last executing test programs:

23.994030493s ago: executing program 2 (id=77):
creat(&(0x7f00000001c0)='./file0\x00', 0x40)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x200000000004, 0x1, 0x2, '\x00', 0x8}}, 0x2a)

23.864045084s ago: executing program 2 (id=78):
r0 = syz_io_uring_setup(0xc97, &(0x7f0000000700)={0x0, 0x6015, 0x800, 0xff7fffff, 0x11c}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r3, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0, 0x10121, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

23.673193565s ago: executing program 2 (id=80):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001964d408861a92e03f530102030109022400010200100309041f0202e917f300090502020002020000090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

22.272991798s ago: executing program 2 (id=90):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file1\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x110)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cb19976d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc10700", "64885973ff030000000000000000d01cd3160000ffffff7f0000000000002000", [0x200]})

22.132776801s ago: executing program 2 (id=91):
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="03"], 0x20)
r0 = io_uring_setup(0x3eaf, &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

21.893596174s ago: executing program 2 (id=92):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@hyper}, @my=0x0, 0x0, 0x0, 0x421, 0x0, 0x0, 0x0, 0xdd0})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper, 0x2}, @any, 0x0, 0x0, 0x2, 0x6, 0x9a6, 0x10001, 0x8})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, &(0x7f00000003c0)={{@my=0x1}, 0xfff, 0xffffffffffffffff, 0x0, 0x0, 0x80000, 0x2, 0x1000000000ff6, 0x58df})

21.778359563s ago: executing program 32 (id=92):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@hyper}, @my=0x0, 0x0, 0x0, 0x421, 0x0, 0x0, 0x0, 0xdd0})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper, 0x2}, @any, 0x0, 0x0, 0x2, 0x6, 0x9a6, 0x10001, 0x8})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, &(0x7f00000003c0)={{@my=0x1}, 0xfff, 0xffffffffffffffff, 0x0, 0x0, 0x80000, 0x2, 0x1000000000ff6, 0x58df})

1.671927762s ago: executing program 1 (id=273):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
setresuid(0xee00, 0xee00, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, 0x0, 0x0)

1.582555096s ago: executing program 1 (id=274):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000006118a2000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.58237173s ago: executing program 1 (id=275):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20048840)
r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
pwritev(r0, &(0x7f0000000140), 0x14, 0x6, 0x4)

1.499537797s ago: executing program 1 (id=276):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)={0x1c, 0xb, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0xc060)

1.42965036s ago: executing program 1 (id=278):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\n'], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x0, 0xffff0000}, 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

1.232281764s ago: executing program 3 (id=280):
r0 = socket(0xa, 0x3, 0xff)
shutdown(r0, 0x1)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e1f, 0x9, @mcast2, 0x9}, 0x1c)
io_setup(0x101, &(0x7f0000000340)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000008c0)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x8, r0, 0x0, 0x300, 0x0, 0x0, 0x2}])

1.048079422s ago: executing program 3 (id=281):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x1a, &(0x7f0000000180)="8d", 0x1)

1.002572598s ago: executing program 3 (id=282):
r0 = socket(0xa, 0x3, 0xff)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @mcast2={0xff, 0x5}, 0x1ff}, 0x1c)
sendmsg$unix(r0, &(0x7f0000000600)={&(0x7f0000000000)=@abs={0x0, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0xc0c1}, 0x810)

952.663251ms ago: executing program 3 (id=283):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000480)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r2, 0x288, 0x38d6, 0x1ff, 0x6}, 0x14)

901.052062ms ago: executing program 3 (id=284):
r0 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0xffffffffffffffd1, 0x100, 0x0, {}, {0x0, 0xc, 0x0, 0x8, 0x0, 0x0, "34460e34"}, 0x0, 0x1, {0x0}, 0x6})

855.64967ms ago: executing program 3 (id=285):
syz_usb_connect(0x2, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})

540.891679ms ago: executing program 1 (id=286):
syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0xa13d361dcb9c4216, 0xde, 0x7c, 0x8e, 0x8, 0x4d8, 0xfd08, 0xc147, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x8, 0x7, 0x20, 0x73, [{{0x9, 0x4, 0x8d, 0xb, 0x1, 0xa, 0x21, 0x6, 0x3, [], [{{0x9, 0x5, 0x5, 0x4, 0x3ff, 0x1, 0x3, 0xaf}}]}}]}}]}}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0})

272.536822ms ago: executing program 0 (id=287):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x800000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

161.136314ms ago: executing program 0 (id=288):
r0 = socket$inet(0x2, 0x4000000000000001, 0x100)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)='O', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000007c0)="16ecaaaeb69ec105e9dd534f1bd77f8051db33a07055391264d230088248daa370b0bc75883a507be52e9744ca1479096e0a1d347324d779b5fe3167e722437570ee9c472c6399c49d1473a32016f512dee12a2f9dc3bd6060001c8139ae43a3cbf08d05c66712c9a0b2994264c8614da6c0251fdeb06bcb94139d6b3df7bd60ac9d53ac834c97388aa638bb50457e57f90b3e8e11975ebd2c81a2a13cb5dc9b7fae4411137ad278cf52dd8d32de5b07a396cd19a242b247d2ca16ce1a663064abfc1ba416f7b1fc251409afd53815f775ab04810637bd8c9b2606a8512ee5622829a369d77900cfc7987f950003fb657f4c17131695efdcead8816ddae634049c3dab49a0ca36b1d5d93c8dac8fa0ba2a74f55d159667e3b52ec903f439a21a023b4bc7bf4463d73f5ae46a680f138c34f0ab2e8503ce342bfb26e481f087a08d410a8886335ac1fda0df344dfbb68b6bb8fcc2bf9a85fe835f350fb281e1159b093d52c519a3d61cd4979941c87ebf52404bdb04ebce4e1980314c1b03a674a86d6cf027b9076559eecadd6cbc5daab4002468d3653a11bbcb9cf625b1e4fe49a398e63200944d4ecee2741a09daf3650edb6a8dca6dc705873b78767c0e942a766c8be2bf425eeba3c277f09332f84fe9f24272059625703661763ed5efd08af27a1b6ccc3a7ae63ff339676e5caa6447e4a0575131495bc643681ca8e18b95bc7db66366c50cd89c9a59746da83dcced2526003b48e250bb7a20eabaf34e950fd1eeb6cce37de630e51a067e786dc3ecde5d2218962d33adde6734636adcf597b93be0cc3f307127d2b0df08a75d14f41ed41237db5e7b10fdacd56231cd781566b26080a06edbd7af51e6310233f0cea9aea8fe2c08a94cdc1ae11c6bef6f0fb5d4155567b47db0c4fc61940d157fc5a1df14ff33bd638b56b200b032cd99504751cb6c29d8252e6ebd0c1ac4c3df73d335aaf060f54d6a4f1c225eaca5e3f313a1d29f940d7a9fcaa040d7cab55550954a3c4d8bd772890fff6eadf3de96a396758e0a3d21cba8f2b1bbbc2ce9dbc8818bb3ca8967fc89e130ef4409db59a858f81b29c9019c3954754777af852162d61ff916ad98d6ee6ab4c0a5d25339e7923c1db2386df6596a5059ffb169fa9991d82573587fa4edd83649ece1a1976755b6d622e75ec6b342df6b30c8ea280daacfd1cfa82909f295ad96130d439abf3ebf9f48e8b138b89ea93c751c5c416e727c49c764559ca5dba38a894b056e3c9569f20bd56c638eb74429f5a89fdf1b3d3bd7e38993b0a39446ece8359a57894e28136fc0305e43bfa4adb63c9d85951207eb506bac375a3e203eed305fcd1cc6984f4dc67dc9e50391e4a01effe62fce188da0eead8dabebe5a3e74c7223c240bc0443b3e4c53d677bbccc58a7dfbb0b69dac81cf9ec689f1762a0ba768d73aeb38b4718d735defdfc3ac9376eea3412e5c388f1cf89d7b1caf2550cdafb8deeb8df3b75993b98665b47f29e213c2b2a0541b4d7a8a458cfa92548d03c5b74b5", 0x443}], 0x1}}], 0x2, 0x400c0)

160.702383ms ago: executing program 0 (id=289):
syz_emit_ethernet(0x12, &(0x7f00000004c0)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@llc={0x4, {@llc={0x42, 0x42, "f3", "f4"}}}}}, 0x0)

72.339292ms ago: executing program 0 (id=290):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000600)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000002000)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000001f40)={0x2c, r1, 0xcf02a08ec7a79cb5, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x9}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48805}, 0x40040)

72.146884ms ago: executing program 0 (id=291):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)

0s ago: executing program 0 (id=292):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r3, 0x2007ffb)
sendfile(r2, r3, 0x0, 0x1000000201005)
copy_file_range(r1, 0x0, r0, 0x0, 0xfffffbffa003e458, 0x700000000000000)
creat(&(0x7f0000000240)='./file1\x00', 0xd)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:46341' (ED25519) to the list of known hosts.
syzkaller login: [   57.309452][ T5814] cgroup: Unknown subsys name 'net'
[   57.476423][ T5814] cgroup: Unknown subsys name 'cpuset'
[   57.483182][ T5814] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.237449][ T5814] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.657442][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   66.660643][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   66.664994][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   66.668364][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   66.670914][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   66.737581][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   66.741335][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   66.744873][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   66.764025][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   66.780457][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   66.791712][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   66.796498][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   66.805106][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   66.823529][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   66.832173][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   66.965772][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   67.147938][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.151419][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.154856][ T5849] bridge_slave_0: entered allmulticast mode
[   67.158541][ T5849] bridge_slave_0: entered promiscuous mode
[   67.175050][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.177803][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.180541][ T5849] bridge_slave_1: entered allmulticast mode
[   67.184446][ T5849] bridge_slave_1: entered promiscuous mode
[   67.275882][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.286917][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.303002][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   67.345763][ T5849] team0: Port device team_slave_0 added
[   67.362179][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   67.370862][ T5849] team0: Port device team_slave_1 added
[   67.453171][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.455699][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.465991][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.492602][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.495181][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.507032][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.566166][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.569060][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.573054][ T5853] bridge_slave_0: entered allmulticast mode
[   67.576697][ T5853] bridge_slave_0: entered promiscuous mode
[   67.581610][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.584314][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.586941][ T5853] bridge_slave_1: entered allmulticast mode
[   67.590447][ T5853] bridge_slave_1: entered promiscuous mode
[   67.595802][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.598447][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.601036][ T5855] bridge_slave_0: entered allmulticast mode
[   67.604871][ T5855] bridge_slave_0: entered promiscuous mode
[   67.609181][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.612025][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.615038][ T5855] bridge_slave_1: entered allmulticast mode
[   67.618547][ T5855] bridge_slave_1: entered promiscuous mode
[   67.677536][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.683805][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.733340][ T5849] hsr_slave_0: entered promiscuous mode
[   67.736267][ T5849] hsr_slave_1: entered promiscuous mode
[   67.742235][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.759977][ T5853] team0: Port device team_slave_0 added
[   67.765153][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.784993][ T5853] team0: Port device team_slave_1 added
[   67.834635][ T5855] team0: Port device team_slave_0 added
[   67.857502][ T5855] team0: Port device team_slave_1 added
[   67.860511][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.863621][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.873676][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.916912][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.919526][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.929724][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.974101][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.976305][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.985940][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.009577][ T5853] hsr_slave_0: entered promiscuous mode
[   68.012708][ T5853] hsr_slave_1: entered promiscuous mode
[   68.015422][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   68.017575][ T5853] Cannot create hsr debugfs directory
[   68.032709][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.035415][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.045776][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.126308][ T5855] hsr_slave_0: entered promiscuous mode
[   68.129479][ T5855] hsr_slave_1: entered promiscuous mode
[   68.132702][ T5855] debugfs: 'hsr0' already exists in 'hsr'
[   68.134980][ T5855] Cannot create hsr debugfs directory
[   68.408772][ T5849] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   68.433705][ T5849] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   68.458137][ T5849] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   68.466563][ T5849] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   68.533826][ T5853] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   68.549064][ T5853] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   68.565958][ T5853] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   68.582391][ T5853] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.620936][ T5855] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   68.633563][ T5855] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   68.639085][ T5855] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   68.644560][ T5855] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   68.712291][ T5857] Bluetooth: hci0: command tx timeout
[   68.763925][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.806896][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   68.829076][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.831971][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.842958][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.849737][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.857478][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.860209][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.872338][ T5857] Bluetooth: hci1: command tx timeout
[   68.874835][ T5857] Bluetooth: hci2: command tx timeout
[   68.920216][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   68.930277][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   68.943502][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.946387][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.966801][ T3624] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.969489][ T3624] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.976349][ T3624] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.979157][ T3624] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.005665][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.008489][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.317843][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.331288][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.340019][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.399496][ T5855] veth0_vlan: entered promiscuous mode
[   69.421211][ T5855] veth1_vlan: entered promiscuous mode
[   69.453178][ T5853] veth0_vlan: entered promiscuous mode
[   69.457165][ T5849] veth0_vlan: entered promiscuous mode
[   69.469596][ T5853] veth1_vlan: entered promiscuous mode
[   69.482582][ T5849] veth1_vlan: entered promiscuous mode
[   69.500343][ T5855] veth0_macvtap: entered promiscuous mode
[   69.507097][ T5855] veth1_macvtap: entered promiscuous mode
[   69.535920][ T5849] veth0_macvtap: entered promiscuous mode
[   69.547709][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.564181][ T5849] veth1_macvtap: entered promiscuous mode
[   69.569082][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.585826][ T5853] veth0_macvtap: entered promiscuous mode
[   69.589792][ T5719] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.594863][ T5719] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.598359][ T5719] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.612140][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.625617][ T5719] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.632833][ T5853] veth1_macvtap: entered promiscuous mode
[   69.649675][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.687678][ T5719] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.699066][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.720987][ T5719] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.725203][ T5719] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.756666][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.759758][ T5719] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.784805][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.788527][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.795245][ T5719] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.798941][ T5719] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.811204][ T5719] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.816742][ T5719] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.843423][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.846555][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.915188][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.918379][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.929620][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   69.992696][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.998187][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.064349][ T3650] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.067604][ T3650] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.118850][ T3650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.127451][ T3650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.235105][ T5923] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5'.
[   70.378368][ T5935] loop1: detected capacity change from 0 to 512
[   70.381756][ T5934] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11'.
[   70.455937][ T5935] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.460820][ T5935] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.578889][ T5935] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #12: comm syz.1.8: corrupted xattr block 6: invalid header
[   70.588777][ T5935] EXT4-fs (loop1): Remounting filesystem read-only
[   70.725236][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.743389][ T3624] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[   70.748484][ T3624] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[   70.791790][ T5238] Bluetooth: hci0: command tx timeout
[   70.832439][ T5902] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   70.952284][ T5238] Bluetooth: hci2: command tx timeout
[   70.954595][ T5238] Bluetooth: hci1: command tx timeout
[   70.982611][ T5902] usb 3-1: Using ep0 maxpacket: 16
[   70.997705][ T5902] usb 3-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[   71.005225][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.008539][ T5902] usb 3-1: Product: syz
[   71.010263][ T5902] usb 3-1: Manufacturer: syz
[   71.017570][ T5902] usb 3-1: SerialNumber: syz
[   71.034547][ T5902] usb 3-1: config 0 descriptor??
[   71.044514][ T5902] ums-onetouch 3-1:0.0: USB Mass Storage device detected
[   71.255043][ T5902] usb 3-1: USB disconnect, device number 2
[   71.269408][ T5956] capability: warning: `syz.1.17' uses deprecated v2 capabilities in a way that may be insecure
[   71.357233][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.359674][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   72.534555][ T5994] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   72.732636][ T6000] netlink: 'syz.1.37': attribute type 1 has an invalid length.
[   72.735717][ T6000] netlink: 'syz.1.37': attribute type 1 has an invalid length.
[   72.737782][ T5946] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   72.738839][ T6000] netlink: 'syz.1.37': attribute type 1 has an invalid length.
[   72.746594][ T6000] block nbd0: shutting down sockets
[   72.818165][ T6000] Zero length message leads to an empty skb
[   72.871860][ T5238] Bluetooth: hci0: command tx timeout
[   72.923364][ T5946] usb 3-1: config 0 has an invalid interface number: 120 but max is 0
[   72.925855][ T5946] usb 3-1: config 0 has no interface number 0
[   72.929639][ T5946] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=c6.7f
[   72.932572][ T5946] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.935090][ T5946] usb 3-1: Product: syz
[   72.941526][ T5946] usb 3-1: Manufacturer: syz
[   72.943256][ T5946] usb 3-1: SerialNumber: syz
[   72.952233][ T5946] usb 3-1: config 0 descriptor??
[   72.956229][ T5946] esd_usb 3-1:0.120: sending version message failed
[   72.958387][ T5946] esd_usb 3-1:0.120: probe with driver esd_usb failed with error -22
[   73.032985][ T5238] Bluetooth: hci2: command tx timeout
[   73.033189][ T5857] Bluetooth: hci1: command tx timeout
[   73.163799][ T5946] usb 3-1: USB disconnect, device number 3
[   73.311730][ T5915] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   73.467146][ T5915] usb 1-1: config 7 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 55911, setting to 64
[   73.479521][ T5915] usb 1-1: config 7 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   73.486897][ T5915] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[   73.490564][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.498433][ T6005] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   73.648769][ T6015] loop1: detected capacity change from 0 to 4096
[   73.715166][ T5946] usb 1-1: USB disconnect, device number 2
[   74.117700][ T6027] loop2: detected capacity change from 0 to 32768
[   74.160646][ T6027] ERROR: (device loop2): dbAdjCtl: the maximum free buddy is not the old root
[   74.160646][ T6027] 
[   74.165134][ T6027] ERROR: (device loop2): remounting filesystem as read-only
[   74.707261][ T6045] loop0: detected capacity change from 0 to 32768
[   74.853089][ T6045] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   74.853089][ T6045] 
[   74.857797][ T6045] ialloc: diAlloc returned -5!
[   74.888580][ T5901] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   74.961875][ T5857] Bluetooth: hci0: command tx timeout
[   75.042190][ T5901] usb 2-1: Using ep0 maxpacket: 16
[   75.047894][ T5901] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.052843][ T5901] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   75.056577][ T5901] usb 2-1: config 0 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   75.062078][ T5901] usb 2-1: config 0 interface 0 has no altsetting 0
[   75.064765][ T5901] usb 2-1: New USB device found, idVendor=05ac, idProduct=025a, bcdDevice= 0.00
[   75.068197][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.075333][ T5901] usb 2-1: config 0 descriptor??
[   75.084973][ T5901] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input4
[   75.112870][ T5857] Bluetooth: hci1: command tx timeout
[   75.121862][ T5857] Bluetooth: hci2: command tx timeout
[   75.187330][ T6069] Sensor A: =================  START STATUS  =================
[   75.190328][ T6069] Sensor A: Test Pattern: 75% Colorbar
[   75.206463][ T6069] Sensor A: Show Information: All
[   75.208538][ T6069] Sensor A: Vertical Flip: false
[   75.210494][ T6069] Sensor A: Horizontal Flip: false
[   75.214099][ T6069] Sensor A: Brightness: 128
[   75.215928][ T6069] Sensor A: Contrast: 128
[   75.217700][ T6069] Sensor A: Hue: 0
[   75.219221][ T6069] Sensor A: Saturation: 128
[   75.221025][ T6069] Sensor A: ==================  END STATUS  ==================
[   75.236670][ T6066] loop0: detected capacity change from 0 to 40427
[   75.258588][ T6066] F2FS-fs (loop0): invalid crc value
[   75.299656][ T5283] bcm5974 2-1:0.0: could not read from device
[   75.360641][ T5283] bcm5974 2-1:0.0: could not read from device
[   75.373797][ T5901] usb 2-1: USB disconnect, device number 2
[   75.376987][ T6066] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   75.392709][ T5858] bcm5974 2-1:0.0: could not read from device
[   75.393381][ T6066] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   75.509968][ T5853] syz-executor: attempt to access beyond end of device
[   75.509968][ T5853] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[   75.522588][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   75.522608][ T5853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   75.522616][ T5853] Call Trace:
[   75.522623][ T5853]  <TASK>
[   75.522644][ T5853]  dump_stack_lvl+0x189/0x250
[   75.522671][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.522689][ T5853]  ? __pfx_queue_work_on+0x10/0x10
[   75.522705][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.522724][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.522747][ T5853]  ? f2fs_hw_is_readonly+0x39b/0x470
[   75.522773][ T5853]  f2fs_handle_critical_error+0x37c/0x540
[   75.522800][ T5853]  f2fs_write_end_io+0x886/0xb60
[   75.522833][ T5853]  __submit_merged_bio+0x27a/0x6a0
[   75.522871][ T5853]  f2fs_submit_page_write+0xe16/0x21b0
[   75.522912][ T5853]  ? __f2fs_is_valid_blkaddr+0xd2a/0x14f0
[   75.522943][ T5853]  do_write_page+0x6a6/0x940
[   75.522969][ T5853]  f2fs_do_write_node_page+0x3b/0x60
[   75.522987][ T5853]  __write_node_folio+0x8c1/0x1550
[   75.523022][ T5853]  ? __pfx___write_node_folio+0x10/0x10
[   75.523040][ T5853]  ? folio_clear_dirty_for_io+0x6b5/0x8c0
[   75.523076][ T5853]  ? f2fs_folio_wait_writeback+0xa9/0x240
[   75.523097][ T5853]  f2fs_sync_node_pages+0xe6e/0x15e0
[   75.523137][ T5853]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[   75.523183][ T5853]  ? f2fs_write_checkpoint+0xe43/0x1df0
[   75.523205][ T5853]  ? up_write+0x1c4/0x420
[   75.523220][ T5853]  ? do_raw_spin_unlock+0x4d/0x240
[   75.523243][ T5853]  f2fs_write_checkpoint+0xe6f/0x1df0
[   75.523277][ T5853]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   75.523333][ T5853]  ? f2fs_stop_gc_thread+0x7f/0xb0
[   75.523349][ T5853]  ? kfree+0x18e/0x440
[   75.523369][ T5853]  ? kill_f2fs_super+0x298/0x6c0
[   75.523391][ T5853]  kill_f2fs_super+0x2c3/0x6c0
[   75.523412][ T5853]  ? __pfx_kill_f2fs_super+0x10/0x10
[   75.523430][ T5853]  ? radix_tree_delete_item+0x2b6/0x400
[   75.523457][ T5853]  ? shrinker_free+0x2ce/0x3e0
[   75.523476][ T5853]  deactivate_locked_super+0xbc/0x130
[   75.523528][ T5853]  cleanup_mnt+0x425/0x4c0
[   75.523547][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.523569][ T5853]  task_work_run+0x1d4/0x260
[   75.523593][ T5853]  ? __pfx_task_work_run+0x10/0x10
[   75.523611][ T5853]  ? __x64_sys_umount+0x122/0x160
[   75.523635][ T5853]  ? exit_to_user_mode_loop+0x40/0x110
[   75.523660][ T5853]  exit_to_user_mode_loop+0xec/0x110
[   75.523681][ T5853]  do_syscall_64+0x2bd/0x3b0
[   75.523701][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.523719][ T5853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.523735][ T5853]  ? exc_page_fault+0x9f/0xf0
[   75.523756][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.523771][ T5853] RIP: 0033:0x7f8e9f98ff17
[   75.523787][ T5853] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   75.523799][ T5853] RSP: 002b:00007ffed43e5c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   75.523814][ T5853] RAX: 0000000000000000 RBX: 00007f8e9fa11c05 RCX: 00007f8e9f98ff17
[   75.523824][ T5853] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed43e5d10
[   75.523833][ T5853] RBP: 00007ffed43e5d10 R08: 0000000000000000 R09: 0000000000000000
[   75.523850][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffed43e6da0
[   75.523859][ T5853] R13: 00007f8e9fa11c05 R14: 0000000000012662 R15: 00007ffed43e6de0
[   75.523887][ T5853]  </TASK>
[   75.523894][ T5853] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   75.682538][ T5853] syz-executor: attempt to access beyond end of device
[   75.682538][ T5853] loop0: rw=2049, sector=41000, nr_sectors = 8 limit=40427
[   75.698632][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   75.698655][ T5853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   75.698665][ T5853] Call Trace:
[   75.698671][ T5853]  <TASK>
[   75.698677][ T5853]  dump_stack_lvl+0x189/0x250
[   75.698703][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.698720][ T5853]  ? __pfx_queue_work_on+0x10/0x10
[   75.698735][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.698754][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.698780][ T5853]  f2fs_handle_critical_error+0x37c/0x540
[   75.698808][ T5853]  f2fs_write_end_io+0x886/0xb60
[   75.698837][ T5853]  __submit_merged_bio+0x27a/0x6a0
[   75.698856][ T5853]  ? up_write+0x1c4/0x420
[   75.698877][ T5853]  __submit_merged_write_cond+0x44c/0x530
[   75.698909][ T5853]  __write_node_folio+0x10d2/0x1550
[   75.698941][ T5853]  ? __pfx___write_node_folio+0x10/0x10
[   75.698957][ T5853]  ? folio_clear_dirty_for_io+0x6b5/0x8c0
[   75.699009][ T5853]  ? f2fs_folio_wait_writeback+0xa9/0x240
[   75.699030][ T5853]  f2fs_sync_node_pages+0xe6e/0x15e0
[   75.699065][ T5853]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[   75.699106][ T5853]  ? f2fs_write_checkpoint+0xe43/0x1df0
[   75.699125][ T5853]  ? up_write+0x1c4/0x420
[   75.699138][ T5853]  ? do_raw_spin_unlock+0x4d/0x240
[   75.699158][ T5853]  f2fs_write_checkpoint+0xe6f/0x1df0
[   75.699192][ T5853]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   75.699239][ T5853]  ? f2fs_stop_gc_thread+0x7f/0xb0
[   75.699254][ T5853]  ? kfree+0x18e/0x440
[   75.699273][ T5853]  ? kill_f2fs_super+0x298/0x6c0
[   75.699291][ T5853]  kill_f2fs_super+0x2c3/0x6c0
[   75.699311][ T5853]  ? __pfx_kill_f2fs_super+0x10/0x10
[   75.699323][ T5853]  ? radix_tree_delete_item+0x2b6/0x400
[   75.699348][ T5853]  ? shrinker_free+0x2ce/0x3e0
[   75.699366][ T5853]  deactivate_locked_super+0xbc/0x130
[   75.699386][ T5853]  cleanup_mnt+0x425/0x4c0
[   75.699402][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.699423][ T5853]  task_work_run+0x1d4/0x260
[   75.699446][ T5853]  ? __pfx_task_work_run+0x10/0x10
[   75.699462][ T5853]  ? __x64_sys_umount+0x122/0x160
[   75.699508][ T5853]  ? exit_to_user_mode_loop+0x40/0x110
[   75.699532][ T5853]  exit_to_user_mode_loop+0xec/0x110
[   75.699552][ T5853]  do_syscall_64+0x2bd/0x3b0
[   75.699571][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.699589][ T5853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.699603][ T5853]  ? exc_page_fault+0x9f/0xf0
[   75.699623][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.699636][ T5853] RIP: 0033:0x7f8e9f98ff17
[   75.699650][ T5853] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   75.699662][ T5853] RSP: 002b:00007ffed43e5c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   75.699678][ T5853] RAX: 0000000000000000 RBX: 00007f8e9fa11c05 RCX: 00007f8e9f98ff17
[   75.699688][ T5853] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed43e5d10
[   75.699696][ T5853] RBP: 00007ffed43e5d10 R08: 0000000000000000 R09: 0000000000000000
[   75.699704][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffed43e6da0
[   75.699713][ T5853] R13: 00007f8e9fa11c05 R14: 0000000000012662 R15: 00007ffed43e6de0
[   75.699736][ T5853]  </TASK>
[   75.699764][ T5853] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   76.004850][ T6092] tipc: Started in network mode
[   76.006954][ T6092] tipc: Node identity c6b02206b334, cluster identity 4711
[   76.009885][ T6092] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.015362][ T6092] syzkaller0: entered promiscuous mode
[   76.017610][ T6092] syzkaller0: entered allmulticast mode
[   76.082879][ T6092] tipc: Resetting bearer <eth:syzkaller0>
[   76.087940][ T6091] tipc: Resetting bearer <eth:syzkaller0>
[   76.116215][ T6091] tipc: Disabling bearer <eth:syzkaller0>
[   76.201721][ T5901] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   76.353910][ T5901] usb 3-1: Using ep0 maxpacket: 8
[   76.358887][ T5901] usb 3-1: config 2 has an invalid interface number: 31 but max is 0
[   76.363840][ T5901] usb 3-1: config 2 has no interface number 0
[   76.365631][ T6102] loop1: detected capacity change from 0 to 4096
[   76.366541][ T5901] usb 3-1: config 2 interface 31 has no altsetting 0
[   76.370487][ T6102] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   76.377512][ T5901] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[   76.384363][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.387916][ T5901] usb 3-1: Product: syz
[   76.389759][ T5901] usb 3-1: Manufacturer: syz
[   76.393051][ T6102] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   76.396903][ T6102] ntfs3(loop1): Failed to load $Extend (-22).
[   76.399354][ T6102] ntfs3(loop1): Failed to initialize $Extend.
[   76.404466][ T5901] usb 3-1: SerialNumber: syz
[   76.501679][ T5915] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   76.661637][ T5915] usb 1-1: Using ep0 maxpacket: 16
[   76.675094][ T5915] usb 1-1: unable to get BOS descriptor or descriptor too short
[   76.679233][ T5915] usb 1-1: unable to read config index 0 descriptor/start: -71
[   76.682777][ T5915] usb 1-1: can't read configurations, error -71
[   76.762381][  T793] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   76.825173][ T5901] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22
[   76.830969][ T5901] usb 3-1: USB disconnect, device number 4
[   76.911613][  T793] usb 2-1: Using ep0 maxpacket: 8
[   76.915531][  T793] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[   76.918857][  T793] usb 2-1: config 179 has no interface number 0
[   76.921299][  T793] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   76.926472][  T793] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   76.930866][  T793] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   76.935255][  T793] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   76.939703][  T793] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   76.945789][  T793] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   76.949164][  T793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.955742][ T6104] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[   77.173970][  T793] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input5
[   77.369665][ T6104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   77.376006][ T6104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.395745][ T6112] loop2: detected capacity change from 0 to 512
[   77.409670][ T6112] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.415188][ T6112] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.498325][ T5849] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[   77.503531][ T5849] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[   77.584688][ T5946] usb 2-1: USB disconnect, device number 3
[   77.584801][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   77.590936][    C0] dummy_hcd dummy_hcd.1: timer fired with no URBs pending?
[   77.671679][ T5238] Bluetooth: hci2: command 0x0405 tx timeout
[   77.704041][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.744131][ T5876] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.815102][ T5876] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.889357][ T5876] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.908856][ T6118] syz.0.94 uses obsolete (PF_INET,SOCK_PACKET)
[   77.952224][ T5876] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.037593][ T5876] bridge_slave_1: left allmulticast mode
[   78.040098][ T5876] bridge_slave_1: left promiscuous mode
[   78.043542][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.049639][ T5876] bridge_slave_0: left allmulticast mode
[   78.053461][ T5876] bridge_slave_0: left promiscuous mode
[   78.055739][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.228968][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.236425][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.239839][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.244261][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.247855][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.629043][ T5876] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   78.734297][ T5876] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   78.789573][ T5876] bond0 (unregistering): Released all slaves
[   78.889021][ T6138] netlink: 4 bytes leftover after parsing attributes in process `syz.0.101'.
[   79.275471][ T5876] hsr_slave_0: left promiscuous mode
[   79.278392][ T5876] hsr_slave_1: left promiscuous mode
[   79.282556][ T5876] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   79.287280][ T5876] batman_adv: batadv0: Removing interface: batadv_slave_0
[   79.293595][ T5876] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   79.296756][ T5876] batman_adv: batadv0: Removing interface: batadv_slave_1
[   79.317469][ T5876] veth1_macvtap: left promiscuous mode
[   79.320846][ T5876] veth0_macvtap: left promiscuous mode
[   79.323852][ T5876] veth1_vlan: left promiscuous mode
[   79.326396][ T5876] veth0_vlan: left promiscuous mode
[   79.514811][ T6147] netlink: 20 bytes leftover after parsing attributes in process `syz.1.105'.
[   79.620977][ T6141] loop0: detected capacity change from 0 to 32768
[   79.627960][ T6141] =======================================================
[   79.627960][ T6141] WARNING: The mand mount option has been deprecated and
[   79.627960][ T6141]          and is ignored by this kernel. Remove the mand
[   79.627960][ T6141]          option from the mount to silence this warning.
[   79.627960][ T6141] =======================================================
[   79.727568][ T6141] JBD2: Ignoring recovery information on journal
[   79.755827][ T6141] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   79.827879][ T5853] ocfs2: Unmounting device (7,0) on (node local)
[   80.000924][ T5876] team0 (unregistering): Port device team_slave_1 removed
[   80.048897][ T5876] team0 (unregistering): Port device team_slave_0 removed
[   80.323816][ T5857] Bluetooth: hci0: command tx timeout
[   80.420607][ T6168] loop1: detected capacity change from 0 to 4096
[   80.425707][ T6168] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   80.454596][ T6169] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_hsr, syncid = 4, id = 0
[   80.461308][ T6168] ntfs3(loop1): ino=19, mi_enum_attr
[   80.463991][ T6168] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   80.543008][ T6129] chnl_net:caif_netlink_parms(): no params data found
[   81.080288][ T6182] loop1: detected capacity change from 0 to 1024
[   81.090179][ T6129] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.094786][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.097733][ T6129] bridge_slave_0: entered allmulticast mode
[   81.101432][ T6129] bridge_slave_0: entered promiscuous mode
[   81.107206][ T6129] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.110127][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.113748][ T6129] bridge_slave_1: entered allmulticast mode
[   81.117604][ T6129] bridge_slave_1: entered promiscuous mode
[   81.152053][ T6129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.158757][ T6129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.194775][ T6129] team0: Port device team_slave_0 added
[   81.199431][ T6129] team0: Port device team_slave_1 added
[   81.233060][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.235759][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.245631][ T6129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.255951][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.260313][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.273658][ T6129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.283807][ T6186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.118'.
[   81.287431][ T6186] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   81.356184][ T6129] hsr_slave_0: entered promiscuous mode
[   81.360497][ T6129] hsr_slave_1: entered promiscuous mode
[   81.479348][ T6190] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   81.487032][ T6190] macsec1: entered promiscuous mode
[   81.495870][ T6190] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[   81.591318][ T6196] netlink: 240 bytes leftover after parsing attributes in process `syz.1.123'.
[   81.599291][ T6196] NCSI netlink: No device for ifindex 1024
[   81.728942][ T6206] loop0: detected capacity change from 0 to 256
[   81.736925][ T6129] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.747107][ T6129] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.763510][ T6129] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.775630][ T6129] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.948498][ T6208] loop0: detected capacity change from 0 to 32768
[   81.948658][ T6129] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.976755][ T6129] 8021q: adding VLAN 0 to HW filter on device team0
[   81.987790][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.990953][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.013371][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.016414][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.117289][ T6208] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   82.117312][ T6208]   allowing incompatible features above 0.0: (unknown version)
[   82.117322][ T6208]   features: 
[   82.143812][ T6208] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   82.147082][ T6208] bcachefs (loop0): initializing new filesystem
[   82.170557][ T6205] loop1: detected capacity change from 0 to 32768
[   82.177462][ T6208] bcachefs (loop0): going read-write
[   82.195464][ T6208] bcachefs (loop0): marking superblocks
[   82.209782][ T6205] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   82.220518][ T6129] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.238949][ T6208] bcachefs (loop0): initializing freespace
[   82.269320][ T6208] bcachefs (loop0): done initializing freespace
[   82.306770][ T6129] veth0_vlan: entered promiscuous mode
[   82.315166][ T6208] bcachefs (loop0): reading snapshots table
[   82.317560][ T6129] veth1_vlan: entered promiscuous mode
[   82.317679][ T6208] bcachefs (loop0): reading snapshots done
[   82.328148][ T5855] ocfs2: Unmounting device (7,1) on (node local)
[   82.347143][ T6129] veth0_macvtap: entered promiscuous mode
[   82.357151][ T6129] veth1_macvtap: entered promiscuous mode
[   82.406489][ T5857] Bluetooth: hci0: command tx timeout
[   82.420394][ T6208] bcachefs (loop0): done starting filesystem
[   82.426317][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.444388][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.463302][ T5876] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.466830][ T5876] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.470317][ T5876] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.491363][ T5876] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.539331][   T33] audit: type=1800 audit(1755567554.084:2): pid=6208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.129" name=23DDE1CED471CFB1DECC1A9464667771B795229B1906651E9E5E4402C7E75182B1432ACB4B54C499358585AA83FCA804FBDD12DFD3B9E95B0AC718CADB879A2898D86C4ED914A59918DF6BA519DE4599F662811202158E418CEF0D103ED4E77833D4DEA6E59F7FEF1C86F818121655DD1B2CB3717C892A289797049911356B5DD5DC0C50CAADD0DD0318994D730FD6E6953E01730FB2682AB3F7CA8B4D596574456F59B95F34FF6F79DB68B495010B8816A7B55229B35A2790F25C42EF1EFCC5271C66500FC285DE61516FC401518BA1AE388F90B0A5760E01031CEED37D1EB8A792F4A196A9FA0FF1579358BFE5C63744027D1A01E0A4602C79C2FE727034A4D810F0A2C30DC5A4C122E510E4D6348774754BF1F924C1D5A31DCCF345A6C752389CC38E46E968E3B2815E2ECC3E5827F198F5D836B5783E9D7CC5BC5BA1715D23A4C35157B28E997010C627CBCEBDA89D08AC88E3D2F387C87AF78B2A565DD5704BF3C12E4019D91890AD4F660345B384B59FAD6D9F56F1FCF35BABE5A9FBD8DD3908BE450EDF05CA8A3154FB3AC1AF485508C61A7BA322AC06928E7D660FEE6BFEF74C9C4F22BBAB318077
[   82.559483][ T6236] loop1: detected capacity change from 0 to 512
[   82.638916][ T6208] syz.0.129 (6208) used greatest stack depth: 16056 bytes left
[   82.645231][ T6236] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.650632][ T6236] ext4 filesystem being mounted at /60/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.661605][ T3650] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.665027][ T3650] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.696947][ T5853] bcachefs (loop0): shutting down
[   82.699646][ T6236] EXT4-fs error (device loop1): ext4_get_first_dir_block:3533: inode #12: comm syz.1.131: Attempting to read directory block (0) that is past i_size (3)
[   82.712535][ T5853] bcachefs (loop0): going read-only
[   82.714921][ T5853] bcachefs (loop0): finished waiting for writes to stop
[   82.723272][  T519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.726690][  T519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.732846][ T5853] bcachefs (loop0): flushing journal and stopping allocators, journal seq 2
[   82.767547][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.802692][ T5853] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[   82.806051][ T6243] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   82.809420][ T5853] bcachefs (loop0): clean shutdown complete, journal seq 4
[   82.829086][ T5853] bcachefs (loop0): marking filesystem clean
[   82.856553][ T6245] binder: 6244:6245 ioctl c018620c 0 returned -14
[   82.867016][ T5853] bcachefs (loop0): shutdown complete
[   82.976500][ T6249] loop1: detected capacity change from 0 to 4096
[   82.980036][ T6249] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   82.984820][ T6249] ntfs3(loop1): ino=3, mi_enum_attr
[   82.987851][ T6249] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   82.990635][ T6249] ntfs3(loop1): Failed to load $LogFile (-22).
[   83.571676][ T5902] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   83.743166][ T5902] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   83.747465][ T5902] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   83.753467][ T5902] usb 2-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice=48.98
[   83.764559][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.814636][ T5902] usb 2-1: config 0 descriptor??
[   84.158822][ T6273] netlink: 32 bytes leftover after parsing attributes in process `syz.3.145'.
[   84.471641][ T5857] Bluetooth: hci0: command tx timeout
[   84.606541][ T6281] netlink: 'syz.3.148': attribute type 8 has an invalid length.
[   84.786056][ T5915] usb 2-1: USB disconnect, device number 4
[   84.866019][ T6293] loop3: detected capacity change from 0 to 16
[   84.875419][ T6293] erofs (device loop3): mounted with root inode @ nid 36.
[   85.004415][ T6298] Driver unsupported XDP return value 0 on prog  (id 15) dev N/A, expect packet loss!
[   85.129422][ T6302] loop3: detected capacity change from 0 to 128
[   85.143749][ T6302] FAT-fs (loop3): Directory bread(block 11554) failed
[   85.146122][ T6302] FAT-fs (loop3): Directory bread(block 11555) failed
[   85.148359][ T6302] FAT-fs (loop3): Directory bread(block 11556) failed
[   85.163159][ T6302] FAT-fs (loop3): Directory bread(block 11557) failed
[   85.165318][ T6302] FAT-fs (loop3): Directory bread(block 11558) failed
[   85.167708][ T6302] FAT-fs (loop3): Directory bread(block 11559) failed
[   85.170371][ T6302] FAT-fs (loop3): Directory bread(block 11560) failed
[   85.186264][ T6302] FAT-fs (loop3): Directory bread(block 11561) failed
[   85.189169][ T6302] FAT-fs (loop3): Directory bread(block 11562) failed
[   85.203460][ T6302] FAT-fs (loop3): Directory bread(block 11563) failed
[   85.808501][ T6313] loop1: detected capacity change from 0 to 4096
[   85.952416][ T6314] loop3: detected capacity change from 0 to 32768
[   86.104532][ T6314] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 255,nocow
[   86.104908][ T6314]   allowing incompatible features above 0.0: (unknown version)
[   86.105017][ T6314]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   86.129005][ T6314] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[   86.135006][ T6314] bcachefs (loop3): initializing new filesystem
[   86.229984][ T6314] bcachefs (loop3): going read-write
[   86.285396][ T6314] bcachefs (loop3): marking superblocks
[   86.508851][ T6314] bcachefs (loop3): initializing freespace
[   86.534659][ T6314] bcachefs (loop3): done initializing freespace
[   86.551791][ T5857] Bluetooth: hci0: command tx timeout
[   86.577613][ T6314] bcachefs (loop3): reading snapshots table
[   86.580100][ T6314] bcachefs (loop3): reading snapshots done
[   86.609511][ T6314] bcachefs (loop3):  loop3: Superblock write was silently dropped! (seq 0 expected 42)
[   86.614188][ T6314] bcachefs (loop3): done starting filesystem
[   86.712566][    T9] cfg80211: failed to load regulatory.db
[   86.749479][ T6129] bcachefs (loop3): shutting down
[   86.757064][ T6129] bcachefs (loop3): going read-only
[   86.759841][ T6129] bcachefs (loop3): finished waiting for writes to stop
[   86.769405][ T6129] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[   86.791367][ T6328] loop1: detected capacity change from 0 to 512
[   86.805057][ T6129] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[   86.810196][ T6129] bcachefs (loop3): clean shutdown complete, journal seq 4
[   86.814568][ T6129] bcachefs (loop3): marking filesystem clean
[   86.838333][ T6328] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.844510][ T6328] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.854554][ T6129] bcachefs (loop3): shutdown complete
[   87.017272][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.212357][ T6335] netlink: 4 bytes leftover after parsing attributes in process `syz.1.167'.
[   87.322766][ T6337] process 'syz.1.168' launched './file2' with NULL argv: empty string added
[   87.611380][ T6346] netlink: 180 bytes leftover after parsing attributes in process `syz.0.172'.
[   87.941884][ T5946] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   88.115523][ T5946] usb 1-1: Using ep0 maxpacket: 32
[   88.128235][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   88.134201][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   88.143642][ T5946] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   88.147193][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.152745][ T5946] usb 1-1: config 0 descriptor??
[   88.157100][ T5946] hub 1-1:0.0: USB hub found
[   88.360122][ T5946] hub 1-1:0.0: 1 port detected
[   88.647000][ T6359] netlink: 52 bytes leftover after parsing attributes in process `syz.1.176'.
[   88.758299][ T6365] loop1: detected capacity change from 0 to 2048
[   88.776271][ T6365] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.781093][ T6365] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.792858][ T6365] EXT4-fs error (device loop1): __ext4_new_inode:1073: comm syz.1.179: reserved inode found cleared - inode=1
[   88.801217][ T6365] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   88.807276][ T6365] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   88.832708][ T6365] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   88.843280][ T6365] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[   88.876990][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.004978][ T5881] hub 1-1:0.0: activate --> -90
[   89.512231][ T5915] usb 1-1: USB disconnect, device number 5
[   89.590858][ T6379] loop3: detected capacity change from 0 to 1024
[   89.631145][ T6379] hfsplus: can't free extent
[   90.022044][ T5946] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   90.203207][ T5946] usb 4-1: Using ep0 maxpacket: 16
[   90.208675][ T5946] usb 4-1: config 1 has an invalid descriptor of length 79, skipping remainder of the config
[   90.216770][ T5946] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[   90.220173][ T5946] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   90.238927][ T5946] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   90.242031][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.244811][ T5946] usb 4-1: Product: syz
[   90.246439][ T5946] usb 4-1: Manufacturer: syz
[   90.257285][ T5946] usb 4-1: SerialNumber: syz
[   90.443375][ T6403] loop0: detected capacity change from 0 to 512
[   90.457747][ T6403] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.196: invalid block
[   90.464723][ T6403] EXT4-fs (loop0): Remounting filesystem read-only
[   90.470348][ T6403] EXT4-fs (loop0): 2 truncates cleaned up
[   90.475267][ T6403] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.475765][ T5946] cdc_ncm 4-1:1.0: skipping garbage
[   90.483363][ T5946] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[   90.485497][ T5946] cdc_ncm 4-1:1.0: bind() failure
[   90.491276][ T5946] usb 4-1: USB disconnect, device number 2
[   90.513025][ T5853] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.652138][ T5881] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[   90.804933][ T5881] usb 2-1: unable to get BOS descriptor or descriptor too short
[   90.809919][ T5881] usb 2-1: not running at top speed; connect to a high speed hub
[   90.816173][ T5881] usb 2-1: config 4 has an invalid interface number: 156 but max is 0
[   90.819262][ T5881] usb 2-1: config 4 has no interface number 0
[   90.823278][ T5881] usb 2-1: config 4 interface 156 has no altsetting 0
[   90.825649][ T1273] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   90.830729][ T5881] usb 2-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a
[   90.835661][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.838320][ T5881] usb 2-1: Product: syz
[   90.839763][ T5881] usb 2-1: Manufacturer: syz
[   90.841285][ T5881] usb 2-1: SerialNumber: syz
[   90.984268][ T1273] usb 1-1: New USB device found, idVendor=0925, idProduct=8888, bcdDevice= 0.00
[   90.987995][ T1273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.002658][ T1273] usb 1-1: config 0 descriptor??
[   91.065411][ T5881] usb 2-1: USB disconnect, device number 5
[   91.068855][ T6412] loop3: detected capacity change from 0 to 128
[   91.073439][ T6412] ext2: Unknown parameter 'context'
[   91.083832][ T6412] loop3: detected capacity change from 0 to 128
[   91.091138][ T6412] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   91.098516][ T6412] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   91.622837][ T1273] smartjoyplus 0003:0925:8888.0001: item fetching failed at offset 3/5
[   91.764560][ T1273] smartjoyplus 0003:0925:8888.0001: parse failed
[   91.782932][ T1273] smartjoyplus 0003:0925:8888.0001: probe with driver smartjoyplus failed with error -22
[   91.786098][ T6129] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   91.791007][ T1273] usb 1-1: USB disconnect, device number 6
[   92.796870][ T6443] netlink: 'syz.0.212': attribute type 3 has an invalid length.
[   92.797346][ T6441] loop3: detected capacity change from 0 to 1024
[   92.806914][ T6441] EXT4-fs: Ignoring removed bh option
[   92.853039][ T6441] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.071650][ T6453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.214'.
[   93.088754][ T6452] loop1: detected capacity change from 0 to 2048
[   93.096981][ T6452] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=18576, location=18576
[   93.107405][ T6452] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   93.107996][ T6441] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.211: Allocating blocks 497-513 which overlap fs metadata
[   93.156917][ T6455] loop0: detected capacity change from 0 to 4096
[   93.168889][ T6440] EXT4-fs (loop3): pa ffff8880291f3910: logic 16, phys. 369, len 9
[   93.172350][ T6440] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   93.186121][ T6457] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   93.204323][ T6455] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 648518346341351424
[   93.207280][ T6455] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=12)
[   93.219457][ T6455] Remounting filesystem read-only
[   93.223032][ T6455] NILFS (loop0): error -5 truncating bmap (ino=12)
[   93.230607][ T6129] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.247231][ T5853] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[   93.379035][ T6473] loop1: detected capacity change from 0 to 8
[   93.576350][ T6486] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   94.070433][ T6494] loop1: detected capacity change from 0 to 1024
[   94.101041][ T6494] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   94.376258][ T6502] loop3: detected capacity change from 0 to 1024
[   94.406322][   T33] audit: type=1800 audit(1755567565.954:3): pid=6502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.235" name="file1" dev="loop3" ino=20 res=0 errno=0
[   94.459455][   T33] audit: type=1800 audit(1755567565.954:4): pid=6502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.235" name="file1" dev="loop3" ino=20 res=0 errno=0
[   95.083347][ T6522] : renamed from batadv_slave_1 (while UP)
[   95.361722][ T5915] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   95.406846][ T6514] loop3: detected capacity change from 0 to 32768
[   95.460771][ T6514] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   95.511599][ T5915] usb 1-1: Using ep0 maxpacket: 8
[   95.519224][ T5915] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[   95.527879][ T5915] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[   95.534057][ T5915] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[   95.540385][ T5915] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   95.543717][ T6514] XFS (loop3): Ending clean mount
[   95.547300][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.551408][ T5915] usb 1-1: Product: syz
[   95.553372][ T5915] usb 1-1: Manufacturer: syz
[   95.555344][ T5915] usb 1-1: SerialNumber: syz
[   95.745676][ T6129] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   95.792395][ T5915] adutux 1-1:168.0: interrupt endpoints not found
[   95.824683][ T5915] usb 1-1: USB disconnect, device number 7
[   96.109993][ T6539] loop3: detected capacity change from 0 to 512
[   96.116717][ T6539] EXT4-fs: Ignoring removed nobh option
[   96.134202][ T6539] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.247: iget: bad i_size value: 38620345925642
[   96.140030][ T6539] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.247: couldn't read orphan inode 15 (err -117)
[   96.149943][ T6539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.205652][ T6129] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.575841][ T6551] comedi comedi0: adq12b: I/O port conflict (0xffffffffffffffff,16)
[   96.586398][ T6553] ./file0: Can't open blockdev
[   96.734246][ T6570] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.260'.
[   96.926602][ T6578] tipc: Started in network mode
[   96.931280][ T6578] tipc: Node identity 7f000001, cluster identity 4711
[   96.940688][ T6578] tipc: Enabled bearer <udp:syz2>, priority 10
[   97.062889][ T6578] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[   97.066632][ T6578] tipc: Enabled bearer <udp:syz0>, priority 10
[   98.011684][ T6610] ucma_write: process 258 (syz.1.273) changed security contexts after opening file descriptor, this is not allowed.
[   98.063334][ T5915] tipc: Node number set to 2130706433
[   98.432608][ T5915] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[   98.594860][ T5915] usb 1-1: config 54 has an invalid interface number: 154 but max is 0
[   98.597422][ T5915] usb 1-1: config 54 has an invalid descriptor of length 0, skipping remainder of the config
[   98.600761][ T5915] usb 1-1: config 54 has no interface number 0
[   98.602758][ T5915] usb 1-1: config 54 interface 154 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 4
[   98.611577][ T5915] usb 1-1: config 54 interface 154 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   98.623285][ T5915] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec
[   98.626589][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.629491][ T5915] usb 1-1: Product: syz
[   98.631064][ T5915] usb 1-1: Manufacturer: syz
[   98.641547][ T5915] usb 1-1: SerialNumber: syz
[   98.854301][ T5915] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[   98.855815][   T13] usb 1-1: Failed to submit usb control message: -71
[   98.860513][   T13] usb 1-1: unable to send the bmi data to the device: -71
[   98.863141][ T5915] usb 1-1: USB disconnect, device number 8
[   98.866049][   T13] usb 1-1: unable to get target info from device
[   98.868515][   T13] usb 1-1: could not get target info (-71)
[   98.871010][   T13] usb 1-1: could not probe fw (-71)
[   99.062294][ T5881] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   99.234243][ T5881] usb 4-1: unable to get BOS descriptor or descriptor too short
[   99.238219][ T5881] usb 4-1: not running at top speed; connect to a high speed hub
[   99.243312][ T5881] usb 4-1: config 0 has an invalid interface number: 88 but max is 0
[   99.246623][ T5881] usb 4-1: config 0 has no interface number 0
[   99.249740][ T5881] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 10
[   99.254904][ T5881] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[   99.258858][ T5881] usb 4-1: config 0 interface 88 has no altsetting 0
[   99.266359][ T5881] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[   99.270177][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[   99.273666][ T5881] usb 4-1: Product: syz
[   99.275468][ T5881] usb 4-1: Manufacturer: syz
[   99.277430][ T5881] usb 4-1: SerialNumber: syz
[   99.284367][ T5881] usb 4-1: config 0 descriptor??
[   99.341679][ T5915] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   99.492668][ T5915] usb 2-1: Using ep0 maxpacket: 8
[   99.497200][ T5915] usb 2-1: unable to get BOS descriptor or descriptor too short
[   99.498933][ T5881] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.88/input/input6
[   99.506671][ T5915] usb 2-1: config 8 has an invalid interface number: 141 but max is 0
[   99.509429][ T5915] usb 2-1: config 8 has no interface number 0
[   99.511403][ T5915] usb 2-1: config 8 interface 141 altsetting 11 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[   99.515552][ T5881] usb 4-1: USB disconnect, device number 3
[   99.518874][ T5915] usb 2-1: config 8 interface 141 has no altsetting 0
[   99.526787][ T5915] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=c1.47
[   99.539047][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.541756][ T5915] usb 2-1: Product: syz
[   99.543386][ T5915] usb 2-1: Manufacturer: syz
[   99.544870][ T5915] usb 2-1: SerialNumber: syz
[   99.763256][ T5915] ir_toy 2-1:8.141: required endpoints not found
[   99.767132][ T5915] usb 2-1: USB disconnect, device number 6
[   99.840280][ T6652] loop0: detected capacity change from 0 to 32768
[   99.866159][ T6652] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   99.883240][   T33] audit: type=1800 audit(1755567571.434:5): pid=6652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.292" name="file1" dev="loop0" ino=17058 res=0 errno=0
[   99.959285][ T6655] 
[   99.960300][ T6655] ======================================================
[   99.962938][ T6655] WARNING: possible circular locking dependency detected
[   99.965674][ T6655] syzkaller #0 Not tainted
[   99.968112][ T6655] ------------------------------------------------------
[   99.971094][ T6655] syz.0.292/6655 is trying to acquire lock:
[   99.973349][ T6655] ffff8881208acee0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x320
[   99.977866][ T6655] 
[   99.977866][ T6655] but task is already holding lock:
[   99.980272][ T6655] ffff8881208acf78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[   99.983490][ T6655] 
[   99.983490][ T6655] which lock already depends on the new lock.
[   99.983490][ T6655] 
[   99.986651][ T6655] 
[   99.986651][ T6655] the existing dependency chain (in reverse order) is:
[   99.990055][ T6655] 
[   99.990055][ T6655] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[   99.993112][ T6655]        lock_acquire+0x120/0x360
[   99.995103][ T6655]        down_read+0x46/0x2e0
[   99.997003][ T6655]        ocfs2_init_acl+0x2f9/0x720
[   99.998953][ T6655]        ocfs2_mknod+0x1321/0x2050
[  100.000814][ T6655]        ocfs2_create+0x1a5/0x440
[  100.002658][ T6655]        path_openat+0x14f4/0x3830
[  100.004715][ T6655]        do_filp_open+0x1fa/0x410
[  100.006636][ T6655]        do_sys_openat2+0x121/0x1c0
[  100.008634][ T6655]        __x64_sys_openat+0x138/0x170
[  100.010790][ T6655]        do_syscall_64+0xfa/0x3b0
[  100.012820][ T6655]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.015334][ T6655] 
[  100.015334][ T6655] -> #3 (jbd2_handle){++++}-{0:0}:
[  100.018211][ T6655]        lock_acquire+0x120/0x360
[  100.020215][ T6655]        start_this_handle+0x1fa7/0x21c0
[  100.022484][ T6655]        jbd2__journal_start+0x2c1/0x5b0
[  100.024769][ T6655]        jbd2_journal_start+0x2a/0x40
[  100.026951][ T6655]        ocfs2_start_trans+0x376/0x6d0
[  100.029018][ T6655]        ocfs2_shutdown_local_alloc+0x200/0xa10
[  100.031501][ T6655]        ocfs2_dismount_volume+0x201/0x8d0
[  100.033831][ T6655]        generic_shutdown_super+0x135/0x2c0
[  100.036787][ T6655]        kill_block_super+0x44/0x90
[  100.038887][ T6655]        deactivate_locked_super+0xbc/0x130
[  100.041256][ T6655]        cleanup_mnt+0x425/0x4c0
[  100.043254][ T6655]        task_work_run+0x1d4/0x260
[  100.045316][ T6655]        exit_to_user_mode_loop+0xec/0x110
[  100.047813][ T6655]        do_syscall_64+0x2bd/0x3b0
[  100.049875][ T6655]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.052410][ T6655] 
[  100.052410][ T6655] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  100.055762][ T6655]        lock_acquire+0x120/0x360
[  100.057650][ T6655]        down_read+0x46/0x2e0
[  100.059473][ T6655]        ocfs2_start_trans+0x36a/0x6d0
[  100.061538][ T6655]        ocfs2_shutdown_local_alloc+0x200/0xa10
[  100.063911][ T6655]        ocfs2_dismount_volume+0x201/0x8d0
[  100.066246][ T6655]        generic_shutdown_super+0x135/0x2c0
[  100.068572][ T6655]        kill_block_super+0x44/0x90
[  100.070606][ T6655]        deactivate_locked_super+0xbc/0x130
[  100.072951][ T6655]        cleanup_mnt+0x425/0x4c0
[  100.074905][ T6655]        task_work_run+0x1d4/0x260
[  100.076935][ T6655]        exit_to_user_mode_loop+0xec/0x110
[  100.079211][ T6655]        do_syscall_64+0x2bd/0x3b0
[  100.081184][ T6655]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.083610][ T6655] 
[  100.083610][ T6655] -> #1 (sb_internal#3){.+.+}-{0:0}:
[  100.086510][ T6655]        lock_acquire+0x120/0x360
[  100.088502][ T6655]        ocfs2_start_trans+0x26b/0x6d0
[  100.090670][ T6655]        ocfs2_setattr+0x969/0x1b40
[  100.092774][ T6655]        notify_change+0xb36/0xe40
[  100.094803][ T6655]        do_truncate+0x1a4/0x220
[  100.096763][ T6655]        do_ftruncate+0x489/0x540
[  100.098772][ T6655]        __x64_sys_ftruncate+0x92/0xf0
[  100.100934][ T6655]        do_syscall_64+0xfa/0x3b0
[  100.102946][ T6655]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.105443][ T6655] 
[  100.105443][ T6655] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  100.108814][ T6655]        validate_chain+0xb9b/0x2140
[  100.110890][ T6655]        __lock_acquire+0xab9/0xd20
[  100.112974][ T6655]        lock_acquire+0x120/0x360
[  100.114974][ T6655]        down_write+0x96/0x1f0
[  100.116886][ T6655]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  100.119549][ T6655]        ocfs2_truncate_file+0xda0/0x1420
[  100.121391][ T6655]        ocfs2_setattr+0x1520/0x1b40
[  100.123091][ T6655]        notify_change+0xb36/0xe40
[  100.125190][ T6655]        do_truncate+0x1a4/0x220
[  100.127323][ T6655]        path_openat+0x306c/0x3830
[  100.129302][ T6655]        do_filp_open+0x1fa/0x410
[  100.131181][ T6655]        do_sys_openat2+0x121/0x1c0
[  100.132846][ T6655]        __x64_sys_creat+0x8f/0xc0
[  100.134708][ T6655]        do_syscall_64+0xfa/0x3b0
[  100.136640][ T6655]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.138615][ T6655] 
[  100.138615][ T6655] other info that might help us debug this:
[  100.138615][ T6655] 
[  100.142318][ T6655] Chain exists of:
[  100.142318][ T6655]   &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem
[  100.142318][ T6655] 
[  100.147254][ T6655]  Possible unsafe locking scenario:
[  100.147254][ T6655] 
[  100.149882][ T6655]        CPU0                    CPU1
[  100.151950][ T6655]        ----                    ----
[  100.154039][ T6655]   lock(&oi->ip_xattr_sem);
[  100.155555][ T6655]                                lock(jbd2_handle);
[  100.157994][ T6655]                                lock(&oi->ip_xattr_sem);
[  100.160530][ T6655]   lock(&ocfs2_file_ip_alloc_sem_key);
[  100.162625][ T6655] 
[  100.162625][ T6655]  *** DEADLOCK ***
[  100.162625][ T6655] 
[  100.165623][ T6655] 3 locks held by syz.0.292/6655:
[  100.167670][ T6655]  #0: ffff88812118c428 (sb_writers#18){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  100.171351][ T6655]  #1: ffff8881208ad240 (&sb->s_type->i_mutex_key#23){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[  100.174807][ T6655]  #2: ffff8881208acf78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  100.178357][ T6655] 
[  100.178357][ T6655] stack backtrace:
[  100.180430][ T6655] CPU: 1 UID: 0 PID: 6655 Comm: syz.0.292 Not tainted syzkaller #0 PREEMPT(full) 
[  100.180448][ T6655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  100.180457][ T6655] Call Trace:
[  100.180464][ T6655]  <TASK>
[  100.180472][ T6655]  dump_stack_lvl+0x189/0x250
[  100.180492][ T6655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  100.180507][ T6655]  ? __pfx__printk+0x10/0x10
[  100.180528][ T6655]  ? print_lock_name+0xde/0x100
[  100.180547][ T6655]  print_circular_bug+0x2ee/0x310
[  100.180565][ T6655]  check_noncircular+0x134/0x160
[  100.180581][ T6655]  validate_chain+0xb9b/0x2140
[  100.180603][ T6655]  __lock_acquire+0xab9/0xd20
[  100.180649][ T6655]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  100.180671][ T6655]  lock_acquire+0x120/0x360
[  100.180716][ T6655]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  100.180741][ T6655]  down_write+0x96/0x1f0
[  100.180755][ T6655]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  100.180770][ T6655]  ? __pfx_down_write+0x10/0x10
[  100.180793][ T6655]  ocfs2_try_remove_refcount_tree+0xb6/0x320
[  100.180809][ T6655]  ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10
[  100.180826][ T6655]  ? up_write+0x1c4/0x420
[  100.180841][ T6655]  ocfs2_truncate_file+0xda0/0x1420
[  100.180865][ T6655]  ? __pfx_ocfs2_truncate_file+0x10/0x10
[  100.180883][ T6655]  ? do_raw_spin_unlock+0x4d/0x240
[  100.180901][ T6655]  ? _raw_spin_unlock+0x28/0x50
[  100.180916][ T6655]  ? ocfs2_inode_lock_tracker+0x3ec/0x660
[  100.180931][ T6655]  ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10
[  100.180944][ T6655]  ? ocfs2_rw_lock+0x13a/0x240
[  100.180957][ T6655]  ? __pfx___dquot_initialize+0x10/0x10
[  100.180972][ T6655]  ? __pfx_ocfs2_rw_lock+0x10/0x10
[  100.180982][ T6655]  ? setattr_prepare+0x1e7/0xac0
[  100.180998][ T6655]  ? inode_newsize_ok+0x11b/0x1c0
[  100.181014][ T6655]  ocfs2_setattr+0x1520/0x1b40
[  100.181036][ T6655]  ? __pfx_ocfs2_setattr+0x10/0x10
[  100.181061][ T6655]  ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[  100.181081][ T6655]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  100.181102][ T6655]  ? ktime_get_coarse_real_ts64_mg+0x1be/0x1e0
[  100.181119][ T6655]  ? current_time+0x222/0x370
[  100.181132][ T6655]  ? evm_inode_setattr+0x1b6/0x7d0
[  100.181146][ T6655]  ? __pfx_current_time+0x10/0x10
[  100.181161][ T6655]  ? try_break_deleg+0x79/0x130
[  100.181176][ T6655]  ? __pfx_ocfs2_setattr+0x10/0x10
[  100.181195][ T6655]  notify_change+0xb36/0xe40
[  100.181214][ T6655]  do_truncate+0x1a4/0x220
[  100.181234][ T6655]  ? __pfx_do_truncate+0x10/0x10
[  100.181251][ T6655]  ? apparmor_file_truncate+0x23e/0x2d0
[  100.181275][ T6655]  path_openat+0x306c/0x3830
[  100.181292][ T6655]  ? arch_stack_walk+0xfc/0x150
[  100.181314][ T6655]  ? stack_depot_save_flags+0x40/0x860
[  100.181337][ T6655]  ? __pfx_path_openat+0x10/0x10
[  100.181352][ T6655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.181373][ T6655]  do_filp_open+0x1fa/0x410
[  100.181389][ T6655]  ? __lock_acquire+0xab9/0xd20
[  100.181408][ T6655]  ? __pfx_do_filp_open+0x10/0x10
[  100.181429][ T6655]  ? _raw_spin_unlock+0x28/0x50
[  100.181444][ T6655]  ? alloc_fd+0x64c/0x6c0
[  100.181464][ T6655]  do_sys_openat2+0x121/0x1c0
[  100.181479][ T6655]  ? __se_sys_futex+0x36f/0x400
[  100.181497][ T6655]  ? __pfx_do_sys_openat2+0x10/0x10
[  100.181514][ T6655]  ? rcu_is_watching+0x15/0xb0
[  100.181529][ T6655]  __x64_sys_creat+0x8f/0xc0
[  100.181546][ T6655]  do_syscall_64+0xfa/0x3b0
[  100.181566][ T6655]  ? lockdep_hardirqs_on+0x9c/0x150
[  100.181585][ T6655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.181598][ T6655]  ? exc_page_fault+0x9f/0xf0
[  100.181617][ T6655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.181631][ T6655] RIP: 0033:0x7f8e9f98ebe9
[  100.181646][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.181660][ T6655] RSP: 002b:00007f8e9dbcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  100.181705][ T6655] RAX: ffffffffffffffda RBX: 00007f8e9fbb6090 RCX: 00007f8e9f98ebe9
[  100.181718][ T6655] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000200000000240
[  100.181727][ T6655] RBP: 00007f8e9fa11e19 R08: 0000000000000000 R09: 0000000000000000
[  100.181737][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.181744][ T6655] R13: 00007f8e9fbb6128 R14: 00007f8e9fbb6090 R15: 00007ffed43e69c8
[  100.181760][ T6655]  </TASK>
[  100.555837][ T5853] ocfs2: Unmounting device (7,0) on (node local)

VM DIAGNOSIS:
01:39:31  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff84a4909d RBX=ffffffff84a48f92 RCX=ffff88801c68b980 RDX=0000000000000100
RSI=ffffffff84a48f92 RDI=ffffffff8e139ea0 RBP=0000000000000000 RSP=ffffc900001279e0
R8 =0000000000000000 R9 =0000000000000000 R10=dffffc0000000000 R11=ffffed1003b918a7
R12=0000607e5c032248 R13=dffffc0000000000 R14=ffff888027b58438 R15=ffff888027b58400
RIP=ffffffff819d6c99 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8e9dbccfc8 CR3=0000000022834000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f8e9fa12e53
XMM06=0000000000000000 00007f8e9fa12e4d XMM07=0000000000000000 00007f8e9fa12e61
XMM08=0000000000000000 00007f8e9fa12ee7 XMM09=0000000000000000 00007f8e9fa12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000217d RDI=000000000000217e RBP=00000000000003f8 RSP=ffffc9000357e850
R8 =ffff888108120237 R9 =1ffff11021024046 R10=dffffc0000000000 R11=ffffffff854f0230
R12=dffffc0000000000 R13=ffffffff99af98d0 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854f02ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8e9dbcd6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32807ff8 CR3=0000000022834000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f8e9fb87498 00007f8e9fb87470 XMM03=00007f8e9fb874a8 00007f8e9fb874a0
XMM04=00007f8ea06ed100 00007f8e9fb87460 XMM05=00007f8e9fb87478 00007f8e9fb874c0
XMM06=00007f8e9fb874b8 00007f8e9fb874b0 XMM07=00007f8e9fb874a8 00007f8e9fb874a0
XMM08=0000000000000000 0000006df451d6fe XMM09=0000000000000000 00007f8e9fa12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
