last executing test programs:

1.176309487s ago: executing program 1 (id=490):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000080)=0x4)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000300)="00214717a70700000000030600710a5e31163ceb9d0471200000000500000000000000ffff0342844d50e7182ce0ab6d00000846df930d0ab9cc127d0dc450de49c204a803166580ac899c081cb49f1930e7d07fbdf3", 0x56}], 0x1, 0x8, 0x1)

1.030162689s ago: executing program 1 (id=494):
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)

951.570248ms ago: executing program 1 (id=495):
add_key$fscrypt_v1(0x0, &(0x7f0000000000)={'fscrypt:', @desc1}, 0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x4e24, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}}, 0xb8}}, 0x0)

951.369336ms ago: executing program 1 (id=496):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000680)={0x0, 0x5, 0x2, 0x20008, 0x7, 0xd})

730.126256ms ago: executing program 1 (id=499):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x70bd2b, 0x25dfdbfa, {0x5}}, 0x14}}, 0x40800)

680.134319ms ago: executing program 0 (id=502):
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
r0 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x22, &(0x7f0000000380)={&(0x7f0000003000)={[{0x0, 0x0, 0x103}]}, 0x1}, 0x1)

679.677106ms ago: executing program 0 (id=504):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000078000000030a01010000000000000000010000000900030073797a310000000028000480080002400000000208000140000000051400030076657468315f746f5f626174616476000900010073797a300000000008000a4097"], 0xc0}}, 0x0)

599.567219ms ago: executing program 1 (id=505):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000900)={[{@noblock_validity}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@stripe={'stripe', 0x3d, 0x3}}, {@noauto_da_alloc}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@resuid}, {@dioread_lock}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
fallocate(r1, 0x8, 0x4000, 0x4000)

599.197201ms ago: executing program 0 (id=507):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000004900010028bd7000fedbdf250a008000", @ANYRES32=0x0, @ANYBLOB="00000000080002000100000014000100fc"], 0x38}, 0x1, 0x0, 0x0, 0x14000000}, 0x80)

598.763784ms ago: executing program 0 (id=509):
creat(&(0x7f00000000c0)='./file0\x00', 0xce)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r1, &(0x7f00000023c0)=ANY=[@ANYBLOB="5300000007000046009d", @ANYRESHEX=r0], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}})

511.534537ms ago: executing program 2 (id=510):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000e00)='./file0\x00', 0x10000, &(0x7f0000000940)=ANY=[], 0x0, 0xdab, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L36x8wuNm6ZJSkigj9iQumklNkaii1KE1CVLmgaa1gmP0AUoi5RFV0i1hPgDipDIpuqi6oJNFbGiG1Sp+wqx6iaVkLJAUcCV7XPG429mdGcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux8jg3N12l9N5H7z7zr7O/+NvylJOtHKdWHsfz2HxKqdmaL6XJsLz5idX0qy+uX2xPv85plc6nKlWt6en52615D6SUbqRT6VaaTE+9cOfeh4vPPrc4debm0Xc+vbs1rV9TbXUBAACwA3z58w9e+8djP70+dfcvJ+bTRGt62T6fz+MH83b/fN5QLtvL5X9A1ZZWHban94R843lohHxjHfK1l9MM+ca7lL8nLLfZJd9ETfljbdM6tRuG2dr/+Koxs2680ZiZWf1PvuyzsT3VzNXLCy9dG1BFgU1352TexWcwGEZuWDo06DUQwKp43PA+Nzb3SF1raeO9lX/76Ubn+WETbPfnX/nDVf4Hv7fGYfPs1k9TaVf5Hh3M4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvmemxUt/rHz8Vu9e2cltfhRIi3f3/iezos7zHQ2Zf2/xsMIzssDXoFBOxY8by5pazE43l9MT5RE99bE99XE99fEz9QE4dR9tc3/pgWq7X/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsZL8898mf7/zu1j/j+f9fh/P/T+ff0sm8gij7C+N+9da5/+HC4EaXfIdDfR7qkH/l+ZH1+aoja8tJbeuZ++oxvX6+Q93yHV+fbzLk25+3RfaG+sbtk/1hvrL9Udar5fUaD+1thnbsCfUo78xUTveG9kx1a1fYkb0n5Gvm4f9Du46Edj0c5vtGaFc1vb5dcf95qc/RMD0eJyn5wtt23+9SfC/idRmP5PTtnL6f049z+nmHckdR+Tx2O/+/fD6nU7N66fLCpSfyePmcfjLWnFie/uQ21xt4cL1e/zOd1l//c7A1vdloXy8cWpteta8XJsP0812m/zCPl9+zX4/tW5k+c/GVhV9tduNhxF17863fvriwcOl1TzzxxJPWk0GvmYCtNvvGlVdnr7351rnLV158+dLLl65e+MmPzj8x9+MLF2ZXNutn2zfugV1l7Ud/0DUBAAAAAAAAAAAAelbt6zw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZtT21BHNt92XE406DYCnf3X/X8NhpEdlpbcxR/YGQbd/1+572FJr/79Z3uXh5Lt9tPr15fx/oXwIHZ6/3PK3139/7X6v+p5/Rd6zJrcWLlX7j16s63YdKzX8mP7y31gj/RX/tVcfmnN2dRb+Ut/CuXHG5X26JVQ/v4ey7+v/cc3Vv6rufzysj1+utfyV2tcNdbXI+43LvcBjPuNi9dC+8u9/fpu/wY7ans9lw+jbFj6mezXsPT/2U1ZblkP5tVz6zhduf927O+g3/qX+36X34GHw/Krmt83/X8Ot7r+P8vnb1b/n7DrfOb4n8EwssPS0tJAuz4Z1X5XdopBv/6D3oYcdPmDfv3rxP4/4/+l2P9njMf+P2M89v8Z47F/rRiP/X/G1zP2/xnjR8NyY/+g0zXxb9bEj9XEv1UTP14Tj//fYvxUTfxETfxkTfxwTfyRmvjpmvijNfEzNfHHauKP18R3u+/kdFTbD6Ms9hvp+w+joxz/6fb9P1ITB4ZX7Nc5fr/P1sSB4VXO8/D9hhFUdb5jR9zfXvbjvp3T93P6cU4/37IKsh2+m9Pv5fT7Of1BTs/ldCansznVNeRw+8N/jp1YrNbO8zsU4r2eTxqvB4j3iXmyx/rE43P9ns96tMdytqr8DV4OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0GiuPc3PTVUrvffTuM/8+95vDy1NOtnKcWnkcz2PzKaVmSqnK4+NheTcmVtOvvrh+sVNapfMrj2U8PX+7Ne+B5fnTqXQrTaanXrhz78PFZ59bnDpz8+g7n97dmtavqba6AAAAABig/wUAAP//vrPsgA==")
r1 = openat(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x80086e8a, &(0x7f00000002c0)={@id={0x20000000, 0xefffffff, @auto="00002000000000001baeff79da3b89f5"}})

511.340237ms ago: executing program 0 (id=511):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000000)=<r0=>0x0)
r1 = eventfd(0x0)
io_submit(r0, 0x2, &(0x7f0000000280)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x100, r1, &(0x7f0000000100)="0000fd6000000000", 0x8, 0x3}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x0, r1, 0x0, 0x0, 0x1000a, 0x0, 0x1, r1}])
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f00000000c0)={0x5fb, 0x69f9, 0xcac, 0x800, 0x9})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

329.080359ms ago: executing program 2 (id=512):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x4f}, @call={0x85, 0x0, 0x0, 0x5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006007c09e8fe55a10a0017", 0x1f}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f7d28344b904020000", 0x2}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)

328.674137ms ago: executing program 2 (id=513):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x45)
writev(r0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000001400)="15a6029b1c08a2a714ad5cd4d6aa95144a364f71a6df9f7f4a94bbc6f025a662318c479ecb73b0907cf68b48909c1e6417311e9662b19b93e3529fcb1198befaa97a578e9e6673f066dcd8c72c52a556d530ffa404f9e4c7eb336da713aa4167ac801b3575b2f948af48a1cd426768860c8e59dcdfe65292e7e7ff9d922ca8199422fb73b55a74d3cd8cd6f886a3312b63a79911636fcbb811a7e90cb58fbb56130fd9cc1eceb11ea3058c84b47f3fda54bf5cd361591e404b942c4f0fa10eed75391933fbd62324c12c84939d43dbe88924bafeb1c680e9b77d277b6c2318c81426fe1211c57a85d523564c07636397165581d109ca0392ff0ba657c5a5d0b84819584db5ba0b1def7b0f32e7ff67777c4ce76f6cbaa6a1633dbe5aebdf01cdbc8724b6d5d87e3d77d45ccf0db867dd537e262b9253eb56a10b3d064b077a8d8b31f5254c1ad1c05bb1b8b2e774fc50cd6ad097138da1fc203eaccc34ec7e7fef470bf3abdaaafe4c66224f92727662c1aea940096f86bf85e729d901cbe6e34c65cd7adac02f0542595d2ad1208583726e9f9ae7daf8c9375a00fb3adf79ed1af6ca749e6e34fb47232102fb90e25e048c5ee5bf85edd632156079eaca2ee06afa923cc4d204e8a1410cfd04bee53508168ffc47cef01a99417416a5485650e539522da9777ecd695a1724037ea55be89217dc02d5148ffad56c095db673e5", 0x200}], 0x2)

217.365242ms ago: executing program 2 (id=514):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="1400000022000b0fd25a806c8c6f94f90124fc60", 0x14}], 0x1}, 0x4000010)

101.231201ms ago: executing program 0 (id=515):
syz_read_part_table(0x5e0, &(0x7f0000000600)="$eJzs3L9rJFUcAPDvzM7ObiAasbZYSCMKRrATF23UpBONnYWNgkVEYiFWu4uC4I8/IK1oYRRCrC08OEK4dFcdB+Huv7gUF94xP/fgUt2Gg4PPp9jve2++3/dmdl77Jni+pY2IlEWc1b3fB3Uo8u1Be/2LrMscNWHYdqvxTw/f/2Bn8lE26seq0Xl7dbRcpWxjEZO29V8Rvx1++VPeZcyaMI8Y/lNGUeWmpu7gyZu+qKYvsmv5A1hF8X+qX1aUcTv+jYi9bFC9/FHEIv6MeCnGdd5WxMuDlFL9mucRaxGDKPt98dSOpieLd6PYrdpr0e60YdOb/ZylN9u8YaSUUh6zza5yEPHKO1v7V01a1y/qPdYNpZSG611tvrywd1l2zbdO789iMe5nj9Ru7m6ffnP+8Rv1nWTNHMNVHx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGv36rev3ci7znv1b9b/bv8V+TJ1HvGwa0/G17T+0fRk44cf9/P4fvrVna+zbngQWx+uR4z6vM+bcPxLHYo+bVV7l3n59x831/qBduos4tbm3YvUrXDexu/efqx4mq+8PgAAAAAAAAAAAAAAAAAAAFSOY2fySR67EVl8Fsvj/inGEVl/Hn8ckVJKD1KtO/xfHrzYts7uRVYVRepKTsvmgwIbL0Sk0a+v1x8UaApTSkW9RPYMH5QrPQoAAP//HdhdXQ==")

101.052274ms ago: executing program 2 (id=516):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xc, {"a2e3ad214fc752f91b3d1a0987f70e06d038e7ff7fc6e5539b3272078b089b080f384b090890e0878f0e1ac6e7049b334d959b669a240d5b67f3988f7ef3195201c0ffe8d178708c523c921b1b5d500f0d30090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc90da8196c28d920bab05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d21487b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a158b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae7183cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a799567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461600000000000000206ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f86b8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a75500000000d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

0s ago: executing program 2 (id=517):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
open(&(0x7f0000000900)='./file1\x00', 0x84200, 0x104)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:55872' (ED25519) to the list of known hosts.
syzkaller login: [   40.949097][ T5770] cgroup: Unknown subsys name 'net'
[   41.083982][ T5770] cgroup: Unknown subsys name 'cpuset'
[   41.087904][ T5770] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.769426][ T5770] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.983977][ T5233] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   46.986803][ T5233] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   46.989399][ T5233] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.011903][ T5233] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.017579][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   47.020072][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.022500][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   47.025136][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   47.028080][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   47.030472][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   47.087871][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   47.090872][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   47.094098][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   47.096914][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   47.101756][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   47.220621][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   47.300891][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   47.369582][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.372615][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.375066][ T5846] bridge_slave_0: entered allmulticast mode
[   47.377843][ T5846] bridge_slave_0: entered promiscuous mode
[   47.407167][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.410004][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.412636][ T5846] bridge_slave_1: entered allmulticast mode
[   47.415769][ T5846] bridge_slave_1: entered promiscuous mode
[   47.437043][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.439354][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.442598][ T5842] bridge_slave_0: entered allmulticast mode
[   47.445695][ T5842] bridge_slave_0: entered promiscuous mode
[   47.472887][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.477521][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.489482][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.492475][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.494656][ T5842] bridge_slave_1: entered allmulticast mode
[   47.497297][ T5842] bridge_slave_1: entered promiscuous mode
[   47.512250][ T5846] team0: Port device team_slave_0 added
[   47.521811][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   47.527492][ T5846] team0: Port device team_slave_1 added
[   47.551655][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.567780][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.570321][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.579265][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.585238][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.596441][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.598621][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.607935][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.643169][ T5842] team0: Port device team_slave_0 added
[   47.646508][ T5842] team0: Port device team_slave_1 added
[   47.703676][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.705860][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.708030][ T5851] bridge_slave_0: entered allmulticast mode
[   47.711385][ T5851] bridge_slave_0: entered promiscuous mode
[   47.714963][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.717221][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.719418][ T5851] bridge_slave_1: entered allmulticast mode
[   47.723144][ T5851] bridge_slave_1: entered promiscuous mode
[   47.725967][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.728039][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.735985][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.743507][ T5846] hsr_slave_0: entered promiscuous mode
[   47.745887][ T5846] hsr_slave_1: entered promiscuous mode
[   47.756480][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.758609][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.767326][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.807244][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.827545][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.834061][ T5842] hsr_slave_0: entered promiscuous mode
[   47.836313][ T5842] hsr_slave_1: entered promiscuous mode
[   47.838398][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   47.840211][ T5842] Cannot create hsr debugfs directory
[   47.874481][ T5851] team0: Port device team_slave_0 added
[   47.882361][ T5851] team0: Port device team_slave_1 added
[   47.922894][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.925021][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.933488][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.949733][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.952578][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.960408][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.046795][ T5851] hsr_slave_0: entered promiscuous mode
[   48.049188][ T5851] hsr_slave_1: entered promiscuous mode
[   48.052831][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   48.054629][ T5851] Cannot create hsr debugfs directory
[   48.122364][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   48.136547][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   48.154782][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   48.159652][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   48.222308][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   48.232314][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.234787][ T5846] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.237478][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.239789][ T5846] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.244760][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   48.249845][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   48.255381][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   48.275244][   T83] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.279336][   T83] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.343885][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   48.350245][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   48.358059][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   48.367778][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   48.417015][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.449920][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   48.463315][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.465872][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.478233][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.480880][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.492148][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.505309][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.526479][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   48.533238][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   48.538521][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   48.563882][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.566159][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.570475][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.573408][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.593392][   T83] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.595724][   T83] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.608732][   T83] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.611001][   T83] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.650039][ T5851] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   48.668766][ T5851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   48.705715][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.753227][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.762842][ T5846] veth0_vlan: entered promiscuous mode
[   48.774324][ T5846] veth1_vlan: entered promiscuous mode
[   48.810050][ T5846] veth0_macvtap: entered promiscuous mode
[   48.814237][ T5842] veth0_vlan: entered promiscuous mode
[   48.828296][ T5846] veth1_macvtap: entered promiscuous mode
[   48.837755][ T5842] veth1_vlan: entered promiscuous mode
[   48.845607][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.857027][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.872336][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.888872][ T5842] veth0_macvtap: entered promiscuous mode
[   48.893759][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.898756][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.915229][ T5842] veth1_macvtap: entered promiscuous mode
[   48.919267][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.922741][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.945945][ T5851] veth0_vlan: entered promiscuous mode
[   48.960384][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.974762][ T5851] veth1_vlan: entered promiscuous mode
[   48.978165][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.994369][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.997516][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.999043][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.001691][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.012796][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.023910][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.033951][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.037104][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.062116][ T5849] Bluetooth: hci1: command tx timeout
[   49.082642][ T5851] veth0_macvtap: entered promiscuous mode
[   49.097320][ T5851] veth1_macvtap: entered promiscuous mode
[   49.112799][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.115293][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.118584][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.128350][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   49.133071][ T5849] Bluetooth: hci0: command tx timeout
[   49.140015][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.141474][ T5849] Bluetooth: hci2: command tx timeout
[   49.145390][ T5872] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.148271][ T5872] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.163279][ T5872] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.166037][ T5872] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.177346][  T430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.187962][  T430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.263505][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.265970][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.272951][ T5911] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   49.304689][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.307170][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.377121][ T5917] loop2: detected capacity change from 0 to 512
[   49.396471][ T5917] EXT4-fs (loop2): Test dummy encryption mode enabled
[   49.398612][ T5917] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   49.411781][ T5917] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   49.428444][ T5917] EXT4-fs (loop2): 1 truncate cleaned up
[   49.433738][ T5917] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.443359][ T5922] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   49.445902][ T5922] IPv6: NLM_F_CREATE should be set when creating new route
[   49.450450][ T5925] warning: `syz.0.9' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   49.474015][ T5922] lo: entered allmulticast mode
[   49.477630][ T5922] tunl0: entered allmulticast mode
[   49.493395][ T5922] gre0: entered allmulticast mode
[   49.514875][ T5922] gretap0: entered allmulticast mode
[   49.518730][ T5922] erspan0: entered allmulticast mode
[   49.524559][ T5922] ip_vti0: entered allmulticast mode
[   49.527897][ T5922] ip6_vti0: entered allmulticast mode
[   49.531809][ T5922] sit0: entered allmulticast mode
[   49.535795][ T5922] ip6tnl0: entered allmulticast mode
[   49.539114][ T5922] ip6gre0: entered allmulticast mode
[   49.543043][ T5922] syz_tun: entered allmulticast mode
[   49.546639][ T5922] ip6gretap0: entered allmulticast mode
[   49.550785][ T5922] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.553612][ T5922] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.558186][ T5922] bridge0: entered allmulticast mode
[   49.563007][ T5922] vcan0: entered allmulticast mode
[   49.566207][ T5922] bond0: entered allmulticast mode
[   49.567937][ T5922] bond_slave_0: entered allmulticast mode
[   49.569835][ T5922] bond_slave_1: entered allmulticast mode
[   49.575604][ T5922] team0: entered allmulticast mode
[   49.577313][ T5922] team_slave_0: entered allmulticast mode
[   49.579189][ T5922] team_slave_1: entered allmulticast mode
[   49.585862][ T5922] dummy0: entered allmulticast mode
[   49.592331][ T5922] nlmon0: entered allmulticast mode
[   49.596022][ T5922] caif0: entered allmulticast mode
[   49.598553][ T5922] batadv0: entered allmulticast mode
[   49.603960][ T5922] vxcan0: entered allmulticast mode
[   49.606257][ T5922] vxcan1: entered allmulticast mode
[   49.608714][ T5922] veth0: entered allmulticast mode
[   49.614335][ T5922] veth1: entered allmulticast mode
[   49.618681][ T5922] wg0: entered allmulticast mode
[   49.624001][ T5917] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[   49.627536][ T5922] wg1: entered allmulticast mode
[   49.627977][ T5929] loop0: detected capacity change from 0 to 32768
[   49.634180][ T5922] wg2: entered allmulticast mode
[   49.647513][ T5922] veth0_to_bridge: entered allmulticast mode
[   49.664432][ T5922] veth1_to_bridge: entered allmulticast mode
[   49.679348][ T5929] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,str_hash=crc64,recovery_pass_last=set_may_go_rw,nojournal_transaction_names,read_only
[   49.679363][ T5929]   allowing incompatible features above 0.0: (unknown version)
[   49.679368][ T5929]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   49.693293][ T5929] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   49.696645][ T5929] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[   49.699999][ T5922] veth0_to_bond: entered allmulticast mode
[   49.701210][ T5929] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b  compress none
[   49.705089][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.709667][ T5929]   has non ptr field, deleting
[   49.709737][ T5929] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   49.716474][ T5929] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[   49.716474][ T5929] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[   49.716474][ T5929]   running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[   49.726859][ T5922] veth1_to_bond: entered allmulticast mode
[   49.731771][ T5922] veth0_to_team: entered allmulticast mode
[   49.737007][ T5929] bcachefs (loop0): invalid bkey in btree_node btree=dirents level=0: u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4096 type dir
[   49.737033][ T5929]   dirent points to own directory, deleting
[   49.744270][ T5922] veth1_to_team: entered allmulticast mode
[   49.747474][ T5929] bcachefs (loop0): accounting_read... done
[   49.752713][ T5922] veth0_to_batadv: entered allmulticast mode
[   49.753553][ T5929] bcachefs (loop0): alloc_read... done
[   49.756644][ T5922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   49.757098][ T5929] bcachefs (loop0): snapshots_read...
[   49.759625][ T5922] batadv_slave_0: entered allmulticast mode
[   49.759807][ T5929]  done
[   49.764176][ T5929] bcachefs (loop0): check_allocations...
[   49.768591][ T5929] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree
[   49.768664][ T5929]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[   49.769597][ T5922] veth1_to_batadv: entered allmulticast mode
[   49.772201][ T5929] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[   49.783288][ T5929]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[   49.788918][ T5929] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[   49.788927][ T5929]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[   49.791465][ T5922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   49.793470][ T5929] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree
[   49.802074][ T5929]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[   49.808707][ T5929] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[   49.808716][ T5929]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[   49.818213][ T5929] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.818673][ T5922] batadv_slave_1: entered allmulticast mode
[   49.821702][ T5929] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.827638][ T5929] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.830643][ T5929] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.832891][ T5922] xfrm0: entered allmulticast mode
[   49.834421][ T5929] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.837200][ T5935] loop2: detected capacity change from 0 to 16
[   49.838642][ T5929] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.844312][ T5929] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.846033][ T5922] veth0_to_hsr: entered allmulticast mode
[   49.847370][ T5929] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.852975][ T5929] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.854687][ T5935] =======================================================
[   49.854687][ T5935] WARNING: The mand mount option has been deprecated and
[   49.854687][ T5935]          and is ignored by this kernel. Remove the mand
[   49.854687][ T5935]          option from the mount to silence this warning.
[   49.854687][ T5935] =======================================================
[   49.856130][ T5929] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.867007][ T5922] hsr_slave_0: entered allmulticast mode
[   49.870155][ T5929] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.874758][ T5929] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.877980][ T5922] veth1_to_hsr: entered allmulticast mode
[   49.878283][ T5929] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.883109][ T5929] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.886681][ T5929] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.887795][ T5922] hsr_slave_1: entered allmulticast mode
[   49.889790][ T5929] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[   49.895143][ T5929] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.895796][ T5935] erofs (device loop2): rootino(nid 36) is not a directory(i_mode 10000)
[   49.898098][ T5929] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.904709][ T5929] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.907818][ T5929] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.911537][ T5929] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing
[   49.911567][ T5929]   Ratelimiting new instances of previous error
[   49.914496][ T5922] hsr0: entered allmulticast mode
[   49.914693][ T5929] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[   49.921531][ T5929]   Ratelimiting new instances of previous error
[   49.932823][ T5929]  done
[   49.934748][ T5922] veth1_virt_wifi: entered allmulticast mode
[   49.936581][ T5929] bcachefs (loop0): going read-write
[   49.946514][ T5922] veth0_virt_wifi: entered allmulticast mode
[   49.954319][ T5922] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[   49.958686][ T5922] veth1_vlan: entered allmulticast mode
[   49.968657][ T5922] veth0_vlan: entered allmulticast mode
[   49.987492][ T5922] vlan0: entered allmulticast mode
[   49.989302][ T5922] vlan1: entered allmulticast mode
[   49.994756][ T5922] macvlan0: entered allmulticast mode
[   50.000269][ T5922] macvlan1: entered allmulticast mode
[   50.004766][ T5922] ipvlan0: entered allmulticast mode
[   50.006983][ T5922] ipvlan1: entered allmulticast mode
[   50.009174][ T5922] veth1_macvtap: entered allmulticast mode
[   50.020216][ T5922] veth0_macvtap: entered allmulticast mode
[   50.027725][ T5922] macvtap0: entered allmulticast mode
[   50.027766][ T5929] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[   50.030999][ T5922] macsec0: entered allmulticast mode
[   50.033004][ T5929] bcachefs (loop0): going read-only
[   50.035903][ T5929] bcachefs (loop0): finished waiting for writes to stop
[   50.039380][ T5929] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12
[   50.043700][ T5922] geneve0: entered allmulticast mode
[   50.044824][ T5929] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 13
[   50.049934][ T5922] geneve1: entered allmulticast mode
[   50.050241][ T5929] bcachefs (loop0): unclean shutdown complete, journal seq 14
[   50.054766][ T5922] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   50.055362][ T5929] bcachefs (loop0): done going read-only, filesystem not clean
[   50.059322][ T5929] bcachefs (loop0): done starting filesystem
[   50.061652][ T5922] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[   50.069215][ T5922] netdevsim netdevsim1 netdevsim2: entered allmulticast mode
[   50.083136][ T5922] netdevsim netdevsim1 netdevsim3: entered allmulticast mode
[   50.103619][ T5922] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[   50.114830][ T5922] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[   50.116344][ T5929] syz.0.10 (5929) used greatest stack depth: 19032 bytes left
[   50.129021][ T5846] bcachefs (loop0): shutting down
[   50.141690][ T5945] netlink: 116 bytes leftover after parsing attributes in process `syz.2.12'.
[   50.148456][ T5945] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   50.162337][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.195711][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.201619][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.203477][ T5846] bcachefs (loop0): shutdown complete
[   50.210311][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.223578][ T5953] netlink: 'syz.1.14': attribute type 10 has an invalid length.
[   50.230752][ T5953] bond0: (slave bond_slave_0): Releasing backup interface
[   50.366114][ T5962] loop1: detected capacity change from 0 to 128
[   50.377176][ T5962] EXT4-fs: Ignoring removed nobh option
[   50.384212][ T5962] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   50.388315][ T5962] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   50.412460][ T5851] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   50.481393][ T5873] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   50.631482][ T5873] usb 3-1: Using ep0 maxpacket: 32
[   50.636527][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   50.640026][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   50.643219][ T5873] usb 3-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[   50.646062][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   50.658561][ T5873] usb 3-1: config 0 descriptor??
[   51.072344][ T5873] nintendo 0003:057E:200E.0001: unknown main item tag 0x0
[   51.078157][ T5873] nintendo 0003:057E:200E.0001: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.2-1/input0
[   51.131640][ T5849] Bluetooth: hci1: command tx timeout
[   51.141598][ T5873] nintendo 0003:057E:200E.0001: Failed charging grip handshake
[   51.144431][ T5873] nintendo 0003:057E:200E.0001: Failed to initialize controller; ret=-110
[   51.149789][ T5873] nintendo 0003:057E:200E.0001: probe - fail = -110
[   51.152763][ T5873] nintendo 0003:057E:200E.0001: probe with driver nintendo failed with error -110
[   51.211506][ T5849] Bluetooth: hci2: command tx timeout
[   51.211691][ T5845] Bluetooth: hci0: command tx timeout
[   51.232789][ T5969] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   51.276122][ T5971] delete_channel: no stack
[   51.277047][   T10] usb 3-1: USB disconnect, device number 2
[   51.278821][ T5970] delete_channel: no stack
[   51.364184][ T5979] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[   51.433617][ T5985] loop1: detected capacity change from 0 to 2048
[   51.465104][ T5988] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   51.493799][   T33] audit: type=1800 audit(1755119777.426:2): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.27" name="file2" dev="loop1" ino=16 res=0 errno=0
[   51.515392][ T5988] NILFS (loop1): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3)
[   51.518712][ T5988] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=16)
[   51.523595][ T5988] Remounting filesystem read-only
[   51.529385][ T5985] NILFS (loop1): error -2 truncating bmap (ino=16)
[   51.555489][ T5851] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[   51.609365][ T5998] netlink: 256 bytes leftover after parsing attributes in process `syz.1.33'.
[   51.613550][ T5998] unsupported nlmsg_type 40
[   51.690907][ T6002] loop0: detected capacity change from 0 to 4096
[   51.697103][ T6002] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[   51.960230][ T6018] loop0: detected capacity change from 0 to 8
[   51.974450][ T6019] loop2: detected capacity change from 0 to 1024
[   51.974972][ T6018] SQUASHFS error: zlib decompression failed, data probably corrupt
[   51.977079][ T6019] EXT4-fs: Ignoring removed oldalloc option
[   51.979022][ T6018] SQUASHFS error: Failed to read block 0x9b: -5
[   51.981915][  T974] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   51.987218][ T6019] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   51.998457][ T6018] SQUASHFS error: Unable to read metadata cache entry [99]
[   52.001222][ T6018] SQUASHFS error: Unable to read inode 0x127
[   52.015368][ T6019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.067413][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.153069][  T974] usb 2-1: Using ep0 maxpacket: 16
[   52.160243][  T974] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[   52.169282][  T974] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[   52.180542][  T974] usb 2-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95
[   52.185938][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   52.188496][  T974] usb 2-1: Product: syz
[   52.189833][  T974] usb 2-1: Manufacturer: syz
[   52.191867][  T974] usb 2-1: SerialNumber: syz
[   52.195050][  T974] usb 2-1: config 0 descriptor??
[   52.197572][ T6006] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   52.198459][ T6035] loop2: detected capacity change from 0 to 512
[   52.200319][ T6006] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   52.209286][ T6035] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   52.214658][ T6035] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c0a8, mo2=0002]
[   52.219594][ T6035] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: inode #11: comm syz.2.49: missing EA_INODE flag
[   52.227287][ T6035] EXT4-fs (loop2): Remounting filesystem read-only
[   52.229441][ T6035] EXT4-fs (loop2): 1 orphan inode deleted
[   52.233203][ T6035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.272293][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.329174][ T6041] loop2: detected capacity change from 0 to 2048
[   52.335699][ T6041] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[   52.346265][ T6043] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   52.411507][ T6006] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   52.420107][ T6006] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   52.498268][ T6051] netlink: 2048 bytes leftover after parsing attributes in process `syz.0.55'.
[   52.501383][ T6051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.55'.
[   52.630747][  T974] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   52.635111][  T974] asix 2-1:0.0: probe with driver asix failed with error -71
[   52.640491][  T974] usb 2-1: USB disconnect, device number 2
[   52.661292][ T5311] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   52.822595][ T5311] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[   52.826354][ T5311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[   52.829788][ T5311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[   52.834997][ T5311] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[   52.838093][ T5311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   52.840660][ T5311] usb 3-1: Product: syz
[   52.842104][ T5311] usb 3-1: Manufacturer: syz
[   52.843625][ T5311] usb 3-1: SerialNumber: syz
[   52.848020][ T5311] usb 3-1: config 0 descriptor??
[   53.301240][ T5845] Bluetooth: hci2: command tx timeout
[   53.389534][ T6068] capability: warning: `syz.0.63' uses 32-bit capabilities (legacy support in use)
[   53.613198][ T6083] netlink: 512 bytes leftover after parsing attributes in process `syz.0.72'.
[   53.615939][ T6086] capability: warning: `syz.2.71' uses deprecated v2 capabilities in a way that may be insecure
[   53.963778][ T6091] loop2: detected capacity change from 0 to 32768
[   53.989928][ T6091] BTRFS: device label  devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.73 (6091)
[   54.036684][ T6091] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   54.040377][ T6091] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   54.043941][ T6091] BTRFS error (device loop2): superblock checksum mismatch
[   54.047183][ T6091] BTRFS error (device loop2): open_ctree failed: -22
[   54.092682][ T5845] Bluetooth: hci1: command tx timeout
[   54.217318][ T6094] loop1: detected capacity change from 0 to 32768
[   54.312912][ T6094] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=ask,norecovery,nojournal_transaction_names,read_only
[   54.312926][ T6094]   allowing incompatible features above 0.0: (unknown version)
[   54.312931][ T6094]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   54.327300][ T6094] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   54.330301][ T6094] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[   54.352165][ T6094] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[   54.352165][ T6094]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[   54.897866][ T6094] bcachefs (loop1): btree node read error at btree lru level 0/0
[   54.898394][ T6094]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[   54.898445][ T6094]   loop1 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[   54.898493][ T6094]   loop1 btree validate error
[   54.898498][ T6094]   flagging btree lru lost data
[   54.898502][ T6094]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[   54.898506][ T6094]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[   54.898511][ T6094]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[   54.898516][ T6094]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[   54.898521][ T6094]   ret btree_node_read_err_bad_node
[   54.941621][ T6094] bcachefs (loop1): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[   54.947767][ T6094] bcachefs (loop1): btree node read error at btree freespace level 0/0
[   54.947777][ T6094]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[   54.947783][ T6094]   loop1 node offset 0/32 bset u64s 0: invalid bkey format: field 4 too large: 0 + 4294967296 > 4294967295
[   54.947788][ T6094]   u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:4294967296, 0:0
[   54.947793][ T6094]   loop1 btree validate error
[   54.947797][ T6094]   flagging btree freespace lost data
[   54.947801][ T6094]   ret btree_node_read_err_bad_node
[   54.967572][ T6094] bcachefs (loop1): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[   54.975387][ T6094] bcachefs (loop1): check_topology... done
[   54.979103][ T6094] bcachefs (loop1): accounting_read... done
[   54.982390][ T6094] bcachefs (loop1): alloc_read... done
[   54.984659][ T6094] bcachefs (loop1): snapshots_read... done
[   54.987259][ T6094] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean
[   54.990574][ T6094] bcachefs (loop1): done starting filesystem
[   55.069562][ T6094] bcachefs (loop1): inode 4099:4294967295 has wrong backpointer:
[   55.069583][ T6094]   got       8977922886548783724:0
[   55.069588][ T6094]   should be 4098:8977922886548783724, fixing
[   55.099596][ T5851] bcachefs (loop1): shutting down
[   55.130725][ T5851] bcachefs (loop1): shutdown complete
[   55.132624][ T5845] Bluetooth: hci0: command tx timeout
[   55.371416][ T5845] Bluetooth: hci2: command tx timeout
[   55.414198][ T6109] Zero length message leads to an empty skb
[   55.766313][ T6119] loop0: detected capacity change from 0 to 1024
[   55.796704][ T1090] hfsplus: b-tree write err: -5, ino 4
[   56.003502][ T6131] loop0: detected capacity change from 0 to 8
[   56.571308][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   56.722522][    T9] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   56.725397][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.729779][    T9] usb 2-1: config 0 descriptor??
[   56.946654][    T9] usb 2-1: Cannot read MAC address
[   56.948467][    T9] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[   56.962623][    T9] usb 2-1: USB disconnect, device number 3
[   57.043933][ T6142] loop0: detected capacity change from 0 to 16
[   57.049602][ T6142] erofs (device loop0): mounted with root inode @ nid 36.
[   57.567518][ T6145] ubi31: attaching mtd0
[   57.570571][ T6145] ubi31: scanning is finished
[   57.572127][ T6145] ubi31: empty MTD device detected
[   57.642933][ T6145] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[   57.645377][ T6145] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   57.647651][ T6145] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[   57.649845][ T6145] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[   57.653280][ T6145] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   57.655374][ T6145] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[   57.657921][ T6145] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3381668584
[   57.661124][ T6145] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   57.668334][ T6152] ubi31: background thread "ubi_bgt31d" started, PID 6152
[   57.888090][ T6167] loop1: detected capacity change from 0 to 512
[   57.900053][ T6167] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.103: corrupted in-inode xattr: invalid ea_ino
[   57.906450][ T6167] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.103: couldn't read orphan inode 15 (err -117)
[   57.915914][ T6167] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.941678][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.110087][ T6171] loop1: detected capacity change from 0 to 32768
[   58.117196][ T6171] (syz.1.104,6171,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   58.123802][ T6171] (syz.1.104,6171,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   58.148045][ T6171] JBD2: Ignoring recovery information on journal
[   58.178509][ T6171] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   58.259281][ T5851] ocfs2: Unmounting device (7,1) on (node local)
[   58.373805][ T6175] loop1: detected capacity change from 0 to 4096
[   58.379359][ T6175] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   58.401269][ T6175] ntfs3(loop1): $Secure::$SII is corrupted.
[   58.405615][ T6175] ntfs3(loop1): Failed to initialize $Secure (-22).
[   58.584096][ T6185] loop1: detected capacity change from 0 to 128
[   58.693544][ T6189] loop1: detected capacity change from 0 to 512
[   58.698090][ T6189] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   58.716577][ T6189] EXT4-fs (loop1): 1 truncate cleaned up
[   58.728411][ T6189] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   58.745914][ T6189] EXT4-fs error (device loop1): ext4_read_inline_dir:1476: inode #12: block 7: comm syz.1.112: path /newroot/43/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0
[   58.755057][ T6189] EXT4-fs (loop1): Remounting filesystem read-only
[   58.783446][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.809330][ T6195] loop2: detected capacity change from 0 to 8
[   58.830063][   T33] audit: type=1326 audit(1755119784.756:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6196 comm="syz.1.115" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3eae98ebe9 code=0x0
[   59.137229][ T6205] loop1: detected capacity change from 0 to 40427
[   59.163723][ T6205] F2FS-fs (loop1): invalid crc value
[   59.208350][ T6205] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   59.214414][ T6205] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   59.237552][   T33] audit: type=1800 audit(1755119785.166:4): pid=6205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.119" name="bus" dev="loop1" ino=10 res=0 errno=0
[   59.258266][ T5851] syz-executor: attempt to access beyond end of device
[   59.258266][ T5851] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   59.266513][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[   59.266527][ T5851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   59.266533][ T5851] Call Trace:
[   59.266537][ T5851]  <TASK>
[   59.266541][ T5851]  dump_stack_lvl+0x189/0x250
[   59.266556][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.266565][ T5851]  ? __pfx_queue_work_on+0x10/0x10
[   59.266574][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   59.266583][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.266596][ T5851]  f2fs_handle_critical_error+0x37c/0x540
[   59.266610][ T5851]  f2fs_write_end_io+0x886/0xb60
[   59.266629][ T5851]  __submit_merged_bio+0x27a/0x6a0
[   59.266641][ T5851]  __submit_merged_write_cond+0x255/0x530
[   59.266654][ T5851]  f2fs_write_data_pages+0x261d/0x3000
[   59.266679][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   59.266695][ T5851]  ? rcu_is_watching+0x15/0xb0
[   59.266717][ T5851]  ? check_path+0x21/0x40
[   59.266724][ T5851]  ? check_noncircular+0xe0/0x160
[   59.266774][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   59.266787][ T5851]  do_writepages+0x32e/0x550
[   59.266804][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   59.266815][ T5851]  filemap_fdatawrite+0x199/0x240
[   59.266825][ T5851]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   59.266878][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   59.266891][ T5851]  f2fs_sync_dirty_inodes+0x31f/0x830
[   59.266909][ T5851]  f2fs_write_checkpoint+0x95a/0x1df0
[   59.266930][ T5851]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   59.266962][ T5851]  ? kill_f2fs_super+0x298/0x6c0
[   59.266975][ T5851]  kill_f2fs_super+0x2c3/0x6c0
[   59.266988][ T5851]  ? __pfx_kill_f2fs_super+0x10/0x10
[   59.266997][ T5851]  ? radix_tree_delete_item+0x2b6/0x400
[   59.267009][ T5851]  ? shrinker_free+0x2ce/0x3e0
[   59.267019][ T5851]  deactivate_locked_super+0xbc/0x130
[   59.267029][ T5851]  cleanup_mnt+0x425/0x4c0
[   59.267038][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   59.267049][ T5851]  task_work_run+0x1d4/0x260
[   59.267061][ T5851]  ? __pfx_task_work_run+0x10/0x10
[   59.267070][ T5851]  ? __x64_sys_umount+0x122/0x160
[   59.267082][ T5851]  ? exit_to_user_mode_loop+0x40/0x110
[   59.267095][ T5851]  exit_to_user_mode_loop+0xec/0x110
[   59.267106][ T5851]  do_syscall_64+0x2bd/0x3b0
[   59.267115][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   59.267123][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.267130][ T5851]  ? exc_page_fault+0x9f/0xf0
[   59.267140][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.267147][ T5851] RIP: 0033:0x7f3eae98ff17
[   59.267169][ T5851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   59.267176][ T5851] RSP: 002b:00007ffe7ac31a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   59.267186][ T5851] RAX: 0000000000000000 RBX: 00007f3eaea11c05 RCX: 00007f3eae98ff17
[   59.267191][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe7ac31af0
[   59.267195][ T5851] RBP: 00007ffe7ac31af0 R08: 0000000000000000 R09: 0000000000000000
[   59.267200][ T5851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe7ac32b80
[   59.267205][ T5851] R13: 00007f3eaea11c05 R14: 000000000000e70a R15: 00007ffe7ac32bc0
[   59.267223][ T5851]  </TASK>
[   59.267463][ T5851] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   59.584670][ T6213] loop1: detected capacity change from 0 to 128
[   59.597139][ T6213] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: writeback.
[   59.628045][ T5851] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   59.669241][ T6216] netlink: 52 bytes leftover after parsing attributes in process `syz.1.122'.
[   59.736987][ T6220] loop1: detected capacity change from 0 to 256
[   59.761884][ T6220] FAT-fs (loop1): Directory bread(block 64) failed
[   59.764227][ T6220] FAT-fs (loop1): Directory bread(block 65) failed
[   59.767044][ T6220] FAT-fs (loop1): Directory bread(block 66) failed
[   59.769225][ T6220] FAT-fs (loop1): Directory bread(block 67) failed
[   59.773195][ T6220] FAT-fs (loop1): Directory bread(block 68) failed
[   59.776950][ T6220] FAT-fs (loop1): Directory bread(block 69) failed
[   59.779130][ T6220] FAT-fs (loop1): Directory bread(block 70) failed
[   59.781268][ T6220] FAT-fs (loop1): Directory bread(block 71) failed
[   59.783507][ T6220] FAT-fs (loop1): Directory bread(block 72) failed
[   59.785633][ T6220] FAT-fs (loop1): Directory bread(block 73) failed
[   60.152690][ T5873] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   60.311274][ T5873] usb 2-1: Using ep0 maxpacket: 8
[   60.529009][ T5873] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   60.540136][ T5873] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[   60.544890][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[   60.548380][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[   60.551850][ T5873] usb 2-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7
[   60.554679][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.562044][ T5873] usb 2-1: config 0 descriptor??
[   60.566494][ T5873] metro_usb 2-1:0.0: Metrologic USB to Serial converter detected
[   60.579234][ T5873] usb 2-1: Metrologic USB to Serial converter now attached to ttyUSB0
[   60.774077][    T9] usb 2-1: USB disconnect, device number 4
[   60.781653][    T9] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0
[   60.786173][    T9] metro_usb 2-1:0.0: device disconnected
[   61.471404][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   61.581930][ T5880] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[   61.621212][    T9] usb 1-1: Using ep0 maxpacket: 16
[   61.624250][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[   61.627634][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[   61.630693][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   61.634761][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   61.640177][    T9] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[   61.643150][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.645606][    T9] usb 1-1: Product: syz
[   61.646927][    T9] usb 1-1: Manufacturer: syz
[   61.648320][    T9] usb 1-1: SerialNumber: syz
[   61.653206][    T9] usb 1-1: config 0 descriptor??
[   61.657441][ T6244] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   61.662336][    C0] port100 1-1:0.0: NFC: Urb failure (status -71)
[   61.664525][    T9] port100 1-1:0.0: NFC: Could not get supported command types
[   61.733625][ T5880] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[   61.735944][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   61.739219][ T5880] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   61.742877][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   61.746315][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   61.750706][ T5880] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[   61.754231][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   61.757522][ T5880] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   61.761222][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   61.764714][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   61.768950][ T5880] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[   61.772353][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   61.775691][ T5880] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   61.779246][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   61.783203][ T5880] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   61.789973][ T5880] usb 2-1: string descriptor 0 read error: -22
[   61.793021][ T5880] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   61.795969][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.805795][ T5880] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[   61.866997][ T5880] usb 1-1: USB disconnect, device number 2
[   62.018321][ T5873] usb 2-1: USB disconnect, device number 5
[   62.455449][ T6265] netlink: 'syz.0.145': attribute type 6 has an invalid length.
[   62.811339][ T5880] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   62.961302][ T5880] usb 1-1: Using ep0 maxpacket: 16
[   62.968220][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   62.979135][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   62.983672][ T5880] usb 1-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.00
[   62.987100][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.993986][ T5880] usb 1-1: config 0 descriptor??
[   63.207961][ T5880] usb 1-1: string descriptor 0 read error: -71
[   63.227133][ T5880] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[   63.239632][ T5278] bcm5974 1-1:0.0: could not read from device
[   63.249806][ T5278] bcm5974 1-1:0.0: could not read from device
[   63.257302][ T5278] bcm5974 1-1:0.0: could not read from device
[   63.262370][ T5880] usb 1-1: USB disconnect, device number 3
[   63.265408][ T5278] bcm5974 1-1:0.0: could not read from device
[   63.558257][ T6283] loop2: detected capacity change from 0 to 64
[   63.606319][ T6285] comedi comedi2: s526: I/O port conflict (0x3,64)
[   64.123904][ T6316] raw_sendmsg: syz.1.170 forgot to set AF_INET. Fix it!
[   64.158732][ T6318] netlink: 'syz.1.171': attribute type 9 has an invalid length.
[   64.162900][ T6318] netlink: 211988 bytes leftover after parsing attributes in process `syz.1.171'.
[   64.386306][ T6314] loop2: detected capacity change from 0 to 32768
[   64.396835][ T6314] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.169 (6314)
[   64.400612][ T6330] loop1: detected capacity change from 0 to 1764
[   64.448900][ T6314] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   64.453042][ T6314] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[   64.456103][ T6314] BTRFS info (device loop2): using free-space-tree
[   64.483057][ T6332] loop1: detected capacity change from 0 to 2048
[   64.548323][   T33] audit: type=1800 audit(1755119790.476:5): pid=6332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.178" name="file0" dev="loop1" ino=834 res=0 errno=0
[   64.615399][ T6314] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[   64.686091][ T5842] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   64.861313][ T6352] netlink: 'syz.0.181': attribute type 1 has an invalid length.
[   64.864998][ T6352] netlink: 24 bytes leftover after parsing attributes in process `syz.0.181'.
[   64.901641][ T6350] loop1: detected capacity change from 0 to 40427
[   64.905178][ T6350] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   64.907690][ T6350] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   64.912266][ T6350] F2FS-fs (loop1): invalid crc value
[   64.966215][ T6350] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   64.973870][ T6350] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   64.976050][ T6350] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   65.254954][ T6360] loop0: detected capacity change from 0 to 32768
[   65.286258][ T6368] loop2: detected capacity change from 0 to 4096
[   65.291031][ T6368] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[   65.310443][ T6360] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   65.449834][ T5846] ocfs2: Unmounting device (7,0) on (node local)
[   65.581869][ T6382] mmap: syz.2.192 (6382) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   65.659936][ T6385] erspan0: entered promiscuous mode
[   65.948267][ T6408] process 'syz.1.201' launched '/dev/fd/8' with NULL argv: empty string added
[   66.052569][ T6408] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   66.618160][ T6425] loop0: detected capacity change from 0 to 256
[   66.621812][ T6425] exfat: Deprecated parameter 'utf8'
[   66.624800][ T6425] exfat: Deprecated parameter 'namecase'
[   66.631633][ T6425] exfat: Deprecated parameter 'namecase'
[   66.641832][ T6425] exfat: Deprecated parameter 'utf8'
[   66.649946][ T6425] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x8212fc2e, utbl_chksum : 0xe619d30d)
[   66.752414][ T6428] loop1: detected capacity change from 0 to 128
[   66.792884][ T6428] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   66.809913][ T6428] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.881689][ T6434] syz.0.214 uses obsolete (PF_INET,SOCK_PACKET)
[   66.946518][ T5851] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   67.015176][ T6436] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   67.017694][ T6436] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   67.301135][ T5880] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[   67.464080][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   67.473385][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   67.481274][ T5880] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[   67.488907][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.504973][ T5880] usb 2-1: config 0 descriptor??
[   67.963031][ T5880] logitech 0003:046D:C29C.0002: unexpected long global item
[   67.969843][ T5880] logitech 0003:046D:C29C.0002: parse failed
[   67.975551][ T5880] logitech 0003:046D:C29C.0002: probe with driver logitech failed with error -22
[   68.162120][    T9] usb 2-1: USB disconnect, device number 6
[   68.333215][ T6478] netlink: 'syz.2.230': attribute type 4 has an invalid length.
[   69.001169][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   69.153280][    T9] usb 2-1: config 0 has an invalid interface number: 9 but max is 0
[   69.156498][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   69.159695][    T9] usb 2-1: config 0 has no interface number 0
[   69.163361][    T9] usb 2-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8
[   69.166240][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.170232][    T9] usb 2-1: config 0 descriptor??
[   69.174911][    T9] rndis_host 2-1:0.9: More than one union descriptor, skipping ...
[   69.177482][    T9] usb 2-1: bad CDC descriptors
[   69.179469][    T9] cdc_acm 2-1:0.9: More than one union descriptor, skipping ...
[   69.381381][    T9] usb 2-1: USB disconnect, device number 7
[   69.456912][ T6510] netlink: 24 bytes leftover after parsing attributes in process `syz.0.245'.
[   69.647754][ T6524] kernel read not supported for file /file1 (pid: 6524 comm: syz.2.250)
[   69.650936][   T33] audit: type=1800 audit(1755119795.576:6): pid=6524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.250" name="file1" dev="mqueue" ino=8408 res=0 errno=0
[   70.043992][ T6534] loop2: detected capacity change from 0 to 2048
[   70.144883][ T6534] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.151480][ T6534] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.237860][ T6544] netlink: 4 bytes leftover after parsing attributes in process `syz.2.252'.
[   70.295145][ T6546] Bluetooth: MGMT ver 1.23
[   70.742759][  T974] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   70.776491][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.895336][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   70.897545][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   70.904065][  T974] usb 2-1: Using ep0 maxpacket: 16
[   70.919996][  T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.926058][  T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   70.933909][  T974] usb 2-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[   70.939691][  T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.947738][  T974] usb 2-1: config 0 descriptor??
[   70.987480][ T6563] netlink: 80 bytes leftover after parsing attributes in process `syz.2.264'.
[   71.253634][ T6573] veth1_vlan: entered allmulticast mode
[   71.388698][ T6577] use of bytesused == 0 is deprecated and will be removed in the future,
[   71.393996][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x4
[   71.395674][ T6577] use the actual size instead.
[   71.396328][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.399993][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.411185][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.413396][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.415566][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.417721][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.419883][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.441223][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.443450][  T974] macally 0003:060B:0001.0003: unknown main item tag 0x0
[   71.446628][  T974] macally 0003:060B:0001.0003: unexpected long global item
[   71.449378][  T974] macally 0003:060B:0001.0003: probe with driver macally failed with error -22
[   71.609571][    T9] usb 2-1: USB disconnect, device number 8
[   71.640153][ T6588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.276'.
[   71.655361][ T6588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.276'.
[   71.884231][ T6589] loop2: detected capacity change from 0 to 32768
[   71.963906][ T6589] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   71.963920][ T6589]   allowing incompatible features above 0.0: (unknown version)
[   71.963925][ T6589]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   71.978454][ T6589] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[   71.980943][ T6589] bcachefs (loop2): initializing new filesystem
[   71.989647][ T6589] bcachefs (loop2): going read-write
[   71.995266][ T6589] bcachefs (loop2): marking superblocks
[   72.009474][ T6589] bcachefs (loop2): initializing freespace
[   72.015191][ T6589] bcachefs (loop2): done initializing freespace
[   72.021840][ T6589] bcachefs (loop2): reading snapshots table
[   72.023779][ T6589] bcachefs (loop2): reading snapshots done
[   72.037554][ T6589] bcachefs (loop2): done starting filesystem
[   72.064265][ T6589] syz.2.275 (6589) used greatest stack depth: 15768 bytes left
[   72.071025][ T5842] bcachefs (loop2): shutting down
[   72.073195][ T5842] bcachefs (loop2): going read-only
[   72.075331][ T5842] bcachefs (loop2): finished waiting for writes to stop
[   72.078909][ T5842] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[   72.106035][ T5842] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[   72.110914][ T5842] bcachefs (loop2): clean shutdown complete, journal seq 4
[   72.117138][ T5842] bcachefs (loop2): marking filesystem clean
[   72.154781][ T5842] bcachefs (loop2): shutdown complete
[   72.618697][ T6622] loop1: detected capacity change from 0 to 128
[   72.999119][ T6628] overlayfs: failed to clone upperpath
[   73.459098][ T5311] iguanair 3-1:0.0: failed to get version
[   73.483880][ T5311] iguanair 3-1:0.0: probe with driver iguanair failed with error -110
[   73.518062][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.518062][   T36] loop1: rw=1, sector=145, nr_sectors = 8 limit=128
[   73.531686][ T5311] usb 3-1: USB disconnect, device number 3
[   73.539967][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.539967][   T36] loop1: rw=1, sector=161, nr_sectors = 8 limit=128
[   73.545540][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.545540][   T36] loop1: rw=1, sector=177, nr_sectors = 8 limit=128
[   73.549568][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.549568][   T36] loop1: rw=1, sector=193, nr_sectors = 8 limit=128
[   73.560158][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.560158][   T36] loop1: rw=1, sector=209, nr_sectors = 8 limit=128
[   73.575479][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.575479][   T36] loop1: rw=1, sector=225, nr_sectors = 8 limit=128
[   73.604153][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.604153][   T36] loop1: rw=1, sector=241, nr_sectors = 8 limit=128
[   73.608327][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.608327][   T36] loop1: rw=1, sector=257, nr_sectors = 8 limit=128
[   73.612417][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.612417][   T36] loop1: rw=1, sector=273, nr_sectors = 8 limit=128
[   73.616359][   T36] kworker/u10:1: attempt to access beyond end of device
[   73.616359][   T36] loop1: rw=1, sector=289, nr_sectors = 8 limit=128
[   73.659656][ T6634] random: crng reseeded on system resumption
[   73.860345][   T33] audit: type=1326 audit(1755119799.786:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.868508][   T33] audit: type=1326 audit(1755119799.786:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.876718][   T33] audit: type=1326 audit(1755119799.796:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.883475][   T33] audit: type=1326 audit(1755119799.796:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.889978][   T33] audit: type=1326 audit(1755119799.796:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.897922][   T33] audit: type=1326 audit(1755119799.796:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.906759][   T33] audit: type=1326 audit(1755119799.796:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.913318][   T33] audit: type=1326 audit(1755119799.796:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.919757][   T33] audit: type=1326 audit(1755119799.796:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.0.298" exe="/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f459b18ebe9 code=0x7ffc0000
[   73.944090][ T6657] block nbd2: shutting down sockets
[   74.921235][  T974] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   75.101141][  T974] usb 3-1: Using ep0 maxpacket: 8
[   75.105953][  T974] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[   75.108675][  T974] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[   75.111194][  T974] usb 3-1: Product: syz
[   75.112447][  T974] usb 3-1: Manufacturer: syz
[   75.113853][  T974] usb 3-1: SerialNumber: syz
[   75.116784][  T974] usb 3-1: config 0 descriptor??
[   75.121529][  T974] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[   75.257335][ T6697] loop1: detected capacity change from 0 to 2048
[   75.269932][ T6698] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   75.286557][ T6697] tmpfs: Unknown parameter 'usrquota0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.286557][ T6697] 0
[   75.397317][ T6702] xt_policy: too many policy elements
[   75.656973][ T6723] loop1: detected capacity change from 0 to 64
[   75.672402][   T33] kauditd_printk_skb: 5 callbacks suppressed
[   75.672411][   T33] audit: type=1800 audit(1755119801.606:21): pid=6723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.330" name="file2" dev="loop1" ino=6 res=0 errno=0
[   75.753971][  T974] gspca_zc3xx: reg_w_i err -71
[   75.755489][  T974] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[   75.769403][  T974] usb 3-1: USB disconnect, device number 4
[   76.252636][ T5845] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   76.256457][ T5845] Bluetooth: hci2: Injecting HCI hardware error event
[   76.259989][ T5849] Bluetooth: hci2: hardware error 0x00
[   76.394627][ T6736] loop2: detected capacity change from 0 to 16
[   76.433977][ T6736] erofs (device loop2): mounted with root inode @ nid 36.
[   76.582108][ T6740] loop2: detected capacity change from 0 to 512
[   76.598711][ T6740] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   76.626881][ T6740] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.338: bad orphan inode 16
[   76.630798][ T6740] ext4_test_bit(bit=15, block=4) = 0
[   76.640146][ T6740] EXT4-fs (loop2): 1 orphan inode deleted
[   76.642685][ T6740] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.644071][ T6744] netlink: 4 bytes leftover after parsing attributes in process `syz.0.339'.
[   76.684252][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.713532][ T6748] tmpfs: Bad value for 'nr_blocks'
[   76.941186][  T974] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[   77.081132][ T5880] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   77.092905][  T974] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[   77.095452][  T974] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   77.098508][  T974] usb 2-1: config 0 has no interface number 0
[   77.100408][  T974] usb 2-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[   77.103898][  T974] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[   77.109934][  T974] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[   77.112834][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.115438][  T974] usb 2-1: Product: syz
[   77.116702][  T974] usb 2-1: Manufacturer: syz
[   77.118049][  T974] usb 2-1: SerialNumber: syz
[   77.120922][  T974] usb 2-1: config 0 descriptor??
[   77.126455][  T974] HFC-S_USB 2-1:0.117: probe with driver HFC-S_USB failed with error -5
[   77.231181][ T5880] usb 3-1: Using ep0 maxpacket: 16
[   77.234154][ T5880] usb 3-1: config 5 has an invalid interface number: 206 but max is 0
[   77.236589][ T5880] usb 3-1: config 5 has no interface number 0
[   77.238433][ T5880] usb 3-1: config 5 interface 206 has no altsetting 0
[   77.243081][ T5880] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=60.44
[   77.246363][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.248765][ T5880] usb 3-1: Product: syz
[   77.250021][ T5880] usb 3-1: Manufacturer: syz
[   77.252160][ T5880] usb 3-1: SerialNumber: syz
[   77.332951][  T974] usb 2-1: USB disconnect, device number 9
[   77.466709][ T5880] usb_ehset_test 3-1:5.206: probe with driver usb_ehset_test failed with error -32
[   77.470810][ T5880] usb 3-1: USB disconnect, device number 5
[   77.693845][ T6764] openvswitch: netlink: Message has 16 unknown bytes.
[   77.825821][ T6775] batman_adv: batadv0: Adding interface: gretap1
[   77.827796][ T6775] batman_adv: batadv0: Interface activated: gretap1
[   77.870762][ T6779] loop1: detected capacity change from 0 to 2048
[   78.037435][ T6793] dlm: no local IP address has been set
[   78.039926][ T6793] dlm: cannot start dlm midcomms -107
[   78.045205][   T33] audit: type=1800 audit(1755119803.976:22): pid=6795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.364" name="bus" dev="overlay" ino=585 res=0 errno=0
[   78.080092][ T6797] loop1: detected capacity change from 0 to 2048
[   78.165263][ T6799] loop2: detected capacity change from 0 to 128
[   78.248455][ T6805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.370'.
[   78.253159][ T6805] IPVS: Unknown mcast interface: vcan0
[   78.331284][ T5849] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   78.544701][ T6825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.378'.
[   78.594363][ T6827] loop1: detected capacity change from 0 to 512
[   78.606983][ T6827] EXT4-fs: Ignoring removed nomblk_io_submit option
[   78.613185][ T6829] netlink: 'syz.0.380': attribute type 1 has an invalid length.
[   78.613420][ T6827] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   78.617871][ T6827] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002]
[   78.620074][ T6829] netlink: 'syz.0.380': attribute type 2 has an invalid length.
[   78.620223][ T6827] System zones: 0-1, 15-15, 18-18, 34-34
[   78.624898][ T6827] EXT4-fs (loop1): orphan cleanup on readonly fs
[   78.624908][ T6829] netlink: 'syz.0.380': attribute type 1 has an invalid length.
[   78.627724][ T6827] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #16: comm syz.1.379: casefold flag without casefold feature
[   78.629147][ T6829] netlink: 'syz.0.380': attribute type 2 has an invalid length.
[   78.633933][ T6827] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.379: couldn't read orphan inode 16 (err -117)
[   78.642551][ T6827] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.669988][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.695199][ T6833] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[   78.835614][ T6845] IPv6: addrconf: prefix option has invalid lifetime
[   79.192502][ T6865] netlink: 76 bytes leftover after parsing attributes in process `syz.0.394'.
[   79.553754][ T6873] input: syz1 as /devices/virtual/input/input6
[   79.622073][ T5880] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   79.623827][ T6877] netlink: 28 bytes leftover after parsing attributes in process `syz.1.402'.
[   79.627154][ T6877] netlink: 28 bytes leftover after parsing attributes in process `syz.1.402'.
[   79.775604][ T5880] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   79.779511][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.783010][ T5880] usb 3-1: Product: syz
[   79.785534][ T5880] usb 3-1: Manufacturer: syz
[   79.789167][ T5880] usb 3-1: SerialNumber: syz
[   79.794506][ T5880] usb 3-1: config 0 descriptor??
[   79.803130][ T6889] ubi: mtd0 is already attached to ubi31
[   79.903749][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.410'.
[   79.906564][ T6893] netlink: 'syz.1.410': attribute type 5 has an invalid length.
[   79.909719][ T6893] netlink: 20 bytes leftover after parsing attributes in process `syz.1.410'.
[   79.917052][ T6895] 9pnet_fd: Insufficient options for proto=fd
[   79.919051][ T6893] geneve2: entered promiscuous mode
[   79.920693][ T6893] geneve2: entered allmulticast mode
[   79.927837][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[   79.930485][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[   79.939806][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[   79.945990][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0
[   80.007217][ T5880] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   80.224233][ T6916] netlink: 'syz.0.420': attribute type 29 has an invalid length.
[   80.227510][ T6916] netlink: 'syz.0.420': attribute type 29 has an invalid length.
[   80.653628][ T6935] loop1: detected capacity change from 0 to 64
[   80.663798][ T6935] bio_check_eod: 102 callbacks suppressed
[   80.663824][ T6935] syz.1.428: attempt to access beyond end of device
[   80.663824][ T6935] loop1: rw=0, sector=1024, nr_sectors = 2 limit=64
[   80.669968][ T6935] Buffer I/O error on dev loop1, logical block 512, async page read
[   80.673246][ T6935] syz.1.428: attempt to access beyond end of device
[   80.673246][ T6935] loop1: rw=0, sector=113152, nr_sectors = 2 limit=64
[   80.677189][ T6935] Buffer I/O error on dev loop1, logical block 56576, async page read
[   80.740801][ T6939] loop1: detected capacity change from 0 to 2048
[   80.749195][ T6939] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[   80.756142][ T6940] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   80.798475][ T6942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.431'.
[   80.801628][ T6942] netlink: 'syz.1.431': attribute type 3 has an invalid length.
[   80.875398][ T5880] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[   80.889727][ T5880] usb 3-1: USB disconnect, device number 6
[   81.150525][  T793] cfg80211: failed to load regulatory.db
[   81.520018][ T6968] fuse: Bad value for 'fd'
[   81.545452][ T5699] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x16
[   81.729240][ T6991] netlink: 260 bytes leftover after parsing attributes in process `syz.2.449'.
[   82.017632][ T7007] IPv6: sit1: Disabled Multicast RS
[   82.022857][ T7007] sit1: entered allmulticast mode
[   83.085397][ T7018] loop2: detected capacity change from 0 to 262144
[   83.098864][ T7024] syz.1.462: attempt to access beyond end of device
[   83.098864][ T7024] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0
[   83.112388][ T7024] syz.1.462: attempt to access beyond end of device
[   83.112388][ T7024] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0
[   83.167010][ T7018] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   83.170415][ T7018] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   83.940059][ T7059] loop1: detected capacity change from 0 to 512
[   83.966801][ T7059] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.970727][ T7059] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.997872][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.110880][ T7066] loop1: detected capacity change from 0 to 1024
[   84.194530][ T7066] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.206246][ T7076] netlink: 140 bytes leftover after parsing attributes in process `syz.0.483'.
[   84.217850][ T7066] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.480: missing EA_INODE flag
[   84.224057][ T7066] EXT4-fs (loop1): Remounting filesystem read-only
[   84.226202][ T7066] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   84.258101][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.347575][ T7088] fuse: Bad value for 'fd'
[   84.604191][ T7107] loop1: detected capacity change from 0 to 512
[   84.626377][ T7107] EXT4-fs: Ignoring removed bh option
[   84.651375][ T7107] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   84.666983][ T7107] EXT4-fs (loop1): 1 truncate cleaned up
[   84.672577][ T7107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.701681][ T7107] EXT4-fs warning (device loop1): ext4_group_add:1736: No reserved GDT blocks, can't resize
[   84.746416][ T7111] netlink: set zone limit has 4 unknown bytes
[   84.763783][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.855589][ T7122] netlink: 28 bytes leftover after parsing attributes in process `syz.0.504'.
[   84.900347][ T7127] loop1: detected capacity change from 0 to 1024
[   84.926632][ T7127] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   84.940822][ T7131] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000004
[   84.957691][ T7127] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.036068][ T7137] loop2: detected capacity change from 0 to 4096
[   85.105352][ T7143] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   85.173148][ T7145] netlink: 176 bytes leftover after parsing attributes in process `syz.2.512'.
[   85.205427][ T7147] loop2: detected capacity change from 0 to 512
[   85.215549][ T7147] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.220388][ T7147] ext4 filesystem being mounted at /145/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   85.235485][   T33] audit: type=1800 audit(1755119811.166:23): pid=7147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.513" name="file1" dev="loop2" ino=15 res=0 errno=0
[   85.257116][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.657600][ T7158] loop2: detected capacity change from 0 to 32768
[   85.669795][ T7158] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   85.688105][   T33] audit: type=1800 audit(1755119811.616:24): pid=7158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.517" name="file1" dev="loop2" ino=17058 res=0 errno=0
[   85.699850][ T7158] 
[   85.700693][ T7158] ======================================================
[   85.702947][ T7158] WARNING: possible circular locking dependency detected
[   85.705470][ T7158] 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 Not tainted
[   85.708523][ T7158] ------------------------------------------------------
[   85.711076][ T7158] syz.2.517/7158 is trying to acquire lock:
[   85.713099][ T7158] ffff888039c74060 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x320
[   85.717348][ T7158] 
[   85.717348][ T7158] but task is already holding lock:
[   85.720178][ T7158] ffff888039c740f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[   85.724315][ T7158] 
[   85.724315][ T7158] which lock already depends on the new lock.
[   85.724315][ T7158] 
[   85.728196][ T7158] 
[   85.728196][ T7158] the existing dependency chain (in reverse order) is:
[   85.731398][ T7158] 
[   85.731398][ T7158] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[   85.734593][ T7158]        lock_acquire+0x120/0x360
[   85.736627][ T7158]        down_read+0x46/0x2e0
[   85.738299][ T7158]        ocfs2_init_acl+0x2f9/0x720
[   85.740268][ T7158]        ocfs2_mknod+0x1321/0x2050
[   85.742352][ T7158]        ocfs2_create+0x1a5/0x440
[   85.744229][ T7158]        path_openat+0x14f4/0x3830
[   85.746304][ T7158]        do_filp_open+0x1fa/0x410
[   85.748096][ T7158]        do_sys_openat2+0x121/0x1c0
[   85.749927][ T7158]        __x64_sys_openat+0x138/0x170
[   85.751838][ T7158]        do_syscall_64+0xfa/0x3b0
[   85.753468][ T7158]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.755577][ T7158] 
[   85.755577][ T7158] -> #3 (jbd2_handle){++++}-{0:0}:
[   85.757971][ T7158]        lock_acquire+0x120/0x360
[   85.759451][ T7158]        start_this_handle+0x1fa7/0x21c0
[   85.761153][ T7158]        jbd2__journal_start+0x2c1/0x5b0
[   85.762847][ T7158]        jbd2_journal_start+0x2a/0x40
[   85.764501][ T7158]        ocfs2_start_trans+0x376/0x6d0
[   85.766205][ T7158]        ocfs2_modify_bh+0xe8/0x470
[   85.767965][ T7158]        ocfs2_local_read_info+0x1465/0x17e0
[   85.769796][ T7158]        dquot_load_quota_sb+0x791/0xbd0
[   85.771536][ T7158]        dquot_load_quota_inode+0x2e1/0x5d0
[   85.773460][ T7158]        ocfs2_enable_quotas+0x1c6/0x450
[   85.775418][ T7158]        ocfs2_fill_super+0x50fe/0x63c0
[   85.777153][ T7158]        get_tree_bdev_flags+0x40e/0x4d0
[   85.778951][ T7158]        vfs_get_tree+0x92/0x2b0
[   85.780603][ T7158]        do_new_mount+0x2a2/0x9e0
[   85.782321][ T7158]        __se_sys_mount+0x317/0x410
[   85.784040][ T7158]        do_syscall_64+0xfa/0x3b0
[   85.785646][ T7158]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.787892][ T7158] 
[   85.787892][ T7158] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[   85.790841][ T7158]        lock_acquire+0x120/0x360
[   85.792422][ T7158]        down_read+0x46/0x2e0
[   85.793871][ T7158]        ocfs2_start_trans+0x36a/0x6d0
[   85.795607][ T7158]        ocfs2_modify_bh+0xe8/0x470
[   85.797317][ T7158]        ocfs2_local_read_info+0x1465/0x17e0
[   85.799196][ T7158]        dquot_load_quota_sb+0x791/0xbd0
[   85.800949][ T7158]        dquot_load_quota_inode+0x2e1/0x5d0
[   85.802863][ T7158]        ocfs2_enable_quotas+0x1c6/0x450
[   85.804611][ T7158]        ocfs2_fill_super+0x50fe/0x63c0
[   85.806450][ T7158]        get_tree_bdev_flags+0x40e/0x4d0
[   85.808134][ T7158]        vfs_get_tree+0x92/0x2b0
[   85.809806][ T7158]        do_new_mount+0x2a2/0x9e0
[   85.811597][ T7158]        __se_sys_mount+0x317/0x410
[   85.813364][ T7158]        do_syscall_64+0xfa/0x3b0
[   85.814838][ T7158]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.816895][ T7158] 
[   85.816895][ T7158] -> #1 (sb_internal#3){.+.+}-{0:0}:
[   85.819552][ T7158]        lock_acquire+0x120/0x360
[   85.821369][ T7158]        ocfs2_start_trans+0x26b/0x6d0
[   85.823110][ T7158]        ocfs2_truncate_file+0x643/0x1420
[   85.824943][ T7158]        ocfs2_setattr+0x1520/0x1b40
[   85.826560][ T7158]        notify_change+0xb36/0xe40
[   85.828171][ T7158]        do_truncate+0x1a4/0x220
[   85.829929][ T7158]        path_openat+0x306c/0x3830
[   85.831566][ T7158]        do_filp_open+0x1fa/0x410
[   85.833126][ T7158]        do_sys_openat2+0x121/0x1c0
[   85.834679][ T7158]        __x64_sys_open+0x11e/0x150
[   85.836261][ T7158]        do_syscall_64+0xfa/0x3b0
[   85.837734][ T7158]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.839829][ T7158] 
[   85.839829][ T7158] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[   85.842749][ T7158]        validate_chain+0xb9b/0x2140
[   85.844464][ T7158]        __lock_acquire+0xab9/0xd20
[   85.846102][ T7158]        lock_acquire+0x120/0x360
[   85.847706][ T7158]        down_write+0x96/0x1f0
[   85.849174][ T7158]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[   85.851548][ T7158]        ocfs2_truncate_file+0xda0/0x1420
[   85.853470][ T7158]        ocfs2_setattr+0x1520/0x1b40
[   85.855317][ T7158]        notify_change+0xb36/0xe40
[   85.856919][ T7158]        do_truncate+0x1a4/0x220
[   85.858497][ T7158]        path_openat+0x306c/0x3830
[   85.860292][ T7158]        do_filp_open+0x1fa/0x410
[   85.862040][ T7158]        do_sys_openat2+0x121/0x1c0
[   85.863619][ T7158]        __x64_sys_open+0x11e/0x150
[   85.865215][ T7158]        do_syscall_64+0xfa/0x3b0
[   85.866849][ T7158]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.868828][ T7158] 
[   85.868828][ T7158] other info that might help us debug this:
[   85.868828][ T7158] 
[   85.872363][ T7158] Chain exists of:
[   85.872363][ T7158]   &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem
[   85.872363][ T7158] 
[   85.877038][ T7158]  Possible unsafe locking scenario:
[   85.877038][ T7158] 
[   85.879509][ T7158]        CPU0                    CPU1
[   85.881386][ T7158]        ----                    ----
[   85.883171][ T7158]   lock(&oi->ip_xattr_sem);
[   85.884886][ T7158]                                lock(jbd2_handle);
[   85.887415][ T7158]                                lock(&oi->ip_xattr_sem);
[   85.889955][ T7158]   lock(&ocfs2_file_ip_alloc_sem_key);
[   85.891922][ T7158] 
[   85.891922][ T7158]  *** DEADLOCK ***
[   85.891922][ T7158] 
[   85.894648][ T7158] 3 locks held by syz.2.517/7158:
[   85.896402][ T7158]  #0: ffff88811311a428 (sb_writers#15){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   85.899673][ T7158]  #1: ffff888039c743c0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[   85.903125][ T7158]  #2: ffff888039c740f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[   85.906609][ T7158] 
[   85.906609][ T7158] stack backtrace:
[   85.908386][ T7158] CPU: 1 UID: 0 PID: 7158 Comm: syz.2.517 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[   85.908398][ T7158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.908404][ T7158] Call Trace:
[   85.908409][ T7158]  <TASK>
[   85.908414][ T7158]  dump_stack_lvl+0x189/0x250
[   85.908426][ T7158]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.908437][ T7158]  ? __pfx__printk+0x10/0x10
[   85.908448][ T7158]  ? print_lock_name+0xde/0x100
[   85.908459][ T7158]  print_circular_bug+0x2ee/0x310
[   85.908469][ T7158]  check_noncircular+0x134/0x160
[   85.908479][ T7158]  validate_chain+0xb9b/0x2140
[   85.908491][ T7158]  __lock_acquire+0xab9/0xd20
[   85.908503][ T7158]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[   85.908511][ T7158]  lock_acquire+0x120/0x360
[   85.908521][ T7158]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[   85.908531][ T7158]  down_write+0x96/0x1f0
[   85.908542][ T7158]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[   85.908549][ T7158]  ? __pfx_down_write+0x10/0x10
[   85.908561][ T7158]  ocfs2_try_remove_refcount_tree+0xb6/0x320
[   85.908569][ T7158]  ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10
[   85.908577][ T7158]  ? up_write+0x1c4/0x420
[   85.908586][ T7158]  ocfs2_truncate_file+0xda0/0x1420
[   85.908598][ T7158]  ? __pfx_ocfs2_truncate_file+0x10/0x10
[   85.908607][ T7158]  ? do_raw_spin_unlock+0x4d/0x240
[   85.908616][ T7158]  ? _raw_spin_unlock+0x28/0x50
[   85.908623][ T7158]  ? ocfs2_inode_lock_tracker+0x3ec/0x660
[   85.908636][ T7158]  ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10
[   85.908647][ T7158]  ? ocfs2_rw_lock+0x13a/0x240
[   85.908657][ T7158]  ? __pfx___dquot_initialize+0x10/0x10
[   85.908665][ T7158]  ? __pfx_ocfs2_rw_lock+0x10/0x10
[   85.908674][ T7158]  ? setattr_prepare+0x1e7/0xac0
[   85.908684][ T7158]  ? inode_newsize_ok+0x11b/0x1c0
[   85.908693][ T7158]  ocfs2_setattr+0x1520/0x1b40
[   85.908705][ T7158]  ? __pfx_ocfs2_setattr+0x10/0x10
[   85.908714][ T7158]  ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[   85.908724][ T7158]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[   85.908736][ T7158]  ? ktime_get_coarse_real_ts64_mg+0x1be/0x1e0
[   85.908746][ T7158]  ? current_time+0x222/0x370
[   85.908753][ T7158]  ? evm_inode_setattr+0x1b6/0x7d0
[   85.908760][ T7158]  ? __pfx_current_time+0x10/0x10
[   85.908768][ T7158]  ? try_break_deleg+0x79/0x130
[   85.908777][ T7158]  ? __pfx_ocfs2_setattr+0x10/0x10
[   85.908786][ T7158]  notify_change+0xb36/0xe40
[   85.908796][ T7158]  do_truncate+0x1a4/0x220
[   85.908830][ T7158]  ? __pfx_do_truncate+0x10/0x10
[   85.908841][ T7158]  ? apparmor_file_truncate+0x23e/0x2d0
[   85.908853][ T7158]  path_openat+0x306c/0x3830
[   85.908863][ T7158]  ? arch_stack_walk+0xfc/0x150
[   85.908876][ T7158]  ? stack_depot_save_flags+0x40/0x860
[   85.908887][ T7158]  ? __pfx_path_openat+0x10/0x10
[   85.908895][ T7158]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.908906][ T7158]  do_filp_open+0x1fa/0x410
[   85.908915][ T7158]  ? __lock_acquire+0xab9/0xd20
[   85.908926][ T7158]  ? __pfx_do_filp_open+0x10/0x10
[   85.908938][ T7158]  ? _raw_spin_unlock+0x28/0x50
[   85.908945][ T7158]  ? alloc_fd+0x64c/0x6c0
[   85.908957][ T7158]  do_sys_openat2+0x121/0x1c0
[   85.908969][ T7158]  ? __se_sys_futex+0x36f/0x400
[   85.908980][ T7158]  ? __pfx_do_sys_openat2+0x10/0x10
[   85.908989][ T7158]  ? rcu_is_watching+0x15/0xb0
[   85.908997][ T7158]  __x64_sys_open+0x11e/0x150
[   85.909006][ T7158]  do_syscall_64+0xfa/0x3b0
[   85.909017][ T7158]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.909025][ T7158]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.909032][ T7158]  ? exc_page_fault+0x9f/0xf0
[   85.909041][ T7158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.909048][ T7158] RIP: 0033:0x7f65fbd8ebe9
[   85.909058][ T7158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.909065][ T7158] RSP: 002b:00007f65fcc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   85.909073][ T7158] RAX: ffffffffffffffda RBX: 00007f65fbfb5fa0 RCX: 00007f65fbd8ebe9
[   85.909080][ T7158] RDX: 0000000000000104 RSI: 0000000000084200 RDI: 0000200000000900
[   85.909085][ T7158] RBP: 00007f65fbe11e19 R08: 0000000000000000 R09: 0000000000000000
[   85.909090][ T7158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.909094][ T7158] R13: 00007f65fbfb6038 R14: 00007f65fbfb5fa0 R15: 00007ffe671db098
[   85.909103][ T7158]  </TASK>
[   85.909228][   T33] audit: type=1804 audit(1755119811.636:25): pid=7158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.517" name="/newroot/148/file1/file1" dev="loop2" ino=17058 res=1 errno=0
[   85.913171][    C1] vkms_vblank_simulate: vblank timer overrun
[   85.916234][   T33] audit: type=1800 audit(1755119811.636:26): pid=7158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.517" name="file1" dev="loop2" ino=17058 res=0 errno=0
[   86.055057][ T5842] ocfs2: Unmounting device (7,2) on (node local)
[   86.076835][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.

VM DIAGNOSIS:
21:16:51  Registers:
info registers vcpu 0

CPU#0
RAX=8940aad960b18100 RBX=ffffffff81968308 RCX=8940aad960b18100 RDX=0000000000000001
RSI=ffffffff8be325e0 RDI=ffffffff81968308 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa34230 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7893f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000020000007e000 CR3=0000000039b00000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f3eaeb87498 00007f3eaeb87470 XMM03=00007f3eaeb874a8 00007f3eaeb874a0
XMM04=00007f3eaf6ed100 00007f3eaeb87460 XMM05=00007f3eaeb87478 00007f3eaeb874c0
XMM06=00007f3eaeb874b8 00007f3eaeb874b0 XMM07=00007f3eaeb874a8 00007f3eaeb874a0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f3eaea12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffffffff33bcc05 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=00000000000026b9 RDI=00000000000026ba RBP=ffffc9000368ea30 RSP=ffffc9000368e858
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854e71d0
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e7247 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f65fcc8f6c0 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c255f68 CR3=0000000109448000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=00ff0000000000ff 000000000000ff00
XMM04=aa00588d6b9fa800 2c30303030303030 XMM05=7cceb42f4608ce21 29d5dc35876c4e95
XMM06=6798d2777bd1f432 c33a445132880016 XMM07=2ec932a059fbe963 59bc6d93101632e4
XMM08=0000000000000000 0000006df451d6fe XMM09=0000000000000000 00007f65fbe12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
