last executing test programs:

4.740470662s ago: executing program 2 (id=262):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000480)={@mcast2={0xff, 0x5}, @private0, @loopback, 0x800000, 0xa, 0x0, 0x500, 0x7ffffffe, 0x140192})

3.786859635s ago: executing program 2 (id=265):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000300)=[{0xfffd, 0x2, 0xb, 0x7f}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00')
fchdir(r0)
exit(0xffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

2.925008385s ago: executing program 2 (id=278):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000003c0)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="200ca700000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.770549208s ago: executing program 1 (id=302):
syslog(0x3, &(0x7f00000007c0)=""/210, 0xd2)

1.686299303s ago: executing program 1 (id=304):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xf8, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xe4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x5}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0x2c, 0x3, 0x0, 0x0, {{0x1e}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xf8}}, 0x0)

1.686040615s ago: executing program 1 (id=305):
timer_create(0x3, 0x0, &(0x7f0000001400))
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000500)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.406619224s ago: executing program 0 (id=308):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x5, 0x5, 0x9fd, 0x84, 0x11}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x69, r0, 0x4}, 0x38)

1.406308621s ago: executing program 0 (id=309):
syz_usb_connect(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="120110019bde521023398a71d7d80102030109022400010509401909047b07022d51d59809056b02200002020509050412"], 0x0)

1.126592882s ago: executing program 2 (id=310):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], &(0x7f00000041c0)=""/4092, 0x31, 0xffc, 0x1}, 0x28)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

778.376017ms ago: executing program 1 (id=311):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0), 0x20000, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(r0, 0x80045010, &(0x7f0000000300))

778.107419ms ago: executing program 1 (id=312):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
shutdown(r0, 0x0)
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r2 = accept(r1, 0x0, 0x0)
sendto$inet6(r2, &(0x7f00000002c0)='S', 0x1, 0x4048055, 0x0, 0x0)

706.42963ms ago: executing program 1 (id=313):
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
r4 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000002880)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

306.976864ms ago: executing program 2 (id=314):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r0}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

245.550768ms ago: executing program 2 (id=315):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f00000002c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c726573765f6c6576656c3d30303030303030303030303030303030303030302c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c646174613d77726974656261636b2c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00149e0cb4c679a55808f10855fc0d9b9d7241cc60c5c0b35a9ce6bd73d50a863d736b7f64cdbf2582b25c868128f5a0c3ca71ea7a85f79743e17bbb3291a3c43eb49fcfcab9a806f939773a5895370494ec438f24b77c23cb13a0c7c11503d4e4a25d5e8142cc163f75ca2557bc5b3dd2856dbf2f4fbffb092b1a8d3f410d0daefab8a2f41a23713a02fa9349bc76bc637fe28f733ee38a6de0e2174f54e7f4ebc705a06c4b7d76bcc94f8985dbf4791afe238c9f24f48c0f98d3898ad1f3597c15fdc241ce161617ca162b1d4a17900f12843677d372e706"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x101042, 0xb0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x28180ff, 0x0, 0xfc, 0x0, &(0x7f0000000400))

156.360057ms ago: executing program 0 (id=316):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x80042, 0x0)
pwritev(r0, &(0x7f00000000c0), 0x300, 0xffffff7f, 0x0)

96.784915ms ago: executing program 0 (id=317):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000180)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000540)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_GET_HW_INFO(r0, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, r2, 0xfffffffffffffdb8, 0xffffffffffffffff})

15.90982ms ago: executing program 0 (id=318):
syz_mount_image$iso9660(&(0x7f0000002fc0), &(0x7f0000000000)='./file0\x00', 0x200000, &(0x7f00000002c0)={[{@session={'session', 0x3d, 0x7}}, {@overriderock}, {@showassoc}, {@session={'session', 0x3d, 0x5b}}, {@dmode={'dmode', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@dmode={'dmode', 0x3d, 0x9}}, {@map_acorn}, {@utf8}]}, 0x0, 0x406, &(0x7f0000002b80)="$eJzs3M9OG0ccwPFZYiilUhQpahIIh0nTSvQQZ3cpRiin7XpsJlnvrmbWEZyqqECECqQqqVS4tFz6R2ofIte+QS99okbtG1Dtrk0BG1zxzyj6fqRoxp7fzvxmY83IRrMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIJ6y7rueISMftJXmysG6SVr+GT7aKotvfR0eKU8YVwsn/ifFxca98697t/5o/LDu5W766K8bzYlzsfnDn1pPblZHu9ackfCW2d3Zf/VHm+L/iK//sFy49sSvSVLG2iW4FTSW1TeRCreY+XmxY2dCRsss2Uy0ZGhVkiZEz4afSW1iYlaq6nLTjZj2IVPfN+Ue+69bk02qqAmOT+PHTqg0XdRTpuFnE5M15zHz+QXymM5mpoCXl2vrG6uygJPMg75R2R4gfiiB/UE++6/ue5/tebW5hbt51K77ryyNvuMeInkuG/6HFcF3k8g2cy35n/wcAAAAAAO8up/iNPf/+P1r8Du+Iho6UO+y0AAAAAADABSr+8n83L0bz2j3h8P0fAAAAAIB3zc+Hz9i93++MnU3fc/78Wxgz6uylSx87m0EeHmyKSnHdjeM9Zo0p52ank6KoVTqvQjXtTJZBk93ot51ibdBZP6cngc7IxxMoT9jtf98nAfGrmCqDplbKcqXbUo4y0dCRqoZJ9MQTQXBzJFNL2bdbo0IU0/8lbt10xNr6xmr1y1cbK0Uue3kve5udAxQ95yh6boa41R3x9cG5x/4zHut0UYw7UY7rHp7/SNk+0jvmpOj/HyB+FPfLmPsTZTlxdP7j+fy96pHZr393MPtOFt6ZZn44i+kyZnrmYV48nOmThT8oC/9wFiffi/NlMds/i78Ospg9ZxYAMCxrA3Yhp3fjP8Mqd3G7++kr+oMy5sFUsbBWpvqs6O6gfcU95+72e88zEE7aY/Nxf4tb1TEhDnbVN/kFb04c10a+k9/CG683vxZ3tnd2H61vvni5+nJ1y/dna+5nrjvni9FiGp2CvQcA0Icyb52J7CfHGJ1+4Y0teEG2qKRJwmfS6HpTSR1nyoSLQdxUMjVJloRJlFee67qy0rbTNDGZbCRGponVS8WTX2Tn0S9WtYI406FNIxVYJcMkzoIwk3VtQ5m2P4+0XVSmuNimKtQNHQaZTmJpk7YJVVVKq9ShQF1XcaYbOq/GMjW6FZhl+TyJ2i0l68qGRqdZkk/LHIyl40ZiWkW31WHfbAAArontnd2vXmxsrH5ziZVhzxEAABzFLg0AAAAAAAAAAAAAAAAAAAAAwPV3Fef/LrbiCCGuQRpUqFx0ZeysH+z9S8hn2CsTgMv2bwAAAP//4Ieocw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20400, 0x38)
getdents64(r0, 0x0, 0x0)

0s ago: executing program 0 (id=319):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0xfffffffe, 0x1}}, 0x10)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:58692' (ED25519) to the list of known hosts.
syzkaller login: [   57.193375][ T5814] cgroup: Unknown subsys name 'net'
[   57.302723][ T5814] cgroup: Unknown subsys name 'cpuset'
[   57.310648][ T5814] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.433878][ T5814] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.579608][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.583933][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.587419][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.591079][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.591900][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.594605][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.597366][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.602071][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.605132][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.610356][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.639571][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.643054][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.647623][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.651063][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.654014][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.922895][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   65.019409][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   65.183769][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.187014][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.190184][ T5850] bridge_slave_0: entered allmulticast mode
[   65.193957][ T5850] bridge_slave_0: entered promiscuous mode
[   65.233538][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.236434][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.239226][ T5850] bridge_slave_1: entered allmulticast mode
[   65.242850][ T5850] bridge_slave_1: entered promiscuous mode
[   65.247336][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.250123][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.253204][ T5846] bridge_slave_0: entered allmulticast mode
[   65.257399][ T5846] bridge_slave_0: entered promiscuous mode
[   65.261537][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   65.282223][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.285175][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.288000][ T5846] bridge_slave_1: entered allmulticast mode
[   65.291654][ T5846] bridge_slave_1: entered promiscuous mode
[   65.343655][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.363936][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.369093][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.373989][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.445400][ T5846] team0: Port device team_slave_0 added
[   65.456832][ T5846] team0: Port device team_slave_1 added
[   65.460885][ T5850] team0: Port device team_slave_0 added
[   65.504852][ T5850] team0: Port device team_slave_1 added
[   65.533921][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.537347][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.540232][ T5854] bridge_slave_0: entered allmulticast mode
[   65.544071][ T5854] bridge_slave_0: entered promiscuous mode
[   65.549760][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.552468][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.562882][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.570986][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.573760][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.584186][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.602226][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.606946][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.609888][ T5854] bridge_slave_1: entered allmulticast mode
[   65.613633][ T5854] bridge_slave_1: entered promiscuous mode
[   65.625409][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.628379][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.638683][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.659767][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.662504][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.673176][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.695415][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.708219][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.775816][ T5846] hsr_slave_0: entered promiscuous mode
[   65.779629][ T5846] hsr_slave_1: entered promiscuous mode
[   65.816342][ T5850] hsr_slave_0: entered promiscuous mode
[   65.819549][ T5850] hsr_slave_1: entered promiscuous mode
[   65.822558][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   65.827586][ T5850] Cannot create hsr debugfs directory
[   65.831722][ T5854] team0: Port device team_slave_0 added
[   65.837423][ T5854] team0: Port device team_slave_1 added
[   65.889333][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.892065][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.900539][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.934959][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.937577][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.946551][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.057724][ T5854] hsr_slave_0: entered promiscuous mode
[   66.060353][ T5854] hsr_slave_1: entered promiscuous mode
[   66.062655][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   66.065064][ T5854] Cannot create hsr debugfs directory
[   66.242544][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.249653][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.266746][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.272504][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.336602][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.342786][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.355497][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.371104][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.442449][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.458063][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.466492][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.479627][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.541815][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.587949][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   66.603036][ T3867] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.606172][ T3867] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.619738][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.632100][ T3867] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.634914][ T3867] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.655940][ T5851] Bluetooth: hci1: command tx timeout
[   66.658355][ T5851] Bluetooth: hci0: command tx timeout
[   66.681243][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   66.703842][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.706754][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.734811][   T55] Bluetooth: hci2: command tx timeout
[   66.739371][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.742328][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.780116][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.843708][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   66.872211][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.875114][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.888988][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.891823][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.940565][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.017103][ T5846] veth0_vlan: entered promiscuous mode
[   67.037853][ T5846] veth1_vlan: entered promiscuous mode
[   67.064827][ T5846] veth0_macvtap: entered promiscuous mode
[   67.069541][ T5846] veth1_macvtap: entered promiscuous mode
[   67.090478][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.102740][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.112345][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.125571][ T5875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.147374][ T5875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.161869][ T5875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.175257][ T5875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.239323][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.257938][ T5850] veth0_vlan: entered promiscuous mode
[   67.277297][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.280006][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.285196][ T5850] veth1_vlan: entered promiscuous mode
[   67.337339][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.339809][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.370456][ T5854] veth0_vlan: entered promiscuous mode
[   67.383044][ T5850] veth0_macvtap: entered promiscuous mode
[   67.390031][ T5854] veth1_vlan: entered promiscuous mode
[   67.397184][ T5850] veth1_macvtap: entered promiscuous mode
[   67.419615][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.426309][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.439877][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.478915][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.482419][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.494112][ T5854] veth0_macvtap: entered promiscuous mode
[   67.498711][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.502169][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.510053][ T5854] veth1_macvtap: entered promiscuous mode
[   67.587840][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.603626][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.638742][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.641877][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.644690][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.644742][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.644768][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.644792][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.702861][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.706529][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.816258][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.819372][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.837059][ T5918] netlink: 'syz.0.5': attribute type 29 has an invalid length.
[   67.868697][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.878807][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.003917][ T5924] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7'.
[   68.023639][ T5928] loop2: detected capacity change from 0 to 128
[   68.039698][ T5928] vfat: Unexpected value for 'dos1xfloppy'
[   68.136821][ T5932] loop2: detected capacity change from 0 to 512
[   68.145198][ T5932] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.163642][ T5932] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   68.180445][ T5932] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   68.208353][ T5932] EXT4-fs (loop2): 1 truncate cleaned up
[   68.211321][ T5932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.217345][ T5934] loop1: detected capacity change from 0 to 1024
[   68.251751][ T1089] hfsplus: b-tree write err: -5, ino 4
[   68.267931][ T2203] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   68.436471][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.448644][ T2203] usb 1-1: Using ep0 maxpacket: 32
[   68.459393][ T2203] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   68.465424][ T2203] usb 1-1: New USB device found, idVendor=046d, idProduct=c539, bcdDevice= 0.00
[   68.469813][ T2203] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.499804][ T2203] usb 1-1: config 0 descriptor??
[   68.602350][ T5946] loop1: detected capacity change from 0 to 2048
[   68.663663][ T5946] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.735241][   T55] Bluetooth: hci0: command tx timeout
[   68.735393][ T5851] Bluetooth: hci1: command tx timeout
[   68.767356][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.815177][   T55] Bluetooth: hci2: command tx timeout
[   68.921284][ T5958] loop1: detected capacity change from 0 to 65
[   68.940076][ T5958] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[   69.172486][ T2203] usb 1-1: USB disconnect, device number 2
[   69.204915][ T5956] loop2: detected capacity change from 0 to 32768
[   69.211393][ T5956] =======================================================
[   69.211393][ T5956] WARNING: The mand mount option has been deprecated and
[   69.211393][ T5956]          and is ignored by this kernel. Remove the mand
[   69.211393][ T5956]          option from the mount to silence this warning.
[   69.211393][ T5956] =======================================================
[   69.268173][ T5956] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[   69.268173][ T5956] 
[   69.271893][ T5956] xtLookup: xtSearch returned -5
[   69.273516][ T5956] read_mapping_page failed!
[   69.276546][ T5956] jfs_mount: diMount failed w/rc = -5
[   69.279083][ T5956] Mount JFS Failure: -5
[   69.280609][ T5956] jfs_mount failed w/return code = -5
[   69.485864][   T33] audit: type=1326 audit(1758774539.429:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.498310][   T33] audit: type=1326 audit(1758774539.429:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.511266][   T33] audit: type=1326 audit(1758774539.429:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa028f8d590 code=0x7ffc0000
[   69.540218][   T33] audit: type=1326 audit(1758774539.429:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa028f8d590 code=0x7ffc0000
[   69.561569][   T33] audit: type=1326 audit(1758774539.429:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.581781][   T33] audit: type=1326 audit(1758774539.429:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.590938][   T33] audit: type=1326 audit(1758774539.429:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.601411][   T33] audit: type=1326 audit(1758774539.429:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.610199][   T33] audit: type=1326 audit(1758774539.429:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   69.636610][   T33] audit: type=1326 audit(1758774539.429:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.1.28" exe="/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fa028f8ec29 code=0x7ffc0000
[   70.566461][ T5994] loop0: detected capacity change from 0 to 32768
[   70.572149][ T5994] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section members_v2: device 0: freespace initialized but fs has no alloc info
[   70.572149][ T5994] members_v2 (size 152):
[   70.572149][ T5994] Device:                        0
[   70.572149][ T5994]   Label:                       (none)
[   70.572149][ T5994]   UUID:                        7af6772b-00de-4159-84cd-1faead05aceb
[   70.572149][ T5994]   Size:                        16777216
[   70.572149][ T5994]   read errors:                 0
[   70.572149][ T5994]   write errors:                0
[   70.572149][ T5994]   checksum errors:             0
[   70.572149][ T5994]   seqread iops:                0
[   70.572149][ T5994]   seqwrite iops:               0
[   70.572149][ T5994]   randread iops:               0
[   70.572149][ T5994]   randwrite iops:              0
[   70.572149][ T5994]   Bucket size:                 131072
[   70.572149][ T5994]   First bucket:                0
[   70.572149][ T5994]   Buckets:                     128
[   70.572149][ T5994]   Last mount:                  1714681267
[   70.572149][ T5994]   Last superblock write:       42
[   70.572149][ T5994]   State:                       rw
[   70.572149][ T5994]   Data allowed:                journal,btree,user
[   70.572149][ T5994]   Has data:                    (none)
[   70.572149][ T5994]   Btree allocated bitmap blocksize:256
[   70.572149][ T5994]   Btree allocated bitmap:      0000000000000000000001000010000010011000000000000000000000000000
[   70.572149][ T5994]  
[   70.572249][ T5994] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[   70.851224][ T6006] block device autoloading is deprecated and will be removed.
[   70.947462][ T6006] loop1: detected capacity change from 0 to 8
[   70.965080][   T55] Bluetooth: hci0: command tx timeout
[   70.967582][   T55] Bluetooth: hci1: command tx timeout
[   70.970171][   T55] Bluetooth: hci2: command tx timeout
[   71.019157][ T6006] Page size > filesystem block size (0).  This is currently not supported!
[   71.218548][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.221302][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.290078][ T6016] netlink: 68 bytes leftover after parsing attributes in process `syz.2.43'.
[   71.293996][ T6014] usb usb8: usbfs: process 6014 (syz.0.44) did not claim interface 0 before use
[   71.402806][ T6022] process 'syz.0.47' launched '/dev/fd/3' with NULL argv: empty string added
[   71.479352][ T6026] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   71.575418][ T2203] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   71.667880][ T6034] loop0: detected capacity change from 0 to 4096
[   71.755384][ T6036] loop1: detected capacity change from 0 to 1024
[   71.768531][ T2203] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.772209][ T2203] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   71.804075][ T2203] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   71.811610][ T2203] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.816867][ T6036] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.826635][ T2203] usb 3-1: config 0 descriptor??
[   71.829838][ T6036] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.875908][ T6036] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm syz.1.53: lblock 1 mapped to illegal pblock 1 (length 15)
[   71.883759][ T6036] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   71.887953][ T6036] EXT4-fs (loop1): This should not happen!! Data will be lost
[   71.887953][ T6036] 
[   71.918430][ T6036] EXT4-fs error (device loop1): ext4_ext_remove_space:2955: inode #15: comm syz.1.53: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[   71.926648][ T6036] EXT4-fs error (device loop1) in ext4_setattr:6071: Corrupt filesystem
[   71.957491][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.016076][ T5878] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   72.165136][ T5878] usb 1-1: Using ep0 maxpacket: 16
[   72.177227][ T5878] usb 1-1: unable to read config index 0 descriptor/start: -61
[   72.180998][ T5878] usb 1-1: can't read configurations, error -61
[   72.234692][ T6049] batadv0: entered allmulticast mode
[   72.323581][ T6051] loop1: detected capacity change from 0 to 2048
[   72.335375][ T5878] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   72.360688][ T6051] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.406082][   T40] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[   72.414111][   T40] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   72.423305][   T40] EXT4-fs (loop1): This should not happen!! Data will be lost
[   72.423305][   T40] 
[   72.427782][   T40] EXT4-fs (loop1): Total free blocks count 0
[   72.430219][   T40] EXT4-fs (loop1): Free/Dirty block details
[   72.432581][   T40] EXT4-fs (loop1): free_blocks=4096
[   72.436987][   T40] EXT4-fs (loop1): dirty_blocks=0
[   72.439925][   T40] EXT4-fs (loop1): Block reservation details
[   72.443111][   T40] EXT4-fs (loop1): i_reserved_data_blocks=0
[   72.449389][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.510529][ T5878] usb 1-1: Using ep0 maxpacket: 16
[   72.515455][ T5878] usb 1-1: unable to read config index 0 descriptor/start: -61
[   72.518555][ T5878] usb 1-1: can't read configurations, error -61
[   72.527569][ T5878] usb usb1-port1: attempt power cycle
[   72.535325][ T6056] loop1: detected capacity change from 0 to 128
[   72.556327][ T6056] EXT4-fs (loop1): Test dummy encryption mode enabled
[   72.566285][ T6056] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   72.571713][ T6056] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   72.699843][ T6056] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[   72.731377][ T5850] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   72.843858][ T6067] capability: warning: `syz.1.60' uses 32-bit capabilities (legacy support in use)
[   72.864555][ T5878] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   72.887081][ T5878] usb 1-1: Using ep0 maxpacket: 16
[   72.906719][ T5878] usb 1-1: unable to read config index 0 descriptor/start: -61
[   72.909683][ T5878] usb 1-1: can't read configurations, error -61
[   72.989101][ T5851] Bluetooth: hci0: command tx timeout
[   73.056231][ T5878] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   73.064931][   T55] Bluetooth: hci1: command tx timeout
[   73.066388][ T5851] Bluetooth: hci2: command tx timeout
[   73.072802][ T2203] input: HID 256c:006d as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0002/input/input4
[   73.078436][ T5878] usb 1-1: Using ep0 maxpacket: 16
[   73.089344][ T5878] usb 1-1: unable to read config index 0 descriptor/start: -61
[   73.092296][ T5878] usb 1-1: can't read configurations, error -61
[   73.104935][ T5878] usb usb1-port1: unable to enumerate USB device
[   73.161402][ T2203] input: HID 256c:006d as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0002/input/input5
[   73.178839][ T2203] uclogic 0003:256C:006D.0002: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0
[   73.254585][ T5885] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   73.278777][ T2203] usb 3-1: USB disconnect, device number 2
[   73.414973][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.419235][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   73.422978][ T5885] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[   73.427097][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.441355][ T5885] usb 2-1: config 0 descriptor??
[   73.856937][ T6075] loop2: detected capacity change from 0 to 1024
[   73.857235][ T5885] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[   73.869007][ T5885] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[   73.872014][ T5885] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[   73.878123][ T5885] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[   73.881822][ T5885] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[   73.884034][ T6075] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.890283][ T5885] playstation 0003:054C:0DF2.0003: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[   73.898915][ T6075] EXT4-fs: Ignoring sb option on remount
[   73.901881][ T6075] EXT4-fs: Ignoring removed orlov option
[   73.904213][ T6075] EXT4-fs: Ignoring removed nomblk_io_submit option
[   73.907488][ T6075] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[   73.911420][ T6075] EXT4-fs: Remounting fs w/o journal so ignoring data_err option
[   73.915644][ T6075] EXT4-fs: can't change dax mount option while remounting
[   73.932673][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.972993][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.65'.
[   74.051571][ T5885] playstation 0003:054C:0DF2.0003: Invalid byte count transferred, expected 20 got 0
[   74.074833][ T5885] playstation 0003:054C:0DF2.0003: Failed to retrieve DualSense pairing info: -22
[   74.078499][ T5885] playstation 0003:054C:0DF2.0003: Failed to get MAC address from DualSense
[   74.083933][ T5885] playstation 0003:054C:0DF2.0003: Failed to create dualsense.
[   74.096685][ T5885] playstation 0003:054C:0DF2.0003: probe with driver playstation failed with error -22
[   74.262916][ T2203] usb 2-1: USB disconnect, device number 2
[   74.480951][ T6101] loop2: detected capacity change from 0 to 8
[   74.798917][ T6104] SQUASHFS error: lzo decompression failed, data probably corrupt
[   74.802355][ T6104] SQUASHFS error: Failed to read block 0x0: -5
[   74.807241][ T6104] SQUASHFS error: lzo decompression failed, data probably corrupt
[   74.810503][ T6104] SQUASHFS error: Failed to read block 0x0: -5
[   74.816504][   T33] kauditd_printk_skb: 2 callbacks suppressed
[   74.816570][   T33] audit: type=1800 audit(1758774544.749:14): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.76" name="file2" dev="loop2" ino=3 res=0 errno=0
[   75.255547][ T6119] loop0: detected capacity change from 0 to 16
[   75.271238][ T6119] erofs (device loop0): mounted with root inode @ nid 36.
[   75.550285][ T6130] loop1: detected capacity change from 0 to 512
[   75.592632][ T6130] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.601668][ T6130] ext4 filesystem being mounted at /34/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   75.683749][ T6130] EXT4-fs error (device loop1): ext4_readdir:224: inode #12: comm syz.1.87: path (unknown): directory fails checksum at offset 0
[   75.773703][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.205855][ T6139] loop2: detected capacity change from 0 to 32768
[   76.406412][ T6139] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   76.562748][ T6139] OCFS2: ERROR (device loop2): int ocfs2_validate_xattr_block(struct super_block *, struct buffer_head *): Extended attribute block #2304 has bad signature 
[   76.568862][ T6139] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   76.572335][ T6139] OCFS2: File system is now read-only.
[   76.577274][ T6139] (syz.2.91,6139,1):ocfs2_xattr_block_find:2831 ERROR: status = -30
[   76.658722][ T5854] ocfs2: Unmounting device (7,2) on (node local)
[   76.744113][ T6150] loop0: detected capacity change from 0 to 32768
[   76.879473][ T6152] loop2: detected capacity change from 0 to 512
[   76.947732][ T6152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.172554][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.373563][ T6163] netlink: 16 bytes leftover after parsing attributes in process `syz.2.100'.
[   77.434808][ T6165] netlink: 'syz.2.101': attribute type 29 has an invalid length.
[   77.441334][ T6165] netlink: 'syz.2.101': attribute type 29 has an invalid length.
[   77.524707][ T2203] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   77.718975][ T2203] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   77.726028][ T2203] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[   77.729767][ T2203] usb 1-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00
[   77.733279][ T2203] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.748439][ T2203] usb 1-1: config 0 descriptor??
[   77.767141][ T2203] gspca_main: spca501-2.14.0 probing 0000:0000
[   77.974281][ T2203] gspca_spca501: reg write: error -71
[   77.977642][ T2203] spca501 1-1:0.0: Reg write failed for 0x02,0x0f,0x05
[   77.980539][ T2203] spca501 1-1:0.0: probe with driver spca501 failed with error -22
[   78.008147][ T2203] usb 1-1: USB disconnect, device number 7
[   78.053551][ T6175] wg2: entered promiscuous mode
[   78.058203][ T6175] wg2: entered allmulticast mode
[   78.211527][ T6179] loop2: detected capacity change from 0 to 4096
[   78.221993][ T6179] EXT4-fs (loop2): Test dummy encryption mode enabled
[   78.234530][ T6179] EXT4-fs (loop2): stripe (97) is not aligned with cluster size (16), stripe is disabled
[   78.240071][ T6179] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[   78.243293][ T6179] System zones: 0-5
[   78.247318][ T6179] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.254688][ T5885] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   78.307741][ T6179] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[   78.353121][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.408050][ T5885] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   78.412301][ T5885] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   78.418243][ T5885] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   78.422833][ T6185] netlink: 'syz.2.109': attribute type 7 has an invalid length.
[   78.429237][ T6185] netlink: 'syz.2.109': attribute type 8 has an invalid length.
[   78.432761][ T5885] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   78.436836][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.444920][ T6174] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   78.568203][ T6191] netlink: 148 bytes leftover after parsing attributes in process `syz.2.112'.
[   78.708235][ T6196] loop2: detected capacity change from 0 to 512
[   78.713123][ T6196] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   78.741830][ T6196] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[   78.754884][ T6196] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   78.764692][ T6196] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm gtp: Failed to acquire dquot type 1
[   78.776897][ T6196] EXT4-fs (loop2): 1 truncate cleaned up
[   78.779856][ T6196] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.848683][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.861245][ T5885] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[   78.879660][ T5885] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input6
[   78.994451][    C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[   78.997601][ T5885] usb 2-1: USB disconnect, device number 3
[   79.532784][ T6215] capability: warning: `syz.1.122' uses deprecated v2 capabilities in a way that may be insecure
[   79.858644][ T6227] loop2: detected capacity change from 0 to 2048
[   79.890621][ T6227] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.029766][ T6234] loop0: detected capacity change from 0 to 4096
[   80.041058][ T6234] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[   80.090795][ T6234] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   80.097189][ T6234] ntfs3(loop0): ino=1a, mi_enum_attr
[   80.099204][ T6234] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[   80.110071][ T6234] ntfs3(loop0): ino=5, "/" ntfs_readdir
[   80.536044][ T6244] loop1: detected capacity change from 0 to 256
[   80.550998][ T6244] exFAT-fs (loop1): error, invalid access to FAT (entry 0x00000005) bogus content (0x00000001)
[   80.559867][ T6244] exFAT-fs (loop1): failed to count the number of clusters in root
[   80.564767][ T6244] exFAT-fs (loop1): failed to recognize exfat type
[   80.641523][ T6246] loop1: detected capacity change from 0 to 512
[   80.662784][ T6246] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.134: casefold flag without casefold feature
[   80.669286][ T6246] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.134: couldn't read orphan inode 15 (err -117)
[   80.715512][ T6246] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.776632][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.433188][ T6249] loop0: detected capacity change from 0 to 32768
[   81.460086][ T6249] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   81.588177][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.617544][ T5846] ocfs2: Unmounting device (7,0) on (node local)
[   81.676014][ T6263] warning: `syz.1.140' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   81.828540][ T6272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.143'.
[   81.834773][ T6271] loop0: detected capacity change from 0 to 512
[   81.879618][ T6271] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842e028, mo2=0082]
[   81.888356][ T6271] System zones: 0-2, 18-18, 34-35
[   81.900009][ T6271] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.139: bad orphan inode 11862016
[   81.908661][ T6271] EXT4-fs (loop0): Remounting filesystem read-only
[   81.921371][ T6271] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   81.964563][ T6271] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.017750][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   82.350343][ T6292] loop1: detected capacity change from 0 to 64
[   83.091454][ T6311] netlink: 20 bytes leftover after parsing attributes in process `syz.1.157'.
[   83.111513][ T6311] loop1: detected capacity change from 0 to 64
[   83.855344][ T6030] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   83.936470][ T5314] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[   84.390068][ T6030] usb 3-1: Using ep0 maxpacket: 32
[   84.395795][ T6030] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.399854][ T6030] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.403113][ T6030] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[   84.408441][ T6030] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.413183][ T5314] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[   84.416210][ T5314] usb 1-1: config 0 has no interface number 0
[   84.419980][ T6030] usb 3-1: config 0 descriptor??
[   84.432074][ T5314] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[   84.435350][ T5314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.438333][ T5314] usb 1-1: Product: syz
[   84.440263][ T5314] usb 1-1: Manufacturer: syz
[   84.442276][ T5314] usb 1-1: SerialNumber: syz
[   84.457684][ T5314] usb 1-1: config 0 descriptor??
[   84.822188][ T6331] netlink: 20 bytes leftover after parsing attributes in process `syz.1.168'.
[   84.841659][ T6030] ft260 0003:0403:6030.0004: unknown main item tag 0x7
[   84.873838][ T5314] usb 1-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[   85.030351][ T6030] ft260 0003:0403:6030.0004: chip code: 6424 8183
[   85.082385][ T5314] usb 1-1: Read permanent extended address 52:39:35:8d:79:3e:bf:c5 from device
[   85.086403][ T5314] usb 1-1: atusb_probe: initialization failed, error = -524
[   85.090099][ T5314] atusb 1-1:0.128: probe with driver atusb failed with error -524
[   85.231521][ T6030] ft260 0003:0403:6030.0004: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0
[   85.287235][ T5314] usb 1-1: USB disconnect, device number 8
[   85.634520][ T6030] ft260 0003:0403:6030.0004: failed to retrieve status: -71
[   85.638169][ T6030] ft260 0003:0403:6030.0004: failed to reset I2C controller: -71
[   85.649836][ T6030] usb 3-1: USB disconnect, device number 3
[   86.585572][   T10] cfg80211: failed to load regulatory.db
[   86.687202][ T6386] 9pnet_rdma: rdma_create_trans (6386): problem binding to privport: 13
[   87.083454][ T6391] netlink: 40 bytes leftover after parsing attributes in process `syz.2.192'.
[   87.095227][ T6391] netlink: 56 bytes leftover after parsing attributes in process `syz.2.192'.
[   87.152823][ T6393] loop0: detected capacity change from 0 to 4096
[   87.171331][ T6393] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   87.176560][ T6393] ntfs3(loop0): Failed to load $Extend (-22).
[   87.176998][ T6395] loop2: detected capacity change from 0 to 1024
[   87.179301][ T6393] ntfs3(loop0): Failed to initialize $Extend.
[   87.196176][ T6393] ntfs3(loop0): ino=1b, "file0" ntfs_readdir
[   87.284749][   T36] hfsplus: b-tree write err: -5, ino 4
[   87.378273][ T6403] netlink: 71 bytes leftover after parsing attributes in process `syz.0.198'.
[   87.477919][ T6405] loop0: detected capacity change from 0 to 1024
[   87.527421][ T6405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.562786][ T6405] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.199: Allocating blocks 385-513 which overlap fs metadata
[   87.580704][ T6416] loop1: detected capacity change from 0 to 256
[   87.589352][ T6416] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   87.596798][ T6416] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[   87.600848][ T6405] EXT4-fs (loop0): pa ffff8881034d3ae0: logic 16, phys. 129, len 24
[   87.605321][ T6405] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   87.613085][ T6416] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[   87.624583][   T33] audit: type=1400 audit(1758774557.559:15): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=6417 comm="syz.2.204"
[   87.650011][   T33] audit: type=1800 audit(1758774557.589:16): pid=6416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.202" name="file1" dev="loop1" ino=1048592 res=0 errno=0
[   87.746755][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.045361][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   88.206405][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   88.210973][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   88.215207][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   88.218691][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   88.223744][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   88.227266][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.232258][   T10] usb 2-1: config 0 descriptor??
[   88.295009][   T47] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   88.307488][ T6444] loop2: detected capacity change from 0 to 32768
[   88.343832][ T6444] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   88.379394][ T6444] (syz.2.217,6444,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0
[   88.388415][ T6444] (syz.2.217,6444,1):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[   88.392029][ T6444] (syz.2.217,6444,1):ocfs2_rename:1486 ERROR: status = -2
[   88.395526][ T6444] (syz.2.217,6444,1):ocfs2_rename:1702 ERROR: status = -2
[   88.426067][ T5854] ocfs2: Unmounting device (7,2) on (node local)
[   88.455774][   T47] usb 1-1: Using ep0 maxpacket: 32
[   88.471275][   T47] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[   88.481033][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.490705][   T47] usb 1-1: config 0 descriptor??
[   88.514696][   T47] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[   88.664707][   T10] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   89.694224][ T6456] netlink: 8 bytes leftover after parsing attributes in process `syz.2.220'.
[   89.799738][ T6460] Illegal XDP return value 4294967294 on prog  (id 36) dev N/A, expect packet loss!
[   90.059514][ T6462] loop2: detected capacity change from 0 to 32768
[   90.375804][   T47] gspca_vc032x: reg_r err -71
[   90.377728][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.379716][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.381647][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.383378][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.389692][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.391471][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.393159][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.395490][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.397070][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.399704][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.408435][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.410256][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.412024][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.413831][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.420033][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.421956][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.423715][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.429434][   T47] gspca_vc032x: I2c Bus Busy Wait 00
[   90.431528][   T47] gspca_vc032x: Unknown sensor...
[   90.433543][   T47] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[   90.443814][   T47] usb 1-1: USB disconnect, device number 9
[   90.772047][ T6476] loop2: detected capacity change from 0 to 32768
[   90.785182][ T6476] XFS: noikeep mount option is deprecated.
[   90.787788][ T6476] XFS: noikeep mount option is deprecated.
[   90.810493][ T6476] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.860625][ T6476] XFS (loop2): Ending clean mount
[   90.869023][ T6476] XFS (loop2): Quotacheck needed: Please wait.
[   90.900761][ T6476] XFS (loop2): Quotacheck: Done.
[   90.986082][ T5854] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.145829][ T6492] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.216990][ T5314] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[   91.225872][   T10] usb 2-1: USB disconnect, device number 4
[   91.319236][ T6500] netlink: 40 bytes leftover after parsing attributes in process `syz.2.238'.
[   91.381221][ T5314] usb 1-1: config 28 has an invalid interface number: 36 but max is 0
[   91.385856][ T5314] usb 1-1: config 28 has no interface number 0
[   91.390739][ T5314] usb 1-1: New USB device found, idVendor=0b48, idProduct=300d, bcdDevice=4d.63
[   91.394124][ T5314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.399053][ T5314] usb 1-1: Product: syz
[   91.400844][ T5314] usb 1-1: Manufacturer: syz
[   91.402980][ T5314] usb 1-1: SerialNumber: syz
[   91.626596][ T5314] dvb-usb: found a 'Technotrend TT-connect CT-3650' in warm state.
[   91.630486][ T5314] dvb-usb: bulk message failed: -22 (4/0)
[   91.634764][ T5314] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[   91.638259][ T5314] dvb-usb: bulk message failed: -22 (5/0)
[   91.640521][ T5314] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[   91.654665][ T5314] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   91.663812][ T5314] dvb-usb: Technotrend TT-connect CT-3650 error while loading driver (-19)
[   91.670213][ T5314] usb 1-1: USB disconnect, device number 10
[   91.922499][ T6510] netlink: 'syz.2.242': attribute type 3 has an invalid length.
[   91.925438][ T6510] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   91.928076][ T6510] netlink: 216 bytes leftover after parsing attributes in process `syz.2.242'.
[   91.931381][ T6510] NCSI netlink: No device for ifindex 33022
[   92.238203][ T6517] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.243322][ T6517] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.256272][ T6517] bridge0: entered allmulticast mode
[   92.275380][ T6517] bridge_slave_1: left allmulticast mode
[   92.277869][ T6517] bridge_slave_1: left promiscuous mode
[   92.283918][ T6517] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.292686][ T6517] bridge_slave_0: left allmulticast mode
[   92.295183][ T6517] bridge_slave_0: left promiscuous mode
[   92.297752][ T6517] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.782966][ T6523] netlink: 'syz.1.247': attribute type 1 has an invalid length.
[   92.788005][ T6523] netlink: 'syz.1.247': attribute type 4 has an invalid length.
[   92.791711][ T6523] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.247'.
[   92.870255][ T6525] bond0: entered promiscuous mode
[   92.872496][ T6525] bond_slave_0: entered promiscuous mode
[   92.880847][ T6525] bond_slave_1: entered promiscuous mode
[   93.190875][ T6544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.258'.
[   93.194518][ T6544] Zero length message leads to an empty skb
[   93.267931][ T6549] veth3: entered promiscuous mode
[   93.317158][   T33] audit: type=1326 audit(1758774563.259:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6550 comm="syz.0.261" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa5fb38ec29 code=0x0
[   93.461465][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   93.511167][ T6548] loop2: detected capacity change from 0 to 40427
[   93.520656][ T6548] F2FS-fs (loop2): Image doesn't support compression
[   93.523471][ T6548] F2FS-fs (loop2): build fault injection rate: 690
[   93.526742][ T6548] F2FS-fs (loop2): build fault injection type: 0x35f7
[   93.535525][ T6548] F2FS-fs (loop2): invalid crc value
[   93.592479][ T6548] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   93.599850][ T6548] F2FS-fs (loop2): Start checkpoint disabled!
[   93.610875][ T6548] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   93.636214][    T9] usb 2-1: Using ep0 maxpacket: 8
[   93.641514][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[   93.648192][    T9] usb 2-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=2b.cd
[   93.651883][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.652457][ T6548] F2FS-fs (loop2): inject kmalloc in f2fs_kmalloc of f2fs_getxattr+0xa52/0xe70
[   93.657579][    T9] usb 2-1: Product: syz
[   93.660838][    T9] usb 2-1: Manufacturer: syz
[   93.662921][    T9] usb 2-1: SerialNumber: syz
[   93.710240][   T40] kworker/u10:2: attempt to access beyond end of device
[   93.710240][   T40] loop2: rw=2049, sector=45096, nr_sectors = 40 limit=40427
[   93.719862][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[   93.719882][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.719892][   T40] Workqueue: writeback wb_workfn (flush-7:2)
[   93.719916][   T40] Call Trace:
[   93.719923][   T40]  <TASK>
[   93.719930][   T40]  dump_stack_lvl+0x189/0x250
[   93.719964][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.719978][   T40]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   93.719999][   T40]  ? __pfx_queue_work_on+0x10/0x10
[   93.720009][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.720024][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.720045][   T40]  f2fs_handle_critical_error+0x37c/0x540
[   93.720065][   T40]  f2fs_write_end_io+0x886/0xb60
[   93.720090][   T40]  __submit_merged_bio+0x27a/0x6a0
[   93.720111][   T40]  __submit_merged_write_cond+0x255/0x530
[   93.720134][   T40]  f2fs_write_data_pages+0x261d/0x3000
[   93.720171][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.720193][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   93.720232][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   93.720260][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[   93.720278][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[   93.720299][   T40]  ? lock_list_lru_of_memcg+0x238/0x4c0
[   93.720324][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.720337][   T40]  do_writepages+0x32e/0x550
[   93.720355][   T40]  ? reacquire_held_locks+0x127/0x1d0
[   93.720365][   T40]  ? writeback_sb_inodes+0x384/0x1010
[   93.720386][   T40]  __writeback_single_inode+0x145/0xff0
[   93.720429][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[   93.720449][   T40]  writeback_sb_inodes+0x6c7/0x1010
[   93.720464][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.720496][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   93.720546][   T40]  ? rcu_is_watching+0x15/0xb0
[   93.720567][   T40]  wb_writeback+0x43b/0xaf0
[   93.720597][   T40]  ? queue_io+0x361/0x590
[   93.720616][   T40]  ? __pfx_wb_writeback+0x10/0x10
[   93.720639][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.720660][   T40]  wb_workfn+0x409/0xef0
[   93.720685][   T40]  ? __pfx_wb_workfn+0x10/0x10
[   93.720702][   T40]  ? __lock_acquire+0xab9/0xd20
[   93.720726][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.720740][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.720754][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.720764][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.720777][   T40]  process_scheduled_works+0xae1/0x17b0
[   93.720826][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[   93.720851][   T40]  worker_thread+0x8a0/0xda0
[   93.720866][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.720890][   T40]  ? __kthread_parkme+0x7b/0x200
[   93.720912][   T40]  kthread+0x711/0x8a0
[   93.720931][   T40]  ? __pfx_worker_thread+0x10/0x10
[   93.720943][   T40]  ? __pfx_kthread+0x10/0x10
[   93.720960][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.720978][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.720990][   T40]  ? __pfx_kthread+0x10/0x10
[   93.721006][   T40]  ret_from_fork+0x439/0x7d0
[   93.721022][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[   93.721039][   T40]  ? __switch_to_asm+0x39/0x70
[   93.721053][   T40]  ? __switch_to_asm+0x33/0x70
[   93.721067][   T40]  ? __pfx_kthread+0x10/0x10
[   93.721082][   T40]  ret_from_fork_asm+0x1a/0x30
[   93.721110][   T40]  </TASK>
[   93.721168][   T40] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   93.845606][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[   93.845624][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.845632][   T40] Workqueue: writeback wb_workfn (flush-7:2)
[   93.845653][   T40] Call Trace:
[   93.845659][   T40]  <TASK>
[   93.845665][   T40]  dump_stack_lvl+0x189/0x250
[   93.845687][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.845701][   T40]  ? __pfx_queue_work_on+0x10/0x10
[   93.845714][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.845735][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.845764][   T40]  f2fs_handle_critical_error+0x37c/0x540
[   93.845790][   T40]  f2fs_write_end_io+0x886/0xb60
[   93.845824][   T40]  __submit_merged_bio+0x27a/0x6a0
[   93.845849][   T40]  __submit_merged_write_cond+0x255/0x530
[   93.845874][   T40]  f2fs_write_data_pages+0x261d/0x3000
[   93.845916][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.845942][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   93.845987][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   93.846017][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[   93.846037][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[   93.846060][   T40]  ? lock_list_lru_of_memcg+0x238/0x4c0
[   93.846087][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.846101][   T40]  do_writepages+0x32e/0x550
[   93.846123][   T40]  ? reacquire_held_locks+0x127/0x1d0
[   93.846136][   T40]  ? writeback_sb_inodes+0x384/0x1010
[   93.846159][   T40]  __writeback_single_inode+0x145/0xff0
[   93.846176][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[   93.846196][   T40]  writeback_sb_inodes+0x6c7/0x1010
[   93.846212][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.846248][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   93.846302][   T40]  ? rcu_is_watching+0x15/0xb0
[   93.846325][   T40]  wb_writeback+0x43b/0xaf0
[   93.846348][   T40]  ? queue_io+0x361/0x590
[   93.846367][   T40]  ? __pfx_wb_writeback+0x10/0x10
[   93.846418][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.846441][   T40]  wb_workfn+0x409/0xef0
[   93.846467][   T40]  ? __pfx_wb_workfn+0x10/0x10
[   93.846483][   T40]  ? __lock_acquire+0xab9/0xd20
[   93.846509][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.846530][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.846547][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.846560][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.846573][   T40]  process_scheduled_works+0xae1/0x17b0
[   93.846610][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[   93.846638][   T40]  worker_thread+0x8a0/0xda0
[   93.846655][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.846680][   T40]  ? __kthread_parkme+0x7b/0x200
[   93.846700][   T40]  kthread+0x711/0x8a0
[   93.846719][   T40]  ? __pfx_worker_thread+0x10/0x10
[   93.846732][   T40]  ? __pfx_kthread+0x10/0x10
[   93.846750][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.846768][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.846779][   T40]  ? __pfx_kthread+0x10/0x10
[   93.846795][   T40]  ret_from_fork+0x439/0x7d0
[   93.846812][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[   93.846837][   T40]  ? __switch_to_asm+0x39/0x70
[   93.846852][   T40]  ? __switch_to_asm+0x33/0x70
[   93.846866][   T40]  ? __pfx_kthread+0x10/0x10
[   93.846883][   T40]  ret_from_fork_asm+0x1a/0x30
[   93.846907][   T40]  </TASK>
[   93.846912][   T40] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   93.893223][    T9] kalmia 2-1:1.0: probe with driver kalmia failed with error -22
[   93.897294][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[   93.897311][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.897319][   T40] Workqueue: writeback wb_workfn (flush-7:2)
[   93.897340][   T40] Call Trace:
[   93.897345][   T40]  <TASK>
[   93.897351][   T40]  dump_stack_lvl+0x189/0x250
[   93.897370][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.897416][   T40]  ? __pfx_queue_work_on+0x10/0x10
[   93.897430][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.897444][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.897462][   T40]  f2fs_handle_critical_error+0x37c/0x540
[   93.897479][   T40]  f2fs_write_end_io+0x886/0xb60
[   93.897496][   T40]  __submit_merged_bio+0x27a/0x6a0
[   93.897511][   T40]  __submit_merged_write_cond+0x255/0x530
[   93.897525][   T40]  f2fs_write_data_pages+0x261d/0x3000
[   93.897550][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.897570][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   93.897596][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   93.897621][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[   93.897640][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[   93.897660][   T40]  ? lock_list_lru_of_memcg+0x238/0x4c0
[   93.897687][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.897701][   T40]  do_writepages+0x32e/0x550
[   93.897722][   T40]  ? reacquire_held_locks+0x127/0x1d0
[   93.897735][   T40]  ? writeback_sb_inodes+0x384/0x1010
[   93.897759][   T40]  __writeback_single_inode+0x145/0xff0
[   93.897775][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[   93.897795][   T40]  writeback_sb_inodes+0x6c7/0x1010
[   93.897810][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.897849][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   93.897884][   T40]  ? rcu_is_watching+0x15/0xb0
[   93.897904][   T40]  wb_writeback+0x43b/0xaf0
[   93.897928][   T40]  ? queue_io+0x361/0x590
[   93.897948][   T40]  ? __pfx_wb_writeback+0x10/0x10
[   93.897971][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.897991][   T40]  wb_workfn+0x409/0xef0
[   93.898020][   T40]  ? __pfx_wb_workfn+0x10/0x10
[   93.898039][   T40]  ? __lock_acquire+0xab9/0xd20
[   93.898062][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.898073][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.898084][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.898091][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.898099][   T40]  process_scheduled_works+0xae1/0x17b0
[   93.898122][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[   93.898138][   T40]  worker_thread+0x8a0/0xda0
[   93.898147][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.898164][   T40]  ? __kthread_parkme+0x7b/0x200
[   93.898177][   T40]  kthread+0x711/0x8a0
[   93.898189][   T40]  ? __pfx_worker_thread+0x10/0x10
[   93.898196][   T40]  ? __pfx_kthread+0x10/0x10
[   93.898206][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.898217][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.898224][   T40]  ? __pfx_kthread+0x10/0x10
[   93.898234][   T40]  ret_from_fork+0x439/0x7d0
[   93.898249][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[   93.898267][   T40]  ? __switch_to_asm+0x39/0x70
[   93.898282][   T40]  ? __switch_to_asm+0x33/0x70
[   93.898292][   T40]  ? __pfx_kthread+0x10/0x10
[   93.898303][   T40]  ret_from_fork_asm+0x1a/0x30
[   93.898321][   T40]  </TASK>
[   93.898326][   T40] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   93.909834][    T9] usb 2-1: USB disconnect, device number 5
[   93.912380][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[   93.912427][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.912432][   T40] Workqueue: writeback wb_workfn (flush-7:2)
[   93.912446][   T40] Call Trace:
[   93.912450][   T40]  <TASK>
[   93.912454][   T40]  dump_stack_lvl+0x189/0x250
[   93.912467][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.912476][   T40]  ? __pfx_queue_work_on+0x10/0x10
[   93.912484][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.912497][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.912515][   T40]  f2fs_handle_critical_error+0x37c/0x540
[   93.912536][   T40]  f2fs_write_end_io+0x886/0xb60
[   93.912553][   T40]  __submit_merged_bio+0x27a/0x6a0
[   93.912572][   T40]  __submit_merged_write_cond+0x255/0x530
[   93.912587][   T40]  f2fs_write_data_pages+0x261d/0x3000
[   93.912612][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.912626][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   93.912661][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   93.912687][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[   93.912704][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[   93.912727][   T40]  ? lock_list_lru_of_memcg+0x238/0x4c0
[   93.912743][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.912751][   T40]  do_writepages+0x32e/0x550
[   93.912765][   T40]  ? reacquire_held_locks+0x127/0x1d0
[   93.912777][   T40]  ? writeback_sb_inodes+0x384/0x1010
[   93.912800][   T40]  __writeback_single_inode+0x145/0xff0
[   93.912816][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[   93.912835][   T40]  writeback_sb_inodes+0x6c7/0x1010
[   93.912851][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.912882][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   93.912932][   T40]  ? rcu_is_watching+0x15/0xb0
[   93.912945][   T40]  wb_writeback+0x43b/0xaf0
[   93.912959][   T40]  ? queue_io+0x361/0x590
[   93.912971][   T40]  ? __pfx_wb_writeback+0x10/0x10
[   93.912993][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.913017][   T40]  wb_workfn+0x409/0xef0
[   93.913041][   T40]  ? __pfx_wb_workfn+0x10/0x10
[   93.913060][   T40]  ? __lock_acquire+0xab9/0xd20
[   93.913085][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.913103][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.913121][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.913132][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   93.913144][   T40]  process_scheduled_works+0xae1/0x17b0
[   93.913186][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[   93.913210][   T40]  worker_thread+0x8a0/0xda0
[   93.913220][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.913238][   T40]  ? __kthread_parkme+0x7b/0x200
[   93.913259][   T40]  kthread+0x711/0x8a0
[   93.913279][   T40]  ? __pfx_worker_thread+0x10/0x10
[   93.913292][   T40]  ? __pfx_kthread+0x10/0x10
[   93.913310][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.913322][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.913328][   T40]  ? __pfx_kthread+0x10/0x10
[   93.913338][   T40]  ret_from_fork+0x439/0x7d0
[   93.913352][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[   93.913371][   T40]  ? __switch_to_asm+0x39/0x70
[   93.913416][   T40]  ? __switch_to_asm+0x33/0x70
[   93.913430][   T40]  ? __pfx_kthread+0x10/0x10
[   93.913446][   T40]  ret_from_fork_asm+0x1a/0x30
[   93.913479][   T40]  </TASK>
[   93.913485][   T40] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   94.207624][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[   94.207643][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.207651][   T40] Workqueue: writeback wb_workfn (flush-7:2)
[   94.207673][   T40] Call Trace:
[   94.207678][   T40]  <TASK>
[   94.207685][   T40]  dump_stack_lvl+0x189/0x250
[   94.207706][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.207721][   T40]  ? __pfx_queue_work_on+0x10/0x10
[   94.207734][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   94.207762][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.207792][   T40]  f2fs_handle_critical_error+0x37c/0x540
[   94.207817][   T40]  f2fs_write_end_io+0x886/0xb60
[   94.207847][   T40]  __submit_merged_bio+0x27a/0x6a0
[   94.207871][   T40]  __submit_merged_write_cond+0x255/0x530
[   94.207897][   T40]  f2fs_write_data_pages+0x261d/0x3000
[   94.207941][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   94.207966][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   94.208013][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   94.208043][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[   94.208063][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[   94.208086][   T40]  ? lock_list_lru_of_memcg+0x238/0x4c0
[   94.208112][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   94.208127][   T40]  do_writepages+0x32e/0x550
[   94.208150][   T40]  ? reacquire_held_locks+0x127/0x1d0
[   94.208163][   T40]  ? writeback_sb_inodes+0x384/0x1010
[   94.208189][   T40]  __writeback_single_inode+0x145/0xff0
[   94.208206][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[   94.208226][   T40]  writeback_sb_inodes+0x6c7/0x1010
[   94.208242][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.208279][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   94.208336][   T40]  ? rcu_is_watching+0x15/0xb0
[   94.208360][   T40]  wb_writeback+0x43b/0xaf0
[   94.208413][   T40]  ? queue_io+0x361/0x590
[   94.208433][   T40]  ? __pfx_wb_writeback+0x10/0x10
[   94.208458][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.208482][   T40]  wb_workfn+0x409/0xef0
[   94.208510][   T40]  ? __pfx_wb_workfn+0x10/0x10
[   94.208530][   T40]  ? __lock_acquire+0xab9/0xd20
[   94.208558][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   94.208578][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.208596][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   94.208608][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   94.208623][   T40]  process_scheduled_works+0xae1/0x17b0
[   94.208665][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[   94.208693][   T40]  worker_thread+0x8a0/0xda0
[   94.208710][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.208735][   T40]  ? __kthread_parkme+0x7b/0x200
[   94.208764][   T40]  kthread+0x711/0x8a0
[   94.208782][   T40]  ? __pfx_worker_thread+0x10/0x10
[   94.208794][   T40]  ? __pfx_kthread+0x10/0x10
[   94.208810][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.208826][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.208837][   T40]  ? __pfx_kthread+0x10/0x10
[   94.208852][   T40]  ret_from_fork+0x439/0x7d0
[   94.208867][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[   94.208886][   T40]  ? __switch_to_asm+0x39/0x70
[   94.208902][   T40]  ? __switch_to_asm+0x33/0x70
[   94.208916][   T40]  ? __pfx_kthread+0x10/0x10
[   94.208929][   T40]  ret_from_fork_asm+0x1a/0x30
[   94.208958][   T40]  </TASK>
[   94.208965][   T40] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   95.377348][ T6584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.275'.
[   95.640875][ T6600] netlink: 80 bytes leftover after parsing attributes in process `syz.0.283'.
[   95.644468][ T6600] netlink: 80 bytes leftover after parsing attributes in process `syz.0.283'.
[   95.744900][ T5885] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   95.904561][ T5885] usb 3-1: Using ep0 maxpacket: 16
[   95.913299][ T5885] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   95.918228][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   95.925836][ T5885] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   95.932334][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.940981][ T5885] usb 3-1: Product: syz
[   95.942763][ T5885] usb 3-1: Manufacturer: syz
[   95.948637][ T5885] usb 3-1: SerialNumber: syz
[   95.954992][ T5885] usb 3-1: config 0 descriptor??
[   95.962701][ T6614] input: syz0 as /devices/virtual/input/input8
[   95.967073][ T5885] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   95.970710][ T5885] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[   96.300542][ T6622] tipc: Failed to remove unknown binding: 66,1,1/0:1936582290/1936582292
[   96.309722][ T6622] tipc: Failed to remove unknown binding: 66,1,1/0:1936582290/1936582292
[   96.573164][ T5885] em28xx 3-1:0.0: chip ID is em2800
[   96.728872][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.304'.
[   96.767141][   T33] audit: type=1326 audit(1758774566.709:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.305" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa028f8ec29 code=0x0
[   96.773736][ T5885] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[   96.777745][ T5885] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[   96.785008][ T5885] em28xx 3-1:0.0: No AC97 audio processor
[   96.791317][ T5885] usb 3-1: USB disconnect, device number 4
[   96.796794][ T5885] em28xx 3-1:0.0: Disconnecting em28xx
[   96.801716][ T5885] em28xx 3-1:0.0: Freeing device
[   96.805637][ T5856] udevd[5856]: setting mode of /dev/bus/usb/003/004 to 020664 failed: No such file or directory
[   96.809357][ T5856] udevd[5856]: setting owner of /dev/bus/usb/003/004 to uid=0, gid=0 failed: No such file or directory
[   96.838410][ T6649] loop0: detected capacity change from 0 to 128
[   96.845795][ T6649] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   96.852303][ T6649] ext4 filesystem being mounted at /77/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   96.872035][   T33] audit: type=1800 audit(1758774566.809:19): pid=6649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.306" name="file1" dev="loop0" ino=13 res=0 errno=0
[   96.901882][ T5846] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   97.294745][   T10] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[   97.447290][   T10] usb 1-1: config 5 has an invalid interface number: 123 but max is 0
[   97.450346][   T10] usb 1-1: config 5 has no interface number 0
[   97.452899][   T10] usb 1-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0x6B, changing to 0xB
[   97.459324][   T10] usb 1-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0
[   97.463096][   T10] usb 1-1: config 5 interface 123 has no altsetting 0
[   97.468297][   T10] usb 1-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[   97.471578][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.475050][   T10] usb 1-1: Product: syz
[   97.476496][   T10] usb 1-1: Manufacturer: syz
[   97.478043][   T10] usb 1-1: SerialNumber: syz
[   97.723494][   T10] ni6501 1-1:5.123: driver 'ni6501' failed to auto-configure device.
[   97.745418][   T10] usb 1-1: USB disconnect, device number 11
[   97.788811][ T6667] binder_alloc: 6665: binder_alloc_buf, no vma
[   98.333790][ T6676] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   98.398489][ T6678] loop0: detected capacity change from 0 to 136
[   98.413510][ T6672] loop2: detected capacity change from 0 to 32768
[   98.456208][ T6672] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   98.517391][ T6672] 
[   98.518420][ T6672] ======================================================
[   98.521165][ T6672] WARNING: possible circular locking dependency detected
[   98.523907][ T6672] syzkaller #0 Not tainted
[   98.526114][ T6672] ------------------------------------------------------
[   98.529868][ T6672] syz.2.315/6672 is trying to acquire lock:
[   98.532306][ T6672] ffff888114decf78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x2f9/0x720
[   98.536102][ T6672] 
[   98.536102][ T6672] but task is already holding lock:
[   98.539048][ T6672] ffff88803002e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[   98.542866][ T6672] 
[   98.542866][ T6672] which lock already depends on the new lock.
[   98.542866][ T6672] 
[   98.546998][ T6672] 
[   98.546998][ T6672] the existing dependency chain (in reverse order) is:
[   98.550559][ T6672] 
[   98.550559][ T6672] -> #6 (jbd2_handle){++++}-{0:0}:
[   98.553562][ T6672]        lock_acquire+0x120/0x360
[   98.555661][ T6672]        start_this_handle+0x1fa7/0x21c0
[   98.557970][ T6672]        jbd2__journal_start+0x2c1/0x5b0
[   98.560336][ T6672]        jbd2_journal_start+0x2a/0x40
[   98.562562][ T6672]        ocfs2_start_trans+0x376/0x6d0
[   98.564735][ T6672]        ocfs2_shutdown_local_alloc+0x200/0xa10
[   98.567391][ T6672]        ocfs2_dismount_volume+0x201/0x8d0
[   98.569788][ T6672]        generic_shutdown_super+0x135/0x2c0
[   98.572155][ T6672]        kill_block_super+0x44/0x90
[   98.574285][ T6672]        deactivate_locked_super+0xbc/0x130
[   98.576694][ T6672]        cleanup_mnt+0x425/0x4c0
[   98.578728][ T6672]        task_work_run+0x1d4/0x260
[   98.580864][ T6672]        exit_to_user_mode_loop+0xec/0x110
[   98.583300][ T6672]        do_syscall_64+0x2bd/0x3b0
[   98.585398][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.588021][ T6672] 
[   98.588021][ T6672] -> #5 (&journal->j_trans_barrier){.+.+}-{4:4}:
[   98.591429][ T6672]        lock_acquire+0x120/0x360
[   98.593466][ T6672]        down_read+0x46/0x2e0
[   98.595395][ T6672]        ocfs2_start_trans+0x36a/0x6d0
[   98.597598][ T6672]        ocfs2_shutdown_local_alloc+0x200/0xa10
[   98.600102][ T6672]        ocfs2_dismount_volume+0x201/0x8d0
[   98.602393][ T6672]        generic_shutdown_super+0x135/0x2c0
[   98.604704][ T6672]        kill_block_super+0x44/0x90
[   98.606832][ T6672]        deactivate_locked_super+0xbc/0x130
[   98.609273][ T6672]        cleanup_mnt+0x425/0x4c0
[   98.611300][ T6672]        task_work_run+0x1d4/0x260
[   98.613390][ T6672]        exit_to_user_mode_loop+0xec/0x110
[   98.615815][ T6672]        do_syscall_64+0x2bd/0x3b0
[   98.617922][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.620561][ T6672] 
[   98.620561][ T6672] -> #4 (sb_internal#2){.+.+}-{0:0}:
[   98.623662][ T6672]        lock_acquire+0x120/0x360
[   98.625705][ T6672]        ocfs2_start_trans+0x26b/0x6d0
[   98.627947][ T6672]        ocfs2_mknod+0xe93/0x2050
[   98.629973][ T6672]        ocfs2_create+0x1a5/0x440
[   98.631958][ T6672]        path_openat+0x14f4/0x3830
[   98.633987][ T6672]        do_filp_open+0x1fa/0x410
[   98.636006][ T6672]        do_sys_openat2+0x121/0x1c0
[   98.638186][ T6672]        __x64_sys_openat+0x138/0x170
[   98.640433][ T6672]        do_syscall_64+0xfa/0x3b0
[   98.642521][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.645133][ T6672] 
[   98.645133][ T6672] -> #3 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[   98.649397][ T6672]        lock_acquire+0x120/0x360
[   98.651482][ T6672]        down_write+0x96/0x1f0
[   98.653454][ T6672]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   98.656131][ T6672]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[   98.658869][ T6672]        ocfs2_mknod+0xe32/0x2050
[   98.660961][ T6672]        ocfs2_create+0x1a5/0x440
[   98.663022][ T6672]        path_openat+0x14f4/0x3830
[   98.665145][ T6672]        do_filp_open+0x1fa/0x410
[   98.667215][ T6672]        do_sys_openat2+0x121/0x1c0
[   98.669289][ T6672]        __x64_sys_openat+0x138/0x170
[   98.671476][ T6672]        do_syscall_64+0xfa/0x3b0
[   98.673540][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.676101][ T6672] 
[   98.676101][ T6672] -> #2 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[   98.680433][ T6672]        lock_acquire+0x120/0x360
[   98.682518][ T6672]        down_write+0x96/0x1f0
[   98.684480][ T6672]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   98.687106][ T6672]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   98.689888][ T6672]        ocfs2_extend_dir+0xc76/0x4870
[   98.692143][ T6672]        ocfs2_prepare_dir_for_insert+0x2fe8/0x5450
[   98.694842][ T6672]        ocfs2_mknod+0x819/0x2050
[   98.696910][ T6672]        ocfs2_create+0x1a5/0x440
[   98.698989][ T6672]        path_openat+0x14f4/0x3830
[   98.701118][ T6672]        do_filp_open+0x1fa/0x410
[   98.703154][ T6672]        do_sys_openat2+0x121/0x1c0
[   98.705255][ T6672]        __x64_sys_openat+0x138/0x170
[   98.707416][ T6672]        do_syscall_64+0xfa/0x3b0
[   98.709452][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.712019][ T6672] 
[   98.712019][ T6672] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[   98.715556][ T6672]        lock_acquire+0x120/0x360
[   98.717645][ T6672]        down_write+0x96/0x1f0
[   98.719657][ T6672]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[   98.722306][ T6672]        ocfs2_xattr_set+0x595/0x11f0
[   98.724518][ T6672]        ocfs2_set_acl+0x701/0x7b0
[   98.726658][ T6672]        ocfs2_iop_set_acl+0x1aa/0x2a0
[   98.728900][ T6672]        vfs_set_acl+0x887/0xb00
[   98.730960][ T6672]        filename_setxattr+0x2e0/0x600
[   98.733192][ T6672]        path_setxattrat+0x364/0x3a0
[   98.735328][ T6672]        __x64_sys_setxattr+0xbc/0xe0
[   98.737450][ T6672]        do_syscall_64+0xfa/0x3b0
[   98.739517][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.742139][ T6672] 
[   98.742139][ T6672] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[   98.745326][ T6672]        validate_chain+0xb9b/0x2140
[   98.747514][ T6672]        __lock_acquire+0xab9/0xd20
[   98.749539][ T6672]        lock_acquire+0x120/0x360
[   98.751318][ T6672]        down_read+0x46/0x2e0
[   98.752966][ T6672]        ocfs2_init_acl+0x2f9/0x720
[   98.754696][ T6672]        ocfs2_mknod+0x1321/0x2050
[   98.756374][ T6672]        ocfs2_create+0x1a5/0x440
[   98.758362][ T6672]        path_openat+0x14f4/0x3830
[   98.760419][ T6672]        do_filp_open+0x1fa/0x410
[   98.762366][ T6672]        do_sys_openat2+0x121/0x1c0
[   98.763875][ T6672]        __x64_sys_openat+0x138/0x170
[   98.765615][ T6672]        do_syscall_64+0xfa/0x3b0
[   98.767587][ T6672]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.769609][ T6672] 
[   98.769609][ T6672] other info that might help us debug this:
[   98.769609][ T6672] 
[   98.772743][ T6672] Chain exists of:
[   98.772743][ T6672]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[   98.772743][ T6672] 
[   98.776916][ T6672]  Possible unsafe locking scenario:
[   98.776916][ T6672] 
[   98.779160][ T6672]        CPU0                    CPU1
[   98.780828][ T6672]        ----                    ----
[   98.782502][ T6672]   rlock(jbd2_handle);
[   98.783794][ T6672]                                lock(&journal->j_trans_barrier);
[   98.786168][ T6672]                                lock(jbd2_handle);
[   98.788192][ T6672]   rlock(&oi->ip_xattr_sem);
[   98.789665][ T6672] 
[   98.789665][ T6672]  *** DEADLOCK ***
[   98.789665][ T6672] 
[   98.792161][ T6672] 8 locks held by syz.2.315/6672:
[   98.793713][ T6672]  #0: ffff8881257f6428 (sb_writers#15){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   98.796541][ T6672]  #1: ffff888114ded240 (&type->i_mutex_dir_key#13){+.+.}-{4:4}, at: path_openat+0x8da/0x3830
[   98.799730][ T6672]  #2: ffff888114df1840 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   98.805090][ T6672]  #3: ffff888114dea6c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   98.809860][ T6672]  #4: ffff888114df3540 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   98.815016][ T6672]  #5: ffff8881257f6618 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_mknod+0xe93/0x2050
[   98.818522][ T6672]  #6: ffff8881077ba8e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x36a/0x6d0
[   98.822258][ T6672]  #7: ffff88803002e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[   98.825857][ T6672] 
[   98.825857][ T6672] stack backtrace:
[   98.828099][ T6672] CPU: 0 UID: 0 PID: 6672 Comm: syz.2.315 Not tainted syzkaller #0 PREEMPT(full) 
[   98.828117][ T6672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   98.828127][ T6672] Call Trace:
[   98.828139][ T6672]  <TASK>
[   98.828148][ T6672]  dump_stack_lvl+0x189/0x250
[   98.828175][ T6672]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.828189][ T6672]  ? __pfx__printk+0x10/0x10
[   98.828208][ T6672]  ? stack_trace_save+0x9c/0xe0
[   98.828228][ T6672]  print_circular_bug+0x2ee/0x310
[   98.828246][ T6672]  check_noncircular+0x134/0x160
[   98.828261][ T6672]  validate_chain+0xb9b/0x2140
[   98.828284][ T6672]  __lock_acquire+0xab9/0xd20
[   98.828305][ T6672]  ? ocfs2_init_acl+0x2f9/0x720
[   98.828321][ T6672]  lock_acquire+0x120/0x360
[   98.828339][ T6672]  ? ocfs2_init_acl+0x2f9/0x720
[   98.828355][ T6672]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   98.828377][ T6672]  down_read+0x46/0x2e0
[   98.828393][ T6672]  ? ocfs2_init_acl+0x2f9/0x720
[   98.828408][ T6672]  ocfs2_init_acl+0x2f9/0x720
[   98.828424][ T6672]  ? ocfs2_mknod_locked+0x148/0x250
[   98.828443][ T6672]  ? __pfx_ocfs2_init_acl+0x10/0x10
[   98.828457][ T6672]  ? dquot_alloc_inode+0x216/0xa50
[   98.828471][ T6672]  ? ocfs2_block_signals+0x94/0xe0
[   98.828486][ T6672]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   98.828501][ T6672]  ? ocfs2_init_security_get+0x139/0x1a0
[   98.828517][ T6672]  ocfs2_mknod+0x1321/0x2050
[   98.828528][ T6672]  ? __pfx_ocfs2_mknod+0x10/0x10
[   98.828535][ T6672]  ? __pfx_ocfs2_find_entry+0x10/0x10
[   98.828546][ T6672]  ? __lock_acquire+0xab9/0xd20
[   98.828561][ T6672]  ? look_up_lock_class+0x74/0x170
[   98.828569][ T6672]  ? register_lock_class+0x51/0x320
[   98.828580][ T6672]  ? __lock_acquire+0xab9/0xd20
[   98.828592][ T6672]  ? __lock_acquire+0xab9/0xd20
[   98.828603][ T6672]  ? do_raw_spin_lock+0x121/0x290
[   98.828614][ T6672]  ? do_raw_spin_unlock+0x4d/0x240
[   98.828623][ T6672]  ? rcu_is_watching+0x15/0xb0
[   98.828634][ T6672]  ? ocfs2_lookup+0x5b9/0x9b0
[   98.828650][ T6672]  ocfs2_create+0x1a5/0x440
[   98.828659][ T6672]  ? __pfx_ocfs2_lookup+0x10/0x10
[   98.828667][ T6672]  ? from_kgid+0x1b0/0x650
[   98.828679][ T6672]  ? __pfx_ocfs2_create+0x10/0x10
[   98.828687][ T6672]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   98.828697][ T6672]  ? inode_permission+0x149/0x470
[   98.828704][ T6672]  ? __pfx_ocfs2_permission+0x10/0x10
[   98.828711][ T6672]  ? bpf_lsm_inode_create+0x9/0x20
[   98.828719][ T6672]  ? __pfx_ocfs2_create+0x10/0x10
[   98.828726][ T6672]  path_openat+0x14f4/0x3830
[   98.828735][ T6672]  ? arch_stack_walk+0xfc/0x150
[   98.828750][ T6672]  ? __pfx_path_openat+0x10/0x10
[   98.828758][ T6672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.828769][ T6672]  do_filp_open+0x1fa/0x410
[   98.828778][ T6672]  ? __lock_acquire+0xab9/0xd20
[   98.828789][ T6672]  ? __pfx_do_filp_open+0x10/0x10
[   98.828806][ T6672]  ? _raw_spin_unlock+0x28/0x50
[   98.828822][ T6672]  ? alloc_fd+0x64c/0x6c0
[   98.828843][ T6672]  do_sys_openat2+0x121/0x1c0
[   98.828859][ T6672]  ? __se_sys_futex+0x36f/0x400
[   98.828878][ T6672]  ? __pfx_do_sys_openat2+0x10/0x10
[   98.828895][ T6672]  ? rcu_is_watching+0x15/0xb0
[   98.828910][ T6672]  __x64_sys_openat+0x138/0x170
[   98.828924][ T6672]  do_syscall_64+0xfa/0x3b0
[   98.828938][ T6672]  ? lockdep_hardirqs_on+0x9c/0x150
[   98.828952][ T6672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.828967][ T6672]  ? exc_page_fault+0x9f/0xf0
[   98.828982][ T6672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.828995][ T6672] RIP: 0033:0x7fd265b8ec29
[   98.829010][ T6672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.829022][ T6672] RSP: 002b:00007fd266ab0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   98.829039][ T6672] RAX: ffffffffffffffda RBX: 00007fd265dd5fa0 RCX: 00007fd265b8ec29
[   98.829049][ T6672] RDX: 0000000000101042 RSI: 0000200000000280 RDI: ffffffffffffff9c
[   98.829093][ T6672] RBP: 00007fd265c11e41 R08: 0000000000000000 R09: 0000000000000000
[   98.829103][ T6672] R10: 00000000000000b0 R11: 0000000000000246 R12: 0000000000000000
[   98.829111][ T6672] R13: 00007fd265dd6038 R14: 00007fd265dd5fa0 R15: 00007fff7cddc048
[   98.829130][ T6672]  </TASK>
[   99.010614][ T6672] syz.2.315 (6672) used greatest stack depth: 17432 bytes left
[   99.026502][ T5854] ocfs2: Unmounting device (7,2) on (node local)

VM DIAGNOSIS:
04:29:28  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=00000000000003f9
RSI=000000000000531b RDI=000000000000531c RBP=00000000000003f9 RSP=ffffc900066168f0
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854fad60
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99df7460 R15=0000000000000000
RIP=ffffffff854faddc RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd266ab06c0 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32523ffc CR3=0000000033b6e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8133c59e ffffffff8133c59e
XMM02=ffffffff8133c59e ffffffff8133c59e XMM03=ffffffff8133c59e ffffffff8133c59e
XMM04=52dddf7d8e93f77d b2dc24a1c8038868 XMM05=c3a5bf813e72a1cb e646a9ee80797293
XMM06=76d05acfff73aba0 081c00781dcbe4f0 XMM07=e75e39077a9a8492 4f90ff6fbfdeae86
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fa029012fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ac1ba73dc89b1000 RBX=ffffffff819683f8 RCX=ac1ba73dc89b1000 RDX=0000000000000001
RSI=ffffffff8be33f60 RDI=ffffffff819683f8 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa3a730 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102001f000
RIP=ffffffff8b7a53f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000180 CR3=000000010ecd0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fd265c12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
