574] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  238.758761][ T5548] usb 2-1: config 0 descriptor??
[  238.783348][ T5548] hub 2-1:0.0: USB hub found
[  238.951855][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  238.990133][ T5548] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  239.396930][ T4340] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  239.419843][ T5548] hid-generic 0003:046D:C31C.0011: unknown main item tag 0x0
[  239.522711][ T5548] hid-generic 0003:046D:C31C.0011: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0
[  239.614790][ T4340] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  239.655821][ T4340] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  239.695442][ T4340] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  239.725008][ T4340] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.757572][ T4340] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  239.788347][ T4340] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  239.812622][ T4340] usb 6-1: Product: syz
[  239.829503][ T4340] usb 6-1: Manufacturer: syz
[  239.836940][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  239.873405][ T4340] cdc_wdm 6-1:1.0: skipping garbage
[  239.892371][ T4340] cdc_wdm 6-1:1.0: skipping garbage
[  239.898449][   T14] usb 2-1: USB disconnect, device number 18
[  239.930432][ T4340] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  239.954206][ T4340] cdc_wdm 6-1:1.0: Unknown control protocol
[  239.986783][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  240.137045][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  240.143731][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  240.152950][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  240.159624][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  240.166354][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  240.173022][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  240.180533][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  240.187228][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  240.193837][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  240.200489][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  240.206599][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  240.215660][ T5548] usb 6-1: USB disconnect, device number 6
[  240.405568][ T4529] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  240.597279][ T4529] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  240.609612][ T4529] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  240.626080][ T4529] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  240.648330][ T4529] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  240.662846][ T4529] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.672683][ T4529] usb 3-1: Product: syz
[  240.682764][ T4529] usb 3-1: Manufacturer: syz
[  240.689939][ T4529] usb 3-1: SerialNumber: syz
[  240.945331][ T4529] usb 3-1: USB disconnect, device number 8
[  241.036112][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  241.246220][ T6487] udevd[6487]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  241.600916][ T7636] loop2: detected capacity change from 0 to 512
[  241.663451][ T7636] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  241.750883][ T7636] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[  241.784981][ T7636] System zones: 1-12
[  241.817996][ T7636] EXT4-fs error (device loop2): ext4_iget_extra_inode:4752: inode #15: comm syz.2.1039: corrupted in-inode xattr
[  241.877859][ T7642] netlink: 'syz.4.1041': attribute type 39 has an invalid length.
[  241.908802][ T7636] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.1039: couldn't read orphan inode 15 (err -117)
[  241.942605][ T7636] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  241.951777][ T4529] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  242.076279][ T4340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  242.165588][ T4529] usb 4-1: Using ep0 maxpacket: 16
[  242.173181][ T4529] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.190534][ T4529] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  242.201089][ T4529] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  242.221686][ T4529] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  242.231546][ T4529] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.433580][ T4529] usb 4-1: config 0 descriptor??
[  242.447239][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  242.887687][ T4529] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0012/input/input20
[  242.988459][ T4529] appleir 0003:05AC:8241.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  243.336233][ T7634] loop5: detected capacity change from 0 to 262144
[  243.346918][ T5548] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  243.356320][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  243.364782][ T7634] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop5 scanned by syz.5.1038 (7634)
[  243.379897][ T4529] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  243.397588][ T7634] BTRFS info (device loop5): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  243.407850][ T7634] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm
[  243.417209][ T7634] BTRFS info (device loop5): using free space tree
[  243.471912][ T4529] usb 4-1: USB disconnect, device number 18
[  243.488206][ T4283] EXT4-fs (loop2): unmounting filesystem.
[  243.682590][ T7663] loop1: detected capacity change from 0 to 64
[  243.779574][ T7663] Trying to free block not in datazone
[  243.790956][ T7634] BTRFS info (device loop5): enabling ssd optimizations
[  243.968154][ T6462] BTRFS info (device loop5): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  244.041923][ T7663] Trying to free block not in datazone
[  244.206244][ T7663] minix_free_inode: bit 5 already cleared
[  244.612418][ T4314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  245.078934][ T7667] loop2: detected capacity change from 0 to 40427
[  245.139692][ T7667] F2FS-fs (loop2): invalid crc value
[  245.190435][ T7667] F2FS-fs (loop2): Found nat_bits in checkpoint
[  245.388628][ T7667] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1
[  245.455686][ T7667] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  245.702417][ T4283] syz-executor: attempt to access beyond end of device
[  245.702417][ T4283] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  246.231462][ T7683] loop3: detected capacity change from 0 to 32768
[  246.294301][ T7683] (syz.3.1048,7683,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  246.346073][ T7683] (syz.3.1048,7683,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  246.442083][ T7683] JBD2: Ignoring recovery information on journal
[  246.549360][ T7707] loop1: detected capacity change from 0 to 512
[  246.567408][ T7683] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  246.684068][ T7707] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  246.722918][ T4340] hid-generic 0005:9C3F:0006.0013: item fetching failed at offset 0/2
[  246.746491][ T4340] hid-generic: probe of 0005:9C3F:0006.0013 failed with error -22
[  246.978619][ T4272] EXT4-fs (loop1): unmounting filesystem.
[  247.187903][ T7720] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1060'.
[  247.687878][ T4270] ocfs2: Unmounting device (7,3) on (node local)
[  247.914105][ T7704] loop5: detected capacity change from 0 to 40427
[  247.934192][ T7704] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  247.967964][ T7704] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  248.021943][ T7704] F2FS-fs (loop5): Found nat_bits in checkpoint
[  248.083879][ T7704] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  248.101624][ T7704] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  248.562284][ T7740] loop1: detected capacity change from 0 to 16
[  248.598599][ T7740] erofs: (device loop1): mounted with root inode @ nid 36.
[  248.923198][ T7746] loop1: detected capacity change from 0 to 512
[  249.554224][ T7756] loop5: detected capacity change from 0 to 4096
[  249.593564][ T7756] EXT4-fs (loop5): Test dummy encryption mode enabled
[  249.692604][ T7756] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  249.761182][ T7772] loop4: detected capacity change from 0 to 128
[  249.775556][   T14] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  249.865543][ T4393] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  249.975483][   T14] usb 2-1: Using ep0 maxpacket: 8
[  249.982725][   T14] usb 2-1: config 0 has no interfaces?
[  250.019541][   T14] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=9b.1d
[  250.043503][   T14] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.072839][   T14] usb 2-1: Product: syz
[  250.083049][   T14] usb 2-1: Manufacturer: syz
[  250.088404][   T14] usb 2-1: SerialNumber: syz
[  250.123749][   T14] usb 2-1: config 0 descriptor??
[  250.125894][ T6462] EXT4-fs (loop5): unmounting filesystem.
[  250.318240][ T7785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.363145][ T7785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.374833][ T7787] loop5: detected capacity change from 0 to 64
[  250.384307][ T7785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.409712][ T7788] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.451299][ T7788] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.475666][ T7787] Trying to free block not in datazone
[  250.492530][ T7784] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.564449][ T7760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.587482][ T7760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.612308][   T14] usb 2-1: USB disconnect, device number 19
[  250.690083][ T7787] Trying to free block not in datazone
[  250.704442][ T7787] minix_free_inode: bit 5 already cleared
[  250.787409][ T5630] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.796200][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  251.848917][ T4340] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  252.082749][ T4340] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.131727][ T4340] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.162333][ T4340] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  252.203435][ T4340] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  252.230992][ T4340] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.251507][ T4340] usb 3-1: config 0 descriptor??
[  252.458935][ T7830] loop1: detected capacity change from 0 to 16
[  252.492661][ T7830] erofs: (device loop1): mounted with root inode @ nid 36.
[  252.559200][ T7830] erofs: (device loop1): z_erofs_readahead: readahead error at page 2 @ nid 89
[  252.582415][ T7830] erofs: (device loop1): z_erofs_readahead: readahead error at page 1 @ nid 89
[  252.650070][ T7830] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117]
[  252.665185][   T26] audit: type=1800 audit(1775176128.812:135): pid=7830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1104" name="file2" dev="loop1" ino=89 res=0 errno=0
[  252.699391][ T4340] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x4
[  252.712676][ T4340] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[  252.741765][ T4340] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  253.029306][   T22] usb 3-1: USB disconnect, device number 9
[  253.058946][ T7842] sp0: Synchronizing with TNC
[  253.148624][ T7840] fido_id[7840]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  253.247854][ T7842] sp0: Synchronizing with TNC
[  253.844855][ T7860] loop3: detected capacity change from 0 to 512
[  253.995684][ T6882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  254.113740][ T7860] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  254.267630][ T4270] EXT4-fs (loop3): unmounting filesystem.
[  255.261263][ T7890] loop4: detected capacity change from 0 to 256
[  255.583813][ T7900] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1129'.
[  255.907852][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  255.914330][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  255.973782][ T7911] binder: 7910:7911 ioctl c0306201 200000000680 returned -14
[  256.119858][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.201494][   T22] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  256.206663][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.286719][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.299929][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.313169][ T7918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.323417][ T7918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.332370][ T7918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.343777][ T7918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.376114][ T7918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.398399][   T22] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  256.415991][ T7918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.424474][   T22] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  256.455947][   T22] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  256.488606][   T22] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.507384][ T7924] loop5: detected capacity change from 0 to 512
[  256.520140][ T7898] loop1: detected capacity change from 0 to 32768
[  256.531364][   T22] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  256.574607][   T22] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  256.608274][ T7898] (syz.1.1128,7898,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  256.632368][ T7924] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  256.642069][ T7898] (syz.1.1128,7898,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  256.652926][   T22] usb 4-1: Product: syz
[  256.672741][ T7924] 
[  256.675142][ T7924] ======================================================
[  256.682239][ T7924] WARNING: possible circular locking dependency detected
[  256.688814][   T22] usb 4-1: Manufacturer: syz
[  256.689448][ T7924] syzkaller #0 Not tainted
[  256.698519][ T7924] ------------------------------------------------------
[  256.705573][ T7924] syz.5.1139/7924 is trying to acquire lock:
[  256.711760][ T7924] ffff88804f0366d8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_map_blocks+0x323/0x1b70
[  256.721326][ T7924] 
[  256.721326][ T7924] but task is already holding lock:
[  256.725130][   T22] cdc_wdm 4-1:1.0: skipping garbage
[  256.728787][ T7924] ffff888059992208 (&s->s_dquot.dqio_sem){++++}-{3:3}, at: v2_read_dquot+0x4a/0x110
[  256.728852][ T7924] 
[  256.728852][ T7924] which lock already depends on the new lock.
[  256.728852][ T7924] 
[  256.728858][ T7924] 
[  256.728858][ T7924] the existing dependency chain (in reverse order) is:
[  256.728865][ T7924] 
[  256.728865][ T7924] -> #2 (&s->s_dquot.dqio_sem){++++}-{3:3}:
[  256.728896][ T7924]        down_read+0x42/0x2d0
[  256.728925][ T7924]        v2_read_dquot+0x4a/0x110
[  256.728945][ T7924]        dquot_acquire+0x152/0x520
[  256.728963][ T7924]        ext4_acquire_dquot+0x2d9/0x4a0
[  256.728984][ T7924]        dqget+0x778/0xeb0
[  256.729001][ T7924]        __dquot_initialize+0x3c3/0xcd0
[  256.729019][ T7924]        ext4_xattr_set+0xd8/0x320
[  256.729041][ T7924]        __vfs_setxattr+0x3e0/0x420
[  256.729062][ T7924]        __vfs_setxattr_noperm+0x129/0x5e0
[  256.729095][ T7924]        vfs_setxattr+0x167/0x2e0
[  256.729117][ T7924]        setxattr+0x346/0x360
[  256.729142][ T7924]        path_setxattr+0x147/0x290
[  256.729165][ T7924]        __x64_sys_lsetxattr+0xb4/0xd0
[  256.729188][ T7924]        do_syscall_64+0x4c/0xa0
[  256.729212][ T7924]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  256.729232][ T7924] 
[  256.729232][ T7924] -> #1 (&dquot->dq_lock){+.+.}-{3:3}:
[  256.729259][ T7924]        __mutex_lock+0x12d/0xaf0
[  256.729281][ T7924]        dquot_commit+0x5a/0x410
[  256.747880][   T22] cdc_wdm 4-1:1.0: skipping garbage
[  256.754794][ T7924]        ext4_write_dquot+0x1f0/0x360
[  256.754830][ T7924]        mark_all_dquot_dirty+0xf9/0x400
[  256.754850][ T7924]        __dquot_free_space+0x7ec/0xbc0
[  256.890717][ T7924]        ext4_free_blocks+0x1bf3/0x26a0
[  256.896422][ T7924]        ext4_ext_remove_space+0x202d/0x4500
[  256.902607][ T7924]        ext4_ext_truncate+0x179/0x2d0
[  256.908263][ T7924]        ext4_truncate+0xa23/0x1240
[  256.913482][ T7924]        ext4_setattr+0x10cb/0x19f0
[  256.918916][ T7924]        notify_change+0xc74/0xf40
[  256.924040][ T7924]        do_truncate+0x1ac/0x240
[  256.929021][ T7924]        path_openat+0x2861/0x2ee0
[  256.934137][ T7924]        do_filp_open+0x1f1/0x430
[  256.939359][ T7924]        do_sys_openat2+0x150/0x4b0
[  256.944655][ T7924]        __x64_sys_creat+0x8c/0xb0
[  256.949776][ T7924]        do_syscall_64+0x4c/0xa0
[  256.955198][ T7924]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  256.961640][ T7924] 
[  256.961640][ T7924] -> #0 (&ei->i_data_sem/2){++++}-{3:3}:
[  256.969532][ T7924]        __lock_acquire+0x2d07/0x7d10
[  256.975193][ T7924]        lock_acquire+0x1bb/0x4a0
[  256.980234][ T7924]        down_read+0x42/0x2d0
[  256.985019][ T7924]        ext4_map_blocks+0x323/0x1b70
[  256.990678][ T7924]        ext4_getblk+0x1cc/0x6f0
[  256.995632][ T7924]        ext4_bread+0x26/0x170
[  257.000395][ T7924]        ext4_quota_read+0x180/0x380
[  257.005784][ T7924]        find_tree_dqentry+0x1cd/0xf30
[  257.011438][ T7924]        qtree_read_dquot+0x57b/0x820
[  257.016901][ T7924]        v2_read_dquot+0xc0/0x110
[  257.021962][ T7924]        dquot_acquire+0x152/0x520
[  257.027384][ T7924]        ext4_acquire_dquot+0x2d9/0x4a0
[  257.033236][ T7924]        dqget+0x778/0xeb0
[  257.037778][ T7924]        __dquot_initialize+0x3c3/0xcd0
[  257.043350][ T7924]        ext4_setattr+0x2ba/0x19f0
[  257.048489][ T7924]        notify_change+0xc74/0xf40
[  257.053813][ T7924]        do_truncate+0x1ac/0x240
[  257.058775][ T7924]        vfs_truncate+0x262/0x2f0
[  257.064020][ T7924]        do_sys_truncate+0xf2/0x1c0
[  257.069362][ T7924]        do_syscall_64+0x4c/0xa0
[  257.074336][ T7924]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  257.080771][ T7924] 
[  257.080771][ T7924] other info that might help us debug this:
[  257.080771][ T7924] 
[  257.091755][ T7924] Chain exists of:
[  257.091755][ T7924]   &ei->i_data_sem/2 --> &dquot->dq_lock --> &s->s_dquot.dqio_sem
[  257.091755][ T7924] 
[  257.105520][ T7924]  Possible unsafe locking scenario:
[  257.105520][ T7924] 
[  257.113407][ T7924]        CPU0                    CPU1
[  257.118779][ T7924]        ----                    ----
[  257.124184][ T7924]   lock(&s->s_dquot.dqio_sem);
[  257.129055][ T7924]                                lock(&dquot->dq_lock);
[  257.136083][ T7924]                                lock(&s->s_dquot.dqio_sem);
[  257.143470][ T7924]   lock(&ei->i_data_sem/2);
[  257.148070][ T7924] 
[  257.148070][ T7924]  *** DEADLOCK ***
[  257.148070][ T7924] 
[  257.156309][ T7924] 4 locks held by syz.5.1139/7924:
[  257.161514][ T7924]  #0: ffff888059992460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3d/0x90
[  257.170770][ T7924]  #1: ffff88804f1ca218 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: do_truncate+0x198/0x240
[  257.181583][ T7924]  #2: ffff8880562e6ce8 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_acquire+0x63/0x520
[  257.191001][ T7924]  #3: ffff888059992208 (&s->s_dquot.dqio_sem){++++}-{3:3}, at: v2_read_dquot+0x4a/0x110
[  257.201174][ T7924] 
[  257.201174][ T7924] stack backtrace:
[  257.207064][ T7924] CPU: 0 PID: 7924 Comm: syz.5.1139 Not tainted syzkaller #0
[  257.214550][ T7924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  257.224697][ T7924] Call Trace:
[  257.227983][ T7924]  <TASK>
[  257.230919][ T7924]  dump_stack_lvl+0x188/0x24e
[  257.235611][ T7924]  ? load_image+0x400/0x400
[  257.240126][ T7924]  ? show_regs_print_info+0x12/0x12
[  257.245430][ T7924]  ? print_circular_bug+0x12b/0x1a0
[  257.250646][ T7924]  check_noncircular+0x296/0x330
[  257.255598][ T7924]  ? add_chain_block+0x940/0x940
[  257.260555][ T7924]  ? lockdep_lock+0xf1/0x1f0
[  257.265246][ T7924]  ? mark_lock+0x94/0x320
[  257.269589][ T7924]  ? _find_first_zero_bit+0xcf/0x100
[  257.275028][ T7924]  __lock_acquire+0x2d07/0x7d10
[  257.280423][ T7924]  ? verify_lock_unused+0x140/0x140
[  257.285635][ T7924]  ? verify_lock_unused+0x140/0x140
[  257.290851][ T7924]  ? is_bpf_text_address+0x22/0x2a0
[  257.296059][ T7924]  ? __lock_acquire+0x7d10/0x7d10
[  257.301099][ T7924]  lock_acquire+0x1bb/0x4a0
[  257.305621][ T7924]  ? ext4_map_blocks+0x323/0x1b70
[  257.310663][ T7924]  ? __might_sleep+0xd0/0xd0
[  257.315257][ T7924]  ? read_lock_is_recursive+0x10/0x10
[  257.320642][ T7924]  ? rcu_is_watching+0x11/0xa0
[  257.325507][ T7924]  down_read+0x42/0x2d0
[  257.329678][ T7924]  ? ext4_map_blocks+0x323/0x1b70
[  257.335205][ T7924]  ext4_map_blocks+0x323/0x1b70
[  257.340189][ T7924]  ? __stack_depot_save+0x421/0x460
[  257.345425][ T7924]  ? __kasan_kmalloc+0x8e/0xa0
[  257.350291][ T7924]  ? __kmalloc+0xb0/0x240
[  257.354751][ T7924]  ? find_tree_dqentry+0x56/0xf30
[  257.359873][ T7924]  ? ext4_issue_zeroout+0x250/0x250
[  257.365182][ T7924]  ? ext4_acquire_dquot+0x2d9/0x4a0
[  257.370567][ T7924]  ? vfs_truncate+0x262/0x2f0
[  257.375346][ T7924]  ? do_sys_truncate+0xf2/0x1c0
[  257.380472][ T7924]  ? do_syscall_64+0x4c/0xa0
[  257.385102][ T7924]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  257.391295][ T7924]  ext4_getblk+0x1cc/0x6f0
[  257.396225][ T7924]  ? ext4_get_block_unwritten+0x100/0x100
[  257.402167][ T7924]  ext4_bread+0x26/0x170
[  257.406434][ T7924]  ext4_quota_read+0x180/0x380
[  257.411213][ T7924]  find_tree_dqentry+0x1cd/0xf30
[  257.416165][ T7924]  ? ext4_show_options+0x50/0x50
[  257.421409][ T7924]  qtree_read_dquot+0x57b/0x820
[  257.426404][ T7924]  ? read_lock_is_recursive+0x10/0x10
[  257.432001][ T7924]  ? remove_tree+0x2150/0x2150
[  257.436848][ T7924]  ? trace_contention_end+0x5f/0x170
[  257.442430][ T7924]  ? down_read+0x1a8/0x2d0
[  257.446868][ T7924]  v2_read_dquot+0xc0/0x110
[  257.451389][ T7924]  dquot_acquire+0x152/0x520
[  257.456183][ T7924]  ? __ext4_journal_start_sb+0x1dd/0x3d0
[  257.462090][ T7924]  ext4_acquire_dquot+0x2d9/0x4a0
[  257.467336][ T7924]  dqget+0x778/0xeb0
[  257.471248][ T7924]  __dquot_initialize+0x3c3/0xcd0
[  257.476294][ T7924]  ? ktime_get_coarse_real_ts64+0x36/0x120
[  257.482305][ T7924]  ? dquot_initialize+0x20/0x20
[  257.487179][ T7924]  ? slab_free_freelist_hook+0x131/0x1a0
[  257.492914][ T7924]  ? ktime_get_coarse_real_ts64+0x10c/0x120
[  257.498815][ T7924]  ? fsverity_prepare_setattr+0x74/0x140
[  257.504749][ T7924]  ext4_setattr+0x2ba/0x19f0
[  257.509353][ T7924]  ? atime_needs_update+0x780/0x780
[  257.514560][ T7924]  ? evm_inode_setattr+0x91/0x790
[  257.519596][ T7924]  ? bpf_lsm_inode_setattr+0x5/0x10
[  257.524895][ T7924]  ? security_inode_setattr+0xd8/0x140
[  257.530453][ T7924]  ? try_break_deleg+0x79/0x120
[  257.535456][ T7924]  ? ext4_write_inode+0x5e0/0x5e0
[  257.540691][ T7924]  notify_change+0xc74/0xf40
[  257.545334][ T7924]  do_truncate+0x1ac/0x240
[  257.549771][ T7924]  ? put_page_bootmem+0x2c0/0x2c0
[  257.554916][ T7924]  ? bpf_lsm_path_truncate+0x5/0x10
[  257.560301][ T7924]  vfs_truncate+0x262/0x2f0
[  257.565251][ T7924]  do_sys_truncate+0xf2/0x1c0
[  257.569972][ T7924]  ? lock_chain_count+0x20/0x20
[  257.575131][ T7924]  ? break_lease+0xd0/0xd0
[  257.579671][ T7924]  ? lockdep_hardirqs_on+0x94/0x140
[  257.584973][ T7924]  do_syscall_64+0x4c/0xa0
[  257.589501][ T7924]  ? clear_bhb_loop+0x60/0xb0
[  257.594480][ T7924]  ? clear_bhb_loop+0x60/0xb0
[  257.599253][ T7924]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  257.605242][ T7924] RIP: 0033:0x7f55aeb9c819
[  257.609667][ T7924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  257.629564][ T7924] RSP: 002b:00007f55afa14028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  257.638519][ T7924] RAX: ffffffffffffffda RBX: 00007f55aee15fa0 RCX: 00007f55aeb9c819
[  257.646593][ T7924] RDX: 0000000000000000 RSI: 00000020fffbfffc RDI: 0000200000000340
[  257.654760][ T7924] RBP: 00007f55aec32c91 R08: 0000000000000000 R09: 0000000000000000
[  257.663033][ T7924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  257.671203][ T7924] R13: 00007f55aee16038 R14: 00007f55aee15fa0 R15: 00007ffdc040c7c8
[  257.679631][ T7924]  </TASK>
[  257.689213][ T7930] loop2: detected capacity change from 0 to 64
[  257.742644][   T22] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  257.753547][ T7898] JBD2: Ignoring recovery information on journal
[  257.764799][   T22] cdc_wdm 4-1:1.0: Unknown control protocol
[  257.837226][ T7898] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  257.959420][   T14] usb 4-1: USB disconnect, device number 19
[  257.967382][ T6462] EXT4-fs (loop5): unmounting filesystem.
[  258.013814][ T4272] ocfs2: Unmounting device (7,1) on (node local)
[  263.595739][   T14] net_ratelimit: 343 callbacks suppressed
[  263.595759][   T14] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  264.225615][ T6293] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  264.865791][   T22] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  264.874336][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog