last executing test programs:

1m16.888788288s ago: executing program 0 (id=57):
r0 = semget$private(0x0, 0x1, 0x4)
semctl$SETVAL(r0, 0x1, 0x10, 0x0)

1m16.888667032s ago: executing program 0 (id=58):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1804}, 0x50)

1m16.834419188s ago: executing program 0 (id=59):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000004c0)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x669, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
unlink(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1m16.735601353s ago: executing program 0 (id=60):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)

1m16.499150888s ago: executing program 0 (id=61):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x6, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="80006466d3805699", 0x8, 0x20004840, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/16, 0x10}, 0x4}], 0x1, 0x40000002, 0x0)

1m16.208561122s ago: executing program 0 (id=63):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)

1m16.050277859s ago: executing program 32 (id=63):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)

3.242213004s ago: executing program 1 (id=805):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0x174, 0xfffff800, 0x47524247, 0x31303453, [0x6, 0xa], [0x58e3, 0x741], 0x1}})

3.241971166s ago: executing program 1 (id=806):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x80ad}, 0x1c)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x729f, @empty, 0x80ad}, 0x1c)

3.159653074s ago: executing program 1 (id=807):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x77359400}}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioperm(0x0, 0x2, 0x7e)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r5, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r5, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x4000080)

2.187931312s ago: executing program 1 (id=813):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000bc0)={{0x12, 0x1, 0x0, 0x44, 0x39, 0xdc, 0x40, 0x1660, 0x1921, 0x1f84, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3, 0x0, 0x2, 0xf6, 0x62, 0x70, 0x0, [], [{{0x9, 0x5, 0x7, 0x0, 0x10, 0x9, 0x6, 0x8}}, {{0x9, 0x5, 0xd, 0x3, 0x0, 0x68, 0x37, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x20, 0x0, 0x1, "f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, &(0x7f00000000c0)={0x0, 0x18, 0x9, "dcf3390988dd7cac29"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.341868917s ago: executing program 2 (id=817):
pipe2(&(0x7f0000000400)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311c", 0x8)
r2 = accept4$alg(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x40)
sendfile(r0, r2, 0x0, 0x10ffff)

1.181483551s ago: executing program 2 (id=818):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f00000015c0)=ANY=[@ANYBLOB="9feb0100180000000000000078000000780000000a000000080000000000000700000000040000000000000c0300000005000000000000080400000004000000030000930100000000000001050000000a0000000a00000005000000000000000d00000008000000008000000700000000000010040000000c0000000000000700000000cd9eb02db4b6a79b040000000061612e2e5f2e2e61"], 0x0, 0x9a, 0x0, 0x1, 0x153}, 0x28)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f00000010c0)={0x0, 0x0, {}, {}, {0x0, @struct}})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x66)
recvmsg$can_j1939(r1, &(0x7f00000001c0)={&(0x7f0000000400)=@can, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000680)=""/72, 0x48}, {&(0x7f0000000700)=""/131, 0x83}, {&(0x7f0000000a40)=""/253, 0xfd}, {&(0x7f0000000840)=""/126, 0x7e}, {&(0x7f0000000940)=""/100, 0x64}], 0x5, &(0x7f0000000c40)=""/240, 0xf0}, 0x40002000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r2, r3}, 0xc)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r3}, 0x38)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYRES64=0x0], 0x7c}, 0x1, 0x0, 0x0, 0xadf588c23dcae771}, 0xd4)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000008c0)={<r4=>0x0, 0x362, 0xffff, 0x3}, &(0x7f00000002c0)=0x10)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000000b40)=[{{&(0x7f00000000c0)={0xa, 0x20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000240)="ad", 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000800)=',', 0x1}], 0x1, &(0x7f0000000a00)=ANY=[@ANYBLOB="180000000000000029000000360000003b000000000000001400000000000000290000000b000000000000020000000028"], 0x58}}], 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000080)=[{0x0}], 0x1)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000340)={r4, 0xb0}, &(0x7f0000000380)=0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200), 0x60)
syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
r7 = userfaultfd(0x80001)
r8 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r8, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r8, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000100))

810.989595ms ago: executing program 3 (id=825):
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x86400, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000200)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

710.487029ms ago: executing program 3 (id=826):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x9c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0xa0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xa0}}, 0x0)

641.029189ms ago: executing program 3 (id=827):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

329.437802ms ago: executing program 1 (id=828):
r0 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

202.843401ms ago: executing program 1 (id=829):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
setxattr$system_posix_acl(&(0x7f00000000c0)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000700)={{}, {}, [], {0x4, 0x4}}, 0x24, 0x0)

202.189286ms ago: executing program 3 (id=830):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$tun(r0, &(0x7f0000000600)={@val={0x0, 0x1}, @void, @x25={0x0, 0xf, 0x5, "c2"}}, 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

201.12625ms ago: executing program 2 (id=831):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x0, 0x1011}})

100.928656ms ago: executing program 2 (id=832):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807000000", @ANYRES32=r1, @ANYBLOB="20000100", @ANYRES32=r1, @ANYBLOB="00000000e100000000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)

100.521198ms ago: executing program 3 (id=833):
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000901, 0xee00, 0x0)
syz_mount_image$cramfs(&(0x7f0000000380), &(0x7f0000000180)='./file1\x00', 0x1000000, &(0x7f00000006c0)=ANY=[@ANYRES16=0x0], 0x1, 0x156, &(0x7f0000000440)="$eJzszr9LAnEYx/HPef6IUhQysIYSGjoU8zyxLUIj6SA7KFwaItCLAk1RiBsraGvoD7jBEprEofoDzFoqhbC/ofGgIXA0vn2FKJqan9dyd+/n4eFWFrsSfIAIbrlULFf0alXPBze0THrz+pZ3F4CBl70VyxW2nOe9lQT22NMOWMc833uA3f2CPp8rFdi3lQQkAKkx1h2QwXdHWfPz3diwSbNAe4I35Y8WH7YpO5Dy8sbuDS6AOQGw4fveBwAjeMN/VI2ErrZFnKrhmXEBMMxws/G03nlUI6Fp/UxJT9bdARFZ/eFyhK0b5mtUjLxEm41et5NZ0zJaN64oC3E5JsuJnvbcURNH57Cvug+BrV/3nE4AWeBEAEwBaHzNrZbgAdCu9bWi1+UH8H7gAwTDtO7Y5K1d6wM/J7mdgKO+5PfZIEoQQAghhBBCCCGE/NNnAAAA//+qXmS0")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x0, 0x0)

2.620939ms ago: executing program 2 (id=834):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071115c0000000000851000000200000085000000b200000095000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)

343.602µs ago: executing program 3 (id=835):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x189042, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f0000000280)={0x43, 0x0, 0x0, 0x0, 0x1000000, 0x6})

0s ago: executing program 2 (id=836):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x7c}}, 0x0)

kernel console output (not intermixed with test programs):

ption
[   76.532311][ T6104] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   76.537705][   T95] usb 3-1: USB disconnect, device number 4
[   76.540245][ T6104] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   76.570222][ T6104] EXT4-fs (loop1): 1 truncate cleaned up
[   76.582070][ T6104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.652568][ T5860] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.054136][ T6121] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.080187][ T5926] team0 (unregistering): Port device team_slave_1 removed
[   77.111482][ T5926] team0 (unregistering): Port device team_slave_0 removed
[   77.562149][ T6132] capability: warning: `syz.1.80' uses deprecated v2 capabilities in a way that may be insecure
[   77.576087][ T5863] Bluetooth: hci1: command tx timeout
[   77.581189][ T6082] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.595937][ T6082] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.598483][ T6082] bridge_slave_0: entered allmulticast mode
[   77.601512][ T6082] bridge_slave_0: entered promiscuous mode
[   77.622501][ T6082] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.631476][ T6082] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.634113][ T6082] bridge_slave_1: entered allmulticast mode
[   77.645827][ T6082] bridge_slave_1: entered promiscuous mode
[   77.691826][ T6136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.81'.
[   77.729980][ T6082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.747412][ T6082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.850973][ T6144] comedi comedi4: bad chanlist[0]=0x0000b8eb chan=47339 range length=2
[   77.862332][ T6082] team0: Port device team_slave_0 added
[   77.867447][ T6082] team0: Port device team_slave_1 added
[   77.947873][ T6082] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.950548][ T6082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.963841][ T6082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.972364][ T6082] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.981093][ T6082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.996081][ T6082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.004376][ T5928] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   78.042240][ T6082] hsr_slave_0: entered promiscuous mode
[   78.046444][ T6082] hsr_slave_1: entered promiscuous mode
[   78.049294][ T6082] debugfs: 'hsr0' already exists in 'hsr'
[   78.051644][ T6082] Cannot create hsr debugfs directory
[   78.187479][ T5928] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[   78.190515][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.202221][ T5928] usb 3-1: config 0 descriptor??
[   78.230055][ T6082] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   78.239826][ T6082] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   78.249993][ T6082] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   78.258637][ T6082] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   78.302145][ T6082] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.305595][ T6082] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.310230][ T6082] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.313194][ T6082] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.386766][ T6082] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.403713][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.409110][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.422650][ T5928] usb 3-1: can't set first interface for hiFace device.
[   78.423682][ T6082] 8021q: adding VLAN 0 to HW filter on device team0
[   78.429343][ T5928] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -5
[   78.441261][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.443628][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.447704][ T5928] usb 3-1: USB disconnect, device number 5
[   78.468495][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.471511][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.648442][ T6082] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.686924][ T6082] veth0_vlan: entered promiscuous mode
[   78.697155][ T6082] veth1_vlan: entered promiscuous mode
[   78.722611][ T6082] veth0_macvtap: entered promiscuous mode
[   78.728722][ T6082] veth1_macvtap: entered promiscuous mode
[   78.741921][ T6082] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.753146][ T6082] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.761593][ T5733] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.765952][ T5733] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.769615][ T5733] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.774041][ T5733] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.862165][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.868887][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.888644][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.891418][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.100006][ T6180] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   79.108965][ T6181] loop2: detected capacity change from 0 to 8
[   79.122906][ T6181] MTD: Attempt to mount non-MTD device "/dev/loop2"
[   79.159392][ T6181] process 'syz.2.88' launched './file2' with NULL argv: empty string added
[   79.163334][ T6181] cramfs: Error -5 while decompressing!
[   79.191416][ T6181] cramfs: ffffffff99bf2668(26)->ffff88802c523000(4096)
[   79.207869][ T6181] cramfs: Error -3 while decompressing!
[   79.210262][ T6181] cramfs: ffffffff99bf2682(26)->ffff88802c522000(4096)
[   79.213094][ T6181] cramfs: Error -3 while decompressing!
[   79.228328][ T6181] cramfs: ffffffff99bf269c(16)->ffff88802c521000(4096)
[   79.233776][ T6181] cramfs: Error -5 while decompressing!
[   79.238051][ T6181] cramfs: ffffffff99bf2668(26)->ffff88802c523000(4096)
[   79.654535][ T5912] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   79.657787][ T5863] Bluetooth: hci1: command tx timeout
[   79.814753][ T5912] usb 4-1: Using ep0 maxpacket: 32
[   79.824033][ T5912] usb 4-1: unable to get BOS descriptor or descriptor too short
[   79.833926][ T5912] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[   79.840825][ T5912] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[   79.848257][ T5912] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[   79.852107][ T5912] usb 4-1: config 128 has no interface number 0
[   79.861497][ T5912] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 28, changing to 8
[   79.868587][ T5912] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 33417, setting to 1024
[   79.873325][ T5912] usb 4-1: config 128 interface 127 has no altsetting 0
[   79.879854][ T5912] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[   79.883597][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.889673][ T5912] usb 4-1: Product: syz
[   79.891643][ T5912] usb 4-1: Manufacturer: syz
[   79.893618][ T5912] usb 4-1: SerialNumber: syz
[   80.122021][ T6172] loop1: detected capacity change from 0 to 262144
[   80.141282][ T6172] F2FS-fs (loop1): invalid crc value
[   80.188003][ T6172] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   80.193119][ T6172] F2FS-fs (loop1): Start checkpoint disabled!
[   80.201684][ T6172] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   80.208088][ T5912] usb 4-1: USB disconnect, device number 2
[   80.250045][ T6012] udevd[6012]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   80.326914][ T6195] netlink: 36 bytes leftover after parsing attributes in process `syz.2.93'.
[   80.664676][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   80.778717][ T6203] loop3: detected capacity change from 0 to 256
[   80.830478][   T10] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[   80.833738][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.845437][   T10] usb 3-1: Product: syz
[   80.846960][   T10] usb 3-1: Manufacturer: syz
[   80.848536][   T10] usb 3-1: SerialNumber: syz
[   80.851780][ T6203] FAT-fs (loop3): Directory bread(block 64) failed
[   80.857305][ T6203] FAT-fs (loop3): Directory bread(block 65) failed
[   80.857965][ T5863] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   80.860881][ T6203] FAT-fs (loop3): Directory bread(block 66) failed
[   80.860917][ T6203] FAT-fs (loop3): Directory bread(block 67) failed
[   80.860972][ T6203] FAT-fs (loop3): Directory bread(block 68) failed
[   80.864521][ T5863] Bluetooth: hci0: Injecting HCI hardware error event
[   80.868242][ T6203] FAT-fs (loop3): Directory bread(block 69) failed
[   80.870756][ T5863] Bluetooth: hci0: hardware error 0x00
[   80.872307][ T6203] FAT-fs (loop3): Directory bread(block 70) failed
[   80.881155][   T10] usb 3-1: config 0 descriptor??
[   80.887443][ T6203] FAT-fs (loop3): Directory bread(block 71) failed
[   80.890221][ T6203] FAT-fs (loop3): Directory bread(block 72) failed
[   80.895861][ T6203] FAT-fs (loop3): Directory bread(block 73) failed
[   80.898211][   T10] gspca_main: sq905c-2.14.0 probing 2770:9052
[   81.114695][   T10] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[   81.117595][   T10] sq905c 3-1:0.0: Get version command failed
[   81.120009][   T10] sq905c 3-1:0.0: probe with driver sq905c failed with error -71
[   81.133840][   T10] usb 3-1: USB disconnect, device number 6
[   81.147944][ T6012] udevd[6012]: setting mode of /dev/bus/usb/003/006 to 020664 failed: No such file or directory
[   81.162592][ T6012] udevd[6012]: setting owner of /dev/bus/usb/003/006 to uid=0, gid=0 failed: No such file or directory
[   81.331777][ T6218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.104'.
[   81.347156][ T6218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.104'.
[   81.736734][ T5873] Bluetooth: hci1: command tx timeout
[   82.936556][ T5863] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[   83.245304][ T5870] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   83.422333][ T5870] usb 3-1: Using ep0 maxpacket: 16
[   83.427155][ T5870] usb 3-1: config 0 has an invalid interface number: 237 but max is 0
[   83.429837][ T5870] usb 3-1: config 0 has no interface number 0
[   83.431799][ T5870] usb 3-1: config 0 interface 237 has no altsetting 0
[   83.446337][ T5870] usb 3-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad
[   83.449475][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.451855][ T5870] usb 3-1: Product: syz
[   83.453187][ T5870] usb 3-1: Manufacturer: syz
[   83.464302][ T5870] usb 3-1: SerialNumber: syz
[   83.467927][ T5870] usb 3-1: config 0 descriptor??
[   83.475932][ T5870] snd_usb_podhd 3-1:0.237: Line 6 POD HD300 found
[   83.503998][ T6241] loop1: detected capacity change from 0 to 32768
[   83.529520][ T6241] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   83.535334][ T5912] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   83.596847][ T6241] XFS (loop1): Ending clean mount
[   83.606694][ T6241] XFS (loop1): Quotacheck needed: Please wait.
[   83.641938][ T6241] XFS (loop1): Quotacheck: Done.
[   83.686453][ T5870] snd_usb_podhd 3-1:0.237: cannot get proper max packet size
[   83.688808][ T5860] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   83.705050][ T5870] snd_usb_podhd 3-1:0.237: Line 6 POD HD300 now disconnected
[   83.709853][ T5870] snd_usb_podhd 3-1:0.237: probe with driver snd_usb_podhd failed with error -22
[   83.731950][ T5912] usb 4-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[   83.737437][ T5912] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.750194][ T5912] usb 4-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   83.757479][ T5912] usb 4-1: config 0 interface 0 has no altsetting 0
[   83.783372][ T5912] usb 4-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[   83.787011][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.808850][ T5912] usb 4-1: config 0 descriptor??
[   83.815276][ T5863] Bluetooth: hci1: command tx timeout
[   83.895018][   T52] usb 3-1: USB disconnect, device number 7
[   84.108024][ T6257] netlink: 'syz.1.117': attribute type 1 has an invalid length.
[   84.234771][ T5912] hid-alps 0003:044E:120C.0001: unbalanced collection at end of report description
[   84.239701][ T5912] hid-alps 0003:044E:120C.0001: parse failed
[   84.241798][ T5912] hid-alps 0003:044E:120C.0001: probe with driver hid-alps failed with error -22
[   84.426001][   T95] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   84.460394][   T52] usb 4-1: USB disconnect, device number 3
[   84.604892][   T95] usb 2-1: Using ep0 maxpacket: 8
[   84.612345][   T95] usb 2-1: unable to get BOS descriptor or descriptor too short
[   84.617877][   T95] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[   84.622357][   T95] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[   84.628862][   T95] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   84.632816][   T95] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[   84.637204][   T95] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[   84.640967][   T95] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[   84.648178][   T95] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[   84.655063][   T95] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[   84.657857][   T95] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.663123][   T95] usb 2-1: Product: syz
[   84.667104][   T95] usb 2-1: Manufacturer: syz
[   84.668952][   T95] usb 2-1: SerialNumber: syz
[   84.676857][   T95] usb 2-1: config 0 descriptor??
[   84.680291][ T6259] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   84.689540][   T95] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[   84.730089][ T6264] loop2: detected capacity change from 0 to 32768
[   84.732587][   T95] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -12
[   84.779028][ T5867] udevd[5867]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   84.902789][   T95] usb 2-1: USB disconnect, device number 3
[   85.071667][ T6273] loop3: detected capacity change from 0 to 4096
[   85.087683][ T6273] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[   85.121294][ T6273] ntfs3(loop3): Failed to initialize $Secure::$SII (-22).
[   85.123678][ T6273] ntfs3(loop3): Failed to initialize $Secure (-22).
[   85.227224][ T6277] loop3: detected capacity change from 0 to 512
[   85.232222][ T6277] EXT4-fs: Ignoring removed i_version option
[   85.252978][ T6277] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.260643][ T6277] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.311313][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.644860][ T6284] loop1: detected capacity change from 0 to 40427
[   85.658418][ T6284] F2FS-fs (loop1): invalid crc value
[   85.714715][ T6284] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   85.719784][ T6284] F2FS-fs (loop1): Start checkpoint disabled!
[   85.725992][ T6284] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   85.774348][ T5912] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   85.779514][ T3553] kworker/u10:5: attempt to access beyond end of device
[   85.779514][ T3553] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   85.821020][ T3553] CPU: 1 UID: 0 PID: 3553 Comm: kworker/u10:5 Not tainted syzkaller #0 PREEMPT(full) 
[   85.821043][ T3553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.821051][ T3553] Workqueue: writeback wb_workfn (flush-7:1)
[   85.821075][ T3553] Call Trace:
[   85.821082][ T3553]  <TASK>
[   85.821087][ T3553]  dump_stack_lvl+0x189/0x250
[   85.821102][ T3553]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.821112][ T3553]  ? __pfx_queue_work_on+0x10/0x10
[   85.821121][ T3553]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   85.821135][ T3553]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.821160][ T3553]  f2fs_handle_critical_error+0x37c/0x540
[   85.821183][ T3553]  f2fs_write_end_io+0x886/0xb60
[   85.821207][ T3553]  __submit_merged_bio+0x27a/0x6a0
[   85.821223][ T3553]  __submit_merged_write_cond+0x255/0x530
[   85.821237][ T3553]  f2fs_write_data_pages+0x261d/0x3000
[   85.821265][ T3553]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.821288][ T3553]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   85.821318][ T3553]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   85.821335][ T3553]  ? trace_f2fs_writepages+0x7f/0x200
[   85.821349][ T3553]  ? f2fs_write_node_pages+0x478/0x6e0
[   85.821369][ T3553]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   85.821395][ T3553]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.821409][ T3553]  do_writepages+0x32e/0x550
[   85.821432][ T3553]  ? reacquire_held_locks+0x127/0x1d0
[   85.821444][ T3553]  ? writeback_sb_inodes+0x384/0x1010
[   85.821457][ T3553]  __writeback_single_inode+0x145/0xff0
[   85.821471][ T3553]  ? do_raw_spin_unlock+0x4d/0x240
[   85.821489][ T3553]  writeback_sb_inodes+0x6c7/0x1010
[   85.821527][ T3553]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   85.821573][ T3553]  ? rcu_is_watching+0x15/0xb0
[   85.821595][ T3553]  wb_writeback+0x43b/0xaf0
[   85.821614][ T3553]  ? queue_io+0x311/0x590
[   85.821628][ T3553]  ? __pfx_wb_writeback+0x10/0x10
[   85.821650][ T3553]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.821672][ T3553]  wb_workfn+0x409/0xef0
[   85.821698][ T3553]  ? __pfx_wb_workfn+0x10/0x10
[   85.821709][ T3553]  ? __lock_acquire+0xab9/0xd20
[   85.821734][ T3553]  ? process_scheduled_works+0x9ef/0x17b0
[   85.821751][ T3553]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.821767][ T3553]  ? process_scheduled_works+0x9ef/0x17b0
[   85.821778][ T3553]  ? process_scheduled_works+0x9ef/0x17b0
[   85.821792][ T3553]  process_scheduled_works+0xae1/0x17b0
[   85.821822][ T3553]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.821846][ T3553]  worker_thread+0x8a0/0xda0
[   85.821908][ T3553]  kthread+0x711/0x8a0
[   85.821932][ T3553]  ? __pfx_worker_thread+0x10/0x10
[   85.821943][ T3553]  ? __pfx_kthread+0x10/0x10
[   85.821960][ T3553]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.821976][ T3553]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.821988][ T3553]  ? __pfx_kthread+0x10/0x10
[   85.822004][ T3553]  ret_from_fork+0x3fc/0x770
[   85.822021][ T3553]  ? __pfx_ret_from_fork+0x10/0x10
[   85.822040][ T3553]  ? __switch_to_asm+0x39/0x70
[   85.822052][ T3553]  ? __switch_to_asm+0x33/0x70
[   85.822064][ T3553]  ? __pfx_kthread+0x10/0x10
[   85.822079][ T3553]  ret_from_fork_asm+0x1a/0x30
[   85.822109][ T3553]  </TASK>
[   85.822116][ T3553] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   85.931645][ T5912] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[   85.958021][ T5912] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[   85.961368][ T5912] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[   85.974403][ T5912] usb 4-1: config 220 has no interface number 2
[   85.976649][ T5912] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   85.982111][ T5912] usb 4-1: config 220 interface 0 has no altsetting 0
[   85.987827][ T5912] usb 4-1: config 220 interface 76 has no altsetting 0
[   85.990495][ T5912] usb 4-1: config 220 interface 1 has no altsetting 0
[   85.997003][ T5912] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   86.001049][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.003958][ T5912] usb 4-1: Product: syz
[   86.007039][ T5912] usb 4-1: Manufacturer: syz
[   86.008727][ T5912] usb 4-1: SerialNumber: syz
[   86.053248][ T6298] comedi comedi3: 8255: I/O port conflict (0x2,4)
[   86.064959][ T6298] comedi comedi3: 8255: I/O port conflict (0x10000,4)
[   86.069162][ T6298] comedi comedi3: 8255: I/O port conflict (0x4,4)
[   86.071914][ T6298] comedi comedi3: 8255: I/O port conflict (0x4,4)
[   86.247583][ T5912] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[   86.251054][ T5912] usb 4-1: No valid video chain found.
[   86.251167][ T5912] usb 4-1: selecting invalid altsetting 0
[   86.267298][ T5912] usb 4-1: selecting invalid altsetting 0
[   86.267330][ T5912] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[   86.269560][ T5912] usb 4-1: USB disconnect, device number 4
[   86.741829][ T6313] use of bytesused == 0 is deprecated and will be removed in the future,
[   86.745558][ T6313] use the actual size instead.
[   86.876969][    T9] cfg80211: failed to load regulatory.db
[   86.927371][ T6310] loop1: detected capacity change from 0 to 32768
[   86.945845][ T6310] bcachefs (/dev/loop1): error validating superblock: Invalid option btree_node_size: must be a power of two
[   86.956862][ T6310] bcachefs: bch2_fs_get_tree() error: opt_parse_error
[   87.081613][ T6320] syz.1.139 uses obsolete (PF_INET,SOCK_PACKET)
[   87.249446][ T6323] netlink: 132 bytes leftover after parsing attributes in process `syz.3.140'.
[   87.395990][ T6331] 9pnet: p9_errstr2errno: server reported unknown error 
[   87.518521][ T6338] loop3: detected capacity change from 0 to 8
[   87.535041][ T6338] squashfs image failed sanity check
[   87.580182][ T6342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.149'.
[   87.670608][ T6347] openvswitch: netlink: Flow key attribute not present in set flow.
[   87.730652][ T6329] loop2: detected capacity change from 0 to 40427
[   87.741492][ T6329] F2FS-fs (loop2): invalid crc value
[   87.756267][ T6329] F2FS-fs (loop2): Wrong journal entry on segno 65538
[   87.764681][ T6329] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-117)
[   88.149520][   T33] audit: type=1326 audit(1757386019.338:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.3.160" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21f318ebe9 code=0x7fc00000
[   88.481398][ T6396] loop2: detected capacity change from 0 to 128
[   88.489521][ T6396] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2
[   88.821211][   T33] audit: type=1326 audit(1757386020.008:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6367 comm="syz.3.160" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f21f3190b07 code=0x7fc00000
[   88.923387][ T6419] netlink: 28 bytes leftover after parsing attributes in process `syz.3.179'.
[   88.975411][   T55] block nbd0: Receive control failed (result -32)
[   89.071247][ T6431] netlink: 28 bytes leftover after parsing attributes in process `syz.1.182'.
[   89.079778][ T6431] netlink: 32 bytes leftover after parsing attributes in process `syz.1.182'.
[   89.140140][ T6438] loop1: detected capacity change from 0 to 256
[   89.143544][ T6438] exfat: Deprecated parameter 'utf8'
[   89.148850][ T6438] exfat: Deprecated parameter 'utf8'
[   89.151024][ T6438] exfat: Deprecated parameter 'utf8'
[   89.162741][ T6438] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[   89.383876][ T6452] 
[   89.445020][ T6461] loop1: detected capacity change from 0 to 1024
[   89.449591][ T6461] EXT4-fs: Ignoring removed bh option
[   89.464967][ T6461] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.485545][ T6461] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   89.520839][ T5860] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.561502][ T6466] loop1: detected capacity change from 0 to 16
[   89.587641][ T6466] erofs (device loop1): mounted with root inode @ nid 36.
[   89.745489][ T5912] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   89.909612][ T5912] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   89.918197][ T5912] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   89.924099][ T5912] usb 4-1: New USB device found, idVendor=257a, idProduct=2609, bcdDevice=7e.22
[   89.930276][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.052653][ T5912] usb 4-1: config 0 descriptor??
[   90.305709][ T5928] usb 4-1: USB disconnect, device number 5
[   90.571843][ T6484] netlink: 'syz.1.198': attribute type 21 has an invalid length.
[   90.576162][ T6484] netlink: 132 bytes leftover after parsing attributes in process `syz.1.198'.
[   90.906067][ T6491] netlink: 32 bytes leftover after parsing attributes in process `syz.2.201'.
[   91.257713][ T6497] program syz.2.204 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   91.525465][ T6493] loop3: detected capacity change from 0 to 32768
[   91.533020][ T6493] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.202 (6493)
[   91.592052][ T6493] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   91.598015][ T6493] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[   91.634025][ T6493] BTRFS info (device loop3): enabling ssd optimizations
[   91.637059][ T6493] BTRFS info (device loop3): enabling free space tree
[   91.697044][ T6082] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   91.835247][ T6524] futex_wake_op: syz.2.211 tries to shift op by -1; fix this program
[   92.008814][ T6532] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   92.516495][ T6539] netlink: 8 bytes leftover after parsing attributes in process `syz.2.217'.
[   92.544537][ T6539] netlink: 8 bytes leftover after parsing attributes in process `syz.2.217'.
[   92.747449][ T6520] loop1: detected capacity change from 0 to 65536
[   92.795807][ T6520] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[   92.830334][ T6520] XFS (loop1): Ending clean mount
[   92.838818][ T6520] XFS (loop1): Quotacheck needed: Please wait.
[   92.880607][ T6551] netlink: 8 bytes leftover after parsing attributes in process `syz.2.219'.
[   92.897711][ T6520] XFS (loop1): Quotacheck: Done.
[   92.971520][ T5860] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[   93.190818][ T6555] loop2: detected capacity change from 0 to 128
[   93.202546][ T6555] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2
[   93.385967][ T6559] netlink: 'syz.1.220': attribute type 29 has an invalid length.
[   93.397583][ T6559] netlink: 'syz.1.220': attribute type 29 has an invalid length.
[   93.404538][ T6559] netlink: 500 bytes leftover after parsing attributes in process `syz.1.220'.
[   93.640734][ T6575] netlink: 'syz.3.230': attribute type 2 has an invalid length.
[   93.766343][ T6582] loop3: detected capacity change from 0 to 4096
[   93.772815][ T6584] loop2: detected capacity change from 0 to 4096
[   93.782002][ T6584] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[   93.786360][ T6584] ntfs3(loop2): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only.
[   93.790941][ T6584] ntfs3(loop2): It is recommened to use chkdsk.
[   93.793840][ T6584] ntfs3(loop2): ino=0, mi_enum_attr
[   93.794759][ T6582] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.797425][ T6584] ntfs3(loop2): failed to read volume at offset 0x201800
[   93.802720][ T6584] ntfs3(loop2): failed to read volume at offset 0x201800
[   93.805880][ T6584] ntfs3(loop2): failed to read volume at offset 0x201800
[   93.808603][ T6584] ntfs3(loop2): failed to read volume at offset 0x201800
[   93.811827][ T6584] ntfs3(loop2): failed to read volume at offset 0x202800
[   93.816095][ T6584] ntfs3(loop2): failed to read volume at offset 0x203800
[   93.846716][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.055368][ T6605] loop3: detected capacity change from 0 to 4096
[   94.058449][ T6605] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[   94.073300][ T6605] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[   94.204430][ T5928] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   94.356422][ T5928] usb 2-1: config 0 has an invalid interface number: 194 but max is 0
[   94.363035][ T5928] usb 2-1: config 0 has no interface number 0
[   94.365741][ T5928] usb 2-1: too many endpoints for config 0 interface 194 altsetting 233: 59, using maximum allowed: 30
[   94.370080][ T5928] usb 2-1: config 0 interface 194 altsetting 233 has 0 endpoint descriptors, different from the interface descriptor's value: 59
[   94.384709][ T5928] usb 2-1: config 0 interface 194 has no altsetting 0
[   94.397056][ T5928] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[   94.400602][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.403679][ T5928] usb 2-1: Product: syz
[   94.405465][ T5928] usb 2-1: Manufacturer: syz
[   94.407323][ T5928] usb 2-1: SerialNumber: syz
[   94.411730][ T5928] usb 2-1: config 0 descriptor??
[   94.632241][ T5928] peak_usb 2-1:0.194: probe with driver peak_usb failed with error 194
[   94.636984][ T5928] usb 2-1: USB disconnect, device number 4
[   94.840300][ T6610] loop2: detected capacity change from 0 to 1024
[   95.033235][ T6615] loop3: detected capacity change from 0 to 4096
[   95.039424][ T6615] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[   95.442027][ T6619] loop2: detected capacity change from 0 to 32768
[   95.486093][ T6619] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   95.507677][ T6619] XFS (loop2): Ending clean mount
[   95.513135][ T6619] XFS (loop2): Quotacheck needed: Please wait.
[   95.629689][ T6619] XFS (loop2): Quotacheck: Done.
[   95.704492][ T5863] Bluetooth: hci1: command tx timeout
[   95.931718][ T5866] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   96.576662][ T6663] loop1: detected capacity change from 0 to 32768
[   96.581432][ T6663] XFS: attr2 mount option is deprecated.
[   96.609578][ T6663] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   96.634116][ T6663] XFS (loop1): Ending clean mount
[   96.638992][ T6663] XFS (loop1): Quotacheck needed: Please wait.
[   96.670272][ T6663] XFS (loop1): Quotacheck: Done.
[   96.711464][ T5860] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   96.923448][ T6687] loop1: detected capacity change from 0 to 512
[   96.936288][ T6687] EXT4-fs (loop1): Test dummy encryption mode enabled
[   96.938847][ T6687] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   96.952685][ T6687] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.273: bad orphan inode 131083
[   96.961491][ T6687] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.213156][ T6697] netlink: 24 bytes leftover after parsing attributes in process `syz.1.273'.
[   97.463434][ T5927] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[   97.606427][ T6695] loop2: detected capacity change from 0 to 40427
[   97.614435][ T6695] F2FS-fs (loop2): invalid crc value
[   97.626383][ T5927] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[   97.629962][ T5927] usb 4-1: config 2 interface 0 has no altsetting 0
[   97.634127][ T5927] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[   97.638736][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.641664][ T5927] usb 4-1: Product: syz
[   97.643210][ T5927] usb 4-1: Manufacturer: syz
[   97.645847][ T5927] usb 4-1: SerialNumber: syz
[   97.651558][ T5927] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[   97.656248][ T5927] usb 4-1: selecting invalid altsetting 0
[   97.662179][ T5927] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[   97.679351][ T6695] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   97.683663][ T6695] F2FS-fs (loop2): Start checkpoint disabled!
[   97.691292][ T6695] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   97.732358][ T1090] kworker/u9:5: attempt to access beyond end of device
[   97.732358][ T1090] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   97.738023][ T1090] CPU: 0 UID: 0 PID: 1090 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) 
[   97.738043][ T1090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   97.738051][ T1090] Workqueue: writeback wb_workfn (flush-7:2)
[   97.738074][ T1090] Call Trace:
[   97.738079][ T1090]  <TASK>
[   97.738085][ T1090]  dump_stack_lvl+0x189/0x250
[   97.738107][ T1090]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.738133][ T1090]  ? __pfx_queue_work_on+0x10/0x10
[   97.738147][ T1090]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   97.738169][ T1090]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   97.738199][ T1090]  f2fs_handle_critical_error+0x37c/0x540
[   97.738227][ T1090]  f2fs_write_end_io+0x886/0xb60
[   97.738258][ T1090]  __submit_merged_bio+0x27a/0x6a0
[   97.738281][ T1090]  __submit_merged_write_cond+0x255/0x530
[   97.738307][ T1090]  f2fs_write_data_pages+0x261d/0x3000
[   97.738352][ T1090]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   97.738378][ T1090]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   97.738425][ T1090]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   97.738445][ T1090]  ? look_up_lock_class+0x74/0x170
[   97.738468][ T1090]  ? trace_f2fs_writepages+0x7f/0x200
[   97.738487][ T1090]  ? f2fs_write_node_pages+0x478/0x6e0
[   97.738528][ T1090]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   97.738540][ T1090]  do_writepages+0x32e/0x550
[   97.738557][ T1090]  ? reacquire_held_locks+0x127/0x1d0
[   97.738566][ T1090]  ? writeback_sb_inodes+0x384/0x1010
[   97.738581][ T1090]  __writeback_single_inode+0x145/0xff0
[   97.738592][ T1090]  ? do_raw_spin_unlock+0x4d/0x240
[   97.738603][ T1090]  writeback_sb_inodes+0x6c7/0x1010
[   97.738613][ T1090]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.738633][ T1090]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   97.738665][ T1090]  ? rcu_is_watching+0x15/0xb0
[   97.738679][ T1090]  wb_writeback+0x43b/0xaf0
[   97.738693][ T1090]  ? queue_io+0x311/0x590
[   97.738704][ T1090]  ? __pfx_wb_writeback+0x10/0x10
[   97.738718][ T1090]  ? _raw_spin_unlock_irq+0x23/0x50
[   97.738732][ T1090]  wb_workfn+0x409/0xef0
[   97.738748][ T1090]  ? __pfx_wb_workfn+0x10/0x10
[   97.738759][ T1090]  ? __lock_acquire+0xab9/0xd20
[   97.738776][ T1090]  ? process_scheduled_works+0x9ef/0x17b0
[   97.738787][ T1090]  ? _raw_spin_unlock_irq+0x23/0x50
[   97.738825][ T1090]  ? process_scheduled_works+0x9ef/0x17b0
[   97.738833][ T1090]  ? process_scheduled_works+0x9ef/0x17b0
[   97.738841][ T1090]  process_scheduled_works+0xae1/0x17b0
[   97.738864][ T1090]  ? __pfx_process_scheduled_works+0x10/0x10
[   97.738881][ T1090]  worker_thread+0x8a0/0xda0
[   97.738897][ T1090]  ? __kthread_parkme+0x7b/0x200
[   97.738911][ T1090]  kthread+0x711/0x8a0
[   97.738923][ T1090]  ? __pfx_worker_thread+0x10/0x10
[   97.738930][ T1090]  ? __pfx_kthread+0x10/0x10
[   97.738940][ T1090]  ? _raw_spin_unlock_irq+0x23/0x50
[   97.738951][ T1090]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.738957][ T1090]  ? __pfx_kthread+0x10/0x10
[   97.738967][ T1090]  ret_from_fork+0x3fc/0x770
[   97.738978][ T1090]  ? __pfx_ret_from_fork+0x10/0x10
[   97.738989][ T1090]  ? __switch_to_asm+0x39/0x70
[   97.738999][ T1090]  ? __switch_to_asm+0x33/0x70
[   97.739007][ T1090]  ? __pfx_kthread+0x10/0x10
[   97.739017][ T1090]  ret_from_fork_asm+0x1a/0x30
[   97.739036][ T1090]  </TASK>
[   97.739040][ T1090] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   97.861246][ T5912] usb 4-1: USB disconnect, device number 6
[   97.917055][ T5860] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.132944][ T6701] loop1: detected capacity change from 0 to 32768
[   98.167904][ T6701] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   98.228386][ T6701] syz.1.279 (6701) used greatest stack depth: 18672 bytes left
[   98.242633][ T5860] (syz-executor,5860,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[   98.260828][ T5860] ocfs2: Unmounting device (7,1) on (node local)
[   98.788266][ T6715] loop3: detected capacity change from 0 to 512
[   98.799483][ T6715] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   98.803122][ T6715] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.283: invalid indirect mapped block 2683928664 (level 1)
[   98.815173][ T6715] EXT4-fs (loop3): Remounting filesystem read-only
[   98.819945][ T6715] EXT4-fs (loop3): 1 truncate cleaned up
[   98.825973][ T6715] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.840943][ T6715] EXT4-fs (loop3): shut down requested (2)
[   98.870135][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.120317][ T6730] loop3: detected capacity change from 0 to 128
[   99.136851][ T6730] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   99.153800][ T6730] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   99.310274][ T1090] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   99.357128][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.297'.
[   99.669427][ T6749] loop2: detected capacity change from 0 to 40427
[   99.675184][ T6749] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   99.678063][ T6749] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   99.683442][ T6749] F2FS-fs (loop2): invalid crc value
[   99.721581][ T6749] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   99.728988][ T6749] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   99.731664][ T6749] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   99.751112][ T6749] syz.2.299: attempt to access beyond end of device
[   99.751112][ T6749] loop2: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[   99.783577][ T1090] kworker/u9:5: attempt to access beyond end of device
[   99.783577][ T1090] loop2: rw=1, sector=77944, nr_sectors = 16 limit=40427
[   99.805157][ T5912] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   99.835681][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   99.967839][ T5912] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[   99.970501][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.974803][ T5912] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   99.977781][ T5912] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   99.980453][ T5912] usb 2-1: Manufacturer: syz
[   99.985467][    T9] usb 4-1: Using ep0 maxpacket: 8
[   99.991237][    T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   99.995377][ T5912] usb 2-1: config 0 descriptor??
[  100.003735][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.011195][    T9] usb 4-1: Product: syz
[  100.012916][    T9] usb 4-1: Manufacturer: syz
[  100.014957][    T9] usb 4-1: SerialNumber: syz
[  100.019697][    T9] usb 4-1: config 0 descriptor??
[  100.037529][ T6767] loop2: detected capacity change from 0 to 2048
[  100.057431][ T5912] rc_core: IR keymap rc-hauppauge not found
[  100.060917][ T5912] Registered IR keymap rc-empty
[  100.065645][ T5912] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  100.072491][ T5912] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5
[  100.093002][ T6767] Alternate GPT is invalid, using primary GPT.
[  100.095987][ T6767]  loop2: p2 p3 p7
[  100.228549][    T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  100.414362][   T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  100.567109][   T24] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  100.571074][   T24] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  100.576272][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.585664][   T24] gspca_main: stv0680-2.14.0 probing 041e:4007
[  100.608370][   T52] usb 2-1: USB disconnect, device number 5
[  101.199326][ T6779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.310'.
[  101.637595][    T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  101.644522][    T9] usb 4-1: USB disconnect, device number 7
[  101.654977][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[  101.658117][   T24] stv0680 3-1:4.0: STV(e): camera ping failed!!
[  101.661215][   T24] stv0680 3-1:4.0: last error: 0,  command = 0x0
[  101.672622][ T6801] loop1: detected capacity change from 0 to 128
[  101.681859][ T6801] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  101.692211][ T6801] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  101.863984][   T24] usb 3-1: USB disconnect, device number 8
[  101.918326][ T6812] loop1: detected capacity change from 0 to 1024
[  101.925933][ T6812] hfsplus: bad catalog file entry
[  101.928363][ T6812] hfsplus: failed to load root directory
[  101.969107][ T6814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.327'.
[  102.009457][ T6816] loop1: detected capacity change from 0 to 1024
[  102.039117][ T1090] hfsplus: b-tree write err: -5, ino 4
[  102.192136][ T6824] loop3: detected capacity change from 0 to 8
[  102.206965][ T6824] unable to read id index table
[  102.431927][ T6844] loop3: detected capacity change from 0 to 8
[  102.440742][ T6844] cramfs: empty filesystem
[  102.694441][    T9] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  102.773301][ T6854] hfsplus: unable to find HFS+ superblock
[  103.157056][    T9] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  103.162753][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.168708][    T9] usb 2-1: config 0 descriptor??
[  103.420374][   T24] usb 2-1: USB disconnect, device number 6
[  103.636552][ T6859] loop3: detected capacity change from 0 to 32768
[  103.648705][ T6859] ERROR: (device loop3): diAllocAG: ipimap->i_size is wrong
[  103.648705][ T6859] 
[  103.655158][ T6859] ERROR: (device loop3): remounting filesystem as read-only
[  103.664648][ T6859] ialloc: diAlloc returned -5!
[  104.012933][ T6871] loop2: detected capacity change from 0 to 256
[  104.039081][ T6871] FAT-fs (loop2): Directory bread(block 64) failed
[  104.043300][ T6871] FAT-fs (loop2): Directory bread(block 65) failed
[  104.046729][ T6871] FAT-fs (loop2): Directory bread(block 66) failed
[  104.048984][ T6871] FAT-fs (loop2): Directory bread(block 67) failed
[  104.051444][ T6871] FAT-fs (loop2): Directory bread(block 68) failed
[  104.054031][ T6871] FAT-fs (loop2): Directory bread(block 69) failed
[  104.057215][ T6871] FAT-fs (loop2): Directory bread(block 70) failed
[  104.059326][ T6871] FAT-fs (loop2): Directory bread(block 71) failed
[  104.061583][ T6871] FAT-fs (loop2): Directory bread(block 72) failed
[  104.063833][ T6871] FAT-fs (loop2): Directory bread(block 73) failed
[  104.078203][ T6875] loop1: detected capacity change from 0 to 512
[  104.099050][ T6871] syz.2.349: attempt to access beyond end of device
[  104.099050][ T6871] loop2: rw=2049, sector=1224, nr_sectors = 4 limit=256
[  104.218169][ T6881] netlink: 4 bytes leftover after parsing attributes in process `syz.2.358'.
[  104.311971][ T6888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'.
[  104.319772][ T6888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'.
[  104.501349][ T6898] loop2: detected capacity change from 0 to 2048
[  104.520984][ T6899] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  104.654448][   T52] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  104.664465][    T9] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  104.767638][ T6903] loop2: detected capacity change from 0 to 32768
[  104.771620][ T6903] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.367 (6903)
[  104.779582][ T6903] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  104.783834][ T6903] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  104.805588][   T52] usb 4-1: Using ep0 maxpacket: 8
[  104.813505][ T6903] BTRFS info (device loop2): enabling ssd optimizations
[  104.813917][   T52] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  104.816962][ T6903] BTRFS info (device loop2): enabling free space tree
[  104.822510][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.826867][   T52] usb 4-1: Product: syz
[  104.828560][   T52] usb 4-1: Manufacturer: syz
[  104.830372][   T52] usb 4-1: SerialNumber: syz
[  104.836035][    T9] usb 2-1: config 128 has an invalid interface number: 249 but max is 0
[  104.836691][   T52] usb 4-1: config 0 descriptor??
[  104.839428][    T9] usb 2-1: config 128 has no interface number 0
[  104.844055][    T9] usb 2-1: config 128 interface 249 has no altsetting 0
[  104.846246][   T52] gspca_main: se401-2.14.0 probing 047d:5003
[  104.851597][    T9] usb 2-1: New USB device found, idVendor=06e1, idProduct=a190, bcdDevice= a.c0
[  104.855483][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.860342][    T9] usb 2-1: Product: syz
[  104.862044][    T9] usb 2-1: Manufacturer: syz
[  104.863855][    T9] usb 2-1: SerialNumber: syz
[  104.886441][ T5866] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  105.088638][    T9] gspca_main: spca506-2.14.0 probing 06e1:a190
[  105.197724][    T9] usb 2-1: USB disconnect, device number 7
[  105.255636][   T52] gspca_se401: ExtraFeatures: 4
[  105.375427][ T6921] loop2: detected capacity change from 0 to 32768
[  105.393480][ T6921] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  105.422062][ T6921] XFS (loop2): Ending clean mount
[  105.432468][ T6921] XFS (loop2): Quotacheck needed: Please wait.
[  105.455350][ T6921] XFS (loop2): Quotacheck: Done.
[  105.460900][   T52] input: se401 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input6
[  105.478750][   T52] usb 4-1: USB disconnect, device number 8
[  105.486332][ T5866] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  105.646077][ T6933] block device autoloading is deprecated and will be removed.
[  105.646519][ T6935] loop2: detected capacity change from 0 to 1024
[  105.657775][ T6935] hfsplus: failed to load root directory
[  105.934373][   T52] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  106.099822][   T52] usb 2-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77
[  106.103219][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.106642][   T52] usb 2-1: Product: syz
[  106.108554][   T52] usb 2-1: Manufacturer: syz
[  106.110588][   T52] usb 2-1: SerialNumber: syz
[  106.115126][   T52] usb 2-1: config 0 descriptor??
[  106.264292][ T5928] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  106.328242][   T52] usb 2-1: USB disconnect, device number 8
[  106.375455][ T6939] loop2: detected capacity change from 0 to 131072
[  106.380189][ T6939] F2FS-fs (loop2): invalid crc value
[  106.417391][ T5928] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  106.420279][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.425192][ T5928] usb 4-1: config 0 descriptor??
[  106.429689][ T5928] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  106.434749][ T6939] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  106.440994][ T6939] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  106.845858][ T5928] gspca_stv06xx: I2C: Read error writing address: -71
[  106.854690][ T5928] usb 4-1: USB disconnect, device number 9
[  107.109372][ T6953] loop2: detected capacity change from 0 to 32768
[  107.116875][ T6953] (syz.2.378,6953,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  107.121518][ T6955] loop1: detected capacity change from 0 to 32768
[  107.122942][ T6953] (syz.2.378,6953,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  107.135227][ T6955] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  107.151339][ T6953] JBD2: Ignoring recovery information on journal
[  107.179048][ T6953] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  107.180976][ T5860] ocfs2: Unmounting device (7,1) on (node local)
[  107.311833][ T5866] ocfs2: Unmounting device (7,2) on (node local)
[  107.620224][ T6977] loop3: detected capacity change from 0 to 16384
[  107.708742][ T6977] bcachefs (loop3): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,prjquota,no_splitbrain_check,norecovery,reconstruct_alloc,version_upgrade=none
[  107.708756][ T6977]   features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  107.719790][ T6990] can0: slcan on ttyS3.
[  107.722551][ T6977] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  107.735738][ T6977] bcachefs (loop3): recovering from clean shutdown, journal seq 18
[  107.741678][ T6977] bcachefs (loop3): dropping and reconstructing all alloc info
[  107.765992][ T6977] bcachefs (loop3): accounting_read... done
[  107.770654][ T6977] bcachefs (loop3): alloc_read... done
[  107.773460][ T6977] bcachefs (loop3): snapshots_read... done
[  107.776631][ T6977] bcachefs (loop3): reading quotas
[  107.785137][ T6977] bcachefs (loop3): quotas done
[  107.785981][ T6990] can0 (unregistered): slcan off ttyS3.
[  107.787702][ T6977] bcachefs (loop3): done starting filesystem
[  107.857686][ T6993] loop2: detected capacity change from 0 to 256
[  107.870193][ T6993] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  107.889205][ T6082] bcachefs (loop3): shutting down
[  107.924574][ T6082] bcachefs (loop3): shutdown complete
[  108.354425][   T52] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  108.364899][ T5928] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  108.509216][   T52] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  108.512149][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.518766][   T52] usb 2-1: Product: syz
[  108.520615][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  108.524034][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.527289][   T52] usb 2-1: Manufacturer: syz
[  108.528754][   T52] usb 2-1: SerialNumber: syz
[  108.531108][ T5928] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  108.533955][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.545437][ T5928] usb 3-1: config 0 descriptor??
[  108.977106][ T5928] bigben 0003:146B:0902.0002: unexpected rdesc, please submit for review
[  108.980749][ T5928] bigben 0003:146B:0902.0002: unbalanced collection at end of report description
[  108.988887][ T5928] bigben 0003:146B:0902.0002: parse failed
[  108.991227][ T5928] bigben 0003:146B:0902.0002: probe with driver bigben failed with error -22
[  109.088879][ T7007] loop3: detected capacity change from 0 to 512
[  109.100575][ T7007] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.399: casefold flag without casefold feature
[  109.107552][ T7007] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.399: couldn't read orphan inode 15 (err -117)
[  109.114337][ T7007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.132160][ T7007] EXT4-fs error (device loop3): ext4_check_dx_root:2203: inode #2: comm syz.3.399: Corrupt dir, invalid name_len for '.', running e2fsck is recommended
[  109.151974][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.171691][ T5928] usb 3-1: USB disconnect, device number 9
[  109.241222][ T7015] loop3: detected capacity change from 0 to 128
[  109.244549][ T7015] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978)
[  109.253000][ T7015] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  109.263157][ T7015] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:375: inode #2: comm syz.3.402: No space for directory leaf checksum. Please run e2fsck -D.
[  109.269012][ T7015] EXT4-fs error (device loop3): htree_dirblock_to_tree:1051: inode #2: comm syz.3.402: Directory block failed checksum
[  109.288506][ T6082] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  109.729498][ T7028] loop3: detected capacity change from 0 to 32768
[  109.744667][ T7028] syz.3.408: attempt to access beyond end of device
[  109.744667][ T7028] loop3: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  109.750062][ T7028] metapage_write_end_io: I/O error
[  109.753394][ T7028] ERROR: (device loop3): release_metapage: metapage_write_one() failed
[  109.753394][ T7028] 
[  109.761422][ T7028] ERROR: (device loop3): remounting filesystem as read-only
[  109.764508][ T7028] ERROR: (device loop3): diWrite: ixpxd invalid
[  109.764508][ T7028] 
[  109.767841][ T7028] ERROR: (device loop3): txCommit: 
[  109.767841][ T7028] 
[  109.778004][ T7028] blkno = 8ed2c, nblocks = 1
[  109.780046][ T7028] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  109.780046][ T7028] 
[  109.786376][ T7028] UFO tlock:0xffffc90001f22558
[  109.822824][  T115] blkno = 8ed2c, nblocks = 4
[  109.825240][  T115] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  109.825240][  T115] 
[  109.831985][ T6082] syz-executor: attempt to access beyond end of device
[  109.831985][ T6082] loop3: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  109.843101][ T6082] metapage_write_end_io: I/O error
[  109.847731][ T6082] JFS: metapage_get_blocks failed
[  109.849870][ T6082] JFS: metapage_get_blocks failed
[  109.852159][ T6082] JFS: metapage_get_blocks failed
[  109.854113][ T6082] JFS: metapage_get_blocks failed
[  109.961302][   T52] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000404. ret = -EPROTO
[  109.974330][   T52] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  109.979534][   T52] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  109.996836][   T52] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[  110.006970][ T7030] loop2: detected capacity change from 0 to 40427
[  110.010795][ T7030] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  110.013649][ T7030] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  110.017161][ T7030] F2FS-fs (loop2): build fault injection rate: 17008
[  110.017405][   T52] usb 2-1: USB disconnect, device number 9
[  110.019502][ T7030] F2FS-fs (loop2): build fault injection type: 0x7
[  110.026383][ T7030] F2FS-fs (loop2): invalid crc value
[  110.088046][ T7030] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  110.093061][ T7030] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  110.095531][ T7030] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  110.148035][ T5866] syz-executor: attempt to access beyond end of device
[  110.148035][ T5866] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  110.157291][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  110.157307][ T5866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  110.157313][ T5866] Call Trace:
[  110.157318][ T5866]  <TASK>
[  110.157322][ T5866]  dump_stack_lvl+0x189/0x250
[  110.157341][ T5866]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.157350][ T5866]  ? __pfx_queue_work_on+0x10/0x10
[  110.157359][ T5866]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  110.157374][ T5866]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.157390][ T5866]  f2fs_handle_critical_error+0x37c/0x540
[  110.157406][ T5866]  f2fs_write_end_io+0x886/0xb60
[  110.157423][ T5866]  __submit_merged_bio+0x27a/0x6a0
[  110.157437][ T5866]  __submit_merged_write_cond+0x255/0x530
[  110.157451][ T5866]  f2fs_write_data_pages+0x261d/0x3000
[  110.157473][ T5866]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  110.157505][ T5866]  ? folios_put_refs+0x559/0x640
[  110.157520][ T5866]  ? __pfx_folios_put_refs+0x10/0x10
[  110.157527][ T5866]  ? rcu_is_watching+0x15/0xb0
[  110.157540][ T5866]  ? __lock_acquire+0xab9/0xd20
[  110.157559][ T5866]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  110.157567][ T5866]  do_writepages+0x32e/0x550
[  110.157583][ T5866]  ? do_raw_spin_unlock+0x4d/0x240
[  110.157595][ T5866]  filemap_fdatawrite+0x199/0x240
[  110.157607][ T5866]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  110.157638][ T5866]  ? do_raw_spin_unlock+0x4d/0x240
[  110.157648][ T5866]  f2fs_sync_dirty_inodes+0x31f/0x830
[  110.157711][ T5866]  f2fs_write_checkpoint+0x95a/0x1df0
[  110.157734][ T5866]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  110.157762][ T5866]  ? kill_f2fs_super+0x298/0x6c0
[  110.157773][ T5866]  kill_f2fs_super+0x2c3/0x6c0
[  110.157783][ T5866]  ? __pfx_kill_f2fs_super+0x10/0x10
[  110.157790][ T5866]  ? radix_tree_delete_item+0x2b6/0x400
[  110.157806][ T5866]  ? shrinker_free+0x2ce/0x3e0
[  110.157817][ T5866]  deactivate_locked_super+0xbc/0x130
[  110.157828][ T5866]  cleanup_mnt+0x425/0x4c0
[  110.157837][ T5866]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.157847][ T5866]  task_work_run+0x1d4/0x260
[  110.157860][ T5866]  ? __pfx_task_work_run+0x10/0x10
[  110.157869][ T5866]  ? __x64_sys_umount+0x122/0x160
[  110.157882][ T5866]  ? exit_to_user_mode_loop+0x40/0x110
[  110.157895][ T5866]  exit_to_user_mode_loop+0xec/0x110
[  110.157908][ T5866]  do_syscall_64+0x2bd/0x3b0
[  110.157918][ T5866]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.157924][ T5866]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.157932][ T5866]  ? exc_page_fault+0x9f/0xf0
[  110.157943][ T5866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.157954][ T5866] RIP: 0033:0x7f1c2a18ff17
[  110.157964][ T5866] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  110.157973][ T5866] RSP: 002b:00007fff188dc108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  110.157985][ T5866] RAX: 0000000000000000 RBX: 00007f1c2a211c05 RCX: 00007f1c2a18ff17
[  110.157992][ T5866] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff188dc1c0
[  110.157998][ T5866] RBP: 00007fff188dc1c0 R08: 0000000000000000 R09: 0000000000000000
[  110.158004][ T5866] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff188dd250
[  110.158010][ T5866] R13: 00007f1c2a211c05 R14: 000000000001adba R15: 00007fff188dd290
[  110.158027][ T5866]  </TASK>
[  110.158032][ T5866] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  110.513879][ T7039] loop2: detected capacity change from 0 to 256
[  110.673823][ T7049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.416'.
[  110.677706][ T7049] netlink: 20 bytes leftover after parsing attributes in process `syz.2.416'.
[  110.829145][   T52] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  110.831681][ T7057] loop2: detected capacity change from 0 to 256
[  110.835837][ T7057] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  110.839502][ T7057] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  110.849054][ T7057] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  110.891748][ T7057] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff)
[  110.897055][ T7057] exFAT-fs (loop2): Filesystem has been set read-only
[  110.957707][   T33] audit: type=1326 audit(1757386042.148:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.421" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1c2a18ebe9 code=0x0
[  110.988191][   T52] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  110.991953][   T52] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  110.996251][   T52] usb 2-1: Product: syz
[  110.997948][   T52] usb 2-1: Manufacturer: syz
[  110.999779][   T52] usb 2-1: SerialNumber: syz
[  111.004667][   T52] usb 2-1: config 0 descriptor??
[  111.009282][   T52] ch341 2-1:0.0: ch341-uart converter detected
[  111.293995][ T7065] loop3: detected capacity change from 0 to 32768
[  111.300024][ T7065] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.423 (7065)
[  111.309853][ T7065] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  111.314158][ T7065] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  111.365216][ T7065] BTRFS info (device loop3): enabling ssd optimizations
[  111.368200][ T7065] BTRFS info (device loop3): enabling free space tree
[  111.402828][ T6082] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  111.591616][ T7082] loop3: detected capacity change from 0 to 8
[  111.602790][ T7082] SQUASHFS error: lzo decompression failed, data probably corrupt
[  111.606479][ T7082] SQUASHFS error: Failed to read block 0x144: -5
[  111.609074][ T7082] SQUASHFS error: Unable to read metadata cache entry [142]
[  111.612254][ T7082] SQUASHFS error: Unable to read inode 0x11f
[  111.848049][ T7090] loop2: detected capacity change from 0 to 1024
[  111.853543][ T7090] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  111.871187][ T7090] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  111.876213][ T7090] EXT4-fs error (device loop2): ext4_get_journal_inode:5800: inode #32: comm syz.2.428: iget: special inode unallocated
[  111.881092][ T7090] EXT4-fs (loop2): Remounting filesystem read-only
[  111.883272][ T7090] EXT4-fs (loop2): no journal found
[  111.888854][ T7090] EXT4-fs (loop2): can't get journal size
[  111.893679][ T7090] EXT4-fs (loop2): filesystem is read-only
[  111.897846][ T7090] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  111.927167][ T5866] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.157188][   T52] ch341-uart ttyUSB0: failed to read break control: -71
[  112.160856][   T52] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  112.169970][   T52] usb 2-1: USB disconnect, device number 10
[  112.174081][   T52] ch341 2-1:0.0: device disconnected
[  112.546252][    T9] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  112.696646][    T9] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  112.700965][    T9] usb 4-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  112.707982][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  112.710780][    T9] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  112.717032][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.722595][    T9] usb 4-1: config 0 descriptor??
[  113.000274][ T7113] loop2: detected capacity change from 0 to 512
[  113.003040][ T7113] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.010640][ T7113] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  113.032672][ T7113] EXT4-fs (loop2): 1 truncate cleaned up
[  113.036649][ T7113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.047851][ T7113] EXT4-fs (loop2): resizing filesystem from 256 to 1 blocks
[  113.050574][ T7113] EXT4-fs warning (device loop2): ext4_resize_fs:2042: can't shrink FS - resize aborted
[  113.073402][ T5866] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.712300][    T9] holtek 0003:1241:5015.0003: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.3-1/input0
[  113.716834][    T9] holtek 0003:1241:5015.0003: no inputs found
[  113.906987][   T95] usb 4-1: USB disconnect, device number 10
[  114.105417][ T7107] loop1: detected capacity change from 0 to 262144
[  114.110885][ T7107] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.435 (7107)
[  114.120204][ T7107] BTRFS info (device loop1): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  114.124117][ T7107] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  114.258248][ T1090] BTRFS warning (device loop1): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[  114.267458][ T7107] BTRFS info (device loop1): read error corrected: ino 0 off 22036480 (dev /dev/loop1 sector 43040)
[  114.271283][ T7107] BTRFS info (device loop1): read error corrected: ino 0 off 22040576 (dev /dev/loop1 sector 43048)
[  114.275498][ T7107] BTRFS info (device loop1): read error corrected: ino 0 off 22044672 (dev /dev/loop1 sector 43056)
[  114.279524][ T7107] BTRFS info (device loop1): read error corrected: ino 0 off 22048768 (dev /dev/loop1 sector 43064)
[  114.293720][ T7107] BTRFS info (device loop1): enabling ssd optimizations
[  114.297152][ T7107] BTRFS info (device loop1): enabling free space tree
[  114.464573][ T7158] openvswitch: netlink: IP tunnel TTL not specified.
[  114.504732][ T7160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.453'.
[  114.552395][ T7163] vivid-000: disconnect
[  114.573220][ T7163] vivid-000: reconnect
[  114.856909][ T7176] loop2: detected capacity change from 0 to 4096
[  114.875222][ T7177] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  115.194372][   T52] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  115.254443][ T7165] loop3: detected capacity change from 0 to 131072
[  115.258260][ T7165] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  115.260974][ T7165] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  115.268734][ T7165] F2FS-fs (loop3): invalid crc value
[  115.290821][ T7168] BTRFS info (device loop1): balance: start -d -m -s
[  115.307640][ T7168] BTRFS info (device loop1): relocating block group 30408704 flags metadata|dup
[  115.327890][ T7165] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  115.333724][ T7165] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  115.337033][ T7165] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  115.350309][   T52] usb 3-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  115.362181][   T52] usb 3-1: config 1 interface 0 has no altsetting 0
[  115.372675][ T7168] BTRFS info (device loop1): balance: canceled
[  115.377829][   T52] usb 3-1: New USB device found, idVendor=05ac, idProduct=0225, bcdDevice= 0.40
[  115.382782][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.387397][   T52] usb 3-1: Product: syz
[  115.389174][   T52] usb 3-1: Manufacturer: syz
[  115.396396][   T52] usb 3-1: SerialNumber: syz
[  115.413145][ T5860] BTRFS info (device loop1): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  115.649093][   T52] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input7
[  115.662038][ T5284] bcm5974 3-1:1.0: could not read from device
[  115.673946][   T52] usb 3-1: USB disconnect, device number 10
[  115.677514][ T5284] bcm5974 3-1:1.0: could not read from device
[  116.254360][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  116.411612][   T10] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  116.428734][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  116.431465][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  116.435140][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.443709][   T10] usb 4-1: config 0 descriptor??
[  116.947397][   T10] logitech 0003:046D:C29C.0004: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0
[  117.283471][ T7200] loop2: detected capacity change from 0 to 128
[  117.298353][ T7200] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  117.303774][ T7200] ext4 filesystem being mounted at /189/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  117.328400][   T10] logitech 0003:046D:C29C.0004: no inputs found
[  117.334451][ T7200] syz.2.469 (pid 7200) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  117.348376][   T10] usb 4-1: USB disconnect, device number 11
[  117.375741][ T5866] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  118.133507][ T7224] loop1: detected capacity change from 0 to 32768
[  118.139244][ T7224] (syz.1.479,7224,0):ocfs2_verify_heartbeat:839 ERROR: Heartbeat has to be started to mount a read-write clustered device.
[  118.145863][ T7224] (syz.1.479,7224,0):ocfs2_fill_super:1177 ERROR: status = -22
[  118.213822][ T7226] loop3: detected capacity change from 0 to 40427
[  118.225520][ T7226] F2FS-fs (loop3): invalid crc value
[  118.283381][ T7226] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  118.296472][ T7226] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  118.405682][ T7226] syz.3.480: attempt to access beyond end of device
[  118.405682][ T7226] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  118.539811][ T6082] syz-executor: attempt to access beyond end of device
[  118.539811][ T6082] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  118.544832][ T6082] CPU: 1 UID: 0 PID: 6082 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  118.544845][ T6082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  118.544850][ T6082] Call Trace:
[  118.544854][ T6082]  <TASK>
[  118.544858][ T6082]  dump_stack_lvl+0x189/0x250
[  118.544878][ T6082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.544887][ T6082]  ? __pfx_queue_work_on+0x10/0x10
[  118.544897][ T6082]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  118.544941][ T6082]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  118.544958][ T6082]  f2fs_handle_critical_error+0x37c/0x540
[  118.544976][ T6082]  f2fs_write_end_io+0x886/0xb60
[  118.544994][ T6082]  __submit_merged_bio+0x27a/0x6a0
[  118.545009][ T6082]  __submit_merged_write_cond+0x255/0x530
[  118.545024][ T6082]  f2fs_write_data_pages+0x261d/0x3000
[  118.545049][ T6082]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  118.545079][ T6082]  ? __mod_zone_page_state+0xd7/0x140
[  118.545097][ T6082]  ? folios_put_refs+0x560/0x640
[  118.545114][ T6082]  ? __lock_acquire+0xab9/0xd20
[  118.545131][ T6082]  ? do_raw_spin_lock+0x121/0x290
[  118.545147][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  118.545156][ T6082]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  118.545164][ T6082]  do_writepages+0x32e/0x550
[  118.545181][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  118.545192][ T6082]  filemap_fdatawrite+0x199/0x240
[  118.545205][ T6082]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  118.545240][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  118.545252][ T6082]  f2fs_sync_dirty_inodes+0x31f/0x830
[  118.545267][ T6082]  f2fs_write_checkpoint+0x95a/0x1df0
[  118.545288][ T6082]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  118.545320][ T6082]  ? kill_f2fs_super+0x298/0x6c0
[  118.545332][ T6082]  kill_f2fs_super+0x2c3/0x6c0
[  118.545342][ T6082]  ? __pfx_kill_f2fs_super+0x10/0x10
[  118.545349][ T6082]  ? radix_tree_delete_item+0x2b6/0x400
[  118.545365][ T6082]  ? shrinker_free+0x2ce/0x3e0
[  118.545375][ T6082]  deactivate_locked_super+0xbc/0x130
[  118.545386][ T6082]  cleanup_mnt+0x425/0x4c0
[  118.545395][ T6082]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.545404][ T6082]  task_work_run+0x1d4/0x260
[  118.545416][ T6082]  ? __pfx_task_work_run+0x10/0x10
[  118.545425][ T6082]  ? __x64_sys_umount+0x122/0x160
[  118.545438][ T6082]  ? exit_to_user_mode_loop+0x40/0x110
[  118.545453][ T6082]  exit_to_user_mode_loop+0xec/0x110
[  118.545464][ T6082]  do_syscall_64+0x2bd/0x3b0
[  118.545472][ T6082]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.545479][ T6082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.545487][ T6082]  ? exc_page_fault+0x9f/0xf0
[  118.545495][ T6082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.545502][ T6082] RIP: 0033:0x7f21f318ff17
[  118.545510][ T6082] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  118.545516][ T6082] RSP: 002b:00007ffea469a998 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  118.545525][ T6082] RAX: 0000000000000000 RBX: 00007f21f3211c05 RCX: 00007f21f318ff17
[  118.545530][ T6082] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea469aa50
[  118.545534][ T6082] RBP: 00007ffea469aa50 R08: 0000000000000000 R09: 0000000000000000
[  118.545538][ T6082] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea469bae0
[  118.545543][ T6082] R13: 00007f21f3211c05 R14: 000000000001ce27 R15: 00007ffea469bb20
[  118.545557][ T6082]  </TASK>
[  118.545561][ T6082] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  119.133781][ T7257] syzkaller1: entered promiscuous mode
[  119.137205][ T7257] syzkaller1: entered allmulticast mode
[  119.271488][ T7263] loop2: detected capacity change from 0 to 512
[  119.287760][ T7263] EXT4-fs: Ignoring removed i_version option
[  119.296274][ T7263] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  119.313201][ T7263] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[  119.316206][ T7263] System zones: 1-12
[  119.317870][ T7263] EXT4-fs (loop2): orphan cleanup on readonly fs
[  119.321449][ T7263] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.494: invalid indirect mapped block 12 (level 1)
[  119.332806][ T7263] EXT4-fs (loop2): Remounting filesystem read-only
[  119.335801][ T7263] EXT4-fs (loop2): 1 truncate cleaned up
[  119.339388][ T7263] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  119.370720][ T5866] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  119.465436][   T52] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  119.624666][   T52] usb 4-1: Using ep0 maxpacket: 32
[  119.632875][   T52] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  119.636498][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.639469][   T52] usb 4-1: Product: syz
[  119.640888][   T52] usb 4-1: Manufacturer: syz
[  119.642447][   T52] usb 4-1: SerialNumber: syz
[  119.645723][   T52] usb 4-1: config 0 descriptor??
[  119.652723][   T52] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  119.930862][ T7282] loop1: detected capacity change from 0 to 32768
[  119.935030][ T7282] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.502 (7282)
[  119.944001][ T7282] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  119.948210][ T7282] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  119.977229][ T7282] BTRFS info (device loop1): rebuilding free space tree
[  120.000481][ T7282] BTRFS info (device loop1): allowing degraded mounts
[  120.003015][ T7282] BTRFS info (device loop1): enabling ssd optimizations
[  120.005615][ T7282] BTRFS info (device loop1): enabling free space tree
[  120.008283][ T7282] BTRFS info (device loop1): force clearing of disk cache
[  120.010395][ T7282] BTRFS info (device loop1): use zstd compression, level 3
[  120.012544][ T7282] BTRFS info (device loop1): max_inline set to 0
[  120.030296][   T33] audit: type=1800 audit(1757386052.216:7): pid=7282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.502" name="bus" dev="loop1" ino=263 res=0 errno=0
[  120.041467][   T33] audit: type=1804 audit(1757386052.226:8): pid=7282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.502" name="/newroot/165/file1/bus" dev="loop1" ino=263 res=1 errno=0
[  120.069860][ T7282] BTRFS info (device loop1 state M): max_inline set to 0
[  120.105698][ T5860] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  120.654162][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881106d2000: rx timeout, send abort
[  120.664321][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881106d2000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  120.989096][   T52] gspca_ov534_9: reg_w failed -71
[  121.305046][   T52] gspca_ov534_9: Unknown sensor 0000
[  121.305124][   T52] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  121.322252][   T52] usb 4-1: USB disconnect, device number 12
[  121.364445][ T5870] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  121.516296][ T5870] usb 3-1: config 0 has no interfaces?
[  121.527489][ T5870] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  121.531030][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  121.534961][ T5870] usb 3-1: SerialNumber: syz
[  121.539145][ T5870] usb 3-1: config 0 descriptor??
[  121.745105][ T7325] loop3: detected capacity change from 0 to 32768
[  121.747507][ T7307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.749930][ T7325] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.513 (7325)
[  121.752182][ T7307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.766556][ T7325] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  121.766613][   T10] usb 3-1: USB disconnect, device number 11
[  121.770890][ T7325] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  121.826322][ T7325] BTRFS info (device loop3): rebuilding free space tree
[  121.836600][ T7325] BTRFS info (device loop3): enabling ssd optimizations
[  121.839331][ T7325] BTRFS info (device loop3): turning on flush-on-commit
[  121.842136][ T7325] BTRFS info (device loop3): enabling free space tree
[  121.845251][ T7325] BTRFS info (device loop3): force clearing of disk cache
[  121.848223][ T7325] BTRFS info (device loop3): doing ref verification
[  121.850859][ T7325] BTRFS info (device loop3): max_inline set to 4096
[  121.874400][ T5870] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  122.035242][ T5870] usb 2-1: Using ep0 maxpacket: 16
[  122.046142][ T5870] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  122.050942][ T5870] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  122.055303][ T5870] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  122.064777][ T5870] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  122.075024][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.078285][ T5870] usb 2-1: Product: syz
[  122.080051][ T5870] usb 2-1: Manufacturer: syz
[  122.082021][ T5870] usb 2-1: SerialNumber: syz
[  122.128399][ T6082] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  122.292394][ T5870] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  122.304311][ T5870] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  122.349480][ T5870] usb 2-1: USB disconnect, device number 11
[  123.028693][ T7370] input: syz0 as /devices/virtual/input/input8
[  123.091950][ T7372] loop2: detected capacity change from 0 to 128
[  123.099969][ T7372] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  123.108869][ T7372] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  123.329693][ T7384] loop2: detected capacity change from 0 to 1024
[  123.333129][ T7384] EXT4-fs: Ignoring removed nomblk_io_submit option
[  123.382457][ T7384] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.431706][ T5866] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.549193][ T7378] loop1: detected capacity change from 0 to 32768
[  123.553554][ T7378] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.529 (7378)
[  123.582375][ T7378] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  123.588653][ T7378] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  123.637429][ T7378] BTRFS info (device loop1): enabling ssd optimizations
[  123.640216][ T7378] BTRFS info (device loop1): enabling free space tree
[  123.719113][ T7416] loop3: detected capacity change from 0 to 512
[  123.740977][ T5860] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  123.810926][ T7396] loop2: detected capacity change from 0 to 32768
[  123.830691][ T7396] I/O error, dev loop14, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  123.834846][ T7396] lbmIODone: I/O error in JFS log
[  123.838362][ T7396] *** Log Format Error ! ***
[  123.855360][ T7396] lmLogInit: exit(-22)
[  123.857251][ T7396] lmLogOpen: exit(-22)
[  123.959763][ T7418] netlink: 'syz.1.541': attribute type 1 has an invalid length.
[  123.962885][ T7418] netlink: 20 bytes leftover after parsing attributes in process `syz.1.541'.
[  123.995725][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  124.156301][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  124.160670][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 218, changing to 7
[  124.166492][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 32945, setting to 1024
[  124.177883][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  124.181515][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.185335][    T9] usb 4-1: Product: syz
[  124.187089][    T9] usb 4-1: Manufacturer: syz
[  124.188971][    T9] usb 4-1: SerialNumber: syz
[  124.196237][    T9] usb 4-1: config 0 descriptor??
[  124.203435][    T9] usb 4-1: 0:0 : invalid sync pipe. bmAttributes e5, bLength 9, bSynchAddress 2f
[  124.264347][ T5870] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  124.417270][    T9] usb 4-1: USB disconnect, device number 13
[  124.424155][ T5870] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[  124.428874][ T5870] usb 3-1: config 0 has no interface number 0
[  124.431129][ T5870] usb 3-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  124.446485][ T5870] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  124.450238][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.453193][ T5870] usb 3-1: Product: syz
[  124.456244][ T5870] usb 3-1: Manufacturer: syz
[  124.457986][ T5870] usb 3-1: SerialNumber: syz
[  124.461613][ T5870] usb 3-1: config 0 descriptor??
[  124.547417][ T7440] random: crng reseeded on system resumption
[  124.670854][ T5870] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[  124.674602][ T5870] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[  124.677811][ T5870] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[  124.680972][ T5870] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[  124.690304][ T5870] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  124.697445][ T5870] usb 3-1: USB disconnect, device number 12
[  124.703548][ T5870] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  124.706973][ T5870] keyspan 3-1:0.133: device disconnected
[  124.763248][ T7444] netlink: 16 bytes leftover after parsing attributes in process `syz.1.554'.
[  124.768058][ T7444] netlink: 16 bytes leftover after parsing attributes in process `syz.1.554'.
[  124.771327][ T7444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.554'.
[  125.067025][ T7448] loop1: detected capacity change from 0 to 32768
[  125.274361][    T9] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  125.438339][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  125.442672][    T9] usb 4-1: not running at top speed; connect to a high speed hub
[  125.457155][    T9] usb 4-1: config 2 has an invalid interface number: 226 but max is 1
[  125.460425][    T9] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  125.464603][    T9] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 2
[  125.468128][    T9] usb 4-1: config 2 has no interface number 0
[  125.470636][    T9] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  125.475168][    T9] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[  125.479623][    T9] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  125.490023][    T9] usb 4-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce
[  125.493678][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.497707][    T9] usb 4-1: Product: syz
[  125.499425][    T9] usb 4-1: Manufacturer: syz
[  125.501300][    T9] usb 4-1: SerialNumber: syz
[  125.520605][ T7462] loop1: detected capacity change from 0 to 32768
[  125.524420][ T7462] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section members_v2: device 0: too many buckets (got 1099511627775, max 2147483583)
[  125.524420][ T7462] members_v2 (size 152):
[  125.524420][ T7462] Device:                        0
[  125.524420][ T7462]   Label:                       (none)
[  125.524420][ T7462]   UUID:                        7af6772b-00de-4159-84cd-1faeadf8ffff
[  125.524420][ T7462]   Size:                        144115188075724800
[  125.524420][ T7462]   read errors:                 0
[  125.524420][ T7462]   write errors:                0
[  125.524420][ T7462]   checksum errors:             150994944
[  125.524420][ T7462]   seqread iops:                0
[  125.524420][ T7462]   seqwrite iops:               0
[  125.524420][ T7462]   randread iops:               0
[  125.524420][ T7462]   randwrite iops:              0
[  125.524420][ T7462]   Bucket size:                 131072
[  125.524420][ T7462]   First bucket:                0
[  125.524420][ T7462]   Buckets:                     1099511627775
[  125.524420][ T7462]   Last mount:                  1714681267
[  125.524420][ T7462]   Last superblock write:       42
[  125.524420][ T7462]   State:                       rw
[  125.524420][ T7462]   Data allowed:                journal,btree,user
[  125.524420][ T7462]   Has data:                    (none)
[  125.524420][ T7462]   Btree allocated bitmap blocksize:256
[  125.524420][ T7462]   Btree allocated bitmap:      00000000000000000000010000100000
[  125.524598][ T7462] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  125.564426][ T5927] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  125.574556][    C1] vkms_vblank_simulate: vblank timer overrun
[  125.729308][    T9] usb 4-1: USB disconnect, device number 14
[  125.734623][ T5927] usb 3-1: Using ep0 maxpacket: 16
[  125.741673][ T5927] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  125.745292][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.747750][ T5927] usb 3-1: Product: syz
[  125.749463][ T5927] usb 3-1: Manufacturer: syz
[  125.751289][ T5927] usb 3-1: SerialNumber: syz
[  125.756741][ T5927] r8152-cfgselector 3-1: Unknown version 0x0000
[  125.759163][ T5927] r8152-cfgselector 3-1: config 0 descriptor??
[  125.767448][ T7470] loop1: detected capacity change from 0 to 65
[  125.775333][ T7470] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  125.850474][ T7472] openvswitch: netlink: Duplicate or invalid key (type 0).
[  125.853686][ T7472] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  126.168198][ T5927] r8152-cfgselector 3-1: Needed 1 retries to read version
[  126.378081][ T5927] r8152-cfgselector 3-1: USB disconnect, device number 13
[  127.451845][ T7505] loop2: detected capacity change from 0 to 4096
[  127.456585][ T7505] ntfs3(loop2): Unsupported bytes per MFT record 8192.
[  127.459643][ T7505] ntfs3(loop2): try to read out of volume at offset 0x1ffe00
[  127.487486][ T7505] I/O error, dev loop2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.495717][ T7505] isofs_fill_super: bread failed, dev=loop2, iso_blknum=16, block=32
[  127.743807][ T7513] loop3: detected capacity change from 0 to 32768
[  127.751467][ T7513] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.586 (7513)
[  127.762116][ T7513] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  127.766304][ T7513] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  127.769713][ T7513] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  127.786463][ T7520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.589'.
[  127.790454][ T7520] netlink: 'syz.1.589': attribute type 1 has an invalid length.
[  127.793487][ T7520] netlink: 20 bytes leftover after parsing attributes in process `syz.1.589'.
[  128.083130][ T7513] BTRFS info (device loop3): rebuilding free space tree
[  128.214122][ T7513] BTRFS info (device loop3): disabling free space tree
[  128.217874][ T7513] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  128.221393][ T7513] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  128.275487][ T7513] BTRFS info (device loop3): checking UUID tree
[  128.285251][ T7513] BTRFS info (device loop3): enabling ssd optimizations
[  128.288181][ T7513] BTRFS info (device loop3): turning off barriers
[  128.290746][ T7513] BTRFS info (device loop3): turning on flush-on-commit
[  128.293486][ T7513] BTRFS info (device loop3): enabling disk space caching
[  128.296294][ T7513] BTRFS info (device loop3): force clearing of disk cache
[  128.299169][ T7513] BTRFS info (device loop3): doing ref verification
[  128.301708][ T7513] BTRFS info (device loop3): use zstd compression, level 3
[  128.304767][ T7513] BTRFS info (device loop3): max_inline set to 0
[  128.361609][ T6082] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  128.424521][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  128.515682][ T7549] loop3: detected capacity change from 0 to 512
[  128.522562][ T7549] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  128.526692][ T7549] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  128.530573][ T7549] EXT4-fs (loop3): group descriptors corrupted!
[  128.584778][    T9] usb 2-1: Using ep0 maxpacket: 8
[  128.589612][    T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  128.593268][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.612834][    T9] pvrusb2: Hardware description: Terratec Grabster AV400
[  128.617178][    T9] pvrusb2: **********
[  128.619501][    T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  128.623669][    T9] pvrusb2: Important functionality might not be entirely working.
[  128.627239][    T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  128.631741][    T9] pvrusb2: **********
[  128.817339][ T5928] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  128.821162][ T2398] pvrusb2: Invalid write control endpoint
[  128.878954][ T2398] pvrusb2: Invalid write control endpoint
[  128.881548][ T2398] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  128.888526][ T2398] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  128.891635][ T2398] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  128.898786][ T2398] pvrusb2: Device being rendered inoperable
[  128.905324][ T2398] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  128.909532][ T2398] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  128.917163][ T2398] pvrusb2: Attached sub-driver cx25840
[  128.919756][ T2398] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  128.923854][ T2398] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  128.994276][ T5928] usb 4-1: Using ep0 maxpacket: 8
[  129.002520][ T5928] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  129.009858][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.012042][ T7553] loop2: detected capacity change from 0 to 32768
[  129.012617][ T5928] usb 4-1: Product: syz
[  129.015737][ T7553] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.597 (7553)
[  129.016581][ T5928] usb 4-1: Manufacturer: syz
[  129.022535][ T5928] usb 4-1: SerialNumber: syz
[  129.027688][ T7553] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  129.028123][ T5928] usb 4-1: config 0 descriptor??
[  129.031069][ T7553] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  129.038538][   T52] usb 2-1: USB disconnect, device number 12
[  129.052300][ T5928] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244)
[  129.059273][ T7553] BTRFS info (device loop2): enabling ssd optimizations
[  129.062545][ T7553] BTRFS info (device loop2): enabling free space tree
[  129.082620][ T5866] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  129.581239][ T7581] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  129.874447][ T5870] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  129.880453][ T5928] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  129.885316][ T5928] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  129.891095][ T5928] usb 4-1: USB disconnect, device number 15
[  130.036559][ T5870] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  130.042057][ T5870] usb 2-1: config 0 interface 0 has no altsetting 0
[  130.044908][ T5870] usb 2-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00
[  130.048487][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.054437][ T5870] usb 2-1: config 0 descriptor??
[  130.163576][ T7585] Bluetooth: MGMT ver 1.23
[  130.201805][ T7587] loop2: detected capacity change from 0 to 512
[  130.208247][ T7587] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  130.221904][ T7587] tmpfs: Cannot change global quota limit on remount
[  130.470316][ T5870] elecom 0003:056E:00FD.0005: unknown main item tag 0x0
[  130.473158][ T5870] elecom 0003:056E:00FD.0005: unknown main item tag 0x0
[  130.482454][ T5870] elecom 0003:056E:00FD.0005: unknown main item tag 0x0
[  130.489756][ T5870] elecom 0003:056E:00FD.0005: hidraw0: USB HID v1.01 Device [HID 056e:00fd] on usb-dummy_hcd.1-1/input0
[  130.506017][ T7605] netlink: 'syz.2.613': attribute type 34 has an invalid length.
[  130.677544][ T5928] usb 2-1: USB disconnect, device number 13
[  130.717169][ T7627] loop3: detected capacity change from 0 to 1024
[  130.737155][ T7627] hfsplus: bad catalog entry type
[  130.760724][  T974] hfsplus: b-tree write err: -5, ino 4
[  130.931649][ T7637] loop3: detected capacity change from 0 to 512
[  130.935941][ T7629] loop2: detected capacity change from 0 to 32768
[  130.940012][ T7629] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  130.940012][ T7629] clean (size 2912):
[  130.940012][ T7629] flags:          0
[  130.940012][ T7629] journal_seq:    8
[  130.940012][ T7629] prio_ptrs: 
[  130.940012][ T7629] usage: type=key_version v=0
[  130.940012][ T7629] usage: type=reserved v=0
[  130.940012][ T7629] usage: type=reserved v=0
[  130.940012][ T7629] usage: type=reserved v=0
[  130.940012][ T7629] usage: type=reserved v=0
[  130.940012][ T7629] data_usage: btree: 1/1 [0]=2816
[  130.940012][ T7629] data_usage: journal: 1/1 [0]=0
[  130.940012][ T7629] data_usage: user: 1/1 [0]=32
[  130.940012][ T7629] dev_usage: dev=0  
[  130.940012][ T7629]   free: buckets=83 sectors=0 fragmented=0
[  130.940012][ T7629]   sb: buckets=25 sectors=6152 fragmented=248
[  130.940012][ T7629]   journal: buckets=8 sectors=2048 fragmented=0
[  130.940012][ T7629]   btree: buckets=11 sectors=2816 fragmented=0
[  130.940012][ T7629]   user: buckets=1 sectors=32 fragmented=224
[  130.940012][ T7629]   cached: buckets=0 sectors=0 fragmented=0
[  130.940012][ T7629]   parity: buckets=0 sectors=0 fragmented=0
[  130.940012][ T7629]   stripe: buckets=0 sectors=0 fragmented=0
[  130.940012][ T7629]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  130.940012][ T7629]   need_discard: buckets=0 sectors=0 fragmented=0
[  130.940012][ T7629] clock: read=0
[  130.940012][ T7629] clock: write=1288
[  130.940012][ T7629] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee3
[  130.940121][ T7629] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  130.991365][ T7637] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  131.028539][ T7637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.033804][ T7637] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  131.045837][ T7637] netlink: 256 bytes leftover after parsing attributes in process `syz.3.629'.
[  131.049302][ T7637] netlink: 56 bytes leftover after parsing attributes in process `syz.3.629'.
[  131.074000][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.246804][ T7650] loop1: detected capacity change from 0 to 256
[  131.252350][ T7650] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  131.253877][ T7651] netlink: 24 bytes leftover after parsing attributes in process `syz.3.634'.
[  131.260642][ T7650] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  131.269584][ T7650] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  131.307984][ T7653] loop3: detected capacity change from 0 to 512
[  131.312110][ T7653] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  131.319295][ T7653] UDF-fs: Scanning with blocksize 512 failed
[  131.328930][ T7653] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  131.331789][ T7653] UDF-fs: Scanning with blocksize 1024 failed
[  131.337723][ T7653] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  131.340727][ T7653] UDF-fs: Scanning with blocksize 2048 failed
[  131.346918][ T7653] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  131.353248][ T7653] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  131.650644][ T7673] loop1: detected capacity change from 0 to 1024
[  131.654305][ T5928] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  131.696613][ T3538] hfsplus: b-tree write err: -5, ino 4
[  131.804345][ T5928] usb 4-1: Using ep0 maxpacket: 8
[  131.809001][ T5928] usb 4-1: unable to get BOS descriptor or descriptor too short
[  132.220344][ T7678] 9pnet_fd: Insufficient options for proto=fd
[  132.704960][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.707568][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.841324][ T5928] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  132.856368][ T5928] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  132.874954][ T5928] usb 4-1: config 1 has no interface number 1
[  133.311486][ T5928] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  133.316038][ T5928] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  133.356150][ T5928] usb 4-1: string descriptor 0 read error: -22
[  133.358269][ T5928] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  133.361447][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.422331][ T7683] loop2: detected capacity change from 0 to 1024
[  133.431943][ T5928] usb 4-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  133.440985][ T5928] usb 4-1: 2:1 : sample bitwidth 141 in over sample bytes 2
[  133.453769][ T5928] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  133.553244][ T1875] hfsplus: b-tree write err: -5, ino 4
[  133.624459][ T5928] usb 4-1: USB disconnect, device number 16
[  133.717321][ T7690] openvswitch: netlink: Tunnel attr 5 has unexpected len 4 expected 0
[  133.757062][ T5863] Bluetooth: hci1: link tx timeout
[  133.759579][ T5863] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  133.894339][ T5870] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  134.392426][ T7714] loop3: detected capacity change from 0 to 128
[  134.401233][ T7714] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  134.405657][ T7714] ext4 filesystem being mounted at /152/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  134.451232][ T6082] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  134.669659][ T7700] loop1: detected capacity change from 0 to 131072
[  134.677097][ T7700] F2FS-fs (loop1): Test dummy encryption mode enabled
[  134.682278][ T7700] F2FS-fs (loop1): invalid crc value
[  134.737977][ T7700] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  134.743056][ T7700] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  134.770698][ T5870] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  134.784490][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.792068][ T5870] usb 3-1: config 0 descriptor??
[  134.806425][ T5870] gspca_main: sunplus-2.14.0 probing 055f:c420
[  134.905687][ T7700] fscrypt (loop1, inode 10): Error allocating 'xts(aes)' transform: -4
[  135.008919][ T5870] gspca_sunplus: reg_w_riv err -71
[  135.011123][ T5870] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  135.019472][ T5870] usb 3-1: USB disconnect, device number 14
[  135.193960][ T7738] loop3: detected capacity change from 0 to 764
[  135.448009][ T7750] loop3: detected capacity change from 0 to 4096
[  135.459450][ T7750] NILFS (loop3): invalid segment: Checksum error in segment payload
[  135.463034][ T7750] NILFS (loop3): trying rollback from an earlier position
[  135.477360][ T7750] NILFS (loop3): recovery complete
[  135.480043][ T7751] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.620915][ T7746] loop1: detected capacity change from 0 to 32768
[  135.814536][ T5863] Bluetooth: hci1: command 0x0406 tx timeout
[  135.844370][ T5870] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  135.874441][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  136.014438][ T5870] usb 3-1: Using ep0 maxpacket: 8
[  136.020869][ T5870] usb 3-1: unable to get BOS descriptor or descriptor too short
[  136.025480][ T5870] usb 3-1: config 246 has an invalid interface number: 233 but max is 0
[  136.028876][ T5870] usb 3-1: config 246 has no interface number 0
[  136.031376][ T5870] usb 3-1: config 246 interface 233 has no altsetting 0
[  136.036376][ T5870] usb 3-1: New USB device found, idVendor=0b05, idProduct=18f0, bcdDevice=af.9c
[  136.039957][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.043040][ T5870] usb 3-1: Product: syz
[  136.045063][    T9] usb 4-1: Using ep0 maxpacket: 16
[  136.047285][ T5870] usb 3-1: Manufacturer: ࠌ
[  136.049583][ T5870] usb 3-1: SerialNumber: syz
[  136.054046][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  136.056871][    T9] usb 4-1: New USB device found, idVendor=0b05, idProduct=1807, bcdDevice= 0.00
[  136.060539][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.071131][    T9] usb 4-1: config 0 descriptor??
[  136.292146][ T5870] usb 3-1: USB disconnect, device number 15
[  136.398836][ T7765] netlink: 'syz.1.682': attribute type 1 has an invalid length.
[  136.490120][    T9] asus 0003:0B05:1807.0006: item fetching failed at offset 2/5
[  136.496819][    T9] asus 0003:0B05:1807.0006: Asus hid parse failed: -22
[  136.499650][    T9] asus 0003:0B05:1807.0006: probe with driver asus failed with error -22
[  136.503921][ T7769] loop1: detected capacity change from 0 to 4096
[  136.522821][ T7770] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  136.534160][ T7769] NILFS error (device loop1): nilfs_readdir: zero-length directory entry
[  136.542050][ T7769] Remounting filesystem read-only
[  136.699950][ T5870] usb 4-1: USB disconnect, device number 17
[  137.723891][ T7797] loop3: detected capacity change from 0 to 32768
[  137.738880][ T7797] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  137.767730][ T6082] (syz-executor,6082,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  137.775983][ T6082] ocfs2: Unmounting device (7,3) on (node local)
[  138.828433][ T7812] netlink: 'syz.2.700': attribute type 29 has an invalid length.
[  138.841667][ T7812] netlink: 'syz.2.700': attribute type 29 has an invalid length.
[  138.850476][ T7812] netlink: 'syz.2.700': attribute type 29 has an invalid length.
[  139.400898][   T33] audit: type=1326 audit(1757386071.586:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7817 comm="syz.3.702" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f21f318ebe9 code=0x0
[  140.154390][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  140.330363][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.334987][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  140.338851][    T9] usb 3-1: config 1 has no interface number 0
[  140.341617][    T9] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.348043][    T9] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  140.357407][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  140.361205][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.365909][    T9] usb 3-1: Product: syz
[  140.368387][    T9] usb 3-1: Manufacturer: syz
[  140.370401][    T9] usb 3-1: SerialNumber: syz
[  140.809520][ T7842] loop1: detected capacity change from 0 to 1024
[  140.813671][ T7842] EXT4-fs: Ignoring removed mblk_io_submit option
[  140.816871][ T7842] EXT4-fs: inline encryption not supported
[  140.822430][ T7842] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  140.842386][ T7842] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c842e018, mo2=0000]
[  140.847266][ T7842] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.711: bad orphan inode 11
[  140.851445][ T7842] ext4_test_bit(bit=10, block=4) = 1
[  140.853769][ T7842] is_bad_inode(inode)=0
[  140.855910][ T7842] NEXT_ORPHAN(inode)=3254779904
[  140.857948][ T7842] max_ino=32
[  140.859550][ T7842] i_nlink=0
[  140.869833][ T7842] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.711: lblock 2 mapped to illegal pblock 2 (length 1)
[  140.878139][ T7842] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  140.881600][ T7842] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.711: lblock 0 mapped to illegal pblock 48 (length 1)
[  140.890657][ T7842] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  140.894670][ T7842] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.711: Failed to acquire dquot type 0
[  140.899684][ T7842] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  140.907541][ T7842] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.711: mark_inode_dirty error
[  140.912367][ T7842] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  140.920395][ T7842] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.953119][ T5860] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.958158][ T5860] EXT4-fs error (device loop1): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0
[  140.967797][ T5860] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  140.972104][ T5860] EXT4-fs error (device loop1): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error
[  141.197612][    T9] cdc_ncm 3-1:1.1: bind() failure
[  141.212233][ T7848] netlink: 104 bytes leftover after parsing attributes in process `syz.3.713'.
[  141.384093][ T7858] xt_time: unknown flags 0xf4
[  141.409316][ T5928] usb 3-1: USB disconnect, device number 16
[  141.791381][ T7868] loop3: detected capacity change from 0 to 32768
[  141.794773][ T7868] XFS: ikeep mount option is deprecated.
[  141.802314][ T7868] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  141.821551][ T7868] XFS (loop3): Ending clean mount
[  141.826091][ T7868] XFS (loop3): Quotacheck needed: Please wait.
[  141.859303][ T7868] XFS (loop3): Quotacheck: Done.
[  141.921373][ T6082] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  142.088323][ T7885] loop3: detected capacity change from 0 to 512
[  142.110341][ T7885] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  142.148630][ T7885] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  142.156365][ T7885] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.725: corrupted in-inode xattr: e_value size too large
[  142.176942][ T7885] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.725: couldn't read orphan inode 15 (err -117)
[  142.190038][ T7885] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.243244][ T7893] loop1: detected capacity change from 0 to 256
[  142.256860][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.340838][ T7899] loop2: detected capacity change from 0 to 1024
[  142.344491][ T7899] EXT4-fs: Ignoring removed nomblk_io_submit option
[  142.347220][ T7901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.734'.
[  142.386910][ T7899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.419999][ T7899] EXT4-fs error (device loop2): __ext4_new_inode:1073: comm syz.2.733: reserved inode found cleared - inode=18
[  142.451593][ T5866] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.869656][ T5912] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  143.764442][ T5912] usb 4-1: Using ep0 maxpacket: 16
[  143.773205][ T5912] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  143.788943][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.792966][ T5912] usb 4-1: Product: syz
[  143.794453][ T5912] usb 4-1: Manufacturer: syz
[  143.796159][ T5912] usb 4-1: SerialNumber: syz
[  143.800155][ T5912] usb 4-1: config 0 descriptor??
[  144.227629][ T5912] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[  144.237111][ T5912] usb 4-1: USB disconnect, device number 18
[  144.413191][ T7935] loop1: detected capacity change from 0 to 32768
[  144.419344][ T7935] ERROR: (device loop1): xtSearch: xt_getpage: xtree page corrupt
[  144.419344][ T7935] 
[  144.424069][ T7935] xtLookup: xtSearch returned -5
[  144.426850][ T7935] read_mapping_page failed!
[  144.428946][ T7935] jfs_mount: diMount failed w/rc = -5
[  144.431985][ T7935] Mount JFS Failure: -5
[  144.433661][ T7935] jfs_mount failed w/return code = -5
[  144.668975][ T7948] loop2: detected capacity change from 0 to 1024
[  144.683126][ T7948] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  144.688465][ T7948] ext4 filesystem being mounted at /269/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.715904][ T7948] EXT4-fs warning (device loop2): ext4_empty_dir:3099: inode #12: comm syz.2.753: directory missing '..'
[  144.741721][ T5866] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  144.979385][ T7981] loop1: detected capacity change from 0 to 8
[  144.983608][ T7981] SQUASHFS error: lzo decompression failed, data probably corrupt
[  144.988858][ T7981] SQUASHFS error: Failed to read block 0x91: -5
[  144.991233][ T7981] SQUASHFS error: Unable to read metadata cache entry [8f]
[  144.993484][ T7981] SQUASHFS error: Unable to read inode 0x11f
[  145.174455][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  145.344377][    T9] usb 3-1: Using ep0 maxpacket: 32
[  145.350090][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  145.360870][    T9] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  145.368271][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.372850][    T9] usb 3-1: Product: syz
[  145.374780][    T9] usb 3-1: Manufacturer: syz
[  145.376612][    T9] usb 3-1: SerialNumber: syz
[  145.381566][    T9] usb 3-1: config 0 descriptor??
[  145.389046][ T7977] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  145.397842][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  145.406236][ T5870] IPVS: starting estimator thread 0...
[  145.485156][ T8005] loop1: detected capacity change from 0 to 128
[  145.497688][ T8005] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  145.501739][ T8005] hpfs: filesystem error: improperly stopped
[  145.503629][ T8005] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  145.506191][ T8001] IPVS: using max 64 ests per chain, 153600 per kthread
[  145.509854][ T8005] hpfs: You really don't want any checks? You are crazy...
[  145.513137][ T8005] hpfs: hpfs_map_sector(): read error
[  145.516304][ T8005] hpfs: code page support is disabled
[  145.522907][ T8005] hpfs: hpfs_map_4sectors(): unaligned read
[  145.526440][ T8005] hpfs: hpfs_map_4sectors(): unaligned read
[  145.528834][ T8005] hpfs: filesystem error: unable to find root dir
[  145.612895][ T5928] usb 3-1: USB disconnect, device number 17
[  146.312341][ T8025] loop1: detected capacity change from 0 to 32768
[  146.326856][ T8025] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  146.358601][ T8025] XFS (loop1): Ending clean mount
[  146.379905][ T5860] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  146.655822][ T8048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.795'.
[  146.776237][   T95] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  146.938632][   T95] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.943005][   T95] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.948937][   T95] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  146.954014][   T95] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  146.958551][   T95] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.963870][   T95] usb 3-1: config 0 descriptor??
[  147.084376][ T5928] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  147.234349][ T5928] usb 2-1: Using ep0 maxpacket: 16
[  147.239818][ T5928] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  147.243013][ T5928] usb 2-1: config 0 has no interface number 0
[  147.249251][ T5928] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  147.252848][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.256080][ T5928] usb 2-1: Product: syz
[  147.257847][ T5928] usb 2-1: Manufacturer: syz
[  147.259691][ T5928] usb 2-1: SerialNumber: syz
[  147.266201][ T5928] usb 2-1: config 0 descriptor??
[  147.304519][ T5913] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  147.384684][   T95] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  147.457659][ T5913] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  147.462092][ T5913] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[  147.466210][ T5913] usb 4-1: config 220 interface 0 has no altsetting 0
[  147.471691][ T5913] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  147.475696][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.479037][ T5913] usb 4-1: Product: syz
[  147.479133][ T5870] usb 2-1: USB disconnect, device number 14
[  147.480881][ T5913] usb 4-1: Manufacturer: syz
[  147.485482][ T5913] usb 4-1: SerialNumber: syz
[  147.638535][    T9] usb 3-1: USB disconnect, device number 18
[  147.700368][ T5913] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  147.703174][ T5913] usb 4-1: No valid video chain found.
[  147.708942][ T5913] usb 4-1: USB disconnect, device number 19
[  148.188488][ T8075] mmap: syz.2.808 (8075) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  148.270480][ T8078] loop3: detected capacity change from 0 to 4096
[  148.273408][ T8078] EXT4-fs: Ignoring removed mblk_io_submit option
[  148.279660][ T8078] EXT4-fs (loop3): Test dummy encryption mode enabled
[  148.324897][ T8078] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.707357][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.830226][ T8085] loop3: detected capacity change from 0 to 2048
[  148.839591][ T8085] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  148.853192][ T8085] NILFS (loop3): too large checkpoint size: 1741 bytes
[  148.860621][ T8085] NILFS (loop3): error -22 while loading super root
[  149.280174][ T8094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.815'.
[  149.335865][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  149.515026][    T9] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[  149.524484][    T9] usb 2-1: config 0 has no interface number 0
[  149.528722][    T9] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0xD has an invalid bInterval 104, changing to 10
[  149.545839][    T9] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  149.557784][    T9] usb 2-1: New USB device found, idVendor=1660, idProduct=1921, bcdDevice=1f.84
[  149.561336][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.565947][    T9] usb 2-1: Product: syz
[  149.575719][    T9] usb 2-1: Manufacturer: syz
[  149.580312][    T9] usb 2-1: SerialNumber: syz
[  149.600429][ T8096] loop2: detected capacity change from 0 to 4096
[  149.605844][    T9] usb 2-1: config 0 descriptor??
[  149.607020][ T8096] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  149.670807][ T8096] ntfs3(loop2): Failed to load $Extend (-22).
[  149.673372][ T8096] ntfs3(loop2): Failed to initialize $Extend.
[  149.884719][    T9] dvb-usb: found a 'Medion CTX1921 DVB-T USB' in warm state.
[  149.899170][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  149.907444][    T9] dvbdev: DVB: registering new adapter (Medion CTX1921 DVB-T USB)
[  149.912084][    T9] usb 2-1: media controller created
[  149.936867][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  150.012508][    T9] DVB: Unable to find symbol dib7000p_attach()
[  150.015109][    T9] dvb-usb: no frontend was attached by 'Medion CTX1921 DVB-T USB'
[  150.134315][    T9] rc_core: IR keymap rc-dib0700-rc5 not found
[  150.137712][    T9] Registered IR keymap rc-empty
[  150.140376][    T9] dvb-usb: could not initialize remote control.
[  150.142820][    T9] dvb-usb: Medion CTX1921 DVB-T USB successfully initialized and connected.
[  150.165368][    T9] dib0700: There's no endpoint for remote controller
[  150.370603][    T9] usb 2-1: USB disconnect, device number 15
[  150.407321][    T9] dvb-usb: Medion CTX1921 DVB-T USB successfully deinitialized and disconnected.
[  150.449503][ T8121] loop3: detected capacity change from 0 to 2048
[  150.471790][ T8121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.476983][ T8121] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.485982][   T33] audit: type=1800 audit(1757386082.676:10): pid=8121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.825" name="file0" dev="loop3" ino=13 res=0 errno=0
[  150.494840][ T8121] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.825: bg 0: block 345: padding at end of block bitmap is not set
[  150.503286][ T8121] fs-verity (loop3, inode 13): Error -117 writing Merkle tree block 0
[  150.506719][ T8121] fs-verity (loop3, inode 13): Error -117 building Merkle tree
[  150.524822][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.198276][ T8141] loop3: detected capacity change from 0 to 8
[  151.201583][ T8141] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  151.231978][ T8141] cramfs: Error -3 while decompressing!
[  151.237077][ T8141] cramfs: ffffffff99bf2668(26)->ffff888123dec000(4096)
[  151.241657][ T8133] loop1: detected capacity change from 0 to 32768
[  151.244438][ T8141] cramfs: Error -3 while decompressing!
[  151.244458][ T8141] cramfs: ffffffff99bf2682(26)->ffff888123ded000(4096)
[  151.244476][ T8141] cramfs: Error -3 while decompressing!
[  151.244481][ T8141] cramfs: ffffffff99bf269c(16)->ffff888123dee000(4096)
[  151.244514][ T8141] cramfs: Error -3 while decompressing!
[  151.244519][ T8141] cramfs: ffffffff99bf2668(26)->ffff888123dec000(4096)
[  151.249844][   T33] audit: type=1800 audit(1757386083.436:11): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.833" name="file2" dev="loop3" ino=348 res=0 errno=0
[  151.292614][ T8133] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  151.311728][ T8133] 
[  151.312818][ T8133] ======================================================
[  151.315639][ T8133] WARNING: possible circular locking dependency detected
[  151.318494][ T8133] syzkaller #0 Not tainted
[  151.320519][ T8133] ------------------------------------------------------
[  151.324368][ T8133] syz.1.829/8133 is trying to acquire lock:
[  151.326604][ T8133] ffff88801de226c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  151.331822][ T8133] 
[  151.331822][ T8133] but task is already holding lock:
[  151.334716][ T8133] ffff88801de25df8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  151.338519][ T8133] 
[  151.338519][ T8133] which lock already depends on the new lock.
[  151.338519][ T8133] 
[  151.342695][ T8133] 
[  151.342695][ T8133] the existing dependency chain (in reverse order) is:
[  151.346352][ T8133] 
[  151.346352][ T8133] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}:
[  151.349543][ T8133]        lock_acquire+0x120/0x360
[  151.351608][ T8133]        down_read+0x46/0x2e0
[  151.353548][ T8133]        ocfs2_init_acl+0x2f9/0x720
[  151.355660][ T8133]        ocfs2_mknod+0x1321/0x2050
[  151.357745][ T8133]        ocfs2_create+0x1a5/0x440
[  151.359789][ T8133]        path_openat+0x14f4/0x3830
[  151.361872][ T8133]        do_filp_open+0x1fa/0x410
[  151.363834][ T8133]        do_sys_openat2+0x121/0x1c0
[  151.365959][ T8133]        __x64_sys_creat+0x8f/0xc0
[  151.368079][ T8133]        do_syscall_64+0xfa/0x3b0
[  151.370141][ T8133]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.372719][ T8133] 
[  151.372719][ T8133] -> #4 (jbd2_handle){++++}-{0:0}:
[  151.375682][ T8133]        lock_acquire+0x120/0x360
[  151.377754][ T8133]        start_this_handle+0x1fa7/0x21c0
[  151.380062][ T8133]        jbd2__journal_start+0x2c1/0x5b0
[  151.382375][ T8133]        jbd2_journal_start+0x2a/0x40
[  151.384550][ T8133]        ocfs2_start_trans+0x376/0x6d0
[  151.386717][ T8133]        ocfs2_mknod+0xe93/0x2050
[  151.388810][ T8133]        ocfs2_mkdir+0x191/0x440
[  151.390831][ T8133]        vfs_mkdir+0x306/0x510
[  151.392708][ T8133]        do_mkdirat+0x247/0x590
[  151.394719][ T8133]        __x64_sys_mkdirat+0x87/0xa0
[  151.396796][ T8133]        do_syscall_64+0xfa/0x3b0
[  151.398793][ T8133]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.401374][ T8133] 
[  151.401374][ T8133] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  151.404633][ T8133]        lock_acquire+0x120/0x360
[  151.406750][ T8133]        down_read+0x46/0x2e0
[  151.408663][ T8133]        ocfs2_start_trans+0x36a/0x6d0
[  151.410788][ T8133]        ocfs2_mknod+0xe93/0x2050
[  151.412737][ T8133]        ocfs2_mkdir+0x191/0x440
[  151.414770][ T8133]        vfs_mkdir+0x306/0x510
[  151.416735][ T8133]        do_mkdirat+0x247/0x590
[  151.418707][ T8133]        __x64_sys_mkdirat+0x87/0xa0
[  151.420755][ T8133]        do_syscall_64+0xfa/0x3b0
[  151.422769][ T8133]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.425361][ T8133] 
[  151.425361][ T8133] -> #2 (sb_internal#3){.+.+}-{0:0}:
[  151.428308][ T8133]        lock_acquire+0x120/0x360
[  151.430334][ T8133]        ocfs2_start_trans+0x26b/0x6d0
[  151.432440][ T8133]        ocfs2_mknod+0xe93/0x2050
[  151.434417][ T8133]        ocfs2_mkdir+0x191/0x440
[  151.436381][ T8133]        vfs_mkdir+0x306/0x510
[  151.438286][ T8133]        do_mkdirat+0x247/0x590
[  151.440150][ T8133]        __x64_sys_mkdirat+0x87/0xa0
[  151.442161][ T8133]        do_syscall_64+0xfa/0x3b0
[  151.444182][ T8133]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.446685][ T8133] 
[  151.446685][ T8133] -> #1 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  151.450868][ T8133]        lock_acquire+0x120/0x360
[  151.452911][ T8133]        down_write+0x96/0x1f0
[  151.454841][ T8133]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  151.457529][ T8133]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  151.460399][ T8133]        ocfs2_mknod+0xe32/0x2050
[  151.462396][ T8133]        ocfs2_mkdir+0x191/0x440
[  151.464329][ T8133]        vfs_mkdir+0x306/0x510
[  151.466207][ T8133]        do_mkdirat+0x247/0x590
[  151.468139][ T8133]        __x64_sys_mkdirat+0x87/0xa0
[  151.470236][ T8133]        do_syscall_64+0xfa/0x3b0
[  151.472292][ T8133]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.474863][ T8133] 
[  151.474863][ T8133] -> #0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  151.479150][ T8133]        validate_chain+0xb9b/0x2140
[  151.481285][ T8133]        __lock_acquire+0xab9/0xd20
[  151.483359][ T8133]        lock_acquire+0x120/0x360
[  151.485378][ T8133]        down_write+0x96/0x1f0
[  151.487322][ T8133]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  151.489941][ T8133]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  151.492636][ T8133]        ocfs2_init_xattr_set_ctxt+0x307/0x700
[  151.495061][ T8133]        ocfs2_xattr_set+0xb70/0x11f0
[  151.497176][ T8133]        ocfs2_set_acl+0x701/0x7b0
[  151.499234][ T8133]        ocfs2_iop_set_acl+0x1aa/0x2a0
[  151.501415][ T8133]        vfs_set_acl+0x887/0xb00
[  151.503385][ T8133]        do_set_acl+0xf6/0x190
[  151.505288][ T8133]        filename_setxattr+0x2e0/0x600
[  151.507400][ T8133]        path_setxattrat+0x364/0x3a0
[  151.509410][ T8133]        __x64_sys_setxattr+0xbc/0xe0
[  151.511620][ T8133]        do_syscall_64+0xfa/0x3b0
[  151.513658][ T8133]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.516217][ T8133] 
[  151.516217][ T8133] other info that might help us debug this:
[  151.516217][ T8133] 
[  151.520240][ T8133] Chain exists of:
[  151.520240][ T8133]   &ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem
[  151.520240][ T8133] 
[  151.526517][ T8133]  Possible unsafe locking scenario:
[  151.526517][ T8133] 
[  151.529510][ T8133]        CPU0                    CPU1
[  151.531689][ T8133]        ----                    ----
[  151.533867][ T8133]   lock(&oi->ip_xattr_sem);
[  151.535688][ T8133]                                lock(jbd2_handle);
[  151.538280][ T8133]                                lock(&oi->ip_xattr_sem);
[  151.541175][ T8133]   lock(&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]);
[  151.544201][ T8133] 
[  151.544201][ T8133]  *** DEADLOCK ***
[  151.544201][ T8133] 
[  151.547420][ T8133] 3 locks held by syz.1.829/8133:
[  151.549478][ T8133]  #0: ffff888107246428 (sb_writers#24){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  151.553200][ T8133]  #1: ffff88801de260c0 (&type->i_mutex_dir_key#17){+.+.}-{4:4}, at: vfs_set_acl+0x3cd/0xb00
[  151.557179][ T8133]  #2: ffff88801de25df8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  151.561074][ T8133] 
[  151.561074][ T8133] stack backtrace:
[  151.563358][ T8133] CPU: 0 UID: 0 PID: 8133 Comm: syz.1.829 Not tainted syzkaller #0 PREEMPT(full) 
[  151.563378][ T8133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  151.563387][ T8133] Call Trace:
[  151.563397][ T8133]  <TASK>
[  151.563406][ T8133]  dump_stack_lvl+0x189/0x250
[  151.563430][ T8133]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.563448][ T8133]  ? __pfx__printk+0x10/0x10
[  151.563469][ T8133]  ? print_lock_name+0xde/0x100
[  151.563488][ T8133]  print_circular_bug+0x2ee/0x310
[  151.563503][ T8133]  check_noncircular+0x134/0x160
[  151.563519][ T8133]  validate_chain+0xb9b/0x2140
[  151.563534][ T8133]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  151.563554][ T8133]  ? look_up_lock_class+0x74/0x170
[  151.563569][ T8133]  ? register_lock_class+0x51/0x320
[  151.563591][ T8133]  __lock_acquire+0xab9/0xd20
[  151.563610][ T8133]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  151.563626][ T8133]  lock_acquire+0x120/0x360
[  151.563645][ T8133]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  151.563661][ T8133]  ? __pfx___schedule+0x10/0x10
[  151.563681][ T8133]  down_write+0x96/0x1f0
[  151.563697][ T8133]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  151.563712][ T8133]  ? __pfx_down_write+0x10/0x10
[  151.563728][ T8133]  ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  151.563744][ T8133]  ? preempt_schedule_common+0x83/0xd0
[  151.563757][ T8133]  ? preempt_schedule+0xae/0xc0
[  151.563775][ T8133]  ? __pfx_preempt_schedule+0x10/0x10
[  151.563794][ T8133]  ? preempt_schedule_thunk+0x16/0x30
[  151.563815][ T8133]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  151.563835][ T8133]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  151.563856][ T8133]  ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10
[  151.563873][ T8133]  ? stack_depot_save_flags+0x41b/0x860
[  151.563896][ T8133]  ? kasan_save_track+0x4f/0x80
[  151.563943][ T8133]  ? kasan_save_track+0x3e/0x80
[  151.563959][ T8133]  ? __kasan_kmalloc+0x93/0xb0
[  151.563974][ T8133]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  151.563991][ T8133]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  151.564007][ T8133]  ? ocfs2_init_xattr_set_ctxt+0x307/0x700
[  151.564024][ T8133]  ? ocfs2_xattr_set+0xb70/0x11f0
[  151.564040][ T8133]  ? ocfs2_set_acl+0x701/0x7b0
[  151.564054][ T8133]  ? ocfs2_iop_set_acl+0x1aa/0x2a0
[  151.564069][ T8133]  ? vfs_set_acl+0x887/0xb00
[  151.564082][ T8133]  ? do_set_acl+0xf6/0x190
[  151.564096][ T8133]  ? filename_setxattr+0x2e0/0x600
[  151.564116][ T8133]  ? path_setxattrat+0x364/0x3a0
[  151.564129][ T8133]  ? __x64_sys_setxattr+0xbc/0xe0
[  151.564141][ T8133]  ? do_syscall_64+0xfa/0x3b0
[  151.564154][ T8133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.564184][ T8133]  ? __kasan_kmalloc+0x93/0xb0
[  151.564202][ T8133]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  151.564218][ T8133]  ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  151.564236][ T8133]  ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10
[  151.564253][ T8133]  ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10
[  151.564275][ T8133]  ? __lock_acquire+0xab9/0xd20
[  151.564297][ T8133]  ocfs2_init_xattr_set_ctxt+0x307/0x700
[  151.564318][ T8133]  ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10
[  151.564337][ T8133]  ? ocfs2_xattr_set+0xb36/0x11f0
[  151.564354][ T8133]  ? up_write+0x1c4/0x420
[  151.564366][ T8133]  ? ocfs2_xattr_set+0x334/0x11f0
[  151.564382][ T8133]  ocfs2_xattr_set+0xb70/0x11f0
[  151.564405][ T8133]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  151.564420][ T8133]  ? vfs_set_acl+0x887/0xb00
[  151.564433][ T8133]  ? filename_setxattr+0x2e0/0x600
[  151.564452][ T8133]  ? path_setxattrat+0x364/0x3a0
[  151.564461][ T8133]  ? __x64_sys_setxattr+0xbc/0xe0
[  151.564470][ T8133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.564492][ T8133]  ? rcu_is_watching+0x15/0xb0
[  151.564508][ T8133]  ? trace_kmalloc+0x1f/0xd0
[  151.564524][ T8133]  ? __kmalloc_noprof+0x29b/0x4f0
[  151.564541][ T8133]  ? ocfs2_set_acl+0x11c/0x7b0
[  151.564558][ T8133]  ocfs2_set_acl+0x701/0x7b0
[  151.564578][ T8133]  ocfs2_iop_set_acl+0x1aa/0x2a0
[  151.564595][ T8133]  ? __pfx_ocfs2_iop_set_acl+0x10/0x10
[  151.564611][ T8133]  ? __pfx_evm_inode_set_acl+0x10/0x10
[  151.564630][ T8133]  ? __pfx_down_write+0x10/0x10
[  151.564646][ T8133]  ? evm_revalidate_status+0x4f/0xb0
[  151.564662][ T8133]  ? posix_acl_valid+0x352/0x3e0
[  151.564679][ T8133]  vfs_set_acl+0x887/0xb00
[  151.564699][ T8133]  do_set_acl+0xf6/0x190
[  151.564717][ T8133]  filename_setxattr+0x2e0/0x600
[  151.564741][ T8133]  ? __pfx_filename_setxattr+0x10/0x10
[  151.564763][ T8133]  ? getname_flags+0x1e5/0x540
[  151.564776][ T8133]  path_setxattrat+0x364/0x3a0
[  151.564794][ T8133]  ? __pfx_path_setxattrat+0x10/0x10
[  151.564808][ T8133]  ? do_futex+0x333/0x420
[  151.564834][ T8133]  ? rcu_is_watching+0x15/0xb0
[  151.564845][ T8133]  __x64_sys_setxattr+0xbc/0xe0
[  151.564859][ T8133]  do_syscall_64+0xfa/0x3b0
[  151.564872][ T8133]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.564884][ T8133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.564896][ T8133]  ? exc_page_fault+0x9f/0xf0
[  151.564940][ T8133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.564956][ T8133] RIP: 0033:0x7fb8e938ebe9
[  151.564969][ T8133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.564982][ T8133] RSP: 002b:00007fb8ea2e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  151.564998][ T8133] RAX: ffffffffffffffda RBX: 00007fb8e95c5fa0 RCX: 00007fb8e938ebe9
[  151.565009][ T8133] RDX: 0000200000000700 RSI: 0000200000002a40 RDI: 00002000000000c0
[  151.565017][ T8133] RBP: 00007fb8e9411e19 R08: 0000000000000000 R09: 0000000000000000
[  151.565027][ T8133] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000000
[  151.565035][ T8133] R13: 00007fb8e95c6038 R14: 00007fb8e95c5fa0 R15: 00007fff6384fc08
[  151.565050][ T8133]  </TASK>
[  151.806186][ T5860] ocfs2: Unmounting device (7,1) on (node local)

VM DIAGNOSIS:
02:48:02  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000005d RBX=000000000000005d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001492 RDI=0000000000001493 RBP=00000000000003f8 RSP=ffffc90002f3e3d0
R8 =ffff888107e30237 R9 =1ffff11020fc6046 R10=dffffc0000000000 R11=ffffffff854f6e40
R12=dffffc0000000000 R13=ffffffff99b008d6 R14=ffffffff99df5420 R15=0000000000000000
RIP=ffffffff854f6ebc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb8ea2e26c0 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f21f324f5c3 CR3=000000001f7b6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=1360034e5d53002c 74696d6d6f635f63 XMM05=5cf3945eb98408b4 4938eecd7e6e9eec
XMM06=0000000000000000 00b0be19cd0096ec XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00001b7d1475bf98 XMM09=0000000000000000 00007fb8e9412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff8243ca01 RBX=ffff888022fe1a80 RCX=ffffffff8243caf1 RDX=0000000000000010
RSI=0000000000000000 RDI=ffffc90002d9fac0 RBP=0000000000000ffd RSP=ffffc90002d9fa50
R8 =ffffc90002d9facf R9 =1ffff920005b3f59 R10=dffffc0000000000 R11=fffff520005b3f5a
R12=dffffc0000000000 R13=ffff88801dfb30c0 R14=ffff888024104ffd R15=ffffc90002d9fb20
RIP=ffffffff8b7a4ca0 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f21f13f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c420245 CR3=000000011ca50000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f21f3397498 00007f21f3397470 XMM03=00007f21f33974a8 00007f21f33974a0
XMM04=00007f21f3efd100 00007f21f3397460 XMM05=00007f21f3397478 00007f21f33974c0
XMM06=00007f21f33974b8 00007f21f33974b0 XMM07=00007f21f33974a8 00007f21f33974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f21f3212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
