last executing test programs:

3m21.102032633s ago: executing program 0 (id=268):
r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
readv(r0, &(0x7f0000000600)=[{&(0x7f0000000500)=""/174, 0xae}], 0x1)
r2 = dup3(r0, r1, 0x0)
preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000100)=""/24, 0x30}, {0x0, 0x2}], 0x2, 0x0, 0x0)

3m20.9173451s ago: executing program 0 (id=270):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a0b0400000000000000000200000088000480240001800b000100736f636b6574000014000280080002400000000308000140000000024c0001800b00010065787468647200003c000280080002400000007508000340000000590800064000000002080006400000000108000440000000b905000200070000000500020007000000140001800a00010071756f7461000000040002800900010073797a30000000000900020073797a32"], 0x17c}}, 0x40880)

3m20.706809404s ago: executing program 0 (id=272):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001140)={{{@in6=@loopback={0xe8000000}, @in6=@remote, 0x4e23, 0x0, 0x4e23, 0x3, 0xa, 0x60, 0x20, 0x2f}, {0x4, 0x1000, 0x2, 0x9, 0x9a0, 0xa78, 0x8, 0x9}, {0xf7, 0x2, 0x817, 0xe8}, 0x0, 0x6e6bb9, 0x0, 0x0, 0x2, 0x3}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d2, 0x2b}, 0x2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3503, 0x2, 0x0, 0xbf, 0x2, 0x3, 0xcc}}, 0xe8)

3m20.585408323s ago: executing program 0 (id=275):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x1, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

3m20.07289596s ago: executing program 0 (id=281):
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000040)={{0x2, 0x101}, {0x0, 0x109003ff}, 0x7, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, &(0x7f00000000c0)='GPL\x00'}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

3m19.439639531s ago: executing program 0 (id=288):
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000040000000e1425000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0240000005"], 0x50)

3m19.251360455s ago: executing program 32 (id=288):
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000040000000e1425000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0240000005"], 0x50)

2.73605436s ago: executing program 2 (id=2071):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000300)={0x0, 0x4}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={r1, 0x5e6e5432}, &(0x7f0000000080)=0x8)

2.608063044s ago: executing program 2 (id=2072):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
io_setup(0x6, &(0x7f00000003c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])

2.467532055s ago: executing program 2 (id=2073):
syz_usb_connect$uac1(0x5, 0x8a, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x78, 0x3, 0x1, 0x10, 0x10, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8001, 0x4}, [@processing_unit={0xa, 0x24, 0x7, 0x1, 0x0, 0x0, "d88570"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x14, 0x4, 0xcc, {0x7, 0x25, 0x1, 0x1, 0x7f, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x1, 0x8, 0x1002}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x9, 0xd, 0x8b, 0x80}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x7, 0x4, 0x3, {0x7, 0x25, 0x1, 0x2, 0xf4}}}}}}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})

2.041280652s ago: executing program 3 (id=2078):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x97d8, 0x12d5c}}, 0x44)

1.877521927s ago: executing program 3 (id=2079):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file1\x00', 0x8c8, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x444f, &(0x7f0000008900)="$eJzs3b9vHFkdAPDvjJ2LnbsE57jikJBYCSR+yrKvAnISjuPE51xMUOCuoNms7b3EsPZG9hpRXGG6k6iQKBDFCSQ6V6dINDThT6ChDHUkKGiQkCKMdnbW8Yx3443jtXH4fIqdnffb+915+ybS5KW51v3VzcrqZqW2Xmkuf7T5TuVnzcbWWj3SE9Kz/3Mn1///s7EX+JSH8T15Xpt/fJmGOdTtazd++OE7EX9e+euT3d3d3WgbjZ6m973/1z8/Xt5/7EpLddrt9mjqXO8ejuLHEfHWgXG1jUTEWEQkEXE1T5vNj+MRcTHP+/DjX96tHNNoPntcf7f6dPGT1yJi59OHvf72jiTit40vfOve2t+/PHLlb9/o3+KfXj+moQEAAAAAAAAAAAAAAAAAcAbM37n9wQ+mpuNREqM7ycHndefzY5/nY0d3j82XnjfMr186vj8ZAAAAAAAAAAAAAAAAAAAA/uc8e/6/krzZ4/n/ufw406f+7veGP0aGZ+H7t+euT03n+78nB/K/nSf94+pIXO6x73t5//erpfq9938/2M9RdcfX7XciknSycJ6mk5MRv883fn87uZA2mputb37U3FpfObZhnFnF+Ge7948XCuQb+g8Y/3S21H6f/f+P0ecPfJva53eP7yv2SivGf6RvuT/8Ihno+r9WqncS8efoivEfzdIKE8BMZwJox/9Xo4fHf67U/rDifykiKkl7rJXCDNBew7TT+61XKCrG/1yWVpg68w+y3/X/71L8r5faP635f7v8Q0RPxfi/lqWNFUqcz16z+KeHX/83Su2fRvzb49/uJO4Ot++zrxj/TqxjtFAk+yQHnf/nS+33jf/5lxv3B2k+zktJ4Ruwk3TS+/x/dZQU4z92IP/Z/V860PrvvVL9k7j/279q7d7/daf/ryWd+z96K8Z/vG+5Qa//hVK9Yc//M9n6j6Mqxv9CllZcO09kr4PG/2ap/WHFP7srGevG/9l88p/znfTfWf8NpBj/1zuJ6f4S29lrtv5LDl//v19q/zTWf+3xb6fD7fVVUYz/G33LteP/lwF+/2+V6g0//hFT/q3vyIrxv9i3XHb9jx0e/8W9d522hh3/rw6zcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAzYDY/TkSSThbO03RyMuJafv52XEiWaivVpUZz+aebEXN5eiXeTO41mku1RnV1vblSr9YajeZyxPU8/60YSzYbzVZ1rfbgxl5b48n9em2jtVSvtSJiPk//YlzstrW02lqrPYiI9/byPpc2Nx7cr61XV1Y3vjs1NTUVC3tjuJzUf96qr7c6vXdyI27u1Z1I9g0uy35/byxvJD9pbm2s1xpZ+q19dRrN5VpjX53FPO/XcTlpbWytL9da9Wqjea/b32mayY9zC3d+dOfW9IH8u0nnOHuywwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgBT268p3fRMRo5yyNiJnum6RX+c8e19+tPl385OGVr9zc+fThk37lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVdOkZNIIjCAPxmUiTpcoxUS9Kl3RAISZENgifQY3gYPYqX8A4WFrYWIsgu6roL22j1fc2D+Zl5D+YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAw36Nq/P/2HpHiaf8YsZyu1uf5b13nn933H+4wI7fz81d9nf4wXeUf9dGmzMd0t51NoqM2Fq09ae/TZZ/n3rn69q1vvqbvS6RcRERZ568p56IY9hYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADxwIAAAAAwvyto+jbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BQAA//8onhvH")
r0 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x1, 0x2000007})
syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x0, 0x5, 0xfffffffffffffffb, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x2, 0xfffffffe, 0x8000, 0x200, 0x0, 0x0, 0x8, 0x2000001}}, {0x0, 0x14}}}, 0xa0)

1.133981096s ago: executing program 3 (id=2082):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00')
unshare(0x6a040000)
r0 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r0, 0x89ee, &(0x7f0000000300))

986.780105ms ago: executing program 1 (id=2083):
r0 = socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0xffffffffffffff40, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10)
close(r0)

927.734326ms ago: executing program 1 (id=2084):
r0 = syz_io_uring_setup(0x107, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x115}, &(0x7f0000000400), &(0x7f0000000040))
exit(0xfff)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x11, {0x27fffffffffffff, 0x8}, 0x54}, 0x1)

604.065912ms ago: executing program 3 (id=2085):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x10)
sendmmsg$alg(r1, &(0x7f0000000500)=[{0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000001c00)="5985d20392a438a118753a61ccd1d0e83101f02653a3db12a8785d9bcc", 0x1d}], 0x1}], 0x1, 0x20041001)
recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)=""/28, 0x1c}], 0x1}, 0x2)

408.7124ms ago: executing program 3 (id=2086):
r0 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340), &(0x7f0000000040))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

395.638181ms ago: executing program 3 (id=2087):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000580), 0x401, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})

330.48084ms ago: executing program 2 (id=2088):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0)

235.376544ms ago: executing program 2 (id=2089):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xac3, &(0x7f0000002a80)="$eJzs3V2MVFcBAOAzuzsLC1SWCnal2ILVtv50KcuKP0ShgZhISmN8adL4QiitRMTEmqhNE4En32zTYOKTP/GpL001JvbFkD750sSSNCZ9qj74IMG0iQ8VhWmYOWf2zmGGOzMsc3eY70vOnjn3nDvn3Nk7d+7fuScAE2uq+Xd5eaEWwvnXXz78rwf/OXd9yoF2ifnm35lCqh5CqMX0TPZ+70634qvvxxnDC8db6VZcC0vNvykdnrjcnndjCOFM2BkuhPmw/fzFl95cevzo2SPndr31yv5Lt2PZAQBg0nzzwv7lbX//671brrx638Gwrj097Z/HnfiwKe73H4w7/mn/fyp0pmuFUDSblZuJYWqus9x0l3LFeupZuZke9c9m9dd7lFsXbl7/dGFat+WGcZbW4/lQm1rsSE9NLS62jslD87h+trZ4+uSpZ56rqKHAqvvP/SGEnYVw6Fxneq2FA2ugDUOGxhpow1iGg6Or60qjpfJlHlFobK56CwTQks47tK8P5s7kZxZuTfvdZvqr//JjU93nh1Uw6vV/oPpnK64/qP93Z21xWD136tqUlit9jzbFdH4dIb9/qff3L7/S0Tk1vx5R77Odva4jjMv1hV7tnB5xO4bVq/35enGn+mqM0+fwtY7c+zu+P/n/dFz+x0B3H+Tn/wVBWNshdKTrt/JejR736wDk98010vXRKL+vL89fV5K/viR/riR/Q0n+xpJ8mGR/+OHPw4u1lfNd+TH9oOfD03m2u2L8kQHbk++HDFp/ft/voG61/vx+YljL/nTsyRNfevqpi637/2vt9f9aXN/T4cZ8/G5diAXS+cL8vHr7WGK+s56pHuXuztpzV5fyzddbO8vVtq68TyhsZ25ox0LnfJt7ldvRWW4+KzcXw/qsvfn+yYZsvrT/kbar6fOayZa3ni3HbNaOtF3ZEuO8HTCMtD72uv8/rZ8LoV575uSpE4/GdFpP/zJdX3d9+p4Rtxu4df32/1kInf1/NrWn16eK24XNK9Nrre3Ca/H9OqcvtespTC/8qKXfue9MzzXLLx7//qmnV3nZYdI995Pnv3vs1KkTP/DiJi/SXn73Ml9fAy0c8EVaoLXSHi8GfbHzdldR4UYJGIndP23tBDxy8nvHnj3x7InTe/ft27u0tO/Le5d3N/frdxf37ovOVNBaYDWt/OhX3RIAAAAAAAAAAACgXz86cvji22988Z1W//+V/n+p/3+68zf1//9Z1v8/7yef+sGnfoBbuuQ3y2QPWJ3NytVj+GjW3q1ZPduy+T4W4/Y4frH/f6ouf65ras892fR6j2T2OIEbnpcymz2DJB8v8JMxPhfj3waoUG2u++QY3+T51rUPCut6ej5FoQtvw/OBx0f6vzXXhsIjjVL/767PderSX5vxMooei1UvI9Ddvyfq+d/vrSx45W0ReoeZ0db3y8ldJxo999L7HcEGYHVUPf5nOu+Z4tN//sb66yEVu/xY5/Yyf34pDOJvb3em1/r4k7e7/nzcvlHXX/Xyj3r8z/b4d31v/7IR8+aHq/e/v7r0TqHasL3f+vPlT8+B3jpY/Vdi/WlpHgr91d/4TVZ/fkGoT//L6t/QZ/03LP+O4er/f6w/fWwPP9Bv/a0W16Y62zGXLUe6/pefN06uZsufnu15k/q/9Xy35R9yoMZrsX6YZOMyzuygsv2I9k778OP/RmdWd/zfdmOzzVp+H8YXYjptiNN9Dvl4J4O2P91fkX4HtmXvXyv5fTP+73j7SozLvg9p/N+0Ps7Hn/xCuvlZpnS9y2d7p25rYFy9O9T1v/cqv26xtsOl1mHQcPOvr779wgChMT3EfO1x4ipuf6PRqHToX+MOV6vqz7/q44Sq66/68y+Tj/+b78Pn4//m+fn4v3l+Pv5vnj8X/0O98vPxf/PPMx//N8+/J3vffHzghZL8j5fkb++e3z5sv7dk/h0l+Z8oyd/Vzj/QUSLl33fT+VfK9Xr/u0vyHyjJ/1RJ/qdL8h8syX+4kF8cAzrlf6Zk/jtd6o8yqcsPkyzvn+f7D5MjXf/p9f3fWpIPjK9fvLrn0FO///Z8q///bPt8SLqOdzCm6/H46ccxnV/3DoX09bw3YvofWf5aP98BkyR/fkb++/5QST4wvtJ9Xr7fMIFq67tPjnHZc6t67eczXj4b48/F+PMxfiTGizHeHeM9MV4aUfu4PQ699sf9L9ZWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/UN2BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjMVPPv8vJCLYTzr798+MmjJ3dfn3KgXWK++XemkKq35wvh0RhPx/jX8cXV9184XoyvxbgWlkIt1NrTwxOX2zVtDCGcCTvDhTAftp+/+NKbS48fPXvk3K63Xtl/6fZ9AgAAAHDn+zAAAP//LlQL6Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x14400, 0x4)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x8, 0x3, 0xd, 0xfffffffd, 0x100000})

137.169792ms ago: executing program 2 (id=2090):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580))
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xb, 0x0, &(0x7f0000000280)="9e36d448b388dd965f7a33", 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000640)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(0x0, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
syz_usb_connect$hid(0x84a6a21cf5793ce7, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0})
mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[])
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f00000002c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c726573765f6c6576656c3d30303030303030303030303030303030303030302c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c646174613d77726974656261636b2c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00149e0cb4c679a55808f10855fc0d9b9d7241cc60c5c0b35a9ce6bd73d50a863d736b7f64cdbf2582b25c868128f5a0c3ca71ea7a85f79743e17bbb3291a3c43eb49fcfcab9a806f939773a5895370494ec438f24b77c23cb13a0c7c11503d4e4a25d5e8142cc163f75ca2557bc5b3dd2856dbf2f4fbffb092b1a8d3f410d0daefab8a2f41a23713a02fa9349bc76bc637fe28f733ee38a6de0e2174f54e7f4ebc705a06c4b7d76bcc94f8985dbf4791afe238c9f24f48c0f98d3898ad1f3597c15fdc241ce161617ca162b1d4a17900f12843677d372e706"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0)
open_by_handle_at(r2, &(0x7f0000000100)=ANY=[@ANYRES64=r2], 0x28001)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_register$IORING_UNREGISTER_FILES(r3, 0x3, 0x0, 0x0)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a000}], 0x1, 0x7000, 0x0, 0x3)

777.145µs ago: executing program 1 (id=2091):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r0, &(0x7f0000000a80)=[{&(0x7f00000001c0)=@in={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000200)="241c", 0x2}], 0x1, &(0x7f0000000740)=[@sndinfo={0x20, 0x84, 0x2, {0xc3a, 0x1, 0xa, 0x5}}], 0x20, 0x8008010}], 0x1, 0x40884)

514.005µs ago: executing program 1 (id=2092):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x20000002, 0x4)
sendmmsg$inet6(r0, &(0x7f00000046c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000240)="b6", 0x1}], 0x1}}], 0x1, 0x4000081)

327.86µs ago: executing program 1 (id=2093):
unshare(0x24060400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$tun(r0, &(0x7f0000000200)=ANY=[], 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f0000000000))

0s ago: executing program 1 (id=2094):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xd, 0xfff0}, {0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x31c, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x308, 0x1, [@m_simple={0xc8, 0x14, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x6, 0x3, ':\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x7fff, 0x8, 0x1, 0x3}}, @TCA_DEF_PARMS={0x18, 0x2, {0x4, 0x1, 0x5, 0x0, 0x9}}, @TCA_DEF_DATA={0x6, 0x3, '[\x00'}]}, {0x59, 0x6, "2142fd3b7739e2df1ce11a6cb358923efde1e857b5f4b6f98b557df785dd171fde9589b89159b81ee8cae94d2e9fa3057e2ef1dcb1a91c625616b378bf4efa552a73c8d7f1dcf6bda7d96971955d93d98a6c82b565"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_csum={0x30, 0x19, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_nat={0x20c, 0x12, 0x0, 0x0, {{0x8}, {0x11c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x4, 0x0, 0x87}, @multicast1, @dev={0xac, 0x14, 0x14, 0xf}, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x80007, 0x8, 0xffffffffffffffff, 0x6, 0x7}, @loopback, @broadcast, 0x80, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x5, 0x5, 0xa7, 0xffff0001}, @broadcast, @multicast1, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x40, 0x4, 0x0, 0x3, 0x9711}, @multicast1, @multicast1, 0x95c5050eeb275cf0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xffff, 0xfffffffb, 0x736fe187decc650e, 0x101, 0x30000}, @remote, @local, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xd, 0xb111, 0x8, 0x838, 0x2a}, @private=0xa010101, @rand_addr=0x64010102, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x18, 0x5af3, 0x8, 0x9, 0xcd}, @private=0xa010100, @multicast1, 0xff}}]}, {0xc9, 0x6, "00dbe2375389f4c61bb80b5c04766adf4c4041ab3363ca93e40c5281d6bb7035fa3fb2838101ae15e668e34175f78ce7df4b1c48d956acfb10ab481c7729eedfcdef8b67015dd90447d814cbb37713b8e2a37054e99152bbb3f0c77e56a1f6ab9da61c7f00958a0aa5108d67f277272c411cba11ef13007927c9c52984e903960081484a463aa2d388d77984fa7968102f600b0936201c9964cff6e228e131439b5dd84f37bb377965a4af38c2020711a2fad2ba4e11f442caf2f22b704bf9fa89dbd5667b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x31c}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

kernel console output (not intermixed with test programs):

ted: batadv_slave_0
[  192.391301][ T8848] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.394850][ T8848] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.506460][ T8855] ALSA: seq fatal error: cannot create timer (-19)
[  192.588163][  T794] ldusb 2-1:3.0: Interrupt in endpoint not found
[  192.599340][  T794] usb 2-1: USB disconnect, device number 16
[  192.793905][ T8860] loop2: detected capacity change from 0 to 32768
[  192.874068][ T8860] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=xxhash,compression=gzip,str_hash=crc32c,wide_macs,no_splitbrain_check,fix_errors=ask,norecovery,noexcl,version_upgrade=none
[  192.874094][ T8860]   allowing incompatible features above 0.0: (unknown version)
[  192.874104][ T8860]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  192.889389][ T8860] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  192.891875][ T8860] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  192.909240][ T8860] bcachefs (loop2): accounting_read... done
[  192.912258][ T8860] bcachefs (loop2): alloc_read... done
[  192.914359][ T8860] bcachefs (loop2): snapshots_read... done
[  192.916834][ T8860] bcachefs (loop2): done starting filesystem
[  192.952379][ T5973] bcachefs (loop2): shutting down
[  192.972387][ T5973] bcachefs (loop2): shutdown complete
[  193.201724][   T33] audit: type=1326 audit(2000000073.270:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8872 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f0598ebe9 code=0x7ffc0000
[  193.222279][   T33] audit: type=1326 audit(2000000073.270:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8872 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f0598ebe9 code=0x7ffc0000
[  193.240594][   T33] audit: type=1326 audit(2000000073.310:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8872 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f2f0598ebe9 code=0x7ffc0000
[  193.253102][   T33] audit: type=1326 audit(2000000073.310:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8872 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f0598ebe9 code=0x7ffc0000
[  193.267453][   T33] audit: type=1326 audit(2000000073.310:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8872 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f0598ebe9 code=0x7ffc0000
[  193.428192][ T8869] loop3: detected capacity change from 0 to 32768
[  193.450017][ T8869] JBD2: Ignoring recovery information on journal
[  193.502318][ T8869] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  193.549984][ T8869] OCFS2: ERROR (device loop3): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 73 has 4294901761 used bits but only 0 total
[  193.559335][ T8869] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  193.563545][ T8869] OCFS2: File system is now read-only.
[  193.565729][ T8869] (syz.3.1104,8869,0):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  193.568914][ T8869] (syz.3.1104,8869,0):ocfs2_claim_metadata:2088 ERROR: status = -30
[  193.571509][ T8869] (syz.3.1104,8869,0):ocfs2_claim_metadata:2101 ERROR: status = -30
[  193.576586][ T8869] (syz.3.1104,8869,0):ocfs2_dx_dir_attach_index:2336 ERROR: status = -30
[  193.579777][ T8869] (syz.3.1104,8869,0):ocfs2_expand_inline_dir:3029 ERROR: status = -30
[  193.594230][ T8869] (syz.3.1104,8869,0):ocfs2_extend_dir:3211 ERROR: status = -30
[  193.596630][ T8869] (syz.3.1104,8869,0):ocfs2_prepare_dir_for_insert:4316 ERROR: status = -30
[  193.599313][ T8869] (syz.3.1104,8869,0):ocfs2_mknod:301 ERROR: status = -30
[  193.601496][ T8869] (syz.3.1104,8869,0):ocfs2_mknod:505 ERROR: status = -30
[  193.604569][ T8869] (syz.3.1104,8869,0):ocfs2_mkdir:661 ERROR: status = -30
[  193.636750][ T6537] ocfs2: Unmounting device (7,3) on (node local)
[  193.855853][ T8894] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[  194.106666][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  194.108748][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  194.452693][ T8923] loop2: detected capacity change from 0 to 512
[  194.500018][ T8923] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  194.517102][ T8922] loop1: detected capacity change from 0 to 4096
[  194.570891][ T8923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.583754][ T8923] ext4 filesystem being mounted at /331/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.608292][ T8923] EXT4-fs error (device loop2): ext4_get_verity_descriptor_location:335: inode #15: comm syz.2.1127: verity file corrupted; can't find descriptor
[  194.634298][ T8923] fs-verity (loop2, inode 15): Error -117 getting verity descriptor size
[  194.689183][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.831995][ T8934] loop1: detected capacity change from 0 to 128
[  194.888700][ T8934] bio_check_eod: 782 callbacks suppressed
[  194.888724][ T8934] syz.1.1130: attempt to access beyond end of device
[  194.888724][ T8934] loop1: rw=2049, sector=145, nr_sectors = 3 limit=128
[  195.000735][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.000735][ T8934] loop1: rw=2049, sector=153, nr_sectors = 8 limit=128
[  195.006799][ T8940] loop3: detected capacity change from 0 to 1024
[  195.007329][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.007329][ T8934] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128
[  195.010452][ T8940] EXT4-fs: Ignoring removed mblk_io_submit option
[  195.020041][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.020041][ T8934] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128
[  195.030482][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.030482][ T8934] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128
[  195.036928][ T8940] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.041377][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.041377][ T8934] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128
[  195.046757][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.046757][ T8934] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128
[  195.296173][ T8934] syz.1.1130: attempt to access beyond end of device
[  195.296173][ T8934] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128
[  195.492555][ T4997] kworker/u10:6: attempt to access beyond end of device
[  195.492555][ T4997] loop1: rw=1, sector=153, nr_sectors = 1 limit=128
[  195.502024][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.550042][ T8945] loop1: detected capacity change from 0 to 256
[  195.567337][ T8945] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  195.576472][ T8945] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  195.602925][ T8945] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  195.823105][   T33] audit: type=1326 audit(2000000075.890:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8954 comm="syz.2.1138" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ff498ebe9 code=0x7ffc0000
[  195.831551][   T33] audit: type=1326 audit(2000000075.890:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8954 comm="syz.2.1138" exe="/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f8ff498ebe9 code=0x7ffc0000
[  195.870818][   T33] audit: type=1326 audit(2000000075.890:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8954 comm="syz.2.1138" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ff498ebe9 code=0x7ffc0000
[  195.901760][ T8958] loop2: detected capacity change from 0 to 256
[  195.914490][ T8958] /dev/loop2: Can't open blockdev
[  196.069778][ T8966] tipc: Failed to remove unknown binding: 66,1,1/0:504236740/504236742
[  196.073849][ T8966] tipc: Failed to remove unknown binding: 66,1,1/0:504236740/504236742
[  196.184806][ T8908] Bluetooth: hci1: command 0x0406 tx timeout
[  196.187545][ T8908] Bluetooth: hci2: command 0x0406 tx timeout
[  196.431477][ T8977] loop3: detected capacity change from 0 to 32768
[  196.435694][ T8977] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1148 (8977)
[  196.465679][ T8977] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  196.468792][ T8977] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  196.471404][ T8977] BTRFS info (device loop3): disk space caching is enabled
[  196.485560][ T8977] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  196.563236][ T8977] BTRFS info (device loop3): rebuilding free space tree
[  196.615340][ T8977] BTRFS info (device loop3): disabling free space tree
[  196.617501][ T8977] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  196.639182][ T8977] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  196.745626][ T8986] loop2: detected capacity change from 0 to 32768
[  196.775741][ T8986] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  196.826012][ T6537] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  196.886124][ T8986] XFS (loop2): Ending clean mount
[  196.898243][ T8986] XFS (loop2): Quotacheck needed: Please wait.
[  196.996979][ T8986] XFS (loop2): Quotacheck: Done.
[  197.140358][ T9013] loop1: detected capacity change from 0 to 32768
[  197.158152][ T5973] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  197.418112][ T9028] loop3: detected capacity change from 0 to 4096
[  197.688680][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1160'.
[  198.902347][ T9055] loop2: detected capacity change from 0 to 1024
[  198.942323][ T9054] loop3: detected capacity change from 0 to 2048
[  198.989792][ T9056] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  199.066955][ T9056] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  199.071466][ T9056] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  199.090681][ T9056] Remounting filesystem read-only
[  199.098214][ T6537] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  199.119206][ T9050] loop1: detected capacity change from 0 to 32768
[  199.131433][ T9050] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1169 (9050)
[  199.174407][ T9050] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  199.178289][ T9050] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  199.182474][ T9050] BTRFS info (device loop1): disk space caching is enabled
[  199.186488][ T9050] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  199.325929][ T9050] BTRFS info (device loop1): rebuilding free space tree
[  199.361067][ T9050] BTRFS info (device loop1): disabling free space tree
[  199.367360][ T9082] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1177'.
[  199.370258][ T9082] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1177'.
[  199.372217][ T9050] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  199.382724][ T9050] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  199.457936][ T9062] loop3: detected capacity change from 0 to 32768
[  199.494621][ T9062] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.530824][ T9062] XFS (loop3): Ending clean mount
[  199.635212][ T5971] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  199.669075][ T6537] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.918690][ T9102] loop1: detected capacity change from 0 to 2048
[  199.937980][ T9102] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  199.940906][ T6308] udevd[6308]: incorrect nilfs2 checksum on /dev/loop1
[  199.969794][ T9103] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  200.040901][ T9105] loop3: detected capacity change from 0 to 2048
[  200.082452][ T9105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.152309][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.296922][ T9112] loop1: detected capacity change from 0 to 4096
[  200.301396][ T9112] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  200.442676][ T9117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1185'.
[  200.500545][ T9121] loop1: detected capacity change from 0 to 128
[  200.865339][ T6028] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  200.902485][ T9132] loop2: detected capacity change from 0 to 32768
[  201.064945][ T6028] usb 4-1: Using ep0 maxpacket: 32
[  201.334858][ T6028] usb 4-1: unable to get BOS descriptor or descriptor too short
[  201.345677][ T6028] usb 4-1: unable to read config index 0 descriptor/start: -71
[  201.353587][ T6028] usb 4-1: can't read configurations, error -71
[  201.911692][ T9144] dvmrp1: entered allmulticast mode
[  202.005757][ T9142] loop1: detected capacity change from 0 to 32768
[  202.024763][ T9142] JBD2: Ignoring recovery information on journal
[  202.087421][ T9142] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  202.152161][   T33] audit: type=1800 audit(2000000082.220:61): pid=9142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1196" name="blkio.bfq.io_queued_recursive" dev="loop1" ino=17056 res=0 errno=0
[  202.200864][ T5971] ocfs2: Unmounting device (7,1) on (node local)
[  202.369073][ T9158] tmpfs: Bad value for 'mpol'
[  202.531593][ T9168] loop4: detected capacity change from 0 to 1
[  202.538683][ T9168] Dev loop4: unable to read RDB block 1
[  202.540738][ T9168]  loop4: unable to read partition table
[  202.544639][ T9168] loop4: partition table beyond EOD, truncated
[  202.547044][ T9168] loop_reread_partitions: partition scan of loop4 (被x ) failed (rc=-5)
[  203.353720][  T795] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  203.513746][  T795] usb 3-1: Using ep0 maxpacket: 16
[  203.520117][  T795] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  203.524491][  T795] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.529009][  T795] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  203.532956][  T795] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  203.539956][  T795] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  203.544189][  T795] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  203.547337][  T795] usb 3-1: SerialNumber: syz
[  203.554620][  T795] hub 3-1:1.0: bad descriptor, ignoring hub
[  203.557151][  T795] hub 3-1:1.0: probe with driver hub failed with error -5
[  203.566868][  T795] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  203.587667][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.592830][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.599138][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.602957][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.607556][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.611428][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.617394][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.621273][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.625568][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.629307][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'.
[  203.747170][ T9201] loop1: detected capacity change from 0 to 256
[  203.761050][ T9201] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  203.962192][ T9184] raw-gadget.0 gadget.2: fail, usb_ep_set_wedge returned -11
[  204.083398][  T795] usb 3-1: USB disconnect, device number 13
[  204.233099][ T6029] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  204.288193][ T9230] loop3: detected capacity change from 0 to 512
[  204.307084][ T9230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.366002][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.405230][ T6029] usb 2-1: config 0 has an invalid interface number: 50 but max is 0
[  204.408142][ T6029] usb 2-1: config 0 has no interface number 0
[  204.410529][ T6029] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  204.424795][ T6029] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  204.428199][ T6029] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.431239][ T6029] usb 2-1: Product: syz
[  204.432799][ T6029] usb 2-1: Manufacturer: syz
[  204.435420][ T6029] usb 2-1: SerialNumber: syz
[  204.439571][ T6029] usb 2-1: config 0 descriptor??
[  204.462887][ T6029] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0
[  204.762908][ T9240] loop3: detected capacity change from 0 to 40427
[  204.771267][ T9240] F2FS-fs (loop3): invalid crc value
[  204.822499][ T9240] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  204.832345][ T9239] lo speed is unknown, defaulting to 1000
[  204.832620][ T9240] F2FS-fs (loop3): Start checkpoint disabled!
[  204.848747][ T9240] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  204.866512][  T795] usb 2-1: USB disconnect, device number 17
[  204.887052][  T795] yurex 2-1:0.50: USB YUREX #0 now disconnected
[  205.229482][   T28] kworker/u9:1: attempt to access beyond end of device
[  205.229482][   T28] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  205.238482][   T28] CPU: 0 UID: 0 PID: 28 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  205.238504][   T28] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.238514][   T28] Workqueue: writeback wb_workfn (flush-7:3)
[  205.238537][   T28] Call Trace:
[  205.238543][   T28]  <TASK>
[  205.238550][   T28]  dump_stack_lvl+0x189/0x250
[  205.238572][   T28]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.238587][   T28]  ? __pfx_queue_work_on+0x10/0x10
[  205.238602][   T28]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  205.238620][   T28]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.238663][   T28]  f2fs_handle_critical_error+0x37c/0x540
[  205.238717][   T28]  f2fs_write_end_io+0x886/0xb60
[  205.238743][   T28]  __submit_merged_bio+0x27a/0x6a0
[  205.238764][   T28]  __submit_merged_write_cond+0x255/0x530
[  205.238782][   T28]  f2fs_write_data_pages+0x261d/0x3000
[  205.238818][   T28]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.238841][   T28]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  205.238874][   T28]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  205.238889][   T28]  ? look_up_lock_class+0x74/0x170
[  205.238911][   T28]  ? trace_f2fs_writepages+0x7f/0x200
[  205.238925][   T28]  ? f2fs_write_node_pages+0x478/0x6e0
[  205.238943][   T28]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  205.238965][   T28]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.238982][   T28]  do_writepages+0x32e/0x550
[  205.238999][   T28]  ? reacquire_held_locks+0x127/0x1d0
[  205.239012][   T28]  ? writeback_sb_inodes+0x384/0x1010
[  205.239033][   T28]  __writeback_single_inode+0x145/0xff0
[  205.239048][   T28]  ? do_raw_spin_unlock+0x4d/0x240
[  205.239066][   T28]  writeback_sb_inodes+0x6c7/0x1010
[  205.239106][   T28]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  205.239146][   T28]  ? rcu_is_watching+0x15/0xb0
[  205.239164][   T28]  wb_writeback+0x43b/0xaf0
[  205.239184][   T28]  ? queue_io+0x351/0x590
[  205.239199][   T28]  ? __pfx_wb_writeback+0x10/0x10
[  205.239218][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.239237][   T28]  wb_workfn+0x409/0xef0
[  205.239260][   T28]  ? __pfx_wb_workfn+0x10/0x10
[  205.239300][   T28]  ? __lock_acquire+0xab9/0xd20
[  205.239327][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  205.239346][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.239361][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  205.239374][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  205.239390][   T28]  process_scheduled_works+0xae1/0x17b0
[  205.239426][   T28]  ? __pfx_process_scheduled_works+0x10/0x10
[  205.239455][   T28]  worker_thread+0x8a0/0xda0
[  205.239491][   T28]  kthread+0x711/0x8a0
[  205.239511][   T28]  ? __pfx_worker_thread+0x10/0x10
[  205.239525][   T28]  ? __pfx_kthread+0x10/0x10
[  205.239543][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.239559][   T28]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.239576][   T28]  ? __pfx_kthread+0x10/0x10
[  205.239594][   T28]  ret_from_fork+0x3fc/0x770
[  205.239611][   T28]  ? __pfx_ret_from_fork+0x10/0x10
[  205.239631][   T28]  ? __switch_to_asm+0x39/0x70
[  205.239647][   T28]  ? __switch_to_asm+0x33/0x70
[  205.239664][   T28]  ? __pfx_kthread+0x10/0x10
[  205.239709][   T28]  ret_from_fork_asm+0x1a/0x30
[  205.239740][   T28]  </TASK>
[  205.239891][   T28] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  205.590042][ T9253] netlink: 'syz.2.1244': attribute type 1 has an invalid length.
[  205.770201][ T9257] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  205.799447][ T9253] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  205.807915][ T9253] bond2 (unregistering): Released all slaves
[  206.146792][ T9278] loop1: detected capacity change from 0 to 256
[  206.149545][ T9278] msdos: Bad value for 'time_offset'
[  206.443836][  T795] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  206.594636][  T795] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  206.598139][  T795] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  206.601481][  T795] usb 3-1: config 0 interface 0 has no altsetting 0
[  206.613087][  T795] usb 3-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  206.615990][  T795] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.620211][  T795] usb 3-1: config 0 descriptor??
[  206.623418][ T9270] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  206.674708][ T9284] loop1: detected capacity change from 0 to 32768
[  206.912433][ T9290] loop1: detected capacity change from 0 to 512
[  206.919581][ T9290] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  206.938639][ T9290] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.1258: invalid indirect mapped block 83886080 (level 1)
[  206.950749][ T9290] EXT4-fs (loop1): Remounting filesystem read-only
[  206.955154][ T9290] EXT4-fs (loop1): 1 orphan inode deleted
[  206.957659][ T9290] EXT4-fs (loop1): 1 truncate cleaned up
[  206.960413][ T9290] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.967807][ T9290] EXT4-fs (loop1): shut down requested (1)
[  207.000875][ T5971] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.040008][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.042299][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.046909][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.049278][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.051617][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.054211][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.056600][  T795] logitech 0003:046D:C24F.000A: unknown main item tag 0x0
[  207.066089][  T795] logitech 0003:046D:C24F.000A: hidraw0: USB HID v0.07 Device [HID 046d:c24f] on usb-dummy_hcd.2-1/input0
[  207.073289][  T795] logitech 0003:046D:C24F.000A: no inputs found
[  207.240946][  T795] usb 3-1: USB disconnect, device number 14
[  207.318289][ T9299] loop1: detected capacity change from 0 to 32768
[  207.372399][ T9299] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.406707][ T9316] loop3: detected capacity change from 0 to 512
[  207.442178][ T9299] XFS (loop1): Ending clean mount
[  207.460664][ T9299] XFS (loop1): Quotacheck needed: Please wait.
[  207.497043][ T9299] XFS (loop1): Quotacheck: Done.
[  207.620821][ T5971] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  208.083659][ T7217] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  208.200661][ T9349] loop1: detected capacity change from 0 to 1024
[  208.230152][ T9349] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  208.235540][ T9349] ext4 filesystem being mounted at /393/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  208.245884][ T7217] usb 3-1: Using ep0 maxpacket: 16
[  208.248612][   T33] audit: type=1800 audit(2000000088.320:62): pid=9349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1282" name="file1" dev="loop1" ino=15 res=0 errno=0
[  208.250436][ T7217] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.264697][ T9349] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: comm syz.1.1282: lblock 0 mapped to illegal pblock 0 (length 6)
[  208.275184][ T7217] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  208.277573][ T9349] EXT4-fs error (device loop1): ext4_ext_remove_space:2955: inode #15: comm syz.1.1282: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  208.278935][ T7217] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  208.296764][ T7217] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  208.298362][ T9349] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: comm syz.1.1282: lblock 0 mapped to illegal pblock 0 (length 1)
[  208.300028][ T7217] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  208.306173][ T9349] EXT4-fs error (device loop1): ext4_ext_remove_space:2955: inode #15: comm syz.1.1282: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  208.309763][ T7217] usb 3-1: Manufacturer: syz
[  208.321872][ T7217] usb 3-1: config 0 descriptor??
[  208.351879][ T5971] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  208.537621][  T795] usb 3-1: USB disconnect, device number 15
[  208.842923][ T9367] loop3: detected capacity change from 0 to 512
[  208.847292][ T9367] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  208.860831][ T9367] EXT4-fs (loop3): 1 truncate cleaned up
[  208.868235][ T9367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  208.898351][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.129415][ T9380] netlink: 'syz.2.1295': attribute type 11 has an invalid length.
[  209.132376][ T9380] __nla_validate_parse: 55 callbacks suppressed
[  209.132414][ T9380] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1295'.
[  209.337090][ T9390] loop2: detected capacity change from 0 to 512
[  209.340355][ T9390] EXT4-fs: inline encryption not supported
[  209.342629][ T9390] EXT4-fs: Ignoring removed nobh option
[  209.364114][ T9390] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  209.371937][ T9390] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it
[  209.376964][ T9390] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.1300: Corrupt directory, running e2fsck is recommended
[  209.389591][ T9390] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[  209.393279][ T9390] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.1300: corrupted in-inode xattr: invalid ea_ino
[  209.399110][ T9390] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1300: couldn't read orphan inode 15 (err -117)
[  209.406255][ T9390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.423986][ T9390] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[  209.448063][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.580180][ T9395] loop2: detected capacity change from 0 to 4096
[  209.585488][ T9395] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  209.784659][ T7217] usb 2-1: new low-speed USB device number 18 using dummy_hcd
[  209.891036][ T9397] loop2: detected capacity change from 0 to 32768
[  209.899990][ T9397] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1303 (9397)
[  209.946754][ T9397] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  209.951324][ T7217] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.955100][ T9397] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  209.955184][ T9397] BTRFS info (device loop2): using free-space-tree
[  209.962917][ T7217] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  209.973417][ T7217] usb 2-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  209.977203][ T7217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.983585][ T7217] usb 2-1: config 0 descriptor??
[  209.987893][ T7217] qmi_wwan 2-1:0.0: probe with driver qmi_wwan failed with error -22
[  210.111414][ T5973] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  210.203997][ T6029] usb 2-1: USB disconnect, device number 18
[  210.493484][ T9417] loop3: detected capacity change from 0 to 32768
[  210.502462][ T9417] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  210.523369][ T9417] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  210.577973][ T6537] ocfs2: Unmounting device (7,3) on (node local)
[  210.803481][ T7217] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  210.874331][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1314'.
[  210.905212][ T9438] bond0: (slave bond_slave_1): Releasing backup interface
[  210.956408][ T7217] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  210.960399][ T7217] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  210.982753][ T7217] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  210.986429][ T7217] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  210.989655][ T7217] usb 3-1: SerialNumber: syz
[  211.004121][ T9432] loop3: detected capacity change from 0 to 32768
[  211.033455][ T9432] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  211.071039][ T9432] XFS (loop3): Ending clean mount
[  211.118183][ T6537] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  211.229704][ T7217] usb 3-1: bad CDC descriptors
[  211.255674][ T7217] usb 3-1: USB disconnect, device number 16
[  211.831684][ T9457] loop2: detected capacity change from 0 to 256
[  211.838884][   T33] audit: type=1800 audit(2000000091.920:63): pid=9452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.3.1316" name="/" dev="tmpfs" ino=123 res=0 errno=0
[  211.851980][ T9457] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  212.417491][ T9467] loop2: detected capacity change from 0 to 32768
[  212.732517][ T9467] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  212.732533][ T9467]   allowing incompatible features above 0.0: (unknown version)
[  212.732539][ T9467]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  212.749275][ T9467] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  212.751747][ T9467] bcachefs (loop2): initializing new filesystem
[  212.760977][ T9467] bcachefs (loop2): going read-write
[  212.790566][ T9467] bcachefs (loop2): marking superblocks
[  212.803400][ T9467] bcachefs (loop2): initializing freespace
[  212.808765][ T9467] bcachefs (loop2): done initializing freespace
[  212.813479][ T9467] bcachefs (loop2): reading snapshots table
[  212.815913][ T9467] bcachefs (loop2): reading snapshots done
[  213.012020][ T9467] bcachefs (loop2): done starting filesystem
[  214.039770][ T9488] loop1: detected capacity change from 0 to 1024
[  214.047117][ T9488] EXT4-fs: Ignoring removed orlov option
[  214.086417][ T9488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.121065][ T5971] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.843433][ T7217] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  215.017722][ T9500] loop1: detected capacity change from 0 to 128
[  215.048033][ T9500] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  215.057096][ T5973] bcachefs (loop2): shutting down
[  215.059072][ T5973] bcachefs (loop2): going read-only
[  215.059091][ T7217] usb 4-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  215.068781][ T5973] bcachefs (loop2): finished waiting for writes to stop
[  215.069417][ T7217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.072068][ T9500] ext4 filesystem being mounted at /408/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  215.076569][ T7217] usb 4-1: Product: syz
[  215.080475][ T7217] usb 4-1: Manufacturer: syz
[  215.082224][ T7217] usb 4-1: SerialNumber: syz
[  215.088687][ T5973] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4
[  215.093323][ T7217] usb 4-1: config 0 descriptor??
[  215.109621][ T7217] usb 4-1: interface 1 not found
[  215.138094][ T5973] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4
[  215.142190][ T5973] bcachefs (loop2): clean shutdown complete, journal seq 5
[  215.148208][ T5973] bcachefs (loop2): marking filesystem clean
[  215.167901][ T5973] bcachefs (loop2): shutdown complete
[  215.220747][ T5971] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  215.836486][ T9517] loop1: detected capacity change from 0 to 32768
[  215.849521][ T9517] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  215.864078][ T9517] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  215.889970][ T9517] (syz.1.1336,9517,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=9
[  215.900484][ T9517] (syz.1.1336,9517,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=9
[  215.920937][ T5971] ocfs2: Unmounting device (7,1) on (node local)
[  217.150725][ T7217] usb 4-1: USB disconnect, device number 16
[  217.203342][ T6028] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  217.366392][ T6028] usb 3-1: Using ep0 maxpacket: 16
[  217.374883][ T6028] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  217.380580][ T6028] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  217.387390][ T6028] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  217.397540][ T6028] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  217.407170][ T6028] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  217.420919][ T6028] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  217.439623][ T6028] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  217.442319][ T6028] usb 3-1: Manufacturer: syz
[  217.449750][ T6028] usb 3-1: config 0 descriptor??
[  217.457900][ T9551] loop1: detected capacity change from 0 to 1024
[  217.484348][ T9551] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  217.489251][ T9551] ext4 filesystem being mounted at /426/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.510898][ T9551] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 3: comm syz.1.1350: lblock 3 mapped to illegal pblock 3 (length 3)
[  217.521684][ T9551] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  217.526838][ T9551] EXT4-fs (loop1): This should not happen!! Data will be lost
[  217.526838][ T9551] 
[  217.560934][ T1092] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 8: comm kworker/u9:5: lblock 8 mapped to illegal pblock 8 (length 8)
[  217.572049][ T1092] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  217.577821][ T1092] EXT4-fs (loop1): This should not happen!! Data will be lost
[  217.577821][ T1092] 
[  217.586461][ T5971] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  217.798301][ T6028] rc_core: IR keymap rc-hauppauge not found
[  217.801069][ T6028] Registered IR keymap rc-empty
[  217.803847][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  217.823321][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  217.856747][ T6028] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  217.863730][ T6028] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input16
[  217.875884][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  217.932590][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.171705][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.179911][ T9579] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1360'.
[  218.183382][ T9579] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  218.194873][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.225224][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.245330][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.265116][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.293516][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.313210][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.333529][ T6028] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  218.366679][ T6028] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  218.370295][ T6028] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  218.379028][ T6028] usb 3-1: USB disconnect, device number 17
[  219.136750][ T9599] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1370'.
[  219.146904][ T9599] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1370'.
[  219.425675][ T9607] sctp: [Deprecated]: syz.2.1373 (pid 9607) Use of int in max_burst socket option.
[  219.425675][ T9607] Use struct sctp_assoc_value instead
[  220.434920][ T9621] loop3: detected capacity change from 0 to 256
[  220.457055][ T9621] FAT-fs (loop3): Directory bread(block 64) failed
[  220.459633][ T9621] FAT-fs (loop3): Directory bread(block 65) failed
[  220.462259][ T9621] FAT-fs (loop3): Directory bread(block 66) failed
[  220.465486][ T9621] FAT-fs (loop3): Directory bread(block 67) failed
[  220.468271][ T9621] FAT-fs (loop3): Directory bread(block 68) failed
[  220.470841][ T9621] FAT-fs (loop3): Directory bread(block 69) failed
[  220.474007][ T9621] FAT-fs (loop3): Directory bread(block 70) failed
[  220.476738][ T9621] FAT-fs (loop3): Directory bread(block 71) failed
[  220.480611][ T9621] FAT-fs (loop3): Directory bread(block 72) failed
[  220.483534][ T9621] FAT-fs (loop3): Directory bread(block 73) failed
[  220.616692][ T9624] loop1: detected capacity change from 0 to 256
[  220.748662][ T9624] exfat: Deprecated parameter 'namecase'
[  221.003519][ T9624] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  221.035993][   T33] audit: type=1800 audit(2000000101.110:64): pid=9624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1380" name="file1" dev="loop1" ino=1048649 res=0 errno=0
[  221.179372][ T9638] loop3: detected capacity change from 0 to 4096
[  221.185343][ T9638] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  221.222364][ T9638] ntfs3(loop3): Failed to initialize $Secure::$SII (-22).
[  221.227682][ T9638] ntfs3(loop3): Failed to initialize $Secure (-22).
[  221.803335][ T6028] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  221.953378][ T6028] usb 3-1: Using ep0 maxpacket: 8
[  221.965142][ T6028] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.969486][ T6028] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.979660][ T6028] usb 3-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00
[  221.989501][ T6028] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.008363][ T6028] usb 3-1: config 0 descriptor??
[  222.432736][ T6028] uclogic 0003:2179:0053.000B: interface is invalid, ignoring
[  222.521918][ T9678] loop1: detected capacity change from 0 to 4096
[  222.544612][ T9678] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  222.555902][ T9678] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096)
[  222.559514][ T9678] NILFS (loop1): mounting unchecked fs
[  222.632588][ T9678] NILFS (loop1): recovery complete
[  222.639353][ T6001] usb 3-1: USB disconnect, device number 18
[  222.642644][ T9682] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  223.535943][ T9684] loop1: detected capacity change from 0 to 32768
[  223.547419][ T9684] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1402 (9684)
[  223.678124][ T9684] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  223.684823][ T9684] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  223.695603][ T9684] BTRFS info (device loop1): using free-space-tree
[  223.929434][ T5971] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.144753][ T9734] loop3: detected capacity change from 0 to 128
[  224.148403][ T9734] FAT-fs (loop3): bogus number of FAT structure
[  224.163195][ T9734] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  224.167277][ T9734] FAT-fs (loop3): Can't find a valid FAT filesystem
[  224.491127][ T9747] loop2: detected capacity change from 0 to 256
[  224.499979][ T9747] exfat: Bad value for 'uid'
[  224.501596][ T9747] exfat: Bad value for 'uid'
[  224.529804][ T9749] loop3: detected capacity change from 0 to 512
[  224.566684][ T9749] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.578628][ T9749] ext4 filesystem being mounted at /396/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  224.615712][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.260540][ T9765] loop2: detected capacity change from 0 to 32768
[  225.275471][ T9765] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1430 (9765)
[  225.302643][ T9765] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  225.313863][ T9765] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  225.317633][ T9765] BTRFS info (device loop2): using free-space-tree
[  225.586095][   T33] audit: type=1804 audit(2000000105.660:65): pid=9765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1430" name="/newroot/406/bus/bus" dev="loop2" ino=263 res=1 errno=0
[  225.732302][ T5973] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  225.913301][ T9788] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1433'.
[  226.421648][ T9800] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1439'.
[  226.426238][ T9800] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1439'.
[  226.833985][ T9804] loop2: detected capacity change from 0 to 2048
[  226.906164][ T5969] Bluetooth: hci0: command 0x0405 tx timeout
[  226.967941][ T9805] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  227.078719][   T33] audit: type=1804 audit(2000000107.160:66): pid=9801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1438" name="/newroot/409/file2/bus" dev="loop2" ino=2097152 res=1 errno=0
[  227.599937][   T33] audit: type=1326 audit(2000000107.670:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9813 comm="syz.3.1443" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f569fd8ebe9 code=0x0
[  227.658013][ T9817] use of bytesused == 0 is deprecated and will be removed in the future,
[  227.664668][ T9817] use the actual size instead.
[  228.507842][ T9830] loop3: detected capacity change from 0 to 4096
[  228.538320][ T9830] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  228.548469][ T9830] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.671694][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.142307][ T9840] binder: 9839:9840 unknown command 0
[  229.153469][ T9840] binder: 9839:9840 ioctl c0306201 200000000080 returned -22
[  229.875376][ T9850] loop2: detected capacity change from 0 to 1024
[  229.880286][ T9850] EXT4-fs: Ignoring removed nomblk_io_submit option
[  229.929023][ T9850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.020674][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.064934][ T9851] loop1: detected capacity change from 0 to 4096
[  230.091789][ T9851] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  230.511999][ T9865] loop2: detected capacity change from 0 to 512
[  230.539186][ T9865] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  230.555583][ T9865] EXT4-fs (loop2): 1 truncate cleaned up
[  230.559456][ T9865] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.605711][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.747744][ T9875] loop2: detected capacity change from 0 to 2048
[  230.818047][ T9875] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.924668][ T9878] EXT4-fs (loop2): shut down requested (1)
[  231.049894][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.148290][ T9873] loop3: detected capacity change from 0 to 32768
[  231.166688][ T9873] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1468 (9873)
[  231.184261][ T9873] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  231.187436][ T9873] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  231.194918][ T9873] BTRFS info (device loop3): using free-space-tree
[  231.323074][   T33] audit: type=1800 audit(2000000111.390:68): pid=9873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1468" name="file1" dev="loop3" ino=260 res=0 errno=0
[  231.395278][ T6537] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  231.919074][ T9926] netlink: 'syz.3.1480': attribute type 3 has an invalid length.
[  231.921623][ T9926] netlink: 'syz.3.1480': attribute type 1 has an invalid length.
[  231.924211][ T9926] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1480'.
[  231.927032][ T9926] NCSI netlink: No device for ifindex 33022
[  232.263200][ T6001] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  232.416646][ T6001] usb 2-1: config index 0 descriptor too short (expected 65069, got 45)
[  232.419408][ T6001] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  232.423325][ T6001] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  232.426667][ T6001] usb 2-1: config 0 has no interfaces?
[  232.428473][ T6001] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  232.431336][ T6001] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.442853][ T6001] usb 2-1: config 0 descriptor??
[  232.593671][ T9934] loop3: detected capacity change from 0 to 1024
[  232.608265][ T9934] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.820624][ T6029] usb 2-1: USB disconnect, device number 19
[  232.851600][ T9939] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.1484: Abort forced by user
[  232.859172][ T9939] EXT4-fs (loop3): Remounting filesystem read-only
[  232.861941][ T9939] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  232.862387][ T9934] overlayfs: failed to create directory ./file1/index (errno: 30); mounting read-only
[  232.871857][ T9934] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  232.900629][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.183275][ T6001] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  233.337106][ T6001] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  233.339083][ T9943] netlink: 'syz.2.1486': attribute type 1 has an invalid length.
[  233.341380][ T6001] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  233.344439][ T9943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1486'.
[  233.351781][ T6001] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  233.371762][ T6001] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  233.380169][ T6001] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.396150][ T6001] usb 4-1: Product: syz
[  233.397926][ T6001] usb 4-1: Manufacturer: syz
[  233.399815][ T6001] usb 4-1: SerialNumber: syz
[  233.431099][ T6001] hub 4-1:1.0: bad descriptor, ignoring hub
[  233.438452][ T6001] hub 4-1:1.0: probe with driver hub failed with error -5
[  233.464700][ T9945] loop2: detected capacity change from 0 to 2048
[  233.494731][ T9950] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  233.511751][ T9945] NILFS (loop2): failed to count free inodes: err=-34
[  233.566204][ T9952] loop1: detected capacity change from 0 to 128
[  233.582476][ T9952] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  233.588757][ T9952] ext4 filesystem being mounted at /464/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  233.650382][ T5973] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 8796093022222
[  233.655926][ T6001] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  233.659458][ T5973] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16)
[  233.682417][ T5973] Remounting filesystem read-only
[  233.684507][ T5973] NILFS (loop2): error -5 truncating bmap (ino=16)
[  233.690942][ T5973] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  234.292112][ T9968] loop2: detected capacity change from 0 to 256
[  234.310880][ T9941] usb 4-1: reset high-speed USB device number 17 using dummy_hcd
[  234.350670][ T9968] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  234.835160][ T6001] usb 4-1: USB disconnect, device number 17
[  234.840121][ T6001] usblp0: removed
[  234.870118][ T5971] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  235.410007][ T9984] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1503'.
[  235.417034][ T9984] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1503'.
[  235.481645][ T9989] loop3: detected capacity change from 0 to 512
[  235.509829][ T9989] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  235.512671][ T9989] System zones: 0-2, 18-18, 34-35
[  235.516180][ T9989] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.520105][ T9989] ext4 filesystem being mounted at /420/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  235.569796][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.970802][T10015] loop2: detected capacity change from 0 to 16
[  235.979020][T10015] erofs (device loop2): mounted with root inode @ nid 36.
[  236.258812][T10017] lo speed is unknown, defaulting to 1000
[  236.993145][T10042] loop3: detected capacity change from 0 to 128
[  237.012321][T10042] EXT4-fs (loop3): Test dummy encryption mode enabled
[  237.157027][T10042] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  237.165827][T10042] ext4 filesystem being mounted at /429/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  237.533724][T10042] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  237.596011][T10055] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1528'.
[  237.639652][ T6537] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  237.736627][T10060] loop3: detected capacity change from 0 to 128
[  237.757970][T10060] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002]
[  237.764085][T10060] System zones: 1-3, 19-19, 35-36
[  237.775499][T10060] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  237.778378][T10057] loop1: detected capacity change from 0 to 4096
[  237.781247][T10060] ext4 filesystem being mounted at /430/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  237.870084][ T6537] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  238.196349][T10079] loop1: detected capacity change from 0 to 128
[  238.222126][ T7217] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  238.225004][T10079] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  238.229107][T10079] ext4 filesystem being mounted at /479/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  238.408322][ T5971] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  238.761391][ T7217] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  238.778280][ T7217] usb 4-1: config 0 has no interface number 0
[  238.784299][ T7217] usb 4-1: config 0 interface 12 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[  238.798976][ T7217] usb 4-1: config 0 interface 12 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 511
[  238.826504][ T7217] usb 4-1: New USB device found, idVendor=2c7c, idProduct=0700, bcdDevice=5f.c4
[  238.834153][ T7217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.837327][ T7217] usb 4-1: Product: syz
[  238.839011][ T7217] usb 4-1: Manufacturer: syz
[  238.857590][ T7217] usb 4-1: SerialNumber: syz
[  238.871845][ T7217] usb 4-1: config 0 descriptor??
[  238.876062][T10067] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  238.893399][T10067] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  238.898819][ T7217] option 4-1:0.12: GSM modem (1-port) converter detected
[  238.918785][ T7217] usb 4-1: GSM modem (1-port) converter now attached to ttyUSB0
[  239.116601][ T7217] usb 4-1: USB disconnect, device number 18
[  239.122953][ T7217] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  239.130581][ T7217] option 4-1:0.12: device disconnected
[  240.351774][T10109] loop3: detected capacity change from 0 to 4096
[  240.481100][T10110] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  241.342361][T10124] loop2: detected capacity change from 0 to 1024
[  241.647744][T10124] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  241.705241][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  241.784993][T10135] loop2: detected capacity change from 0 to 128
[  241.789367][T10135] msdos: Unexpected value for 'dots'
[  242.000051][T10133] loop3: detected capacity change from 0 to 32768
[  242.111893][T10133] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  242.111909][T10133]   allowing incompatible features above 0.0: (unknown version)
[  242.111914][T10133]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  242.136199][T10133] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  242.144006][T10133] bcachefs (loop3): initializing new filesystem
[  242.161841][T10133] bcachefs (loop3): going read-write
[  242.171765][T10133] bcachefs (loop3): marking superblocks
[  242.208437][T10133] bcachefs (loop3): initializing freespace
[  242.223397][T10133] bcachefs (loop3): done initializing freespace
[  242.229080][T10133] bcachefs (loop3): reading snapshots table
[  242.231491][T10133] bcachefs (loop3): reading snapshots done
[  242.262190][T10133] bcachefs (loop3): done starting filesystem
[  242.346606][ T6537] bcachefs (loop3): shutting down
[  242.348433][ T6537] bcachefs (loop3): going read-only
[  242.350372][ T6537] bcachefs (loop3): finished waiting for writes to stop
[  242.355494][ T6537] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  242.398359][ T6537] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  242.414951][ T6537] bcachefs (loop3): clean shutdown complete, journal seq 4
[  242.417859][ T6537] bcachefs (loop3): marking filesystem clean
[  242.418141][T10154] loop1: detected capacity change from 0 to 32768
[  242.423892][T10154] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1562 (10154)
[  242.457902][T10154] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  242.461117][T10154] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  242.467292][ T6537] bcachefs (loop3): shutdown complete
[  242.472035][T10154] BTRFS info (device loop1): using free-space-tree
[  242.669315][T10190] loop2: detected capacity change from 0 to 64
[  242.718174][ T5971] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  243.453289][ T6001] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  243.614580][ T6001] usb 3-1: config 0 has no interfaces?
[  243.618693][ T6001] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  243.622686][ T6001] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.632921][ T6001] usb 3-1: Product: syz
[  243.635110][ T6001] usb 3-1: Manufacturer: syz
[  243.636928][ T6001] usb 3-1: SerialNumber: syz
[  243.651903][ T6001] r8152-cfgselector 3-1: Unknown version 0x0000
[  243.654423][ T6001] r8152-cfgselector 3-1: config 0 descriptor??
[  243.696600][T10211] loop3: detected capacity change from 0 to 256
[  243.705607][T10211] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  243.714954][T10211] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1567'.
[  243.895078][  T794] r8152-cfgselector 3-1: USB disconnect, device number 19
[  244.621861][T10230] vlan2: entered promiscuous mode
[  244.631064][T10230] bond0: entered promiscuous mode
[  244.638678][T10230] bond_slave_0: entered promiscuous mode
[  245.807984][T10255] bridge0: port 3(erspan0) entered blocking state
[  245.811541][T10255] bridge0: port 3(erspan0) entered disabled state
[  245.819204][T10255] erspan0: entered allmulticast mode
[  245.829276][T10255] erspan0: left allmulticast mode
[  245.975795][T10261] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1601'.
[  246.274400][T10270] loop3: detected capacity change from 0 to 2048
[  246.297898][T10270] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  246.339459][T10259] loop1: detected capacity change from 0 to 32768
[  246.342920][T10259] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value
[  246.387383][T10275] loop2: detected capacity change from 0 to 128
[  246.390291][T10275] EXT4-fs: Ignoring removed nobh option
[  246.407520][T10273] trusted_key: syz.3.1607 sent an empty control message without MSG_MORE.
[  246.407946][T10275] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  246.522924][ T5973] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  246.603879][T10283] Option 'TXƮ' to dns_resolver key: bad/missing value
[  247.340348][T10296] loop3: detected capacity change from 0 to 32768
[  247.659412][T10296] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 255,nocow
[  247.659427][T10296]   allowing incompatible features above 0.0: (unknown version)
[  247.659432][T10296]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  247.706677][T10296] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  247.715671][T10296] bcachefs (loop3): initializing new filesystem
[  247.737032][T10296] bcachefs (loop3): going read-write
[  247.773781][T10296] bcachefs (loop3): marking superblocks
[  247.888835][T10296] bcachefs (loop3): initializing freespace
[  247.928718][T10296] bcachefs (loop3): done initializing freespace
[  247.945596][T10296] bcachefs (loop3): reading snapshots table
[  247.947533][T10296] bcachefs (loop3): reading snapshots done
[  247.981544][T10296] bcachefs (loop3):  loop3: Superblock write was silently dropped! (seq 0 expected 42)
[  247.986842][T10296] bcachefs (loop3): done starting filesystem
[  248.278951][ T6537] bcachefs (loop3): shutting down
[  248.281385][ T6537] bcachefs (loop3): going read-only
[  248.285052][ T6537] bcachefs (loop3): finished waiting for writes to stop
[  248.290869][ T6537] bcachefs (loop3): flushing journal and stopping allocators, journal seq 62
[  248.349223][ T6537] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 63
[  248.354613][ T6537] bcachefs (loop3): clean shutdown complete, journal seq 64
[  248.359476][ T6537] bcachefs (loop3): marking filesystem clean
[  248.396119][ T6537] bcachefs (loop3): shutdown complete
[  248.417126][T10329] vlan0: entered promiscuous mode
[  248.651719][T10339] loop2: detected capacity change from 0 to 2048
[  248.657067][T10339] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  248.661021][T10339] NILFS (loop2): mounting unchecked fs
[  248.677646][ T6308] udevd[6308]: incorrect nilfs2 checksum on /dev/loop2
[  248.682022][T10339] NILFS (loop2): recovery complete
[  248.691164][T10340] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  248.954930][T10350] lo speed is unknown, defaulting to 1000
[  249.402860][T10364] qrtr: Invalid version 0
[  249.442283][T10366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1645'.
[  249.527637][T10368] netlink: 212288 bytes leftover after parsing attributes in process `syz.1.1646'.
[  249.697275][T10376] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1649'.
[  249.701131][T10376] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1649'.
[  249.766406][T10380] loop3: detected capacity change from 0 to 764
[  249.795350][T10380] Symlink component flag not implemented
[  249.799749][T10380] Symlink component flag not implemented (7)
[  249.969247][T10392] netlink: 'syz.2.1658': attribute type 28 has an invalid length.
[  250.037112][T10397] netlink: 'syz.2.1659': attribute type 64 has an invalid length.
[  250.248979][T10400] loop3: detected capacity change from 0 to 32768
[  250.269019][T10400] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  250.282632][T10400] XFS (loop3): Ending clean mount
[  250.295813][T10400] XFS (loop3): Quotacheck needed: Please wait.
[  250.343534][T10400] XFS (loop3): Quotacheck: Done.
[  250.426543][ T6537] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  251.021000][T10420] netlink: 'syz.1.1666': attribute type 21 has an invalid length.
[  251.029971][T10420] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1666'.
[  251.036619][T10420] netlink: 'syz.1.1666': attribute type 5 has an invalid length.
[  251.039521][T10420] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1666'.
[  251.108692][T10426] loop1: detected capacity change from 0 to 8
[  251.122522][T10426] Major/Minor mismatch, older Squashfs 1.0 filesystems are unsupported
[  251.205466][T10429] loop1: detected capacity change from 0 to 8
[  251.209088][T10429] squashfs image failed sanity check
[  251.365662][T10435] program syz.1.1671 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  251.540392][T10445] loop1: detected capacity change from 0 to 256
[  251.574616][T10445] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  251.994289][T10450] loop1: detected capacity change from 0 to 40427
[  251.997328][T10450] F2FS-fs (loop1): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  251.999916][T10450] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  252.002617][T10450] F2FS-fs (loop1): build fault injection type: 0x6
[  252.006621][T10450] F2FS-fs (loop1): invalid crc value
[  252.044654][T10450] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  252.047772][T10450] F2FS-fs (loop1): Start checkpoint disabled!
[  252.060787][T10450] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  252.063203][T10450] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  252.966169][T10458] /dev/nullb0: Can't lookup blockdev
[  253.399117][   T26] kworker/u9:0: attempt to access beyond end of device
[  253.399117][   T26] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  253.425079][   T26] CPU: 0 UID: 0 PID: 26 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  253.425105][   T26] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.425116][   T26] Workqueue: writeback wb_workfn (flush-7:1)
[  253.425139][   T26] Call Trace:
[  253.425146][   T26]  <TASK>
[  253.425154][   T26]  dump_stack_lvl+0x189/0x250
[  253.425204][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.425221][   T26]  ? __pfx_queue_work_on+0x10/0x10
[  253.425237][   T26]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  253.425256][   T26]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.425284][   T26]  f2fs_handle_critical_error+0x37c/0x540
[  253.425312][   T26]  f2fs_write_end_io+0x886/0xb60
[  253.425344][   T26]  __submit_merged_bio+0x27a/0x6a0
[  253.425370][   T26]  __submit_merged_write_cond+0x255/0x530
[  253.425396][   T26]  f2fs_write_data_pages+0x261d/0x3000
[  253.425444][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  253.425475][   T26]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  253.425519][   T26]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  253.425534][   T26]  ? look_up_lock_class+0x74/0x170
[  253.425557][   T26]  ? trace_f2fs_writepages+0x7f/0x200
[  253.425573][   T26]  ? f2fs_write_node_pages+0x478/0x6e0
[  253.425592][   T26]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  253.425627][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  253.425646][   T26]  do_writepages+0x32e/0x550
[  253.425665][   T26]  ? reacquire_held_locks+0x127/0x1d0
[  253.425676][   T26]  ? writeback_sb_inodes+0x384/0x1010
[  253.425698][   T26]  __writeback_single_inode+0x145/0xff0
[  253.425712][   T26]  ? do_raw_spin_unlock+0x4d/0x240
[  253.425729][   T26]  writeback_sb_inodes+0x6c7/0x1010
[  253.425749][   T26]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  253.425776][   T26]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  253.425823][   T26]  ? rcu_is_watching+0x15/0xb0
[  253.425842][   T26]  wb_writeback+0x43b/0xaf0
[  253.425862][   T26]  ? queue_io+0x351/0x590
[  253.425882][   T26]  ? __pfx_wb_writeback+0x10/0x10
[  253.425902][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.425919][   T26]  wb_workfn+0x409/0xef0
[  253.425943][   T26]  ? __pfx_wb_workfn+0x10/0x10
[  253.425959][   T26]  ? __lock_acquire+0xab9/0xd20
[  253.425984][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[  253.426000][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.426012][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[  253.426022][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[  253.426034][   T26]  process_scheduled_works+0xae1/0x17b0
[  253.426069][   T26]  ? __pfx_process_scheduled_works+0x10/0x10
[  253.426094][   T26]  worker_thread+0x8a0/0xda0
[  253.426128][   T26]  kthread+0x711/0x8a0
[  253.426145][   T26]  ? __pfx_worker_thread+0x10/0x10
[  253.426182][   T26]  ? __pfx_kthread+0x10/0x10
[  253.426199][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.426212][   T26]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.426226][   T26]  ? __pfx_kthread+0x10/0x10
[  253.426241][   T26]  ret_from_fork+0x3fc/0x770
[  253.426257][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[  253.426274][   T26]  ? __switch_to_asm+0x39/0x70
[  253.426288][   T26]  ? __switch_to_asm+0x33/0x70
[  253.426301][   T26]  ? __pfx_kthread+0x10/0x10
[  253.426316][   T26]  ret_from_fork_asm+0x1a/0x30
[  253.426343][   T26]  </TASK>
[  253.426349][   T26] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  253.463673][T10460] loop3: detected capacity change from 0 to 4096
[  253.845086][T10473] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1683'.
[  253.848549][T10473] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1683'.
[  254.958334][T10491] loop1: detected capacity change from 0 to 4096
[  255.031103][T10495] loop3: detected capacity change from 0 to 512
[  255.072688][T10495] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.160610][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.535790][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  255.538174][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  255.944764][T10509] loop1: detected capacity change from 0 to 40427
[  256.046099][T10509] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  256.050679][T10509] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  256.065175][T10509] syz.1.1702: attempt to access beyond end of device
[  256.065175][T10509] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  256.177948][ T5971] syz-executor: attempt to access beyond end of device
[  256.177948][ T5971] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  256.188869][ T5971] CPU: 1 UID: 0 PID: 5971 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  256.188889][ T5971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  256.188897][ T5971] Call Trace:
[  256.188903][ T5971]  <TASK>
[  256.188908][ T5971]  dump_stack_lvl+0x189/0x250
[  256.188932][ T5971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.188947][ T5971]  ? __pfx_queue_work_on+0x10/0x10
[  256.188990][ T5971]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  256.189007][ T5971]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  256.189033][ T5971]  f2fs_handle_critical_error+0x37c/0x540
[  256.189059][ T5971]  f2fs_write_end_io+0x886/0xb60
[  256.189087][ T5971]  __submit_merged_bio+0x27a/0x6a0
[  256.189111][ T5971]  __submit_merged_write_cond+0x255/0x530
[  256.189135][ T5971]  f2fs_write_data_pages+0x261d/0x3000
[  256.189184][ T5971]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  256.189251][ T5971]  ? unwind_next_frame+0xa5/0x2390
[  256.189264][ T5971]  ? rcu_is_watching+0x15/0xb0
[  256.189275][ T5971]  ? __kasan_check_byte+0x12/0x40
[  256.189303][ T5971]  ? is_bpf_text_address+0x26/0x2b0
[  256.189321][ T5971]  ? rcu_is_watching+0x15/0xb0
[  256.189336][ T5971]  ? rcu_is_watching+0x15/0xb0
[  256.189349][ T5971]  ? lock_release+0x4b/0x3e0
[  256.189366][ T5971]  ? lock_release+0x4b/0x3e0
[  256.189398][ T5971]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  256.189418][ T5971]  do_writepages+0x32e/0x550
[  256.189451][ T5971]  ? do_raw_spin_unlock+0x4d/0x240
[  256.189471][ T5971]  filemap_fdatawrite+0x199/0x240
[  256.189489][ T5971]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  256.189505][ T5971]  ? __pfx_SOFTIRQ_verbose+0x10/0x10
[  256.189558][ T5971]  ? do_raw_spin_unlock+0x4d/0x240
[  256.189578][ T5971]  f2fs_sync_dirty_inodes+0x31f/0x830
[  256.189605][ T5971]  f2fs_write_checkpoint+0x95a/0x1df0
[  256.189639][ T5971]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  256.189694][ T5971]  ? kill_f2fs_super+0x298/0x6c0
[  256.189712][ T5971]  kill_f2fs_super+0x2c3/0x6c0
[  256.189731][ T5971]  ? __pfx_kill_f2fs_super+0x10/0x10
[  256.189742][ T5971]  ? radix_tree_delete_item+0x2b6/0x400
[  256.189765][ T5971]  ? shrinker_free+0x2ce/0x3e0
[  256.189783][ T5971]  deactivate_locked_super+0xbc/0x130
[  256.189800][ T5971]  cleanup_mnt+0x425/0x4c0
[  256.189816][ T5971]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.189835][ T5971]  task_work_run+0x1d4/0x260
[  256.189856][ T5971]  ? __pfx_task_work_run+0x10/0x10
[  256.189884][ T5971]  exit_to_user_mode_loop+0xec/0x110
[  256.189904][ T5971]  do_syscall_64+0x2bd/0x3b0
[  256.189921][ T5971]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.189937][ T5971]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.189950][ T5971]  ? exc_page_fault+0x9f/0xf0
[  256.189993][ T5971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.190005][ T5971] RIP: 0033:0x7f2f0598ff17
[  256.190018][ T5971] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  256.190030][ T5971] RSP: 002b:00007ffe7335f398 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  256.190044][ T5971] RAX: 0000000000000000 RBX: 00007f2f05a11c05 RCX: 00007f2f0598ff17
[  256.190053][ T5971] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe7335f450
[  256.190061][ T5971] RBP: 00007ffe7335f450 R08: 0000000000000000 R09: 0000000000000000
[  256.190069][ T5971] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe733604e0
[  256.190078][ T5971] R13: 00007f2f05a11c05 R14: 000000000003e7d9 R15: 00007ffe73360520
[  256.190103][ T5971]  </TASK>
[  256.190109][ T5971] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  257.173346][ T7217] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  257.293496][ T6028] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  257.335002][ T7217] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 15
[  257.338274][ T7217] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  257.353278][ T7217] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  257.357685][ T7217] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  257.366083][ T7217] usb 3-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  257.369701][ T7217] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.372769][ T7217] usb 3-1: Product: syz
[  257.375135][ T7217] usb 3-1: Manufacturer: syz
[  257.376975][ T7217] usb 3-1: SerialNumber: syz
[  257.381897][ T7217] usb 3-1: config 0 descriptor??
[  257.389395][T10531] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  257.448260][ T6028] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.452512][ T6028] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.459138][ T6028] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  257.464604][ T6028] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  257.468211][ T6028] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.484361][ T6028] usb 2-1: config 0 descriptor??
[  257.529405][T10539] loop3: detected capacity change from 0 to 256
[  257.602784][ T7217] powermate: Expected payload of 3--6 bytes, found 64 bytes!
[  257.624529][ T7217] input: Griffin SoundKnob as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input17
[  257.662157][    C1] powermate: config urb returned -71
[  257.664699][    C1] powermate: config urb returned -71
[  257.667619][    C1] powermate: config urb returned -71
[  257.670085][    C1] powermate: config urb returned -71
[  257.683636][    C1] powermate 3-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  257.687057][ T7217] usb 3-1: USB disconnect, device number 20
[  257.828428][T10545] loop3: detected capacity change from 0 to 4096
[  257.860629][T10545] ntfs3(loop3): ino=19, mi_enum_attr
[  257.866173][T10545] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  257.915661][ T6028] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  257.952129][T10546] ntfs3(loop3): ino=21, "memory.stat" mmap(write) compressed not supported
[  259.701285][T10578] loop2: detected capacity change from 0 to 512
[  259.739346][T10578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.794116][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.946780][T10592] loop3: detected capacity change from 0 to 256
[  259.976020][T10592] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012c80, chksum : 0x8ff561f5, utbl_chksum : 0xe619d30d)
[  260.036663][ T6029] usb 2-1: USB disconnect, device number 20
[  260.197100][T10604] loop3: detected capacity change from 0 to 64
[  260.252397][T10604] syz.3.1740: attempt to access beyond end of device
[  260.252397][T10604] loop3: rw=0, sector=234881062, nr_sectors = 2 limit=64
[  260.270537][T10604] Buffer I/O error on dev loop3, logical block 117440531, async page read
[  260.287870][T10604] syz.3.1740: attempt to access beyond end of device
[  260.287870][T10604] loop3: rw=0, sector=8548515840, nr_sectors = 2 limit=64
[  260.304901][T10604] Buffer I/O error on dev loop3, logical block 4274257920, async page read
[  260.339881][T10604] syz.3.1740: attempt to access beyond end of device
[  260.339881][T10604] loop3: rw=0, sector=301989888, nr_sectors = 2 limit=64
[  260.345188][T10604] Buffer I/O error on dev loop3, logical block 150994944, async page read
[  260.351378][T10604] syz.3.1740: attempt to access beyond end of device
[  260.351378][T10604] loop3: rw=0, sector=234881062, nr_sectors = 2 limit=64
[  260.379594][T10604] Buffer I/O error on dev loop3, logical block 117440531, async page read
[  260.384923][   T33] audit: type=1800 audit(260.263:69): pid=10604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1740" name="file2" dev="loop3" ino=6 res=0 errno=0
[  260.834695][   T33] audit: type=1800 audit(260.703:70): pid=10617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1748" name="nullb0" dev="devtmpfs" ino=3000 res=0 errno=0
[  261.070435][T10621] loop3: detected capacity change from 0 to 1024
[  261.106546][T10621] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  261.180964][T10621] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  261.248980][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.499557][T10633] loop3: detected capacity change from 0 to 4096
[  261.507854][T10633] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  261.553234][T10633] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  261.566071][T10633] ntfs3(loop3): ino=1a, mi_enum_attr
[  261.568268][T10633] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  262.433100][ T6028] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  262.643427][ T6028] usb 4-1: unable to get BOS descriptor or descriptor too short
[  262.648083][ T6028] usb 4-1: unable to read config index 0 descriptor/start: -71
[  262.650301][ T6028] usb 4-1: can't read configurations, error -71
[  263.218523][T10674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1772'.
[  263.665172][T10684] loop2: detected capacity change from 0 to 2048
[  263.669083][T10684] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  263.678726][ T6308] udevd[6308]: incorrect nilfs2 checksum on /dev/loop2
[  263.698799][T10685] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  263.706328][T10684] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 3044605952
[  263.710856][T10684] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  263.724114][T10684] Remounting filesystem read-only
[  263.726506][T10684] NILFS (loop2): error -5 truncating bmap (ino=15)
[  263.733664][ T6028] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  263.748106][ T5973] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  263.883429][ T6028] usb 4-1: Using ep0 maxpacket: 16
[  263.899530][ T6028] usb 4-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=91.ed
[  263.911299][ T6028] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.923229][ T6028] usb 4-1: Product: syz
[  263.924907][ T6028] usb 4-1: Manufacturer: syz
[  263.926348][ T6028] usb 4-1: SerialNumber: syz
[  263.948119][ T6028] usb 4-1: config 0 descriptor??
[  263.954587][ T6028] s2255 4-1:0.0: Could not find bulk-in endpoint
[  263.984078][ T6028] Sensoray 2255 driver load failed: 0xfffffff4
[  263.986541][ T6028] s2255 4-1:0.0: probe with driver s2255 failed with error -12
[  264.106478][T10695] loop2: detected capacity change from 0 to 32768
[  264.109621][T10695] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1782 (10695)
[  264.118252][T10695] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  264.121295][T10695] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  264.123957][T10695] BTRFS info (device loop2): using free-space-tree
[  264.177987][ T6028] usb 4-1: USB disconnect, device number 20
[  264.908594][ T5973] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  265.430671][ T6029] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  265.586561][ T6029] usb 4-1: Using ep0 maxpacket: 16
[  265.596086][ T6029] usb 4-1: config 8 has an invalid interface number: 206 but max is 0
[  265.599637][ T6029] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  265.609129][ T6029] usb 4-1: config 8 has no interface number 0
[  265.611916][ T6029] usb 4-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[  265.617523][ T6029] usb 4-1: config 8 interface 206 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  265.622352][ T6029] usb 4-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid wMaxPacketSize 0
[  265.627303][ T6029] usb 4-1: config 8 interface 206 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  265.632768][ T6029] usb 4-1: config 8 interface 206 has no altsetting 0
[  265.651010][ T6029] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[  265.655095][ T6029] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.658615][ T6029] usb 4-1: Product: syz
[  265.660418][ T6029] usb 4-1: Manufacturer: syz
[  265.662356][ T6029] usb 4-1: SerialNumber: syz
[  265.847229][T10723] loop1: detected capacity change from 0 to 512
[  265.860912][T10723] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  265.886073][ T6029] garmin_gps 4-1:8.206: Garmin GPS usb/tty converter detected
[  265.891816][ T6029] garmin_gps ttyUSB0: failed to submit interrupt urb: -90
[  265.912512][ T6029] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90
[  265.931752][T10723] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.1786: invalid indirect mapped block 4294967295 (level 0)
[  265.932652][ T6029] usb 4-1: USB disconnect, device number 21
[  265.937458][T10723] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.1786: invalid indirect mapped block 4294967295 (level 1)
[  265.940981][ T6029] garmin_gps 4-1:8.206: device disconnected
[  265.979715][T10723] EXT4-fs (loop1): 1 orphan inode deleted
[  265.991417][T10723] EXT4-fs (loop1): 1 truncate cleaned up
[  266.010142][T10723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.037598][T10723] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  266.101802][ T5971] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.492160][T10731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1789'.
[  267.604150][T10755] input: syz0 as /devices/virtual/input/input18
[  267.607831][T10755] input: failed to attach handler leds to device input18, error: -6
[  268.145534][T10766] loop1: detected capacity change from 0 to 32768
[  268.156031][T10761] loop2: detected capacity change from 0 to 32768
[  268.168452][T10766] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1804 (10766)
[  268.207677][T10761] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 280af933-d3ce-4ef4-b929-9a4fde681bb9
[  268.220474][T10766] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  268.230073][T10761] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1801 (10761)
[  268.233212][T10766] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  268.239398][T10766] BTRFS info (device loop1): disk space caching is enabled
[  268.241654][T10766] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  268.266996][T10761] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  268.271030][T10761] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  268.285677][T10761] BTRFS info (device loop2): disk space caching is enabled
[  268.295155][T10761] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  268.305779][T10766] BTRFS info (device loop1): rebuilding free space tree
[  268.332711][T10766] BTRFS info (device loop1): disabling free space tree
[  268.336609][T10766] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  268.344420][T10766] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  268.420646][   T33] audit: type=1800 audit(268.293:71): pid=10766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1804" name="file1" dev="loop1" ino=260 res=0 errno=0
[  268.435934][T10761] BTRFS info (device loop2): rebuilding free space tree
[  268.448551][T10761] BTRFS info (device loop2): disabling free space tree
[  268.452945][T10761] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  268.460762][   T33] audit: type=1804 audit(268.343:72): pid=10766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1804" name="/newroot/562/file1/file0/file3" dev="loop1" ino=260 res=1 errno=0
[  268.469127][T10761] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  268.515396][   T33] audit: type=1800 audit(268.383:73): pid=10761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1801" name="file1" dev="loop2" ino=260 res=0 errno=0
[  268.579519][ T5971] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  268.641508][ T5973] BTRFS info (device loop2): last unmount of filesystem 280af933-d3ce-4ef4-b929-9a4fde681bb9
[  269.073742][T10811] loop1: detected capacity change from 0 to 1024
[  269.116891][T10811] hfsplus: invalid xattr key length: 0
[  270.079707][T10862] loop3: detected capacity change from 0 to 1024
[  270.093907][T10862] EXT4-fs: Ignoring removed bh option
[  270.124069][T10862] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.782060][T10873] loop1: detected capacity change from 0 to 512
[  270.835415][T10873] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.928812][T10873] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.1830: corrupted inode contents
[  270.938293][T10873] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #2: comm syz.1.1830: mark_inode_dirty error
[  270.944596][T10873] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.1830: corrupted inode contents
[  270.954496][T10873] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1830: mark_inode_dirty error
[  271.013513][  T794] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  271.151212][ T5971] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.202841][  T794] usb 3-1: Using ep0 maxpacket: 16
[  271.248710][  T794] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.260946][  T794] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.269645][  T794] usb 3-1: config 0 interface 0 has no altsetting 0
[  271.280148][  T794] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  271.311502][  T794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.350087][  T794] usb 3-1: config 0 descriptor??
[  271.388308][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.537644][T10887] loop1: detected capacity change from 0 to 4096
[  271.541366][T10887] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  271.567190][T10887] ntfs3(loop1): Failed to load $Extend (-22).
[  271.569481][T10887] ntfs3(loop1): Failed to initialize $Extend.
[  271.785329][  T794] hid (null): unknown global tag 0xd
[  271.787536][  T794] hid (null): unknown global tag 0xe
[  271.793217][  T794] hid (null): invalid report_count 1370141892
[  271.795631][  T794] hid (null): usage index exceeded
[  271.806742][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.809261][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.811724][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.816834][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.819129][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.821312][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.829613][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.831889][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.834788][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.837154][  T794] cougar 0003:060B:500A.000D: unknown main item tag 0x0
[  271.843275][  T794] cougar 0003:060B:500A.000D: unexpected long global item
[  271.847020][  T794] cougar 0003:060B:500A.000D: parse failed
[  271.849554][  T794] cougar 0003:060B:500A.000D: probe with driver cougar failed with error -22
[  271.982788][ T6001] usb 3-1: USB disconnect, device number 21
[  272.246557][T10903] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1842'.
[  272.691033][T10910] loop3: detected capacity change from 0 to 512
[  272.737238][T10910] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.961132][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.065022][T10922] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1849'.
[  273.365858][T10920] loop2: detected capacity change from 0 to 32768
[  273.399202][T10920] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  273.476775][T10920] XFS (loop2): Ending clean mount
[  273.483384][ T6001] usb 4-1: new low-speed USB device number 22 using dummy_hcd
[  273.553484][ T5973] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  273.648292][ T6001] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  273.651558][ T6001] usb 4-1: config 179 has no interface number 0
[  273.654825][ T6001] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  273.659109][ T6001] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  273.678472][ T6001] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  273.685634][ T6001] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8
[  273.690670][ T6001] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  273.697263][ T6001] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  273.700912][ T6001] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.745188][T10927] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  273.755563][ T6001] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  273.770463][ T6001] xpad 4-1:179.65: probe with driver xpad failed with error -90
[  273.968625][  T794] usb 4-1: USB disconnect, device number 22
[  273.994506][T10942] loop2: detected capacity change from 0 to 32768
[  274.005537][T10942] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1852 (10942)
[  274.012924][T10942] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  274.023392][T10942] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  274.026153][T10942] BTRFS info (device loop2): using free-space-tree
[  274.146566][ T5973] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  274.535357][T10972] loop1: detected capacity change from 0 to 128
[  274.551061][T10972] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  274.636514][T10978] IPv4: Oversized IP packet from 127.202.26.0
[  274.644391][T10972] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  274.933500][ T6001] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  275.074428][T10986] loop2: detected capacity change from 0 to 32768
[  275.085161][ T6001] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  275.088997][ T6001] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  275.092208][ T6001] usb 4-1: config 1 has no interface number 0
[  275.098897][T10986] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  275.103837][ T6001] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.107961][ T6001] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  275.118149][ T6001] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  275.130899][ T6001] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  275.136888][ T6001] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.141099][T10986] XFS (loop2): Ending clean mount
[  275.150379][ T6001] usb 4-1: Product: syz
[  275.151408][T10986] XFS (loop2): Quotacheck needed: Please wait.
[  275.152151][ T6001] usb 4-1: Manufacturer: syz
[  275.158381][ T6001] usb 4-1: SerialNumber: syz
[  275.186376][T10986] XFS (loop2): Quotacheck: Done.
[  275.203542][   T33] audit: type=1800 audit(275.063:74): pid=10986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1869" name="file2" dev="loop2" ino=9287 res=0 errno=0
[  275.264533][ T5973] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  275.435085][T11015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1879'.
[  275.859949][T11024] loop1: detected capacity change from 0 to 32768
[  275.923119][  T795] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  275.974967][T11024] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  275.974981][T11024]   allowing incompatible features above 0.0: (unknown version)
[  275.974987][T11024]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  275.988236][T11024] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  275.991071][T11024] bcachefs (loop1): initializing new filesystem
[  276.000219][T11024] bcachefs (loop1): going read-write
[  276.003702][ T6001] cdc_ncm 4-1:1.1: bind() failure
[  276.010029][T11024] bcachefs (loop1): marking superblocks
[  276.016095][T11024] bcachefs (loop1): initializing freespace
[  276.019687][T11024] bcachefs (loop1): done initializing freespace
[  276.022965][T11024] bcachefs (loop1): reading snapshots table
[  276.025163][T11024] bcachefs (loop1): reading snapshots done
[  276.053312][ T6001] usb 4-1: USB disconnect, device number 23
[  276.064780][T11024] bcachefs (loop1): done starting filesystem
[  276.088240][  T795] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  276.092348][  T795] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  276.096134][  T795] usb 3-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  276.098933][  T795] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.102782][  T795] usb 3-1: config 0 descriptor??
[  276.156074][ T5971] bcachefs (loop1): shutting down
[  276.158423][ T5971] bcachefs (loop1): going read-only
[  276.160121][ T5971] bcachefs (loop1): finished waiting for writes to stop
[  276.162903][ T5971] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[  276.200869][ T5971] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  276.206832][ T5971] bcachefs (loop1): clean shutdown complete, journal seq 4
[  276.209729][ T5971] bcachefs (loop1): marking filesystem clean
[  276.227718][ T5971] bcachefs (loop1): shutdown complete
[  276.687410][T11036] loop3: detected capacity change from 0 to 32768
[  276.717091][  T795] razer 0003:1532:010E.000E: failed to enable macro keys: -71
[  276.721212][  T795] razer 0003:1532:010E.000E: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.2-1/input0
[  276.731533][  T795] usb 3-1: USB disconnect, device number 22
[  276.979801][T11042] ptrace attach of "/syz-executor exec"[6537] was attempted by "/syz-executor exec"[11042]
[  277.275787][T11045] netlink: 39 bytes leftover after parsing attributes in process `syz.1.1883'.
[  277.309371][T11047] loop2: detected capacity change from 0 to 256
[  277.313637][T11047] exfat: Deprecated parameter 'utf8'
[  277.315754][T11047] exfat: Deprecated parameter 'utf8'
[  277.318267][T11047] exfat: Deprecated parameter 'utf8'
[  277.329833][T11047] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d)
[  278.381807][T11065] loop2: detected capacity change from 0 to 256
[  278.636505][T11075] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.639100][T11075] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.646955][T11075] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.658785][T11075] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.668740][T11077] loop1: detected capacity change from 0 to 256
[  278.698650][T11077] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  278.952163][T11089] netlink: 'syz.1.1906': attribute type 1 has an invalid length.
[  279.266799][T11102] loop2: detected capacity change from 0 to 128
[  279.651073][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1915'.
[  279.657863][T11109] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  279.661013][T11109] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  281.444461][T11123] loop2: detected capacity change from 0 to 32768
[  281.464928][T11123] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  281.484356][T11123] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  281.527494][   T33] audit: type=1800 audit(281.403:75): pid=11123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1921" name="file1" dev="loop2" ino=17058 res=0 errno=0
[  282.098449][ T5973] ocfs2: Unmounting device (7,2) on (node local)
[  282.806488][T11148] loop2: detected capacity change from 0 to 32768
[  282.841943][T11148] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  282.848990][T11157] loop1: detected capacity change from 0 to 2048
[  282.856997][T11157] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  282.880852][T11148] XFS (loop2): Ending clean mount
[  282.885513][T11157] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  283.001064][   T33] audit: type=1800 audit(282.873:76): pid=11157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1930" name="file1" dev="loop1" ino=1346 res=0 errno=0
[  283.906263][T11178] loop3: detected capacity change from 0 to 32768
[  283.910667][T11178] btrfs: Deprecated parameter 'usebackuproot'
[  283.912919][T11178] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  283.917748][T11178] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1934 (11178)
[  283.930312][T11178] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  283.934093][T11178] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  283.937550][T11178] BTRFS info (device loop3): using free-space-tree
[  283.959497][T11176] loop1: detected capacity change from 0 to 32768
[  284.005759][ T5973] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  284.070117][T11176] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  284.109466][T11176] XFS (loop1): Ending clean mount
[  284.115747][T11178] BTRFS info (device loop3): rebuilding free space tree
[  284.195908][   T33] audit: type=1800 audit(284.073:77): pid=11178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1934" name="file1" dev="loop3" ino=260 res=0 errno=0
[  284.223359][ T5971] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  284.390988][ T6537] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  284.508304][T11210] syzkaller1: tun_chr_ioctl cmd 1074025677
[  284.510305][T11210] syzkaller1: linktype set to 774
[  284.608698][T11214] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1938'.
[  284.862571][T11230] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1946'.
[  284.931781][T11234] netlink: 'syz.3.1948': attribute type 66 has an invalid length.
[  285.045814][T11236] loop3: detected capacity change from 0 to 4096
[  285.250409][T11244] loop3: detected capacity change from 0 to 512
[  285.257703][T11244] EXT4-fs: Ignoring removed orlov option
[  285.262163][T11244] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  285.268782][T11244] EXT4-fs (loop3): orphan cleanup on readonly fs
[  285.284315][  T794] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  285.288237][T11244] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1952: bg 0: block 248: padding at end of block bitmap is not set
[  285.300105][T11244] Quota error (device loop3): write_blk: dquota write failed
[  285.303822][T11244] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  285.307886][T11244] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1952: Failed to acquire dquot type 1
[  285.314308][T11244] EXT4-fs (loop3): 1 truncate cleaned up
[  285.320992][T11244] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  285.330790][T11244] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  285.345703][T11244] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.1952: Abort forced by user
[  285.350137][T11244] EXT4-fs (loop3): Remounting filesystem read-only
[  285.352824][T11244] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  285.358456][T11244] EXT4-fs: Ignoring removed orlov option
[  285.360899][T11244] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  285.369883][T11244] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  285.405793][ T6537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.451372][  T794] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.475194][  T794] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  285.477909][  T794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.489789][T11251] loop3: detected capacity change from 0 to 1024
[  285.503484][  T794] usb 3-1: config 0 descriptor??
[  285.557386][ T1102] hfsplus: b-tree write err: -5, ino 4
[  285.931568][  T794] holtek 0003:1241:5015.000F: item fetching failed at offset 1/5
[  285.936610][  T794] holtek 0003:1241:5015.000F: parse failed
[  285.939056][  T794] holtek 0003:1241:5015.000F: probe with driver holtek failed with error -22
[  286.139315][  T794] usb 3-1: USB disconnect, device number 23
[  286.751840][T11289] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  286.922327][T11287] loop2: detected capacity change from 0 to 32768
[  286.996223][T11300] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1974'.
[  286.999492][T11300] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1974'.
[  287.003293][T11300] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1974'.
[  287.026494][T11287] bcachefs (loop2): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none,compression=lz4
[  287.026515][T11287]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  287.042006][T11287] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  287.045454][ T6029] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  287.049656][T11287] bcachefs (loop2): recovering from clean shutdown, journal seq 8
[  287.053693][T11287] bcachefs (loop2): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[  287.053693][T11287]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  287.101162][T11287] bcachefs (loop2): error reading btree root btree=accounting level=0: btree_node_read_error, fixing
[  287.108651][T11287] bcachefs (loop2): check_topology... done
[  287.112848][T11287] bcachefs (loop2): accounting_read... done
[  287.118688][T11287] bcachefs (loop2): alloc_read... done
[  287.121905][T11287] bcachefs (loop2): snapshots_read... done
[  287.126795][T11287] bcachefs (loop2): check_allocations...
[  287.156861][T11287] bcachefs (loop2): bucket 0:79 gen 0 has wrong data_type: got btree, should be need_discard, fixing
[  287.165543][T11287] bcachefs (loop2): bucket 0:79 gen 0 data type need_discard has wrong dirty_sectors: got 64, should be 0, fixing
[  287.193839][T11287]  done
[  287.205577][T11287] bcachefs (loop2): going read-write
[  287.248195][T11287] bcachefs (loop2): journal_replay...
[  287.278572][ T6029] usb 4-1: config 0 has an invalid interface number: 103 but max is 0
[  287.284980][ T6029] usb 4-1: config 0 has no interface number 0
[  287.289978][ T6029] usb 4-1: New USB device found, idVendor=0781, idProduct=0001, bcdDevice= 2.00
[  287.292860][ T6029] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.295728][ T6029] usb 4-1: Product: syz
[  287.297043][ T6029] usb 4-1: Manufacturer: syz
[  287.298575][ T6029] usb 4-1: SerialNumber: syz
[  287.301556][ T6029] usb 4-1: config 0 descriptor??
[  287.318794][T11287]  done
[  287.322066][T11287] bcachefs (loop2): check_lrus... done
[  287.325782][T11287] bcachefs (loop2): check_backpointers_to_extents... done
[  287.332655][T11287] bcachefs (loop2): check_extents_to_backpointers... done
[  287.357755][T11287] bcachefs (loop2): check_inodes... done
[  287.369601][T11287] bcachefs (loop2): resume_logged_ops... done
[  287.375478][T11287] bcachefs (loop2): delete_dead_inodes... done
[  287.476786][T11287] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  287.480845][T11287] bcachefs (loop2): check_extents_to_backpointers...
[  287.493937][T11287] bcachefs (loop2): scanning for missing backpointers in 1/512 buckets
[  287.513796][T11287]  done
[  287.522720][T11287] bcachefs (loop2): check_inodes... done
[  287.531401][T11287] bcachefs (loop2): resume_logged_ops... done
[  287.540901][T11287] bcachefs (loop2): delete_dead_inodes... done
[  287.565597][T11287] bcachefs (loop2): done starting filesystem
[  287.603659][ T6029] usb-storage 4-1:0.103: USB Mass Storage device detected
[  287.621626][ T6029] usb-storage 4-1:0.103: Quirks match for vid 0781 pid 0001: 1
[  287.658891][T11287] syz.2.1971 (11287) used greatest stack depth: 15112 bytes left
[  287.670956][ T5973] bcachefs (loop2): shutting down
[  287.672579][ T5973] bcachefs (loop2): going read-only
[  287.674302][ T5973] bcachefs (loop2): finished waiting for writes to stop
[  287.690486][ T5973] bcachefs (loop2): flushing journal and stopping allocators, journal seq 18
[  287.695137][ T6029] usb 4-1: USB disconnect, device number 24
[  287.706056][ T5973] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 19
[  287.712550][ T5973] bcachefs (loop2): clean shutdown complete, journal seq 20
[  287.718207][ T5973] bcachefs (loop2): marking filesystem clean
[  287.739942][ T5973] bcachefs (loop2): shutdown complete
[  288.241782][T11320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1981'.
[  288.993163][  T795] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  289.078303][T11322] loop1: detected capacity change from 0 to 131072
[  289.083205][T11322] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  289.085726][T11322] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  289.089819][T11322] F2FS-fs (loop1): invalid crc value
[  289.143707][T11322] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  289.152921][T11322] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  289.155167][  T795] usb 4-1: Using ep0 maxpacket: 32
[  289.156278][T11322] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  289.161200][  T795] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  289.171590][  T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.186004][  T795] usb 4-1: config 0 descriptor??
[  289.394872][  T795] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  289.405906][  T795] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  289.410529][  T795] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  289.418513][  T795] usb 4-1: media controller created
[  289.446454][  T795] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  289.602550][  T795] az6027: usb out operation failed. (-71)
[  289.606799][  T795] az6027: usb out operation failed. (-71)
[  289.609224][  T795] stb0899_attach: Driver disabled by Kconfig
[  289.611438][  T795] az6027: no front-end attached
[  289.611438][  T795] 
[  289.614767][  T795] az6027: usb out operation failed. (-71)
[  289.616582][  T795] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  289.620821][  T795] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input19
[  289.634654][  T795] dvb-usb: schedule remote query interval to 400 msecs.
[  289.636849][  T795] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  289.651838][  T795] usb 4-1: USB disconnect, device number 25
[  289.664046][ T6308] udevd[6308]: setting mode of /dev/input/event3 to 020660 failed: No such file or directory
[  289.667883][ T6308] udevd[6308]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory
[  289.704623][  T795] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  290.492932][T11355] loop3: detected capacity change from 0 to 1024
[  290.684662][ T9631] hfsplus: b-tree write err: -5, ino 4
[  290.741057][T11361] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  290.818949][T11365] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1999'.
[  291.111896][T11379] loop3: detected capacity change from 0 to 1024
[  291.270081][T11395] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma?
[  291.318556][T11390] loop2: detected capacity change from 0 to 4096
[  291.340354][T11390] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  292.512596][T11414] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  292.518157][T11414] comedi comedi3: 8255: I/O port conflict (0x8000006,4)
[  292.521047][T11414] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  292.538773][T11414] comedi comedi3: 8255: I/O port conflict (0x8,4)
[  292.541515][T11414] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  292.545584][T11416] loop2: detected capacity change from 0 to 512
[  292.551128][T11416] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  292.569354][T11414] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4)
[  292.572282][T11414] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  292.601783][T11414] comedi comedi3: 8255: I/O port conflict (0x3000000,4)
[  292.847807][T11420] loop1: detected capacity change from 0 to 256
[  292.909644][T11420] FAT-fs (loop1): Directory bread(block 64) failed
[  292.912014][T11420] FAT-fs (loop1): Directory bread(block 65) failed
[  292.918083][T11420] FAT-fs (loop1): Directory bread(block 66) failed
[  292.920129][T11420] FAT-fs (loop1): Directory bread(block 67) failed
[  292.922506][T11420] FAT-fs (loop1): Directory bread(block 68) failed
[  292.928359][T11420] FAT-fs (loop1): Directory bread(block 69) failed
[  292.930951][T11420] FAT-fs (loop1): Directory bread(block 70) failed
[  292.936555][T11420] FAT-fs (loop1): Directory bread(block 71) failed
[  292.939181][T11420] FAT-fs (loop1): Directory bread(block 72) failed
[  292.941215][T11420] FAT-fs (loop1): Directory bread(block 73) failed
[  292.965901][T11424] loop2: detected capacity change from 0 to 256
[  293.000110][T11424] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  293.253344][ T6001] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  293.474269][ T6001] usb 2-1: Using ep0 maxpacket: 32
[  293.500837][ T6001] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  293.578457][ T6001] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  293.583644][ T6001] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  293.586793][ T6001] usb 2-1: Product: syz
[  293.588384][ T6001] usb 2-1: Manufacturer: syz
[  293.590177][ T6001] usb 2-1: SerialNumber: syz
[  293.595648][ T6001] usb 2-1: config 0 descriptor??
[  293.598283][T11428] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  293.601551][ T6001] hub 2-1:0.0: bad descriptor, ignoring hub
[  293.605757][ T6001] hub 2-1:0.0: probe with driver hub failed with error -5
[  294.000769][T11441] loop2: detected capacity change from 0 to 16
[  294.008616][T11441] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  294.015798][T11441] cramfs: empty filesystem
[  294.023683][ T6028] usb 2-1: USB disconnect, device number 21
[  296.480784][T11470] loop1: detected capacity change from 0 to 32768
[  296.504465][T11470] JBD2: Ignoring recovery information on journal
[  296.546491][T11470] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  296.595775][ T5971] ocfs2: Unmounting device (7,1) on (node local)
[  297.450087][T11495] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2055'.
[  297.614530][T11501] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  297.618178][T11501] overlayfs: missing 'lowerdir'
[  298.432133][T11529] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  298.471316][T11504] loop2: detected capacity change from 0 to 32768
[  298.474839][T11504] XFS: noikeep mount option is deprecated.
[  298.488217][T11504] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  298.524327][T11504] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  298.541019][T11504] XFS (loop2): Starting recovery (logdev: internal)
[  298.563833][T11504] XFS (loop2): Ending recovery (logdev: internal)
[  298.598711][T11504] XFS (loop2): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 
[  298.603551][T11504] XFS (loop2): Unmount and run xfs_repair
[  298.606673][T11504] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  298.611329][T11504] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  298.615601][T11504] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  298.619140][T11504] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  298.622529][T11504] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  298.627563][T11504] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  298.631225][T11504] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  298.635305][T11504] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  298.639061][T11504] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  298.644088][T11504] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117
[  298.679399][ T5973] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  298.683158][  T795] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  298.690425][ T5973] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair.
[  298.843434][  T795] usb 2-1: Using ep0 maxpacket: 16
[  298.846547][  T795] usb 2-1: too many configurations: 97, using maximum allowed: 8
[  298.876026][  T795] usb 2-1: string descriptor 0 read error: -71
[  298.883723][  T795] usb 2-1: New USB device found, idVendor=2304, idProduct=023b, bcdDevice=7b.5c
[  298.886679][  T795] usb 2-1: New USB device strings: Mfr=249, Product=204, SerialNumber=224
[  298.903770][  T795] usb 2-1: rejected 8 configurations due to insufficient available bus power
[  298.918114][  T795] usb 2-1: no configuration chosen from 8 choices
[  298.931204][  T795] usb 2-1: USB disconnect, device number 22
[  298.967287][T11545] loop2: detected capacity change from 0 to 1024
[  298.994011][T11545] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.038278][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.543352][  T795] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  299.796543][T11567] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  299.800464][ T6028] IPVS: starting estimator thread 0...
[  299.893484][T11568] IPVS: using max 47 ests per chain, 112800 per kthread
[  300.522268][T11570] loop3: detected capacity change from 0 to 32768
[  300.555054][T11570] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  300.566292][T11570] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  300.592909][   T33] audit: type=1800 audit(300.463:78): pid=11570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2079" name="bus" dev="loop3" ino=17058 res=0 errno=0
[  300.614376][  T795] usb 3-1: unable to get BOS descriptor or descriptor too short
[  300.626822][  T795] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  300.644646][  T795] usb 3-1: config 1 has no interface number 1
[  300.660174][ T6537] ocfs2: Unmounting device (7,3) on (node local)
[  300.661237][  T795] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  300.679307][  T795] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.682569][  T795] usb 3-1: Product: syz
[  300.686507][  T795] usb 3-1: Manufacturer: syz
[  300.688394][  T795] usb 3-1: SerialNumber: syz
[  300.877430][T11580] lo speed is unknown, defaulting to 1000
[  300.923447][  T795] usb 3-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  300.926824][  T795] usb 3-1: 2:1 : sample bitwidth 139 in over sample bytes 13
[  300.929742][  T795] usb 3-1: 2:1 : unsupported sample bitwidth 139 in 13 bytes
[  300.947328][  T795] usb 3-1: USB disconnect, device number 24
[  300.972332][ T6308] udevd[6308]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  301.532348][T11600] loop2: detected capacity change from 0 to 2048
[  301.546022][T11600] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  301.552500][ T6308] udevd[6308]: incorrect nilfs2 checksum on /dev/loop2
[  301.563800][T11601] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  301.828272][T11603] loop2: detected capacity change from 0 to 32768
[  301.839411][T11603] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  301.855144][T11603] 
[  301.855969][T11603] ======================================================
[  301.858123][T11603] WARNING: possible circular locking dependency detected
[  301.860254][T11603] syzkaller #0 Not tainted
[  301.861735][T11603] ------------------------------------------------------
[  301.863854][T11603] syz.2.2090/11603 is trying to acquire lock:
[  301.867005][T11603] ffff888012526c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x2f9/0x720
[  301.870680][T11603] 
[  301.870680][T11603] but task is already holding lock:
[  301.873439][T11603] ffff88811c930950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  301.876755][T11603] 
[  301.876755][T11603] which lock already depends on the new lock.
[  301.876755][T11603] 
[  301.880051][T11603] 
[  301.880051][T11603] the existing dependency chain (in reverse order) is:
[  301.882844][T11603] 
[  301.882844][T11603] -> #5 (jbd2_handle){++++}-{0:0}:
[  301.885087][T11603]        lock_acquire+0x120/0x360
[  301.886692][T11603]        start_this_handle+0x1fa7/0x21c0
[  301.888423][T11603]        jbd2__journal_start+0x2c1/0x5b0
[  301.890155][T11603]        jbd2_journal_start+0x2a/0x40
[  301.891823][T11603]        ocfs2_start_trans+0x376/0x6d0
[  301.893460][T11603]        ocfs2_mknod+0xe93/0x2050
[  301.895042][T11603]        ocfs2_create+0x1a5/0x440
[  301.896588][T11603]        path_openat+0x14f4/0x3830
[  301.898210][T11603]        do_filp_open+0x1fa/0x410
[  301.900235][T11603]        do_sys_openat2+0x121/0x1c0
[  301.902109][T11603]        __x64_sys_open+0x11e/0x150
[  301.903713][T11603]        do_syscall_64+0xfa/0x3b0
[  301.905287][T11603]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.907255][T11603] 
[  301.907255][T11603] -> #4 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  301.909901][T11603]        lock_acquire+0x120/0x360
[  301.911479][T11603]        down_read+0x46/0x2e0
[  301.913008][T11603]        ocfs2_start_trans+0x36a/0x6d0
[  301.914726][T11603]        ocfs2_mknod+0xe93/0x2050
[  301.916275][T11603]        ocfs2_create+0x1a5/0x440
[  301.917899][T11603]        path_openat+0x14f4/0x3830
[  301.919496][T11603]        do_filp_open+0x1fa/0x410
[  301.921051][T11603]        do_sys_openat2+0x121/0x1c0
[  301.922652][T11603]        __x64_sys_open+0x11e/0x150
[  301.924262][T11603]        do_syscall_64+0xfa/0x3b0
[  301.925951][T11603]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.928398][T11603] 
[  301.928398][T11603] -> #3 (sb_internal#4){.+.+}-{0:0}:
[  301.931427][T11603]        lock_acquire+0x120/0x360
[  301.933210][T11603]        ocfs2_start_trans+0x26b/0x6d0
[  301.935409][T11603]        ocfs2_mknod+0xe93/0x2050
[  301.937409][T11603]        ocfs2_create+0x1a5/0x440
[  301.939426][T11603]        path_openat+0x14f4/0x3830
[  301.941465][T11603]        do_filp_open+0x1fa/0x410
[  301.943477][T11603]        do_sys_openat2+0x121/0x1c0
[  301.945691][T11603]        __x64_sys_open+0x11e/0x150
[  301.947788][T11603]        do_syscall_64+0xfa/0x3b0
[  301.949812][T11603]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.951874][T11603] 
[  301.951874][T11603] -> #2 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  301.955076][T11603]        lock_acquire+0x120/0x360
[  301.956800][T11603]        down_write+0x96/0x1f0
[  301.958519][T11603]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  301.961046][T11603]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  301.963480][T11603]        ocfs2_mknod+0xe32/0x2050
[  301.965168][T11603]        ocfs2_create+0x1a5/0x440
[  301.966748][T11603]        path_openat+0x14f4/0x3830
[  301.968331][T11603]        do_filp_open+0x1fa/0x410
[  301.969951][T11603]        do_sys_openat2+0x121/0x1c0
[  301.971747][T11603]        __x64_sys_open+0x11e/0x150
[  301.973354][T11603]        do_syscall_64+0xfa/0x3b0
[  301.974966][T11603]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.977031][T11603] 
[  301.977031][T11603] -> #1 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  301.980403][T11603]        lock_acquire+0x120/0x360
[  301.982252][T11603]        down_write+0x96/0x1f0
[  301.983869][T11603]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  301.986348][T11603]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  301.988833][T11603]        ocfs2_init_xattr_set_ctxt+0x307/0x700
[  301.990811][T11603]        ocfs2_xattr_set+0xb70/0x11f0
[  301.992424][T11603]        __vfs_setxattr+0x43c/0x480
[  301.994506][T11603]        __vfs_setxattr_noperm+0x12d/0x660
[  301.996842][T11603]        vfs_setxattr+0x16b/0x2f0
[  301.998870][T11603]        filename_setxattr+0x274/0x600
[  302.001072][T11603]        path_setxattrat+0x364/0x3a0
[  302.003165][T11603]        __x64_sys_setxattr+0xbc/0xe0
[  302.005143][T11603]        do_syscall_64+0xfa/0x3b0
[  302.006726][T11603]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.008703][T11603] 
[  302.008703][T11603] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  302.011113][T11603]        validate_chain+0xb9b/0x2140
[  302.012765][T11603]        __lock_acquire+0xab9/0xd20
[  302.014386][T11603]        lock_acquire+0x120/0x360
[  302.015972][T11603]        down_read+0x46/0x2e0
[  302.017503][T11603]        ocfs2_init_acl+0x2f9/0x720
[  302.019159][T11603]        ocfs2_mknod+0x1321/0x2050
[  302.020850][T11603]        ocfs2_create+0x1a5/0x440
[  302.022461][T11603]        path_openat+0x14f4/0x3830
[  302.024164][T11603]        do_filp_open+0x1fa/0x410
[  302.025888][T11603]        do_sys_openat2+0x121/0x1c0
[  302.027908][T11603]        __x64_sys_open+0x11e/0x150
[  302.029550][T11603]        do_syscall_64+0xfa/0x3b0
[  302.031129][T11603]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.033102][T11603] 
[  302.033102][T11603] other info that might help us debug this:
[  302.033102][T11603] 
[  302.036256][T11603] Chain exists of:
[  302.036256][T11603]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[  302.036256][T11603] 
[  302.040441][T11603]  Possible unsafe locking scenario:
[  302.040441][T11603] 
[  302.042776][T11603]        CPU0                    CPU1
[  302.044424][T11603]        ----                    ----
[  302.046126][T11603]   rlock(jbd2_handle);
[  302.047380][T11603]                                lock(&journal->j_trans_barrier);
[  302.050099][T11603]                                lock(jbd2_handle);
[  302.052242][T11603]   rlock(&oi->ip_xattr_sem);
[  302.053915][T11603] 
[  302.053915][T11603]  *** DEADLOCK ***
[  302.053915][T11603] 
[  302.057062][T11603] 8 locks held by syz.2.2090/11603:
[  302.059140][T11603]  #0: ffff88811c934428 (sb_writers#21){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  302.062776][T11603]  #1: ffff888012526f40 (&type->i_mutex_dir_key#13){++++}-{4:4}, at: path_openat+0x8da/0x3830
[  302.066793][T11603]  #2: ffff8880127643c0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  302.071861][T11603]  #3: ffff888012765240 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  302.076716][T11603]  #4: ffff888115566f40 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  302.082155][T11603]  #5: ffff88811c934618 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_mknod+0xe93/0x2050
[  302.085800][T11603]  #6: ffff8881106520e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x36a/0x6d0
[  302.089964][T11603]  #7: ffff88811c930950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  302.093775][T11603] 
[  302.093775][T11603] stack backtrace:
[  302.096056][T11603] CPU: 1 UID: 0 PID: 11603 Comm: syz.2.2090 Not tainted syzkaller #0 PREEMPT(full) 
[  302.096074][T11603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  302.096084][T11603] Call Trace:
[  302.096091][T11603]  <TASK>
[  302.096098][T11603]  dump_stack_lvl+0x189/0x250
[  302.096119][T11603]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.096135][T11603]  ? __pfx__printk+0x10/0x10
[  302.096154][T11603]  ? stack_trace_save+0x9c/0xe0
[  302.096172][T11603]  print_circular_bug+0x2ee/0x310
[  302.096189][T11603]  check_noncircular+0x134/0x160
[  302.096206][T11603]  validate_chain+0xb9b/0x2140
[  302.096226][T11603]  __lock_acquire+0xab9/0xd20
[  302.096248][T11603]  ? ocfs2_init_acl+0x2f9/0x720
[  302.096261][T11603]  lock_acquire+0x120/0x360
[  302.096280][T11603]  ? ocfs2_init_acl+0x2f9/0x720
[  302.096297][T11603]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  302.096317][T11603]  down_read+0x46/0x2e0
[  302.096338][T11603]  ? ocfs2_init_acl+0x2f9/0x720
[  302.096355][T11603]  ocfs2_init_acl+0x2f9/0x720
[  302.096369][T11603]  ? ocfs2_mknod_locked+0x148/0x250
[  302.096385][T11603]  ? __pfx_ocfs2_init_acl+0x10/0x10
[  302.096398][T11603]  ? dquot_alloc_inode+0x216/0xa50
[  302.096413][T11603]  ? ocfs2_block_signals+0x94/0xe0
[  302.096433][T11603]  ? __pfx_ocfs2_block_signals+0x10/0x10
[  302.096454][T11603]  ? ocfs2_init_security_get+0x139/0x1a0
[  302.096470][T11603]  ocfs2_mknod+0x1321/0x2050
[  302.096487][T11603]  ? __pfx_ocfs2_mknod+0x10/0x10
[  302.096500][T11603]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  302.096517][T11603]  ? __lock_acquire+0xab9/0xd20
[  302.096544][T11603]  ? look_up_lock_class+0x74/0x170
[  302.096563][T11603]  ? register_lock_class+0x51/0x320
[  302.096585][T11603]  ? __lock_acquire+0xab9/0xd20
[  302.096607][T11603]  ? __lock_acquire+0xab9/0xd20
[  302.096665][T11603]  ? do_raw_spin_lock+0x121/0x290
[  302.096685][T11603]  ? do_raw_spin_unlock+0x4d/0x240
[  302.096704][T11603]  ? rcu_is_watching+0x15/0xb0
[  302.096718][T11603]  ? ocfs2_lookup+0x5b9/0x9b0
[  302.096734][T11603]  ocfs2_create+0x1a5/0x440
[  302.096746][T11603]  ? __pfx_ocfs2_lookup+0x10/0x10
[  302.096759][T11603]  ? from_kgid+0x1b0/0x650
[  302.096777][T11603]  ? __pfx_ocfs2_create+0x10/0x10
[  302.096789][T11603]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  302.096803][T11603]  ? inode_permission+0x149/0x470
[  302.096815][T11603]  ? __pfx_ocfs2_permission+0x10/0x10
[  302.096835][T11603]  ? bpf_lsm_inode_create+0x9/0x20
[  302.096850][T11603]  ? __pfx_ocfs2_create+0x10/0x10
[  302.096863][T11603]  path_openat+0x14f4/0x3830
[  302.096879][T11603]  ? arch_stack_walk+0xfc/0x150
[  302.096906][T11603]  ? __pfx_path_openat+0x10/0x10
[  302.096921][T11603]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.096942][T11603]  do_filp_open+0x1fa/0x410
[  302.096957][T11603]  ? __lock_acquire+0xab9/0xd20
[  302.096977][T11603]  ? __pfx_do_filp_open+0x10/0x10
[  302.097002][T11603]  ? _raw_spin_unlock+0x28/0x50
[  302.097025][T11603]  ? alloc_fd+0x64c/0x6c0
[  302.097048][T11603]  do_sys_openat2+0x121/0x1c0
[  302.097063][T11603]  ? __se_sys_futex+0x36f/0x400
[  302.097082][T11603]  ? __pfx_do_sys_openat2+0x10/0x10
[  302.097097][T11603]  ? __fget_files+0x2a/0x420
[  302.097111][T11603]  ? rcu_is_watching+0x15/0xb0
[  302.097126][T11603]  __x64_sys_open+0x11e/0x150
[  302.097143][T11603]  do_syscall_64+0xfa/0x3b0
[  302.097163][T11603]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.097181][T11603]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.097195][T11603]  ? exc_page_fault+0x9f/0xf0
[  302.097213][T11603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.097227][T11603] RIP: 0033:0x7f8ff498ebe9
[  302.097242][T11603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.097255][T11603] RSP: 002b:00007f8ff581f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  302.097271][T11603] RAX: ffffffffffffffda RBX: 00007f8ff4bb5fa0 RCX: 00007f8ff498ebe9
[  302.097282][T11603] RDX: 389b0d52417bb201 RSI: 0000000000064842 RDI: 00002000000005c0
[  302.097293][T11603] RBP: 00007f8ff4a11e19 R08: 0000000000000000 R09: 0000000000000000
[  302.097303][T11603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.097312][T11603] R13: 00007f8ff4bb6038 R14: 00007f8ff4bb5fa0 R15: 00007ffc514dedd8
[  302.097328][T11603]  </TASK>
[  302.257325][    C1] vkms_vblank_simulate: vblank timer overrun
[  302.265560][   T33] audit: type=1800 audit(302.133:79): pid=11603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2090" name="bus" dev="loop2" ino=17058 res=0 errno=0
[  303.202333][ T5973] ocfs2: Unmounting device (7,2) on (node local)

VM DIAGNOSIS:
01:37:39  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff81b44deb RBX=1ffff11026cc7f61 RCX=ffff8880244cb980 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc90004e7f8a0 RSP=ffffc90004e7f720
R8 =ffffffff8fa37d37 R9 =1ffffffff1f46fa6 R10=dffffc0000000000 R11=fffffbfff1f46fa7
R12=ffff88813663fb08 R13=dffffc0000000000 R14=ffff88804b03b1c0 R15=0000000000000001
RIP=ffffffff81b44dd3 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa0b2e91c80 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055cd12521188 CR3=000000010e706000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=2073692073696874 0202020202020202 XMM01=ff00000000000000 0000000000000000
XMM02=ffffff0000000000 ffffffffffffffff XMM03=ff000000000000ff ffffffffff000000
XMM04=0000000000000000 0000000000000000 XMM05=ff000000000000ff 00ffffffff000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00000000ffff0000 XMM09=332f336273752f32 2e6463685f796d6d
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000075 RBX=0000000000000075 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000002a55 RDI=0000000000002a56 RBP=00000000000003f8 RSP=ffffc900031ae8f0
R8 =ffff888020278237 R9 =1ffff1100404f046 R10=dffffc0000000000 R11=ffffffff854f0230
R12=dffffc0000000000 R13=ffffffff99af98f9 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854f02ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8ff581f6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000019680 CR3=000000003e800000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=00007f569ff87498 ffffffff8133c57e XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=00007f569ff87478 00007f569ff874c0
XMM06=00007f569ff874b8 00007f569ff874b0 XMM07=00007f569ff874a8 00007f569ff874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f569fe12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
