last executing test programs:

42.481015715s ago: executing program 0 (id=1492):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x68, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

42.430906136s ago: executing program 0 (id=1494):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x1080, 0x1}, 0x18, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r0, 0x0)
r2 = getpgid(0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x0, 0x0, 0x4)

42.360972458s ago: executing program 0 (id=1496):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c696e6f646536342c6c6f63616c616c6c6f633d30303030303030303030303030303030313731342c61636c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c00882bb7a63864a19f186813ab5265f313eeeea0cb144b9317f58558f596fa072f9a29c38a293509350482fc7f"], 0x1, 0x4450, &(0x7f0000008900)="$eJzs3c9vHGcZAOB3Jia1Qxvs0EORkFiJSiBAlt0T4Eo4jhPXbkxQIBXislnb28Sw9kb2GnGohLlV4oTEAXGoQOLmU+UD1yLxD3DhWK5UggMXJKSIRbs7a++Md/ESdus6eh4pHs/3a971uzPzzWHypZnG4+390vZ+qbJbqm++vf9a6cf12sFONdKPyUUfn+GMPk9JyP3FuXfrznffei3iD1t//qjZbDajZSL6mu/5/Z//eGezd9uVFvq0xu0/2qj8ICJePhNXy5WI+P7vI5KIuJmVLWXbqYi4Hp26t975+cPSiKJ5/8Pq6+Wn6+8eL7y6dvTe8eDPnkT8uva5rz3a+dsXryz85SsjOjwAAAAAAAAAAAAAAAAAAJfcyv17D74zNx8fJDFxlJx9X3cl2w56P7Y5Ml8Y/4cFAAAAAAAAAAAAAAAAAACAT6jT9/9LyY1kIiLy7/8vZ9vFAf2b3xp/jIzP6rfvLd+em8/Wf0/O1H89K/r7zSsx02fd9+L67zcL/fuv//7CyOLvxtc97nQk6WxuP01nZyN+my38/kpyLa3V9xtffbt+sLs1sjAurXz+O6v3574F2YL+w+Z/qTD++Nf//2wUv7Wt/Ydnv8r0kc//lYHtfvezZKj83yr0+zjyz7PL53+iXTbV22CxcwFo5f8XE+fnf7kw/rjyfz0iSkkr1lLubnIj6ZQPmq+Ql8//p9pluUtn9occdP7/q5D/24XxL+r6f1i8EdFXPv9X22WTuRan5/9Mev75f6cw/kXkvxX/ofv/UPL5z66kE7km7b/ksNf/lcL448r/g7Qd51/jepL7BhwlnfgH/X915OXzP3mm/vT5Lx1q/vdGoX///I/u5OzG1z1u+/mv2Wz+NNv/ctJ5/qO/fP6nBrYb9vxfLfQb9/V/MUpDPwFcHWcgl1Q+/9faZfm583T757D5X+vdeTq+/LdnJZPd/J9eT/79Qqf8Nz3zvwfjCOA5kc//pzuFaW+Lw/bP9vwvOX/+/2Zh/P+S/+RwJJ/g7PyvFf9hOpLBn3v5/L84sF0r/38a4v5/t9Bv/PP/iDlz/WeWz/9LA9u1z//J8/O/Xug37vx/aZyDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwCS9l2OpJ0NrefprOzEbey/VfiWrJR2Spv1OqbP9qPWM7KS3EjeVSrb1Rq5e3d+la1XKnV6psRt7P6l2My2a/VG+WdypM7J2NNJY+rlb3GRrXSiIiVrPzz8VJ3rI3txk7lSUS8cVL3mbS+9+RxZbe8tb33zbm5ublYPYlhJqn+pFHdbXSO3qmNWDvpO530BNeufvMklheTH9YP9nYrtXb53Z4+tfpmpdbTZz2r+2XMJI29g93NSqNartUfdY83yB+vPmNy/geL2XZ59f737t+dP1P/MOlsl8YfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/hw8WvvGriJjo7KURUUqyX5LsX877H1ZfLz9df/d44dW1o/eOP+rXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMByj2/d+2vdRKS42l5G/H7+/R/nz6V+303fvzjDjJzO00t3/1A35d/TKL8tR6s279PN+usjJmrvZ7Anw306GPcZmtu3ufn6vteRchURbclvUs5VtewtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AoAAP//YvMk6w==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r0, 0x0, 0x6, 0x8001)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x100c007, &(0x7f0000000080)=ANY=[@ANYBLOB="0500f5ff", @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,adinicb,utf8\x00noadinicb,lastblock=00000000000000001313,partition=00000000000000000004,session=00000000000000000009,dmode=00000000000000000002007,defcontext=root,\x00'], 0xfd, 0xc2f, &(0x7f0000000280)="$eJzs3UFsHNd9B+D/G5IiaTcVEyeK3cbFui1SmbFcWVJMxSrcVU2zDSDLRCjmFoArcqUuTJEESTWykbZMLz30EKAoesiJQGsUSNHAqIugR7Z1geTiQ5FTT0QLG0HRA1sEyMlgMLNvpSVFWYxISpT1fTb12515b+bNm+EMJfDtCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdePX/yhfSgWwEA3E8XJ7528pTnPwA8Ui75+z8AAAAAAAAAAAAAABx2KYp4IlIsXNxIU9X7toELrbnrNyZHx3auNpiqmj1V+fJr4IVTp898+cWRs538+Pr77al4feLS+dor89cWFptLS82Z2uRca3p+ptj1Fnau37znFg2XHdAfEddnrlxZqp16/vSW1TeGPux//NjQuZFnTzzdLnujNjk6NjbRVaa37573fps7jfA4EkWciBTPff8nqRERVYftsS/ucu0ctMHqIIarg5gcHasOZLbVmFsuV453OqKIqHVVqnf66D6ciz2pR6yUzS8bPFwe3sRCY7FxebZZG28sLreWW/Nz46nd2vJ4alHE2RSxGhHr/bdvri+K6I0U3z26kS5HRE+nH75UDQy+czt2/511IMp21voiVouH4JwdYv1RxGuR4qfvHY/pss/yV3wx4rUyfxDxdpkvR6TywjgT8cEO1xEPp94o4i/K839uI81U94POfeXC12tfnbsy31W2c1/Z2/NhM1899/35MLgt749Dfm8aiCIa1R1/I937DzsAAAAAAAAAAAAAAAAA7LfBKOKpSPHqf/xRNa44qnHpR8+N/P7Qp7rHjD95l+2UZZ+PiJVid2Nyj+QhxONpPKUHPJb4UTYQRfxxHv/37QfdGAAAAAAAAAAAAAAAAAAAgEdaET+OFC+9fzytRvec4q25q7VLjcuz7VlhO3P/duZM39zc3KyldtZzTuVcybmacy3nes4ocv2c9ZxTOVdyruZcy7meM3py/Zz1nFM5V3Ku5lzLuZ4zenP9nPWcUzlXcq7mXMu5njMOydy9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfJEUU8VGk+M43N1KkiKhHTEU71/ofdOsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFJ/KuLdSFH7g/rNZb0Rkar/246Xf5yJ+pEyPxP1kTJfjvr5nI0qe+vffgDtZ2/6UhE/ihT9A+/cPOGfap//vva7m5dBvP2tW+9+pbedPZ2VQx/2P37s6LmRsV978k6v004NGL7Qmrt+ozY5OjY20bW4N+/9M13LhvJ+i/05dCJi6c233mjMzjYX7/1FeQnsoboXu35xRD/f24vNfLX/otWj9xA0/gG9eMA3Ju6L8vn/QaT47ff/s/PA7/z890vtdzef8PGzP7n1/H9p+4YO6Pn/RNeyl/JPI329EQPL1xb6jkUMLL351onWtcbV5tXm3JmTJ78yMvKV0yf7jkQMXGnNNrte7bmrAAAAAAAAAAAAAAAAAO6vVMTvRorGjzZSLSJuVOO1hs6NPHvi6Z7oqcZbbRm39frEpfO1V+avLSw2l5aaM7XJudb0/Exzt7sbqIZ7TY6OHcjB3NXgAbd/cOCV+YU3F1tX/3B5x/WPDZy/vLS82JjeeXUMRhFR714yXDV4cnSsavRsqzFXVR3fcTDdL64vFfFfkWL6TC09k5fl8X/bR/hvGf+/sn1DBzT+79Ndy8p9plTEzyLFb/3lk/FM1c7H4rY+y+X+NlIMn/1CLhdHynKdNrQ/V6A9MrAs+3+R4h8/2lq2Mx7yiVtlX9h1xz4kyvN/NFK8++ffi1/Py3q3fP7Dzuf/se0b2uX53/zTbfXucv4/27XssS2fV7A/x/+oK8//iUjx8hPvxG/kZb0f8/kfnc/eOJ4L3/x8jgP6/v9c17KhvN/f3J9DBwAAAAAAAAAAeKj1pSL+LlI8PdabXszLdvP7fzPbN3RAv//1+a5lM/szX9FdX+y5UwEAAADgkOhLRfw4UlxdfufmGOqt47+7xn/+zq3xn6Np29rq3/l+ufrcgP38979uQ3m/U3s/bAAAAAAAAAAAAAAAAAAAADhUUirixTyf+tRd5lNfixSv/s9zuVw6VpbrzAM/VP05cHF+7sT52dn56cZy4/Jsszax0JhulnU/Gyk2/uYLuW5Rza/+zLZ9dOZiX4wUY3/fKduei70zN3l7PvD2XOxl2U9Hiv/+h61lO/NYf+5W2VNl2b+OFN/4553LHrtV9nRZ9nuR4offqHXKPlaW7Xw+6udvlX1+er7Y1/MBAAAAAAAAAAAAAAAAAADAo6kvFfFnkeJ/r63eHMuf5//v63pbeftbXfP9b3Ojmud/qJr//06v72X+/6Hba3y02RaxefQejxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA63FEW8FSkWLm6ktf7yfdvAhdbc9RuTo2M7VxtMVc2eqnz5NfDCqdNnvvziyNlOfnz9/fZUvD5x6XztlflrC4vNpaXmTG1yrjU9P9Pc9Rb2Wn+74aoDatfeuD5z5cpS7dTzp7esvjH0Yf/jx4bOjTx74ulO2cnRsbGJrjK9ffe899ukOyw/EkX8VaR47vs/Sf/SH1HE3vviLtfOQRusDmK4OojJ0bHqQGZbjbnlcuV4pyOKiFpXpXqnj+7DudiTesRK2fyywcPl4U0sNBYbl2ebtfHG4nJruTU/N57arS2PpxZFnE0RqxGx3n/75vqiiDcixXePbqR/7Y/o6fTDly5OfO3kqTu3ozjAY9yFsp21vojV4iE4Z4dYfxTxT5Hip+8dj3/rj+iN9ld8MeK1Mn8Q8Xa0z3cqL4wzER/scB3xcOqNIv6/PP/nNtJ7/eX9oHNfufD12leX3+0u27mvPPTPh/vpkN+bBqKIH1Z3/I30776vAQAAAAAAAAAAAAAAAA6RIn41Urz0/vFUjQ/uDIpebM1drV1qXJ5tD+vrjP3rrN7c3NyspXbWc07lXMm5mnMt53rOKHL9nPUyBzY3p/L7lZyrOddyrueMnlw/Zz3nVM6VnKs513Ku54zeXD9nPedUzpWcqznXcq7njEMydg8AAAAAAAAAAAAAAAAAAPhkKar/Unznmxtps789v/RUtHPNfKCfeD8PAAD//4Vl++I=")
ioctl$FITRIM(r0, 0x40406f06, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x100})

41.978034552s ago: executing program 0 (id=1502):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x1000811, &(0x7f0000000540)=ANY=[@ANYBLOB='keep_last_dots,dmask=00000000000000000000104,uid=', @ANYRESHEX=0x0, @ANYBLOB=',iocharset=koi8-u,fmask=00000000000000000000005,discard,allow_utime=00000000000000000000002,iocharset=macceltic,allow_utime=00000000000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c857466382c6f626a5f6c6f775f4ad7696d652c666f00"/34, @ANYRESDEC=0x0, @ANYBLOB=',dont_hash,dont_appraise,smackfsroot=fowner<,\x00'], 0x1, 0x1524, &(0x7f0000002280)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yX8vb31fu/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVtwuyok7RHlRQbR2lUQlUVm0cVXE3aKqqCqqieqihqgpaopaopaoLWqLOqKOqCvqinriIVFf9MJ++Ii40JlGYjA2FkOwiWgq5KVPsJZiGLYSrUUb8ZQYgcOxnWjpksSzor0YjR3EX8QYfF50EuOws3hRdBFdRTfxkuguWrkeoqeYhL1EbzEV+4i+op/oL2ZgdfEBzs5ZQ7wuUsRgMUS8Iebjm2KYeEsMFyPESPG2GCXeEaPFGDFWjBOpYryYIN4VE8V7YpKYLKaIqSJNTBPTxftihpgpZokPxGzxoZgj5op5Yr5IFx+JBWKhyBAfi0XiE5EpFoslYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix3iU7FTfCZ2id1ij/hc7BVfiH3iS7FffCUOiK9FlvhGHBTfikPiO3FYfC+OiB/EUXFMHBc/ihPiJ3FSnBKnxRlxVvwszolfxHnhBUiUQkqpZCBjZA4ZK3PKOHmNzCWDS8/u9TJe3iDzyBtlXplP5pcFZIIsKAtJLY20kmQoC8siMipvkkXlzbKYLC5LyJLSyVIyUd4iS8tbZRl5mywrb5fl5B2yvKwgK8pK8k5ZWd4lIXJxH9VkdVlD1pT3ymS4T9aW98s68gFZVz4o68mHZH35sGwgH5EN5aOykXxMNpaPyyayqWwmm8sW8gnZUj4pW8nWso18SraVT8t28hmZJJ+V7aW/9BJ5XnaSL8jO8kXZRXaV3eQv8rz0sofsKaEXyN7yFdlH9pX9ZH85QL4qB8rX5CD5ukyRg+UQ+YYcKt+Uw+RbcrgcIUfKt+Uo+Y4cLcfIsXKcTJXj5QT5rpwo35OT5GQ5RU6VaXKa7HdppllS/sP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zF6rB6nU/V4PUG/qyfq9/QkPVlP0VN1mp6mp+v39Qw9U8/SH+jZ+kM9R8/V8/R8na4/0gv0Qp2hP9aL9Cc6Uy/WS/RSvUwv1yv0Sr1Kr9Zr9Fq9Tq/XG/RGvUlv1lv0Vr1Nb9c79Kd6p/5M79K79R79ud6rv9D79Jd6v/5KH9Bf6yz9jT6ov9WH9Hf6sP5eH9E/6KP6mD6uf9Qn9E/6pD6lT+sz+qz+WZ/Tv+jz2l84ub/w9W6UUSbGxJhYE2viTJzJZXKZ3Ca3iZiIiTfxJo/JY/KavCa/yW8STIIpZAqZC8iQKWwKm6iJmqKmqClmipkSpoRxxplEk2hKm9KmjCljypqyppwpZ8qb8qaiqWjuNHeau8xd5m5zt7nH3GOqm+qmpqlpaplaprapbeqYOqauqWvqmXqmvqlvGpgGpqFpaBqZRqaxaWyamCammWlmWpgWpqVpaVqZVqaNaWPamramnWlnkkySaW/amw6mg+loOppOppPpbDqbLqaL6Wa6me6mu+lhephkk2x6m96mj+lj+pl+ZoAZYAaagWaQGWRSTIoZYoaYoWaoGWaGmeFmhBl54UTVvGNGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbBWaByTAZZpFZZDJNpllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSZLHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02+S9+X3sTanDbOXmNz2Wttbnud/ds4vy1gE2xBW8hqm9fm+01srLXFbHFbwpa0zpayifaW38XlbQVb0Vayd9rK9i5b5XdxLXufrW3vt3XsA7amvfc3cV37oK1nH7P1EQFsU9vQNreN7GO2sX3cNrFNbTPb3La1T9t29hmbZJ+17e1zv4sX2IV2lV1t19i1dpfdbU/bM/aQ/c6etT/bHranHWBftQPta3aQfd2m2MG/i0fat+0o+44dbcfYsXbc7+IpdqpNs9PsdPu+nWFn/i5Otx/Z2TbDzrFz7Tw7/9f4Qk0Z9mO7yH5iM20AS+xSu8wutyvsyv9f61K73m6wG+1O+5ndYrfabXa73XH5RNjutnvs53av/cIetN/a/fYre8Aetln2m1/jC8d32H5vj9gf7FF7zB63P9oT9id1OfvCsf9of7HnrbdASECSFAUUQzkolnJSHF1Duehayk3XUYSup3i6gfLQjZSX8lF+KkAJVJAKkSZDlohCKkxFKEo30eXySlBJclSKEukWKk23Uhm6jcrS7VSO7qDyVIEqUiW6kyrTXVSF7qaqdA9Vo+pUg2rSvVSL7qPadD/VoQeoLj1I9eghqk8PUwN6hBrSo9SIHqPG9Dg1oabUjJpTC3qCWtKT1IpaUxt6itrS09SOnqEkepba03PUgf5CHel56kQvUGd6kbpQV+pGL1F3epl6UE9Kpl7Um16hPtSX+lF/GkCv0kB6jQbR65RCg2kIvUFD6U0aRm/RcBpBI+ltGkXv0GgaQ2NpHKXSeJpA79JEeo8m0WSaQlMpjabRdHqfZtBMmkUf0Gz6kObQXJpH8ymdPqIFtJAy6GNaRJ9QJi2mJbSUltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQZ/STvqMdtFu2kOf0176gvbRl7SfvqID9DVl0Td0kL6lQ/QdHabvfU/6gY7SMTpOP9IJ+olO0ik6TWfoLP1M5+gXOk+eIMRQhDJUYRDGhDnC2DBnGBdeE+YKrw1zh9eFkfD6MD68IcwT3hjmDfOF+cMCYUJYMCwU6tCENqQwDAuHRcJoeFNYNLw5LBYWD0uEJUMXlgoTw1vC0uGtYZnwtrBseHtYLrwjLB9WCB97oFJ4Z1g5vCusEt4dVg3vCauF1cMaYc3w3rBWeF9YO7w/rBM+EJYJHwzrhQ+F9cOHwwbhI2HD8NGwUfhY2Dh8PGwSNg2bhc3DFuETYcvwybBV2DpsEz4Vtg2fDtuFz4RJ4bNh+/C5X9c/uPDvr08Oe4W9w1fCV0Lv75fzovOj6dGPoguiC6MZ0Y+ji6KfRDOji6NLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohuj3tfMAQ6dcNIpF7gYl8PFupwuzl3jcrlrXW53nYu46128u8HlcTe6vC6fy+8KuARX0BVy2hlnHbnQFXZFXNTd5Iq6m10xV9yVcCWdc6VcomvuWrgWrqV70rVyrV0b95R7yj3tnnbPuGfcs669e851cH9xHd3zrpN7wb3gXnRdXFfXzb3kurvxuS++J5Ndb9fb9XF9XD/Xzw1wA9xAN9ANcoNciktxQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yo91oN9aNdaku1U1wE9xEN9FNcpPcFDfFpbk0N91NdzPcDFd55sW9zHFz3Dw3z6W7dLfAXThnzHCL3CKX6TLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/dxUndXrfP7XP73X53wH3tstw37qD71h1y37nD7nt3xP3gjrpj7rj70Z1wP7mT7pQ77c64s+5nd8794s4771Ij4yMTIu9GJkbei0yKTI5MiUyNpEWmRaZH3o/MiMyMzIp8EJkd+TAyJzI3Mi8yP5Ie+SiyILIwkhH5OLIo8kkkM7I4siSyNLIssjzifcEtoS/si/iov8kX9Tf7Yr64L+FLeudL+UR/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27fwzPsk/69v753wH/xff0T/vO/kXfGf/ou/iu/pu/iXf3b/se/iePtn38r39K76P7+v7+f5+gH/VD/Sv+UH+dZ/iB/sh/g0/1L/ph/m3/HA/wo+MeduPunyJDON8qh/vJ/h3/UT/np/kJ/spfqpP89P8dP++n+Fn+ln+Az/bf+jn+Ll+np/v0/1HfoFf6DP8x36R/8Rn+sWXbyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+U7/Tf+Z3+d1+j//c7/Vf+H3+S7/ff+UP+K99lv/GH/Tf+kP+O3/Yf++P+B/8UX/MH/c/+hP+J3/Sn/Kn/Rl/1v/sz/lf/Hn+nTXGGGOMsX/K+CtD8ds1F2/n9/qDHPFXG/cGgGu3Fsj66/UXzijX5b047isS2kYA4NmenR+5vFSrlpycfGnbTAlBkbkAl/8n6IIYuBIvhjbwNCRBayj9h/X3FV3P0j+YP3o7QNxf5cTClfjK/F8CYPIfzP/EUyMXlAtPx/8X888FKFbkSk5OuBIvhja/3l9pDWX+Tv35Wv6D+nN+lQrQ6q9ycsGV+Er9ifAkPAdJv9mSMcYYY4wxxhi7qK+o2PHy9efln/j8o+vzBHUlJwdcif/R9TljjDHGGGOMMcauvue7dnvmiaSk1h3/9UGV/1bWPz1oDP9TM/PgDwfeA1x+RAHAvzkhwIWB/E8exeb/yL5SLr11/nbVsjM+gP8drfwzBlf5g4kxxhhjjDH2p7ty0v/bx9XVKogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/TuxqHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//9IVQM5")
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)

41.695603664s ago: executing program 0 (id=1506):
socket$alg(0x26, 0x5, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_open_procfs(0xffffffffffffffff, 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
fsetxattr$trusted_overlay_origin(r4, &(0x7f0000000440), 0x0, 0x0, 0x1)

41.411547543s ago: executing program 0 (id=1511):
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[], 0x1, 0x171, &(0x7f0000000480)="$eJzs2rFKw0AYB/DParEUn8Cp0Ax1aJMmWgV3QXDyAcTQ3tXQxEgiSDsFX0BxiI/g6qqbj9DZzU1dXB0kkvRq2zsXCxLB/29o/vTLfXcJ4aarB77X5GGdaC262n8uBL5XaVmbbd7kNo3sElElDcMkuW6Q4vCrPkyihnJD9V5ca9147447LjPVHgAAAAAAAAAAAAAAAAAAAAAA/0T1RYTyUezfcMdlzalq2B/0bNdlQTj+RyNxRod47G9zR2PWTL/aO5GWnd9x4p3ztJ8xU9fSTqUk80byfPqpd6KH/UHd8ewu67Jj07RaxrphbJh61kuXO2qXYk1EpfRnQXo+7XZynujRUM8TUXl0WVp14ouzrHtRfv4CBZMX8YMQzTUKIcdAEdEfWIYIT69E35dK4gNlQVic/lYXR/dsHWSlnBb/keT/6n47yPsHdZat6kO6fzTavttR9k8pjEfPM3lBjO3ZK+kUyo4GkJPPAAAA///+VynD")
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)

41.364591794s ago: executing program 32 (id=1511):
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[], 0x1, 0x171, &(0x7f0000000480)="$eJzs2rFKw0AYB/DParEUn8Cp0Ax1aJMmWgV3QXDyAcTQ3tXQxEgiSDsFX0BxiI/g6qqbj9DZzU1dXB0kkvRq2zsXCxLB/29o/vTLfXcJ4aarB77X5GGdaC262n8uBL5XaVmbbd7kNo3sElElDcMkuW6Q4vCrPkyihnJD9V5ca9147447LjPVHgAAAAAAAAAAAAAAAAAAAAAA/0T1RYTyUezfcMdlzalq2B/0bNdlQTj+RyNxRod47G9zR2PWTL/aO5GWnd9x4p3ztJ8xU9fSTqUk80byfPqpd6KH/UHd8ewu67Jj07RaxrphbJh61kuXO2qXYk1EpfRnQXo+7XZynujRUM8TUXl0WVp14ouzrHtRfv4CBZMX8YMQzTUKIcdAEdEfWIYIT69E35dK4gNlQVic/lYXR/dsHWSlnBb/keT/6n47yPsHdZat6kO6fzTavttR9k8pjEfPM3lBjO3ZK+kUyo4GkJPPAAAA///+VynD")
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)

5.704772764s ago: executing program 3 (id=1803):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}})

5.421026947s ago: executing program 3 (id=1805):
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)={0x90a00, 0x0, 0x2a}, 0x18)

5.329721735s ago: executing program 3 (id=1806):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18020000000100000000000000000000850000002900000085000000d000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

5.045811586s ago: executing program 3 (id=1807):
syz_usb_connect(0x0, 0x36, &(0x7f0000001740)=ANY=[@ANYBLOB="12010000fe07124081173809499b010203010902240001000000000904ff00028b8647000905e8ff00090000000905", @ANYRES64], 0x0)

3.353910596s ago: executing program 3 (id=1811):
r0 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
memfd_create(0x0, 0x2)
ioprio_set$uid(0x3, 0xee00, 0x4007)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c000280050001000000000008"], 0x98}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r3 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
shmat(r3, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
wait4(0x0, 0x0, 0x8, 0x0)
shmctl$IPC_RMID(r3, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x800, 0x60)
write$RDMA_USER_CM_CMD_BIND_IP(r4, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)

1.590453404s ago: executing program 3 (id=1823):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000019080)=0x30)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x32)

1.222472044s ago: executing program 2 (id=1827):
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r2, r2, 0x0, 0x20003f)

555.737782ms ago: executing program 1 (id=1832):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x40, r1, 0x403, 0x2070bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x9}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x4}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x100}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4800}, 0x20000000)

472.036488ms ago: executing program 1 (id=1833):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000640)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x1c, r1, 0x852dd6c070cd7e4d, 0x1, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}, 0x4, 0x700000000000000}, 0x0)

420.750262ms ago: executing program 1 (id=1834):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0)

420.438197ms ago: executing program 1 (id=1835):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'vlan1\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000000)={0x11, 0x1c, r2, 0x1, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)='I', 0x1}], 0x1)

322.177309ms ago: executing program 1 (id=1836):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ce3d000005"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000400)={r0, &(0x7f0000000380), 0x0}, 0x20)

321.806789ms ago: executing program 2 (id=1837):
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10)
syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x1}, &(0x7f0000000100), &(0x7f0000000140))
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x20000080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[], 0x10)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

271.811898ms ago: executing program 1 (id=1838):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000440)={0x4, 0xb46, 0x800077, 0x20000000000413, 0x4, 0x6, 0x1000, 0xf67, 0xf})
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000002540)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000140)={0x0, 0x2, 0x4, 0x7ec, 0x2000010000, 0x1ffffffffffff, 0x96c7, 0xfffffffffffffffc, 0x9})

223.339503ms ago: executing program 2 (id=1839):
r0 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, 0x0)

132.499957ms ago: executing program 2 (id=1840):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000140)="b9ff03076804268cb89e14f088a847e0ffff2000000000000000ac141416e0885a049a179424", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48)

82.58485ms ago: executing program 2 (id=1841):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x3, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=<r1=>0x0, &(0x7f00000002c0)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x20, 0x0, 0xffff, 0x0, 0x0, 0x9122, 0x0, 0x1, {0x2}})
io_uring_enter(r0, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=1842):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587", @ANYRES16], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

kernel console output (not intermixed with test programs):

rain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow
[  167.555170][ T8361]   allowing incompatible features above 0.0: (unknown version)
[  167.555181][ T8361]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  167.573493][ T8361] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  167.578433][ T8361] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr SPOS_MAX len 0 ver 0: durability: 0 (invalid extent entry 0000000000000000)
[  167.578473][ T8361]   value too big (6 > 4), deleting
[  167.587142][ T8361] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  167.590466][ T8361] bcachefs (loop0): Version upgrade required:
[  167.590466][ T8361] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  167.590466][ T8361] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  167.590466][ T8361]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  167.617829][ T8361] bcachefs (loop0): dropping and reconstructing all alloc info
[  167.635678][ T8361] bcachefs (loop0): accounting_read... done
[  167.640110][ T8361] bcachefs (loop0): alloc_read... done
[  167.642533][ T8361] bcachefs (loop0): snapshots_read... done
[  167.645198][ T8361] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[  167.649441][ T8361] bcachefs (loop0): done starting filesystem
[  167.787099][ T5999] bcachefs (loop0): shutting down
[  167.828632][ T5999] bcachefs (loop0): shutdown complete
[  168.169536][ T6046] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  168.319398][ T6046] usb 2-1: Using ep0 maxpacket: 8
[  168.329491][ T6046] usb 2-1: config index 0 descriptor too short (expected 74, got 45)
[  168.335432][ T6046] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.339193][ T6046] usb 2-1: config 0 has no interfaces?
[  168.341789][ T6046] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  168.345058][ T6046] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.361996][ T6046] usb 2-1: config 0 descriptor??
[  168.704136][ T6060] usb 2-1: USB disconnect, device number 11
[  169.451113][ T8391] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  169.909152][ T6060] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  170.061064][ T6060] usb 2-1: unable to get BOS descriptor or descriptor too short
[  170.064760][ T6060] usb 2-1: config 1 interface 1 has no altsetting 0
[  170.068918][ T6060] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  170.072183][ T6060] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.075034][ T6060] usb 2-1: Product: syz
[  170.076681][ T6060] usb 2-1: Manufacturer: syz
[  170.078325][ T6060] usb 2-1: SerialNumber: syz
[  170.311262][ T6060] usb 2-1: found format II with max.bitrate = 2418, frame size=7
[  170.313700][ T6060] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  170.367785][ T6060] usb 2-1: USB disconnect, device number 12
[  170.390643][ T5912] udevd[5912]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  171.429040][ T6061] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  171.626939][ T6061] usb 2-1: unable to get BOS descriptor or descriptor too short
[  171.631935][ T6061] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  171.635066][ T6061] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  171.641362][ T6061] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  171.644029][ T6061] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.646909][ T6061] usb 2-1: Product: syz
[  171.658888][ T6061] usb 2-1: Manufacturer: syz
[  171.676734][ T6061] usb 2-1: SerialNumber: syz
[  171.900216][ T6061] usb 2-1: 0:2 : does not exist
[  171.910644][ T6061] usb 2-1: USB disconnect, device number 13
[  171.967840][ T5912] udevd[5912]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  172.066715][ T8423] loop2: detected capacity change from 0 to 40427
[  172.071027][ T8423] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  172.073705][ T8423] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  172.087501][ T8423] F2FS-fs (loop2): invalid crc value
[  172.132185][ T8423] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  172.135067][ T6045] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  172.139594][ T8423] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  172.142284][ T8423] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  172.289170][ T6045] usb 1-1: Using ep0 maxpacket: 8
[  172.296463][ T6045] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.306578][ T6045] usb 1-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=be.68
[  172.311338][ T6045] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.314508][ T6045] usb 1-1: Product: syz
[  172.316403][ T6045] usb 1-1: Manufacturer: syz
[  172.318370][ T6045] usb 1-1: SerialNumber: syz
[  172.327195][ T6045] usb 1-1: config 0 descriptor??
[  172.336896][ T6045] redrat3 1-1:0.0: Couldn't find all endpoints
[  172.857383][   T51] usb 1-1: USB disconnect, device number 15
[  173.416692][ T8442] loop1: detected capacity change from 0 to 2048
[  173.528042][ T8445] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  173.601797][ T8442] NILFS error (device loop1): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  173.648548][ T8442] Remounting filesystem read-only
[  173.686990][ T5997] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  173.840548][ T8453] loop1: detected capacity change from 0 to 8
[  173.845029][ T8453] squashfs: Unknown parameter 'A%]^
[  173.845029][ T8453] M{eExhOtIX-gWa#C6Ngh:Xa'
[  174.244439][ T8476] netlink: 'syz.0.1062': attribute type 7 has an invalid length.
[  174.246981][ T8476] netlink: 'syz.0.1062': attribute type 8 has an invalid length.
[  174.946199][ T8499] syz.0.1071 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  174.978708][    T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  175.147070][ T8504] warning: `syz.2.1073' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  175.155894][    T9] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.168691][    T9] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.183301][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  175.186133][    T9] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  175.195126][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.208246][    T9] usb 2-1: config 0 descriptor??
[  175.829447][    T9] usb 2-1: string descriptor 0 read error: -22
[  176.031545][    T9] uclogic 0003:256C:006D.000B: interface is invalid, ignoring
[  176.233201][ T6046] usb 2-1: USB disconnect, device number 14
[  176.290396][ T8524] loop0: detected capacity change from 0 to 1024
[  176.419716][ T8526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1082'.
[  177.563961][ T8572] binder: 8561:8572 ioctl c0306201 0 returned -14
[  178.170128][ T8613] netlink: 'syz.2.1093': attribute type 1 has an invalid length.
[  178.234268][ T8618] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1091'.
[  178.541066][ T8627] input: syz1 as /devices/virtual/input/input12
[  178.660094][ T8631] loop1: detected capacity change from 0 to 1024
[  178.663120][ T8631] EXT4-fs: Ignoring removed orlov option
[  178.684426][ T8631] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.698709][ T8631] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  178.734187][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.858954][ T8639] loop1: detected capacity change from 0 to 128
[  178.876381][ T8639] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  178.881597][ T8639] ext4 filesystem being mounted at /347/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  178.920249][ T5997] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  179.513952][ T8656] netlink: 'syz.0.1110': attribute type 4 has an invalid length.
[  179.558581][ T8658] binder: 8657:8658 ioctl c0306201 200000000640 returned -22
[  179.614740][ T6002] Bluetooth: hci1: unexpected subevent 0x0e length: 30 > 15
[  179.617255][ T6002] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:20 sid 0x00
[  179.919128][    T9] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  179.956520][ T8666] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.101500][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  180.105646][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  180.123813][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  180.127768][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  180.131995][    T9] usb 3-1: SerialNumber: syz
[  180.141700][    T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  180.154402][    T9] usb-storage 3-1:1.0: USB Mass Storage device detected
[  180.180944][    T9] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  180.194950][    T9] scsi host6: usb-storage 3-1:1.0
[  180.215422][ T8675] IPv6: addrconf: prefix option has invalid lifetime
[  180.226616][ T8677] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1118'.
[  181.279176][ T8688] loop1: detected capacity change from 0 to 4096
[  181.285052][ T8688] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  181.304263][ T8688] ntfs3(loop1): Failed to load $Extend (-22).
[  181.306300][ T8688] ntfs3(loop1): Failed to initialize $Extend.
[  181.464399][    T9] usb 3-1: USB disconnect, device number 17
[  182.266541][   T33] audit: type=1326 audit(1757668595.323:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8695 comm="syz.1.1126" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea34b8eba9 code=0x0
[  182.342654][ T8698] loop2: detected capacity change from 0 to 4096
[  182.346360][ T8698] EXT4-fs: Ignoring removed nomblk_io_submit option
[  182.360783][ T8698] EXT4-fs (loop2): Test dummy encryption mode enabled
[  182.365827][ T8698] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  182.370664][ T8698] System zones: 0-5
[  182.374326][ T8698] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.455165][ T8698] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  182.482789][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.639227][ T8708] loop2: detected capacity change from 0 to 128
[  182.669213][ T8708] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  182.673974][ T8708] ext4 filesystem being mounted at /340/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  182.730100][ T6003] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  183.063619][ T8718] io-wq is not configured for unbound workers
[  183.344934][ T8733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1140'.
[  183.353672][ T8733] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1140'.
[  183.656549][ T8743] loop2: detected capacity change from 0 to 1024
[  183.682755][ T8743] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.719353][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.979115][ T8752] loop0: detected capacity change from 0 to 128
[  183.996356][ T8752] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  184.010994][ T8752] ext4 filesystem being mounted at /319/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.067291][ T5999] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  184.166798][ T8748] loop2: detected capacity change from 0 to 40427
[  184.180678][ T8748] F2FS-fs (loop2): build fault injection rate: 771
[  184.194125][ T8748] F2FS-fs (loop2): invalid crc value
[  184.327185][ T8748] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  184.338764][ T8748] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  184.380571][ T8748] syz.2.1146: attempt to access beyond end of device
[  184.380571][ T8748] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  184.432130][ T6003] syz-executor: attempt to access beyond end of device
[  184.432130][ T6003] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  184.441870][ T6003] CPU: 0 UID: 0 PID: 6003 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  184.441906][ T6003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  184.441913][ T6003] Call Trace:
[  184.441919][ T6003]  <TASK>
[  184.441924][ T6003]  dump_stack_lvl+0x189/0x250
[  184.441945][ T6003]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.441958][ T6003]  ? __pfx_queue_work_on+0x10/0x10
[  184.441970][ T6003]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  184.441989][ T6003]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  184.442039][ T6003]  f2fs_handle_critical_error+0x37c/0x540
[  184.442063][ T6003]  f2fs_write_end_io+0x886/0xb60
[  184.442088][ T6003]  __submit_merged_bio+0x27a/0x6a0
[  184.442111][ T6003]  __submit_merged_write_cond+0x255/0x530
[  184.442134][ T6003]  f2fs_write_data_pages+0x261d/0x3000
[  184.442172][ T6003]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  184.442224][ T6003]  ? irqentry_exit+0x74/0x90
[  184.442241][ T6003]  ? folio_try_get+0x1c/0x340
[  184.442260][ T6003]  ? __lock_acquire+0xab9/0xd20
[  184.442287][ T6003]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  184.442298][ T6003]  do_writepages+0x32e/0x550
[  184.442322][ T6003]  ? do_raw_spin_unlock+0x4d/0x240
[  184.442339][ T6003]  filemap_fdatawrite+0x199/0x240
[  184.442356][ T6003]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  184.442407][ T6003]  ? do_raw_spin_unlock+0x4d/0x240
[  184.442426][ T6003]  f2fs_sync_dirty_inodes+0x31f/0x830
[  184.442450][ T6003]  f2fs_write_checkpoint+0x95a/0x1df0
[  184.442482][ T6003]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  184.442525][ T6003]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  184.442539][ T6003]  ? kfree+0x18e/0x440
[  184.442555][ T6003]  ? kill_f2fs_super+0x298/0x6c0
[  184.442572][ T6003]  kill_f2fs_super+0x2c3/0x6c0
[  184.442589][ T6003]  ? __pfx_kill_f2fs_super+0x10/0x10
[  184.442598][ T6003]  ? radix_tree_delete_item+0x2b6/0x400
[  184.442623][ T6003]  ? shrinker_free+0x2ce/0x3e0
[  184.442638][ T6003]  deactivate_locked_super+0xbc/0x130
[  184.442655][ T6003]  cleanup_mnt+0x425/0x4c0
[  184.442669][ T6003]  ? lockdep_hardirqs_on+0x9c/0x150
[  184.442684][ T6003]  task_work_run+0x1d4/0x260
[  184.442703][ T6003]  ? __pfx_task_work_run+0x10/0x10
[  184.442717][ T6003]  ? __x64_sys_umount+0x122/0x160
[  184.442738][ T6003]  ? exit_to_user_mode_loop+0x40/0x110
[  184.442757][ T6003]  exit_to_user_mode_loop+0xec/0x110
[  184.442774][ T6003]  do_syscall_64+0x2bd/0x3b0
[  184.442796][ T6003]  ? lockdep_hardirqs_on+0x9c/0x150
[  184.442809][ T6003]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.442822][ T6003]  ? exc_page_fault+0x9f/0xf0
[  184.442834][ T6003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.442844][ T6003] RIP: 0033:0x7fc69258fed7
[  184.442857][ T6003] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  184.442868][ T6003] RSP: 002b:00007fffea396788 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  184.442882][ T6003] RAX: 0000000000000000 RBX: 00007fc692611c05 RCX: 00007fc69258fed7
[  184.442890][ T6003] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffea396840
[  184.442897][ T6003] RBP: 00007fffea396840 R08: 0000000000000000 R09: 0000000000000000
[  184.442904][ T6003] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffea3978d0
[  184.442911][ T6003] R13: 00007fc692611c05 R14: 000000000002cfe5 R15: 00007fffea397910
[  184.442931][ T6003]  </TASK>
[  184.442994][ T6003] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  186.271916][ T8773] loop2: detected capacity change from 0 to 256
[  186.308562][ T8773] FAT-fs (loop2): Directory bread(block 64) failed
[  186.311181][ T8773] FAT-fs (loop2): Directory bread(block 65) failed
[  186.334453][ T8773] FAT-fs (loop2): Directory bread(block 66) failed
[  186.375655][ T8773] FAT-fs (loop2): Directory bread(block 67) failed
[  186.381382][ T8773] FAT-fs (loop2): Directory bread(block 68) failed
[  186.387551][ T8773] FAT-fs (loop2): Directory bread(block 69) failed
[  186.390243][ T8773] FAT-fs (loop2): Directory bread(block 70) failed
[  186.393061][ T8773] FAT-fs (loop2): Directory bread(block 71) failed
[  186.395689][ T8773] FAT-fs (loop2): Directory bread(block 72) failed
[  186.405315][ T8773] FAT-fs (loop2): Directory bread(block 73) failed
[  187.257232][ T8784] loop2: detected capacity change from 0 to 2048
[  187.273975][ T8784] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  187.284372][ T8784] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  187.302506][ T8787] loop0: detected capacity change from 0 to 164
[  187.461434][ T8791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1162'.
[  187.464988][ T8791] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  187.469278][ T8791] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  188.162586][ T8812] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1171'.
[  188.170612][ T8812] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1171'.
[  188.202234][ T8814] loop1: detected capacity change from 0 to 16
[  188.209840][ T8814] erofs (device loop1): mounted with root inode @ nid 36.
[  188.339768][ T8824] loop1: detected capacity change from 0 to 2048
[  188.345741][ T8824] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  188.431310][ T8828] loop2: detected capacity change from 0 to 2048
[  188.458019][ T8828] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  188.480014][ T6060] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  188.587178][ T8834] loop1: detected capacity change from 0 to 512
[  188.593337][ T8834] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  188.624321][ T8834] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.1182: invalid indirect mapped block 83886080 (level 1)
[  188.634984][ T8834] EXT4-fs (loop1): Remounting filesystem read-only
[  188.638637][ T8834] EXT4-fs (loop1): 1 orphan inode deleted
[  188.640797][ T8834] EXT4-fs (loop1): 1 truncate cleaned up
[  188.644290][ T8834] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.659674][ T6060] usb 1-1: Using ep0 maxpacket: 8
[  188.669157][ T6060] usb 1-1: config 11 has an invalid interface number: 95 but max is 0
[  188.672608][ T6060] usb 1-1: config 11 has no interface number 0
[  188.674749][ T6060] usb 1-1: config 11 interface 95 altsetting 64 endpoint 0x82 has invalid wMaxPacketSize 0
[  188.675647][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.680810][ T6060] usb 1-1: config 11 interface 95 has no altsetting 0
[  188.691005][ T6060] usb 1-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  188.694695][ T6060] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.703983][ T6060] usb 1-1: Product: syz
[  188.705401][ T6060] usb 1-1: Manufacturer: syz
[  188.707063][ T6060] usb 1-1: SerialNumber: syz
[  188.930743][ T6060] usbtouchscreen 1-1:11.95: probe with driver usbtouchscreen failed with error -8
[  188.942722][ T6060] usb 1-1: USB disconnect, device number 16
[  189.016910][ T6046] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  189.019379][ T6061] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  189.166944][ T6061] usb 2-1: Using ep0 maxpacket: 8
[  189.172080][ T6046] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.176146][ T6046] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  189.179826][ T6061] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  189.182756][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  189.187348][ T6061] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.192010][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.196504][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  189.202626][ T6061] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  189.205587][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  189.210228][ T6061] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.215029][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.219604][ T6046] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  189.223135][ T6046] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.226412][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  189.231072][ T6046] usb 3-1: Product: syz
[  189.232814][ T6046] usb 3-1: Manufacturer: syz
[  189.234915][ T6046] usb 3-1: SerialNumber: syz
[  189.238225][ T6061] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  189.241131][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  189.245461][ T6061] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.255290][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.259866][ T6061] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  189.274888][ T6061] usb 2-1: string descriptor 0 read error: -22
[  189.277674][ T6061] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  189.281291][ T6061] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.303120][ T6061] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  189.471870][ T8846] netlink: 'syz.0.1186': attribute type 2 has an invalid length.
[  189.481327][ T6046] usb 3-1: 0:2 : does not exist
[  189.487490][ T6046] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  189.529633][ T6060] usb 2-1: USB disconnect, device number 15
[  189.545145][ T6046] usb 3-1: USB disconnect, device number 18
[  189.581244][ T5912] udevd[5912]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  190.501615][ T8878] mkiss: ax0: crc mode is auto.
[  190.632059][ T8882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1202'.
[  191.010856][ T8891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1206'.
[  191.074618][ T8894] vivid-001: disconnect
[  191.084198][ T8892] vivid-001: reconnect
[  191.143288][ T8897] loop1: detected capacity change from 0 to 2048
[  191.182526][ T5912]  loop1: p1 < > p4
[  191.193896][ T5912] loop1: p4 size 8388608 extends beyond EOD, truncated
[  191.281719][ T8897]  loop1: p1 < > p4
[  191.284518][ T8897] loop1: p4 size 8388608 extends beyond EOD, truncated
[  191.659700][ T5912] udevd[5912]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  191.668144][ T6422] udevd[6422]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  191.696246][ T8909] tmpfs: Bad value for 'mpol'
[  192.503400][ T8933] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1224'.
[  192.542596][ T8935] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  192.551748][ T8935] macvtap1: entered promiscuous mode
[  192.556104][ T8935] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  192.820550][ T8945] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1230'.
[  192.827125][ T8945] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1230'.
[  194.042647][ T1366] ieee802154 phy0 wpan0: encryption failed: -22
[  194.045321][ T1366] ieee802154 phy1 wpan1: encryption failed: -22
[  194.354091][ T8969] loop1: detected capacity change from 0 to 32768
[  194.363100][ T8969] jfs_mount: Mount Failure: superblock is corrupt!
[  194.370794][ T8969] Mount JFS Failure: -22
[  194.374224][ T8969] jfs_mount failed w/return code = -22
[  194.390089][ T8971] loop0: detected capacity change from 0 to 40427
[  194.406447][ T8971] F2FS-fs (loop0): invalid crc value
[  194.508912][ T8971] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  194.512970][ T8971] F2FS-fs (loop0): Start checkpoint disabled!
[  194.524418][ T8971] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  194.551567][ T8977] loop1: detected capacity change from 0 to 128
[  194.565537][ T8977] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  194.580581][ T8977] ext4 filesystem being mounted at /398/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  194.581831][ T1092] kworker/u10:6: attempt to access beyond end of device
[  194.581831][ T1092] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  194.590788][ T8977] syz.1.1244 (pid 8977) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  194.598893][ T1092] CPU: 1 UID: 0 PID: 1092 Comm: kworker/u10:6 Not tainted syzkaller #0 PREEMPT(full) 
[  194.598914][ T1092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  194.598925][ T1092] Workqueue: writeback wb_workfn (flush-7:0)
[  194.598941][ T1092] Call Trace:
[  194.598945][ T1092]  <TASK>
[  194.598949][ T1092]  dump_stack_lvl+0x189/0x250
[  194.598963][ T1092]  ? __pfx_dump_stack_lvl+0x10/0x10
[  194.598975][ T1092]  ? __pfx_queue_work_on+0x10/0x10
[  194.599016][ T1092]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  194.599034][ T1092]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  194.599057][ T1092]  f2fs_handle_critical_error+0x37c/0x540
[  194.599081][ T1092]  f2fs_write_end_io+0x886/0xb60
[  194.599102][ T1092]  __submit_merged_bio+0x27a/0x6a0
[  194.599121][ T1092]  __submit_merged_write_cond+0x255/0x530
[  194.599141][ T1092]  f2fs_write_data_pages+0x261d/0x3000
[  194.599175][ T1092]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.599189][ T1092]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  194.599213][ T1092]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  194.599224][ T1092]  ? look_up_lock_class+0x74/0x170
[  194.599237][ T1092]  ? trace_f2fs_writepages+0x7f/0x200
[  194.599248][ T1092]  ? f2fs_write_node_pages+0x478/0x6e0
[  194.599261][ T1092]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  194.599278][ T1092]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.599286][ T1092]  do_writepages+0x32e/0x550
[  194.599299][ T1092]  ? reacquire_held_locks+0x127/0x1d0
[  194.599307][ T1092]  ? writeback_sb_inodes+0x384/0x1010
[  194.599320][ T1092]  __writeback_single_inode+0x145/0xff0
[  194.599330][ T1092]  ? do_raw_spin_unlock+0x4d/0x240
[  194.599341][ T1092]  writeback_sb_inodes+0x6c7/0x1010
[  194.599363][ T1092]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  194.599390][ T1092]  ? rcu_is_watching+0x15/0xb0
[  194.599402][ T1092]  wb_writeback+0x43b/0xaf0
[  194.599416][ T1092]  ? queue_io+0x311/0x590
[  194.599427][ T1092]  ? __pfx_wb_writeback+0x10/0x10
[  194.599440][ T1092]  ? _raw_spin_unlock_irq+0x23/0x50
[  194.599454][ T1092]  wb_workfn+0x409/0xef0
[  194.599469][ T1092]  ? __pfx_wb_workfn+0x10/0x10
[  194.599478][ T1092]  ? __lock_acquire+0xab9/0xd20
[  194.599494][ T1092]  ? process_scheduled_works+0x9ef/0x17b0
[  194.599504][ T1092]  ? _raw_spin_unlock_irq+0x23/0x50
[  194.599515][ T1092]  ? process_scheduled_works+0x9ef/0x17b0
[  194.599521][ T1092]  ? process_scheduled_works+0x9ef/0x17b0
[  194.599528][ T1092]  process_scheduled_works+0xae1/0x17b0
[  194.599548][ T1092]  ? __pfx_process_scheduled_works+0x10/0x10
[  194.599563][ T1092]  worker_thread+0x8a0/0xda0
[  194.599582][ T1092]  kthread+0x711/0x8a0
[  194.599594][ T1092]  ? __pfx_worker_thread+0x10/0x10
[  194.599601][ T1092]  ? __pfx_kthread+0x10/0x10
[  194.599611][ T1092]  ? _raw_spin_unlock_irq+0x23/0x50
[  194.599622][ T1092]  ? lockdep_hardirqs_on+0x9c/0x150
[  194.599628][ T1092]  ? __pfx_kthread+0x10/0x10
[  194.599637][ T1092]  ret_from_fork+0x3fc/0x770
[  194.599647][ T1092]  ? __pfx_ret_from_fork+0x10/0x10
[  194.599657][ T1092]  ? __switch_to_asm+0x39/0x70
[  194.599666][ T1092]  ? __switch_to_asm+0x33/0x70
[  194.599675][ T1092]  ? __pfx_kthread+0x10/0x10
[  194.599684][ T1092]  ret_from_fork_asm+0x1a/0x30
[  194.599701][ T1092]  </TASK>
[  194.599705][ T1092] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  194.714089][ T5997] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  194.783467][ T8981] loop1: detected capacity change from 0 to 2048
[  194.811299][ T8981] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  195.023546][ T8990] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  195.724497][ T9018] loop2: detected capacity change from 0 to 32768
[  195.744092][ T9018] JBD2: Ignoring recovery information on journal
[  195.747544][ T9018] JBD2: corrupted journal superblock
[  195.749559][ T9018] JBD2: error -117 scanning journal
[  195.751487][ T9018] (syz.2.1257,9018,0):ocfs2_journal_wipe:1216 ERROR: status = -117
[  195.754192][ T9018] (syz.2.1257,9018,0):ocfs2_check_volume:2363 ERROR: status = -117
[  195.758382][ T9018] (syz.2.1257,9018,0):ocfs2_check_volume:2432 ERROR: status = -117
[  195.761294][ T9018] (syz.2.1257,9018,0):ocfs2_mount_volume:1764 ERROR: status = -117
[  195.765114][ T9032] loop1: detected capacity change from 0 to 1024
[  195.769174][ T9018] (syz.2.1257,9018,0):ocfs2_fill_super:1177 ERROR: status = -117
[  195.818620][ T9032] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  195.823321][ T9032] ext4 filesystem being mounted at /408/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.851233][ T6060] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  195.881900][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  195.953740][ T9043] loop2: detected capacity change from 0 to 512
[  195.990397][ T9043] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002]
[  195.993704][ T9043] System zones: 1-12
[  196.015035][ T9043] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1267: invalid indirect mapped block 8 (level 2)
[  196.026331][ T6060] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.028498][ T9043] EXT4-fs (loop2): 1 truncate cleaned up
[  196.031348][ T6060] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.034767][ T9043] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.039451][ T6060] usb 1-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00
[  196.043989][ T6060] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.050721][ T6060] usb 1-1: config 0 descriptor??
[  196.083507][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.116334][ T6002] Bluetooth: hci0: command 0x0406 tx timeout
[  196.120693][ T6002] Bluetooth: hci1: command 0x0406 tx timeout
[  196.247358][ T9055] loop2: detected capacity change from 0 to 1024
[  196.261479][ T9055] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  196.270115][ T9054] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  196.289869][   T36] hfsplus: b-tree write err: -5, ino 4
[  196.474317][ T6060] hid (null): nested delimiters
[  196.478148][ T6060] wacom 0003:056A:030C.000C: nested delimiters
[  196.481144][ T6060] wacom 0003:056A:030C.000C: item 0 1 2 10 parsing failed
[  196.484388][ T6060] wacom 0003:056A:030C.000C: parse failed
[  196.486774][ T6060] wacom 0003:056A:030C.000C: probe with driver wacom failed with error -22
[  196.576005][ T6061] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  196.683173][ T6060] usb 1-1: USB disconnect, device number 17
[  196.726039][ T6061] usb 3-1: Using ep0 maxpacket: 32
[  196.730534][ T6061] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  196.734338][ T6061] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  196.739533][ T6061] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  196.743016][ T6061] usb 3-1: config 1 has no interface number 0
[  196.748793][ T6061] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  196.753388][ T6061] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  196.758532][ T6061] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  196.762047][ T6061] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.779889][ T6061] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  196.979133][ T9057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.984009][ T9057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.000437][ T9057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.003852][ T9057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.037650][ T6061] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  197.048796][   T33] audit: type=1326 audit(1757668610.114:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9060 comm="syz.1.1275" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea34b8eba9 code=0x0
[  197.320808][ T9068] loop0: detected capacity change from 0 to 128
[  197.329127][ T9068] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  197.337141][ T9068] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  197.456285][    T9] usb 3-1: USB disconnect, device number 19
[  197.463938][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  197.608469][ T9070] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  197.908885][ T9072] netlink: 'syz.1.1279': attribute type 8 has an invalid length.
[  198.036667][ T9079] loop2: detected capacity change from 0 to 1024
[  198.047035][ T9079] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  198.067830][ T9079] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.186648][ T9084] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: inode #11: comm syz.2.1282: missing EA_INODE flag
[  198.197942][ T9084] EXT4-fs (loop2): Remounting filesystem read-only
[  198.272486][ T9086] loop1: detected capacity change from 0 to 1024
[  198.280091][ T9086] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  198.291540][ T9086] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003]
[  198.306088][ T9086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.410909][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.698217][ T9093] loop0: detected capacity change from 0 to 256
[  198.874535][ T9095] loop1: detected capacity change from 0 to 1764
[  198.934903][ T9095] iso9660: Corrupted directory entry in block 2 of inode 1920
[  199.436014][ T6061] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  199.460263][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.599568][ T6061] usb 2-1: Using ep0 maxpacket: 8
[  199.607372][ T6061] usb 2-1: unable to get BOS descriptor or descriptor too short
[  199.614172][ T6061] usb 2-1: config 57 has an invalid interface number: 229 but max is 0
[  199.620415][ T6061] usb 2-1: config 57 has no interface number 0
[  199.622410][ T6061] usb 2-1: config 57 interface 229 has no altsetting 0
[  199.629126][ T6061] usb 2-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=dd.eb
[  199.632110][ T6061] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.634576][ T6061] usb 2-1: Product: syz
[  199.638621][ T6061] usb 2-1: Manufacturer: syz
[  199.640119][ T6061] usb 2-1: SerialNumber: syz
[  199.719364][ T9105] loop0: detected capacity change from 0 to 40427
[  199.746841][ T9105] F2FS-fs (loop0): invalid crc value
[  199.800782][ T9105] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  199.807146][ T9105] F2FS-fs (loop0): Start checkpoint disabled!
[  199.816993][ T9105] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  199.861816][   T28] kworker/u9:1: attempt to access beyond end of device
[  199.861816][   T28] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  199.867849][ T6061] gspca_main: jeilinj-2.14.0 probing 0979:0270
[  199.871175][   T28] CPU: 0 UID: 0 PID: 28 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  199.871196][   T28] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  199.871205][   T28] Workqueue: writeback wb_workfn (flush-7:0)
[  199.871240][   T28] Call Trace:
[  199.871247][   T28]  <TASK>
[  199.871255][   T28]  dump_stack_lvl+0x189/0x250
[  199.871279][   T28]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.871374][   T28]  ? __pfx_queue_work_on+0x10/0x10
[  199.871395][   T28]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  199.871416][   T28]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  199.871446][   T28]  f2fs_handle_critical_error+0x37c/0x540
[  199.871507][   T28]  f2fs_write_end_io+0x886/0xb60
[  199.871537][   T28]  __submit_merged_bio+0x27a/0x6a0
[  199.871562][   T28]  __submit_merged_write_cond+0x255/0x530
[  199.871587][   T28]  f2fs_write_data_pages+0x261d/0x3000
[  199.871633][   T28]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.871659][   T28]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  199.871706][   T28]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  199.871725][   T28]  ? look_up_lock_class+0x74/0x170
[  199.871749][   T28]  ? trace_f2fs_writepages+0x7f/0x200
[  199.871770][   T28]  ? f2fs_write_node_pages+0x478/0x6e0
[  199.871791][   T28]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  199.871824][   T28]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.871840][   T28]  do_writepages+0x32e/0x550
[  199.871863][   T28]  ? reacquire_held_locks+0x127/0x1d0
[  199.871879][   T28]  ? writeback_sb_inodes+0x384/0x1010
[  199.871906][   T28]  __writeback_single_inode+0x145/0xff0
[  199.871924][   T28]  ? do_raw_spin_unlock+0x4d/0x240
[  199.871945][   T28]  writeback_sb_inodes+0x6c7/0x1010
[  199.871989][   T28]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  199.872047][   T28]  ? rcu_is_watching+0x15/0xb0
[  199.872073][   T28]  wb_writeback+0x43b/0xaf0
[  199.872098][   T28]  ? queue_io+0x311/0x590
[  199.872117][   T28]  ? __pfx_wb_writeback+0x10/0x10
[  199.872142][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  199.872168][   T28]  wb_workfn+0x409/0xef0
[  199.872197][   T28]  ? __pfx_wb_workfn+0x10/0x10
[  199.872219][   T28]  ? __lock_acquire+0xab9/0xd20
[  199.872249][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  199.872279][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  199.872362][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  199.872377][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  199.872394][   T28]  process_scheduled_works+0xae1/0x17b0
[  199.872488][   T28]  ? __pfx_process_scheduled_works+0x10/0x10
[  199.872525][   T28]  worker_thread+0x8a0/0xda0
[  199.872565][   T28]  kthread+0x711/0x8a0
[  199.872605][   T28]  ? __pfx_worker_thread+0x10/0x10
[  199.872621][   T28]  ? __pfx_kthread+0x10/0x10
[  199.872639][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  199.872658][   T28]  ? lockdep_hardirqs_on+0x9c/0x150
[  199.872672][   T28]  ? __pfx_kthread+0x10/0x10
[  199.872689][   T28]  ret_from_fork+0x3fc/0x770
[  199.872708][   T28]  ? __pfx_ret_from_fork+0x10/0x10
[  199.872729][   T28]  ? __switch_to_asm+0x39/0x70
[  199.872746][   T28]  ? __switch_to_asm+0x33/0x70
[  199.872761][   T28]  ? __pfx_kthread+0x10/0x10
[  199.872790][   T28]  ret_from_fork_asm+0x1a/0x30
[  199.872825][   T28]  </TASK>
[  199.872833][   T28] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  199.878334][ T6061] usb 2-1: USB disconnect, device number 16
[  200.040400][ T9117] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1299'.
[  200.391007][ T9132] loop2: detected capacity change from 0 to 1024
[  200.399521][ T9132] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.374330][ T9150] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  201.379039][ T9150] macsec1: entered promiscuous mode
[  201.392462][ T9150] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  202.175296][ T6060] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  202.335833][ T6060] usb 1-1: config 0 has an invalid interface number: 239 but max is 0
[  202.338669][ T6060] usb 1-1: config 0 has no interface number 0
[  202.350641][ T6060] usb 1-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  202.353854][ T6060] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.358135][ T6060] usb 1-1: Product: syz
[  202.360713][ T6060] usb 1-1: Manufacturer: syz
[  202.363643][ T6060] usb 1-1: SerialNumber: syz
[  202.427452][ T6060] usb 1-1: config 0 descriptor??
[  202.839952][ T6060] asix 1-1:0.239 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  202.845479][   T97] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  202.850829][ T6060] asix 1-1:0.239: probe with driver asix failed with error -71
[  202.859533][ T6060] usb 1-1: USB disconnect, device number 18
[  202.995651][   T97] usb 2-1: Using ep0 maxpacket: 32
[  203.001322][   T97] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  203.005340][   T97] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.025232][   T97] usb 2-1: config 0 descriptor??
[  203.031728][   T97] gspca_main: sunplus-2.14.0 probing 041e:400b
[  203.266320][   T97] gspca_sunplus: reg_w_riv err -71
[  203.272482][   T97] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  203.300344][   T97] usb 2-1: USB disconnect, device number 17
[  204.127733][ T9192] sctp: [Deprecated]: syz.1.1326 (pid 9192) Use of int in max_burst socket option deprecated.
[  204.127733][ T9192] Use struct sctp_assoc_value instead
[  204.242277][ T9201] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 3, id = 0
[  204.321182][ T9208] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1334'.
[  204.386053][ T9211] Driver unsupported XDP return value 0 on prog  (id 109) dev N/A, expect packet loss!
[  204.462168][ T9219] loop2: detected capacity change from 0 to 4096
[  204.465474][ T9219] ntfs3(loop2): Primary boot: invalid sectors per cluster 75.
[  204.467926][ T9219] ntfs3(loop2): try to read out of volume at offset 0x1ffe00
[  204.568123][ T9223] loop2: detected capacity change from 0 to 1024
[  204.593657][ T9223] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.600397][ T9223] ext4 filesystem being mounted at /405/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.707160][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.737947][ T9235] bond0: (slave bond_slave_1): Releasing backup interface
[  204.940965][ T9247] loop2: detected capacity change from 0 to 512
[  204.946186][ T9247] EXT4-fs: Ignoring removed i_version option
[  204.953145][ T9247] EXT4-fs: inline encryption not supported
[  204.960305][ T9247] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1349: bg 0: block 131: padding at end of block bitmap is not set
[  204.965069][ T9247] EXT4-fs (loop2): Remounting filesystem read-only
[  204.967400][ T9247] EXT4-fs (loop2): 1 truncate cleaned up
[  204.970209][ T9247] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.000007][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.402629][ T9256] tmpfs: Bad value for 'mpol'
[  206.357932][ T9280] loop0: detected capacity change from 0 to 1024
[  206.379685][ T9280] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  206.384344][ T9280] ext4 filesystem being mounted at /394/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.531287][ T9286] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1362'.
[  206.580484][ T9288] loop1: detected capacity change from 0 to 16
[  206.583142][ T5999] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.593876][ T9288] erofs (device loop1): mounted with root inode @ nid 36.
[  206.615555][ T9288] erofs (device loop1): bogus lookback distance 0 @ lcn 1 of nid 89
[  206.618272][ T9288] erofs (device loop1): readahead error at folio 2 @ nid 89
[  206.623443][ T9288] erofs (device loop1): bogus lookback distance 0 @ lcn 1 of nid 89
[  206.626993][ T9288] erofs (device loop1): readahead error at folio 1 @ nid 89
[  206.631899][ T9288] erofs (device loop1): bogus lookback distance 0 @ lcn 1 of nid 89
[  206.654496][ T9288] erofs (device loop1): bogus lookback distance 0 @ lcn 1 of nid 89
[  206.659365][ T9288] erofs (device loop1): read error -117 @ 1 of nid 89
[  206.663279][   T33] audit: type=1800 audit(1757668619.726:21): pid=9288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1363" name="file3" dev="loop1" ino=89 res=0 errno=0
[  206.714455][ T9290] loop0: detected capacity change from 0 to 4096
[  206.721950][ T9290] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  206.771895][ T9278] loop2: detected capacity change from 0 to 32768
[  206.852578][ T9278] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  206.853646][ T9290] overlayfs: upper fs does not support tmpfile.
[  206.874081][ T9290] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  206.902583][ T9278] XFS (loop2): Ending clean mount
[  206.943633][   T33] audit: type=1800 audit(1757668620.006:22): pid=9278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1361" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  207.010854][ T6003] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  208.595465][ T9318] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  208.633309][ T9319] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  208.891054][ T9323] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.926626][ T9323] bond0: (slave rose0): Enslaving as an active interface with an up link
[  209.025426][ T9331] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1377'.
[  209.099584][ T9331] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.103120][ T9331] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.186071][ T9327] loop2: detected capacity change from 0 to 32768
[  209.209009][ T9331] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.230411][ T9331] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.330892][ T9331] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.336259][ T9331] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.452275][ T9331] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.465262][ T9331] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.631608][ T6009] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  209.640932][ T6009] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.679932][   T12] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  209.683403][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.709194][   T12] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  209.713085][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.742814][   T12] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  209.749650][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.761692][ T9352] loop2: detected capacity change from 0 to 512
[  209.775074][ T9352] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  209.778488][ T9352] EXT4-fs (loop2): orphan cleanup on readonly fs
[  209.790944][ T9352] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  209.811009][ T9352] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  209.828419][ T9352] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #16: comm syz.2.1380: casefold flag without casefold feature
[  209.833614][ T9352] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1380: couldn't read orphan inode 16 (err -117)
[  209.842283][ T9355] pim6reg: entered allmulticast mode
[  209.842319][ T9352] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  209.847703][ T9355] pim6reg: left allmulticast mode
[  209.879328][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.125599][ T9357] loop2: detected capacity change from 0 to 32768
[  210.129918][ T9357] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1383 (9357)
[  210.140260][ T9357] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  210.149566][ T9357] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  210.272556][ T9357] BTRFS info (device loop2): enabling ssd optimizations
[  210.275965][ T9357] BTRFS info (device loop2): enabling free space tree
[  210.513205][ T6003] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  210.768009][ T9392] loop2: detected capacity change from 0 to 128
[  210.775246][ T9392] FAT-fs (loop2): bogus sectors per cluster 7
[  210.778811][ T9392] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; no bootstrapping code
[  210.781689][ T9392] FAT-fs (loop2): Can't find a valid FAT filesystem
[  210.941834][ T9404] loop2: detected capacity change from 0 to 8
[  210.952893][ T9404] SQUASHFS error: zlib decompression failed, data probably corrupt
[  210.959750][ T9404] SQUASHFS error: Failed to read block 0x9b: -5
[  210.964006][ T9404] SQUASHFS error: Unable to read metadata cache entry [99]
[  210.967365][ T9404] SQUASHFS error: Unable to read inode 0x127
[  211.031687][ T9408] loop1: detected capacity change from 0 to 128
[  211.042020][ T9408] EXT4-fs (loop1): Test dummy encryption mode enabled
[  211.076627][ T9408] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  211.091264][ T9408] ext4 filesystem being mounted at /453/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  211.165921][ T9420] loop2: detected capacity change from 0 to 8
[  211.492863][ T9408] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  211.528354][ T5997] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  211.684563][ T9434] loop0: detected capacity change from 0 to 32768
[  211.690489][ T9434] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1406 (9434)
[  211.700289][ T9434] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  211.707966][ T9434] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  211.711827][ T9447] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1412'.
[  211.792591][ T9434] BTRFS info (device loop0): enabling ssd optimizations
[  211.801767][ T9434] BTRFS info (device loop0): enabling free space tree
[  211.815115][ T9468] loop2: detected capacity change from 0 to 128
[  211.819480][ T9468] befs: (loop2): No write support. Marking filesystem read-only
[  211.854590][ T9468] befs: (loop2): invalid magic header
[  211.927079][ T5999] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  212.217906][ T9490] loop0: detected capacity change from 0 to 512
[  212.237845][ T9490] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  212.241780][ T9490] ext4 filesystem being mounted at /411/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  212.317907][ T5999] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.642473][ T9510] loop2: detected capacity change from 0 to 32768
[  212.687422][ T9510] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  212.749526][ T9510] XFS (loop2): Ending clean mount
[  212.770735][ T9510] XFS (loop2): Quotacheck needed: Please wait.
[  212.810616][ T9510] XFS (loop2): Quotacheck: Done.
[  212.837722][ T6003] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  213.469173][ T9542] loop0: detected capacity change from 0 to 2048
[  213.477189][ T9542] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  213.485569][ T5912] udevd[5912]: incorrect nilfs2 checksum on /dev/loop0
[  213.496385][ T9543] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  214.642482][ T9573] loop0: detected capacity change from 0 to 8192
[  214.778226][ T9576] netlink: 'syz.1.1456': attribute type 2 has an invalid length.
[  214.928414][ T9582] loop1: detected capacity change from 0 to 2048
[  214.974268][ T9582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.016608][   T33] audit: type=1800 audit(1757668628.087:23): pid=9582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1459" name="file2" dev="loop1" ino=16 res=0 errno=0
[  215.130172][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.123652][ T6060] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  216.173392][ T9613] loop0: detected capacity change from 0 to 131072
[  216.177305][ T9613] F2FS-fs (loop0): Test dummy encryption mode enabled
[  216.181334][ T9613] F2FS-fs (loop0): invalid crc value
[  216.222574][ T9613] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  216.226504][ T9613] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  216.276754][ T6060] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  216.286700][ T6060] usb 3-1: New USB device found, idVendor=1bc7, idProduct=9010, bcdDevice=36.53
[  216.289990][ T6060] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.302930][ T6060] usb 3-1: config 0 descriptor??
[  216.309883][ T6060] option 3-1:0.0: GSM modem (1-port) converter detected
[  216.405269][ T9640] loop1: detected capacity change from 0 to 512
[  216.435437][ T9640] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  216.448094][ T9640] EXT4-fs error (device loop1): ext4_init_orphan_info:611: comm syz.1.1483: orphan file block 0: bad magic
[  216.451940][ T9640] EXT4-fs (loop1): mount failed
[  216.516020][ T6060] usb 3-1: USB disconnect, device number 20
[  216.527686][ T6060] option 3-1:0.0: device disconnected
[  216.780622][ T9655] JFS: discard option not supported on device
[  216.781008][ T9656] loop0: detected capacity change from 0 to 8
[  216.794269][ T9655] Mount JFS Failure: -22
[  216.796792][ T9655] jfs_mount failed w/return code = -22
[  216.805515][ T9656] SQUASHFS error: xz decompression failed, data probably corrupt
[  216.812665][ T9656] SQUASHFS error: Failed to read block 0x108: -5
[  216.817355][ T9656] SQUASHFS error: Unable to read metadata cache entry [106]
[  216.819751][ T9656] SQUASHFS error: Unable to read inode 0x11f
[  217.222339][ T9671] loop0: detected capacity change from 0 to 32768
[  217.262617][ T9671] JBD2: Ignoring recovery information on journal
[  217.283966][ T6060] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  217.301458][ T9679] loop2: detected capacity change from 0 to 4096
[  217.307759][ T9671] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  217.355065][ T9682] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  217.398128][ T5999] ocfs2: Unmounting device (7,0) on (node local)
[  217.436446][ T6060] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  217.439919][ T6060] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3
[  217.458372][ T6060] usb 2-1: config 220 interface 0 has no altsetting 0
[  217.459078][ T9684] can0: slcan on ttyS3.
[  217.470875][ T6060] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  217.477630][ T6060] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.486655][ T6060] usb 2-1: Product: syz
[  217.488329][ T6060] usb 2-1: Manufacturer: syz
[  217.491810][ T6060] usb 2-1: SerialNumber: syz
[  217.534382][ T9684] can0 (unregistered): slcan off ttyS3.
[  217.537155][ T9684] Falling back ldisc for ttyS3.
[  217.577294][ T9688] loop0: detected capacity change from 0 to 256
[  217.628829][ T9688] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  217.716822][ T6060] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  217.718832][ T6060] usb 2-1: No valid video chain found.
[  217.758383][ T6060] usb 2-1: USB disconnect, device number 18
[  217.997272][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.000948][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.065125][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.068488][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.147876][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.151089][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.198255][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  218.205753][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  218.211057][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  218.227525][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  218.230575][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  218.241786][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.260505][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.357867][ T9715] loop2: detected capacity change from 0 to 40427
[  218.424836][ T9715] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  218.431712][ T9721] loop1: detected capacity change from 0 to 4096
[  218.439494][ T9721] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  218.476123][ T9716] chnl_net:caif_netlink_parms(): no params data found
[  218.510240][ T9715] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  218.520523][ T9715] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  218.701066][ T9716] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.718519][ T9716] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.724605][ T9716] bridge_slave_0: entered allmulticast mode
[  218.729907][ T9716] bridge_slave_0: entered promiscuous mode
[  218.742790][ T9716] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.751827][ T9716] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.756976][ T9716] bridge_slave_1: entered allmulticast mode
[  218.760819][ T9716] bridge_slave_1: entered promiscuous mode
[  218.766018][   T12] bridge_slave_1: left allmulticast mode
[  218.768247][   T12] bridge_slave_1: left promiscuous mode
[  218.772828][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.805883][   T12] bridge_slave_0: left allmulticast mode
[  218.807590][   T12] bridge_slave_0: left promiscuous mode
[  218.815008][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.917338][ T9747] loop1: detected capacity change from 0 to 256
[  218.931368][ T9747] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[  219.520426][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  219.527112][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  219.531854][   T12] bond0 (unregistering): Released all slaves
[  219.562159][ T9745] @: renamed from vlan0 (while UP)
[  219.639850][ T9716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.665614][ T9716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.845774][ T9716] team0: Port device team_slave_0 added
[  219.852131][ T9716] team0: Port device team_slave_1 added
[  219.880214][ T9716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.885547][ T9716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.912806][ T9716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.935038][ T9716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.937890][ T9716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.961848][ T9716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.107645][ T9784] loop1: detected capacity change from 0 to 16
[  220.138756][ T9784] erofs (device loop1): mounted with root inode @ nid 36.
[  220.275338][   T54] Bluetooth: hci1: command tx timeout
[  220.278902][ T9716] hsr_slave_0: entered promiscuous mode
[  220.279698][ T9716] hsr_slave_1: entered promiscuous mode
[  220.280200][ T9716] debugfs: 'hsr0' already exists in 'hsr'
[  220.280215][ T9716] Cannot create hsr debugfs directory
[  220.326790][   T97] kernel read not supported for file /sequencer (pid: 97 comm: kworker/0:2)
[  220.328242][ T9791] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input14
[  220.335279][   T12] hsr_slave_0: left promiscuous mode
[  220.342062][   T12] hsr_slave_1: left promiscuous mode
[  220.358337][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  220.361307][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  220.386577][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.389506][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  220.429937][   T12] veth1_macvtap: left promiscuous mode
[  220.432829][   T12] veth0_macvtap: left promiscuous mode
[  221.713024][   T97] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  221.878814][   T97] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[  221.879772][ T9716] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  221.881997][   T97] usb 2-1: config 0 has no interface number 0
[  221.891266][   T97] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  221.896028][   T97] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.905878][ T9716] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  221.908309][   T97] usb 2-1: Product: syz
[  221.912751][   T97] usb 2-1: Manufacturer: syz
[  221.926804][ T9716] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  221.927107][   T97] usb 2-1: SerialNumber: syz
[  221.938756][   T97] usb 2-1: config 0 descriptor??
[  221.954612][ T9716] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  222.152615][   T97] usb 2-1: Found UVC 0.00 device syz (046d:0823)
[  222.166065][ T9716] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.168939][   T97] usb 2-1: No valid video chain found.
[  222.182248][   T97] usb 2-1: USB disconnect, device number 19
[  222.229796][ T9716] 8021q: adding VLAN 0 to HW filter on device team0
[  222.251862][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.254773][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.295958][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.298867][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.353306][   T54] Bluetooth: hci1: command tx timeout
[  222.932038][ T9716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.071060][ T9716] veth0_vlan: entered promiscuous mode
[  223.098138][ T9716] veth1_vlan: entered promiscuous mode
[  223.178158][ T9716] veth0_macvtap: entered promiscuous mode
[  223.188717][ T9716] veth1_macvtap: entered promiscuous mode
[  223.225229][ T9716] batman_adv: batadv0: Interface activated: batadv_slave_0
[  223.258660][ T9716] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.312836][ T5745] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.317529][ T5745] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.327931][ T5745] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.330850][ T5745] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.519973][ T9859] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1554'.
[  223.524152][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.526698][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.531344][ T9859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1554'.
[  223.584127][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.586493][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.432740][   T54] Bluetooth: hci1: command tx timeout
[  224.589148][ T9898] loop1: detected capacity change from 0 to 512
[  224.613440][ T9898] loop1: detected capacity change from 0 to 512
[  224.617394][ T9898] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  224.622230][ T9898] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1565: bg 0: block 384: padding at end of block bitmap is not set
[  224.629925][ T9898] EXT4-fs (loop1): Remounting filesystem read-only
[  224.633733][ T9898] EXT4-fs (loop1): 1 truncate cleaned up
[  224.636819][ T9898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.673152][  T974] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  224.728059][ T9903] loop2: detected capacity change from 0 to 512
[  224.768831][ T9903] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.774975][ T6061] hid_parser_main: 1236 callbacks suppressed
[  224.775128][ T6061] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  224.779409][ T9903] ext4 filesystem being mounted at /484/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.811143][ T6061] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  224.852787][  T974] usb 4-1: Using ep0 maxpacket: 16
[  224.859698][  T974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  224.863987][  T974] usb 4-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  224.868112][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.875445][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.884056][  T974] usb 4-1: config 0 descriptor??
[  225.314691][ T9907] loop2: detected capacity change from 0 to 32768
[  225.345910][ T9907] JBD2: Ignoring recovery information on journal
[  225.377693][  T974] playstation 0003:054C:0BA0.000E: hidraw1: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.3-1/input0
[  225.396469][ T9907] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  225.548278][  T974] playstation 0003:054C:0BA0.000E: Invalid reportID received, expected 18 got 20
[  225.571689][  T974] playstation 0003:054C:0BA0.000E: Failed to retrieve DualShock4 pairing info: -22
[  225.579718][ T9907] (syz.2.1567,9907,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry too close to end - offset=32, inode=17057, rec_len=280, name_len=10
[  225.586088][  T974] playstation 0003:054C:0BA0.000E: Failed to get MAC address from DualShock4
[  225.589245][  T974] playstation 0003:054C:0BA0.000E: Failed to create dualshock4.
[  225.597169][ T9907] (syz.2.1567,9907,1):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  225.609222][  T974] playstation 0003:054C:0BA0.000E: probe with driver playstation failed with error -22
[  225.616108][ T9907] (syz.2.1567,9907,1):ocfs2_mknod:301 ERROR: status = -2
[  225.629646][ T9907] (syz.2.1567,9907,1):ocfs2_mknod:505 ERROR: status = -2
[  225.639238][ T9907] (syz.2.1567,9907,1):ocfs2_create:678 ERROR: status = -2
[  225.750184][ T6003] ocfs2: Unmounting device (7,2) on (node local)
[  225.790794][  T974] usb 4-1: USB disconnect, device number 2
[  226.034944][   T26] TC_ACT_REPEAT abuse ?
[  226.197369][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.259226][ T9915] TC_ACT_REPEAT abuse ?
[  226.280527][ T9917] netlink: 'syz.2.1570': attribute type 3 has an invalid length.
[  226.284350][ T9917] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1570'.
[  226.404533][ T9923] loop3: detected capacity change from 0 to 512
[  226.426732][ T9923] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1573: casefold flag without casefold feature
[  226.426943][ T9923] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1573: couldn't read orphan inode 15 (err -117)
[  226.443497][ T9923] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.512864][   T54] Bluetooth: hci1: command tx timeout
[  226.572022][ T9716] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.616968][   T10] IPVS: starting estimator thread 0...
[  226.702489][ T9927] IPVS: using max 64 ests per chain, 153600 per kthread
[  226.713664][ T9933] loop3: detected capacity change from 0 to 64
[  226.960613][ T9939] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1580'.
[  227.426061][ T9945] loop3: detected capacity change from 0 to 32768
[  227.446830][ T9945] add_index: next_index = 0.  Resetting!
[  227.449463][ T9945] find_entry called with index >= next_index
[  227.454200][ T9945] find_entry called with index >= next_index
[  227.456603][ T9945] find_entry called with index >= next_index
[  227.459469][ T9945] find_entry called with index >= next_index
[  227.602332][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  227.756959][    T9] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  227.760832][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.764269][    T9] usb 2-1: Product: syz
[  227.766052][    T9] usb 2-1: Manufacturer: syz
[  227.768024][    T9] usb 2-1: SerialNumber: syz
[  227.774403][    T9] usb 2-1: config 0 descriptor??
[  227.779868][    T9] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  227.983919][    T9] gspca_sunplus: reg_r err -71
[  227.991340][    T9] usb 2-1: USB disconnect, device number 20
[  228.204837][ T9955] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  229.232667][   T10] TC_ACT_REPEAT abuse ?
[  229.283130][ T9971] loop2: detected capacity change from 0 to 32768
[  229.287319][ T9971] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1594 (9971)
[  229.308897][ T9971] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  229.327676][ T9971] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  229.338099][ T9971] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  229.515055][ T9971] BTRFS info (device loop2): rebuilding free space tree
[  229.550077][ T9971] BTRFS info (device loop2): disabling free space tree
[  229.552935][ T9971] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  229.564723][ T9971] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  229.575589][ T9971] BTRFS info (device loop2): enabling disk space caching
[  229.577877][ T9971] BTRFS info (device loop2): force clearing of disk cache
[  229.579968][ T9971] BTRFS info (device loop2): doing ref verification
[  229.587839][ T9971] BTRFS info (device loop2): use zlib compression, level 3
[  229.688920][ T6003] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  229.792581][  T974] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  229.907283][T10007] loop2: detected capacity change from 0 to 512
[  229.917265][T10007] EXT4-fs: Ignoring removed nomblk_io_submit option
[  229.920703][T10007] EXT4-fs: Ignoring removed i_version option
[  229.938922][T10007] EXT4-fs (loop2): 1 orphan inode deleted
[  229.943797][T10007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.951077][  T974] usb 4-1: Using ep0 maxpacket: 8
[  229.970248][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.974513][  T974] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  229.985605][  T974] usb 4-1: config 179 has no interface number 0
[  229.988785][  T974] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  229.995638][  T974] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  230.002170][  T974] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  230.006689][  T974] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  230.023265][  T974] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  230.029037][  T974] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  230.034125][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.040760][T10003] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  230.455289][   T10] usb 4-1: USB disconnect, device number 3
[  230.455427][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  230.462549][    C1] dummy_hcd dummy_hcd.3: timer fired with no URBs pending?
[  230.465572][  T974] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  230.634565][  T974] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  230.638669][  T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.644212][  T974] usb 3-1: config 0 descriptor??
[  231.053623][  T974] usb 3-1: Cannot set MAC address
[  231.055387][  T974] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  231.061143][  T974] usb 3-1: USB disconnect, device number 21
[  231.154354][   T85] TC_ACT_REPEAT abuse ?
[  231.242115][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  231.391855][   T10] usb 4-1: Using ep0 maxpacket: 32
[  231.396724][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  231.404309][   T10] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  231.407834][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.411107][   T10] usb 4-1: Product: syz
[  231.412970][   T10] usb 4-1: Manufacturer: syz
[  231.414811][   T10] usb 4-1: SerialNumber: syz
[  231.419423][   T10] usb 4-1: config 0 descriptor??
[  231.429378][   T10] usb 4-1: bad CDC descriptors
[  231.432635][   T10] usb 4-1: unsupported MDLM descriptors
[  231.646440][  T974] usb 4-1: USB disconnect, device number 4
[  231.729299][T10031] loop2: detected capacity change from 0 to 4096
[  231.844603][T10035] loop2: detected capacity change from 0 to 1024
[  231.854885][T10035] EXT4-fs: Ignoring removed nobh option
[  231.870937][T10035] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  231.883365][T10035] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.1614: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  231.891124][T10035] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1614: couldn't read orphan inode 11 (err -117)
[  231.899764][T10035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.915530][T10035] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1614: Invalid block bitmap block 0 in block_group 0
[  231.925510][T10035] Quota error (device loop2): write_blk: dquota write failed
[  231.928817][T10035] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  231.933002][T10035] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.1614: Failed to acquire dquot type 0
[  231.943506][T10035] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1614: Invalid block bitmap block 0 in block_group 0
[  231.987520][ T6003] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.409897][T10046] netlink: 'syz.3.1618': attribute type 12 has an invalid length.
[  232.414014][T10046] netlink: 'syz.3.1618': attribute type 29 has an invalid length.
[  232.422190][T10046] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1618'.
[  232.430107][T10046] netlink: 'syz.3.1618': attribute type 1 has an invalid length.
[  232.455975][T10046] netlink: 'syz.3.1618': attribute type 2 has an invalid length.
[  232.459145][T10046] netlink: 39 bytes leftover after parsing attributes in process `syz.3.1618'.
[  232.862867][T10053] veth0_to_bridge: entered promiscuous mode
[  232.879065][T10052] veth0_to_bridge: left promiscuous mode
[  233.211773][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  233.361679][    T9] usb 4-1: Using ep0 maxpacket: 32
[  233.376691][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  233.395060][    T9] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  233.398714][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.409012][    T9] usb 4-1: Product: syz
[  233.413572][    T9] usb 4-1: Manufacturer: syz
[  233.424810][    T9] usb 4-1: SerialNumber: syz
[  233.439563][    T9] usb 4-1: config 0 descriptor??
[  233.456587][T10057] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  233.483996][    T9] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input15
[  233.637336][T10071] loop2: detected capacity change from 0 to 128
[  233.684156][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.688633][T10071] FAT-fs (loop2): Filesystem has been set read-only
[  233.717506][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.727701][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.740333][  T974] usb 4-1: USB disconnect, device number 5
[  233.740414][    C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  233.747038][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.750605][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.755990][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.759838][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.771584][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.775218][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.783230][T10071] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 54)
[  233.790216][   T33] audit: type=1800 audit(1757668646.859:24): pid=10071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1629" name="file2" dev="loop2" ino=1048727 res=0 errno=0
[  233.917603][T10077] loop1: detected capacity change from 0 to 256
[  233.927648][T10077] vfat: Bad value for 'nonumtail'
[  234.176884][T10075] loop2: detected capacity change from 0 to 40427
[  234.181518][ T6061] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  234.190157][T10075] F2FS-fs (loop2): invalid crc value
[  234.277959][T10075] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  234.295907][T10075] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  234.332595][T10078] f2fs_ckpt-7:2: attempt to access beyond end of device
[  234.332595][T10078] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.345047][ T6061] usb 2-1: Using ep0 maxpacket: 8
[  234.353887][ T6061] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89
[  234.358313][ T6061] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 99, changing to 10
[  234.371764][T10078] CPU: 1 UID: 0 PID: 10078 Comm: f2fs_ckpt-7:2 Not tainted syzkaller #0 PREEMPT(full) 
[  234.371784][T10078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  234.371792][T10078] Call Trace:
[  234.371799][T10078]  <TASK>
[  234.371805][T10078]  dump_stack_lvl+0x189/0x250
[  234.371827][T10078]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.371841][T10078]  ? __pfx_queue_work_on+0x10/0x10
[  234.371853][T10078]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  234.371872][T10078]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  234.371899][T10078]  f2fs_handle_critical_error+0x37c/0x540
[  234.371923][T10078]  f2fs_write_end_io+0x886/0xb60
[  234.371952][T10078]  __submit_merged_bio+0x27a/0x6a0
[  234.372003][T10078]  __submit_merged_write_cond+0x255/0x530
[  234.372021][T10078]  f2fs_write_data_pages+0x261d/0x3000
[  234.372062][T10078]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  234.372112][T10078]  ? check_path+0x21/0x40
[  234.372125][T10078]  ? check_noncircular+0xe0/0x160
[  234.372180][T10078]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  234.372195][T10078]  do_writepages+0x32e/0x550
[  234.372223][T10078]  ? do_raw_spin_unlock+0x4d/0x240
[  234.372243][T10078]  filemap_fdatawrite+0x199/0x240
[  234.372262][T10078]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  234.372319][T10078]  ? do_raw_spin_unlock+0x4d/0x240
[  234.372338][T10078]  f2fs_sync_dirty_inodes+0x31f/0x830
[  234.372366][T10078]  f2fs_write_checkpoint+0x95a/0x1df0
[  234.372400][T10078]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  234.372448][T10078]  ? down_write+0x162/0x1f0
[  234.372462][T10078]  ? __pfx_down_write+0x10/0x10
[  234.372478][T10078]  ? __pfx___schedule+0x10/0x10
[  234.372503][T10078]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  234.372522][T10078]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  234.372551][T10078]  issue_checkpoint_thread+0xd9/0x260
[  234.372570][T10078]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  234.372585][T10078]  ? __pfx_autoremove_wake_function+0x10/0x10
[  234.372602][T10078]  ? __kthread_parkme+0x7b/0x200
[  234.372614][T10078]  ? __kthread_parkme+0x1a1/0x200
[  234.372630][T10078]  kthread+0x711/0x8a0
[  234.372645][T10078]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  234.372656][T10078]  ? __pfx_kthread+0x10/0x10
[  234.372670][T10078]  ? _raw_spin_unlock_irq+0x23/0x50
[  234.372686][T10078]  ? lockdep_hardirqs_on+0x9c/0x150
[  234.372698][T10078]  ? __pfx_kthread+0x10/0x10
[  234.372713][T10078]  ret_from_fork+0x3fc/0x770
[  234.372737][T10078]  ? __pfx_ret_from_fork+0x10/0x10
[  234.372780][T10078]  ? __switch_to_asm+0x39/0x70
[  234.372796][T10078]  ? __switch_to_asm+0x33/0x70
[  234.372810][T10078]  ? __pfx_kthread+0x10/0x10
[  234.372827][T10078]  ret_from_fork_asm+0x1a/0x30
[  234.372850][T10078]  </TASK>
[  234.373144][T10078] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  234.485403][ T6061] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 34391, setting to 1024
[  234.489790][ T6061] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  234.493602][ T6061] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.500608][ T6061] usb 2-1: config 0 descriptor??
[  234.503757][T10077] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  234.715360][ T6061] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  234.721256][ T6061] usb 2-1: USB disconnect, device number 21
[  234.994101][   T28] TC_ACT_REPEAT abuse ?
[  235.133141][T10121] loop2: detected capacity change from 0 to 32768
[  235.176425][T10121] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  235.176440][T10121]   allowing incompatible features above 0.0: (unknown version)
[  235.176445][T10121]   features: lz4
[  235.188040][T10121] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  235.190947][T10121] bcachefs (loop2): initializing new filesystem
[  235.193036][   T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  235.206350][T10121] bcachefs (loop2): going read-write
[  235.213938][T10121] bcachefs (loop2): marking superblocks
[  235.243268][T10121] bcachefs (loop2): initializing freespace
[  235.302578][T10121] bcachefs (loop2): done initializing freespace
[  235.335278][T10121] bcachefs (loop2): reading snapshots table
[  235.337763][T10121] bcachefs (loop2): reading snapshots done
[  235.356751][   T10] usb 4-1: Using ep0 maxpacket: 32
[  235.374775][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88
[  235.379381][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  235.380408][T10121] bcachefs (loop2): done starting filesystem
[  235.390661][   T10] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  235.395075][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.398096][   T10] usb 4-1: Product: syz
[  235.400344][   T10] usb 4-1: Manufacturer: syz
[  235.411564][   T10] usb 4-1: SerialNumber: syz
[  235.422833][   T10] usb 4-1: config 0 descriptor??
[  235.442789][   T10] usb 4-1: no audio or video endpoints found
[  235.539342][T10121] syz.2.1641 (10121) used greatest stack depth: 15768 bytes left
[  235.565240][ T6003] bcachefs (loop2): shutting down
[  235.572361][ T6003] bcachefs (loop2): going read-only
[  235.574464][ T6003] bcachefs (loop2): finished waiting for writes to stop
[  235.581426][ T6003] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  235.615178][ T6003] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  235.619176][ T6003] bcachefs (loop2): clean shutdown complete, journal seq 4
[  235.623383][ T6003] bcachefs (loop2): marking filesystem clean
[  235.638973][ T6003] bcachefs (loop2): shutdown complete
[  235.659352][   T97] usb 4-1: USB disconnect, device number 6
[  235.913101][T10152] TC_ACT_REPEAT abuse ?
[  236.202279][   T85] TC_ACT_REPEAT abuse ?
[  236.369404][T10164] loop3: detected capacity change from 0 to 1024
[  236.382202][T10164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.416861][ T9716] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.751339][   T97] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  236.922032][   T97] usb 4-1: Using ep0 maxpacket: 8
[  236.928446][   T97] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  236.937118][   T97] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.940338][   T97] usb 4-1: Product: syz
[  236.951480][   T97] usb 4-1: Manufacturer: syz
[  236.953605][   T97] usb 4-1: SerialNumber: syz
[  236.972189][   T97] usb 4-1: config 0 descriptor??
[  237.049502][T10178] loop2: detected capacity change from 0 to 2048
[  237.057042][T10178] UDF-fs: warning (device loop2): udf_fill_super: No partition found (2)
[  237.179825][   T97] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  237.432735][   T10] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  237.581556][   T10] usb 3-1: Using ep0 maxpacket: 16
[  237.585167][   T10] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  237.588844][   T10] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  237.593235][   T10] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  237.599777][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  237.603982][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.611432][   T10] usb 3-1: Product: syz
[  237.612839][   T10] usb 3-1: Manufacturer: syz
[  237.615067][   T10] usb 3-1: SerialNumber: syz
[  237.639458][T10202] loop1: detected capacity change from 0 to 1024
[  237.704484][T10204] binder: 10203:10204 ioctl c0306201 2000000003c0 returned -14
[  237.841516][   T10] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  237.844708][   T10] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[  237.934282][   T10] usb 3-1: USB disconnect, device number 22
[  237.995453][   T97] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  238.013469][   T97] usb 4-1: USB disconnect, device number 7
[  238.024159][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  238.439169][T10232] loop1: detected capacity change from 0 to 128
[  238.465535][T10232] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  238.472950][T10232] ext4 filesystem being mounted at /578/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  238.623986][T10232] fscrypt: Adiantum using implementation "adiantum(xchacha12-generic,aes-fixed-time,nhpoly1305-sse2)"
[  238.696129][ T5997] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  238.814407][T10253] tun0: tun_chr_ioctl cmd 2147767521
[  239.366089][T10265] netlink: 'syz.1.1694': attribute type 1 has an invalid length.
[  239.375832][T10265] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1694'.
[  240.087183][T10273] usb usb8: usbfs: process 10273 (syz.2.1698) did not claim interface 2 before use
[  240.220202][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1702'.
[  240.307436][T10283] loop3: detected capacity change from 0 to 1024
[  240.314492][T10283] EXT4-fs: Ignoring removed bh option
[  240.321576][T10283] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  240.366984][T10283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  240.488869][   T97] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  240.675848][   T97] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  240.688728][   T97] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  240.714598][   T97] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  240.734967][   T97] usb 3-1: config 220 has no interface number 2
[  240.745946][   T97] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  240.771228][   T85] TC_ACT_REPEAT abuse ?
[  240.775493][   T97] usb 3-1: config 220 interface 0 has no altsetting 0
[  240.785622][   T97] usb 3-1: config 220 interface 76 has no altsetting 0
[  240.795926][   T97] usb 3-1: config 220 interface 1 has no altsetting 0
[  240.853491][   T97] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  240.861364][   T97] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.874847][   T97] usb 3-1: Product: syz
[  240.884227][   T97] usb 3-1: Manufacturer: syz
[  240.890185][   T97] usb 3-1: SerialNumber: syz
[  241.133575][T10305] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1712'.
[  241.147747][   T97] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  241.149774][   T97] usb 3-1: No valid video chain found.
[  241.153850][   T97] usb 3-1: selecting invalid altsetting 0
[  241.174637][   T97] usb 3-1: selecting invalid altsetting 0
[  241.176920][   T97] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  241.188811][   T97] usb 3-1: USB disconnect, device number 23
[  241.242051][ T9716] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.392804][ T1094] TC_ACT_REPEAT abuse ?
[  241.407534][T10313] loop1: detected capacity change from 0 to 1024
[  241.426907][T10313] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5
[  241.431145][T10313] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  241.437692][T10313] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.1716: Failed to acquire dquot type 0
[  241.443897][T10313] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  241.458455][T10313] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #13: comm syz.1.1716: corrupted inode contents
[  241.469014][T10313] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #13: comm syz.1.1716: mark_inode_dirty error
[  241.474064][T10313] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #13: comm syz.1.1716: corrupted inode contents
[  241.478902][T10313] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #13: comm syz.1.1716: mark_inode_dirty error
[  241.488846][T10313] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #13: comm syz.1.1716: corrupted inode contents
[  241.496565][T10313] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  241.503092][T10313] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #13: comm syz.1.1716: corrupted inode contents
[  241.511347][T10313] EXT4-fs error (device loop1): ext4_truncate:4666: inode #13: comm syz.1.1716: mark_inode_dirty error
[  241.517645][T10313] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  241.529006][T10313] EXT4-fs (loop1): 1 truncate cleaned up
[  241.532878][T10313] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.565633][T10313] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  241.599818][ T5997] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.681037][T10319] loop1: detected capacity change from 0 to 64
[  241.771270][T10321] ucma_write: process 1180 (syz.2.1719) changed security contexts after opening file descriptor, this is not allowed.
[  242.152671][  T974] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  242.300683][  T974] usb 2-1: Using ep0 maxpacket: 8
[  242.365964][  T974] usb 2-1: config 162 has an invalid interface number: 197 but max is 1
[  242.381889][  T974] usb 2-1: config 162 has an invalid interface number: 143 but max is 1
[  242.413402][  T974] usb 2-1: config 162 has no interface number 0
[  242.428784][  T974] usb 2-1: config 162 has no interface number 1
[  242.444241][  T974] usb 2-1: config 162 interface 197 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  242.462457][  T974] usb 2-1: config 162 interface 143 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  242.476407][  T974] usb 2-1: config 162 interface 143 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  242.492311][  T974] usb 2-1: config 162 interface 143 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  242.508198][  T974] usb 2-1: config 162 interface 143 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  242.517303][  T974] usb 2-1: config 162 interface 143 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  242.536641][  T974] usb 2-1: config 162 interface 197 has no altsetting 0
[  242.539269][  T974] usb 2-1: config 162 interface 143 has no altsetting 0
[  242.551318][  T974] usb 2-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=95.a7
[  242.554866][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.556756][T10337] loop3: detected capacity change from 0 to 1024
[  242.560293][  T974] usb 2-1: Product: syz
[  242.562867][T10337] hfsplus: Unknown parameter '18446744073709551615'
[  242.573937][  T974] usb 2-1: Manufacturer: syz
[  242.578475][  T974] usb 2-1: SerialNumber: syz
[  242.748707][T10338] loop3: detected capacity change from 0 to 4096
[  242.793403][T10339] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  243.043149][   T54] Bluetooth: hci3: HCI Read Local Supported Commands not supported
[  243.059868][   T54] Bluetooth: hci3: Opcode 0x0c03 failed: -71
[  243.097866][  T974] usb 2-1: USB disconnect, device number 22
[  243.910577][   T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  244.095302][   T10] usb 2-1: New USB device found, idVendor=0d81, idProduct=1900, bcdDevice=eb.c6
[  244.098873][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.110691][   T10] usb 2-1: Product: syz
[  244.112414][   T10] usb 2-1: Manufacturer: syz
[  244.114433][   T10] usb 2-1: SerialNumber: syz
[  244.126526][T10355] loop3: detected capacity change from 0 to 2048
[  244.131929][T10355] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=3932051, location=3932051
[  244.141742][T10355] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.158241][T10355] UDF-fs: error (device loop3): udf_fiiter_advance_blk: extent after position 40 not allocated in directory (ino 1376)
[  244.225407][T10361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1737'.
[  244.346245][   T10] pwc: Visionite VCS-UC300 USB webcam detected.
[  244.357369][   T10] pwc: Failed to set LED on/off time (-71)
[  244.361991][   T10] pwc: send_video_command error -71
[  244.370553][   T10] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  244.373582][   T10] Philips webcam 2-1:5.0: probe with driver Philips webcam failed with error -71
[  244.381415][   T10] usb 2-1: USB disconnect, device number 23
[  245.324426][T10380] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1745'.
[  245.333991][T10380] netlink: 'syz.3.1745': attribute type 1 has an invalid length.
[  245.744639][T10381] loop1: detected capacity change from 0 to 32768
[  245.748860][T10381] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1744 (10381)
[  245.766756][T10381] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  245.781143][T10381] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  245.853776][T10381] BTRFS info (device loop1): enabling ssd optimizations
[  245.859895][T10381] BTRFS info (device loop1): enabling free space tree
[  245.913074][ T5997] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  245.920917][  T974] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  246.257081][  T974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  246.265461][  T974] usb 4-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00
[  246.269178][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.286891][  T974] usb 4-1: config 0 descriptor??
[  246.439791][T10389] syz.2.1749: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  246.454842][T10389] CPU: 0 UID: 0 PID: 10389 Comm: syz.2.1749 Not tainted syzkaller #0 PREEMPT(full) 
[  246.454861][T10389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  246.454870][T10389] Call Trace:
[  246.454875][T10389]  <TASK>
[  246.454882][T10389]  dump_stack_lvl+0x189/0x250
[  246.454904][T10389]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  246.454924][T10389]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.454937][T10389]  ? __pfx__printk+0x10/0x10
[  246.454953][T10389]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  246.454967][T10389]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  246.454987][T10389]  warn_alloc+0x214/0x310
[  246.455012][T10389]  ? __pfx_warn_alloc+0x10/0x10
[  246.455038][T10389]  ? __get_vm_area_node+0x28f/0x300
[  246.455059][T10389]  ? vb2_vmalloc_alloc+0xef/0x340
[  246.455077][T10389]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  246.455115][T10389]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  246.455138][T10389]  ? __kasan_kmalloc+0x93/0xb0
[  246.455159][T10389]  vmalloc_user_noprof+0xad/0xf0
[  246.455179][T10389]  ? vb2_vmalloc_alloc+0xef/0x340
[  246.455196][T10389]  vb2_vmalloc_alloc+0xef/0x340
[  246.455212][T10389]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  246.455229][T10389]  __vb2_queue_alloc+0x9c2/0x15a0
[  246.455262][T10389]  vb2_core_reqbufs+0xc31/0x1420
[  246.455292][T10389]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  246.455306][T10389]  ? vb2_verify_memory_type+0x1fc/0x570
[  246.455322][T10389]  ? vb2_reqbufs+0x3a9/0x630
[  246.455342][T10389]  v4l2_m2m_ioctl_reqbufs+0x10d/0x200
[  246.455363][T10389]  __video_do_ioctl+0xc9b/0xdb0
[  246.455385][T10389]  ? __pfx___video_do_ioctl+0x10/0x10
[  246.455411][T10389]  video_usercopy+0x871/0x14f0
[  246.455435][T10389]  ? __pfx___video_do_ioctl+0x10/0x10
[  246.455448][T10389]  ? __pfx_video_usercopy+0x10/0x10
[  246.455469][T10389]  ? __fget_files+0x2a/0x420
[  246.455482][T10389]  ? __fget_files+0x2a/0x420
[  246.455491][T10389]  ? __fget_files+0x3a0/0x420
[  246.455502][T10389]  v4l2_ioctl+0x18d/0x1e0
[  246.455515][T10389]  ? __pfx_v4l2_ioctl+0x10/0x10
[  246.455527][T10389]  __se_sys_ioctl+0xfc/0x170
[  246.455553][T10389]  do_syscall_64+0xfa/0x3b0
[  246.455568][T10389]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.455581][T10389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.455595][T10389]  ? exc_page_fault+0x9f/0xf0
[  246.455610][T10389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.455620][T10389] RIP: 0033:0x7fc69258eba9
[  246.455633][T10389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.455643][T10389] RSP: 002b:00007fc6934db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.455656][T10389] RAX: ffffffffffffffda RBX: 00007fc6927d5fa0 RCX: 00007fc69258eba9
[  246.455664][T10389] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[  246.455671][T10389] RBP: 00007fc692611e19 R08: 0000000000000000 R09: 0000000000000000
[  246.455678][T10389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  246.455685][T10389] R13: 00007fc6927d6038 R14: 00007fc6927d5fa0 R15: 00007fffea3974f8
[  246.455705][T10389]  </TASK>
[  246.455711][T10389] Mem-Info:
[  246.526671][   T85] TC_ACT_REPEAT abuse ?
[  246.538388][T10389] active_anon:7106 inactive_anon:0 isolated_anon:0
[  246.538388][T10389]  active_file:13347 inactive_file:38399 isolated_file:0
[  246.538388][T10389]  unevictable:1768 dirty:277 writeback:0
[  246.538388][T10389]  slab_reclaimable:10477 slab_unreclaimable:55250
[  246.538388][T10389]  mapped:19344 shmem:2452 pagetables:1336
[  246.538388][T10389]  sec_pagetables:0 bounce:0
[  246.538388][T10389]  kernel_misc_reclaimable:0
[  246.538388][T10389]  free:233533 free_pcp:25355 free_cma:0
[  246.599656][T10389] Node 0 active_anon:14180kB inactive_anon:0kB active_file:42772kB inactive_file:22200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24660kB dirty:852kB writeback:0kB shmem:4992kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4124kB pagetables:2832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  246.612285][T10389] Node 1 active_anon:14224kB inactive_anon:0kB active_file:10616kB inactive_file:131364kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:52716kB dirty:260kB writeback:0kB shmem:4828kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8528kB pagetables:2456kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  246.625260][T10389] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  246.636366][T10389] lowmem_reserve[]: 0 811 811 811 811
[  246.638576][T10389] Node 0 DMA32 free:340052kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14180kB inactive_anon:0kB active_file:42772kB inactive_file:22200kB unevictable:3536kB writepending:852kB present:1556484kB managed:830900kB mlocked:0kB bounce:0kB free_pcp:52028kB local_pcp:38076kB free_cma:0kB
[  246.652063][T10389] lowmem_reserve[]: 0 0 0 0 0
[  246.653902][T10389] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[  246.666179][T10389] lowmem_reserve[]: 0 0 854 854 854
[  246.668275][T10389] Node 1 Normal free:120208kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14224kB inactive_anon:0kB active_file:10616kB inactive_file:131364kB unevictable:3536kB writepending:260kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:49540kB local_pcp:18968kB free_cma:0kB
[  246.680831][T10389] lowmem_reserve[]: 0 0 0 0 0
[  246.682650][T10389] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  246.687439][T10389] Node 0 DMA32: 1277*4kB (UME) 788*8kB (UME) 372*16kB (UME) 96*32kB (UME) 199*64kB (UME) 113*128kB (UME) 18*256kB (UM) 10*512kB (ME) 8*1024kB (UME) 10*2048kB (UME) 62*4096kB (UM) = 339988kB
[  246.694909][T10389] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[  246.702134][T10389] Node 1 Normal: 42*4kB (ME) 15*8kB (ME) 9*16kB (ME) 105*32kB (M) 49*64kB (ME) 39*128kB (UME) 35*256kB (ME) 18*512kB (M) 8*1024kB (ME) 8*2048kB (M) 16*4096kB (M) = 120208kB
[  246.710325][T10389] Node 0 hugepages_total=3 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  246.714506][T10389] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  246.718195][T10389] 54151 total pagecache pages
[  246.720250][T10389] 0 pages in swap cache
[  246.721891][T10389] Free swap  = 124996kB
[  246.723547][T10389] Total swap = 124996kB
[  246.725236][T10389] 786301 pages RAM
[  246.726822][T10389] 0 pages HighMem/MovableOnly
[  246.728707][T10389] 241344 pages reserved
[  246.730227][ T6061] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  246.730477][T10389] 0 pages cma reserved
[  246.768956][  T974] input: HID 28bd:0933 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:0933.000F/input/input16
[  246.864949][  T974] uclogic 0003:28BD:0933.000F: input,hidraw0: USB HID v0.01 Mouse [HID 28bd:0933] on usb-dummy_hcd.3-1/input0
[  246.882022][ T6061] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  246.885985][ T6061] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.898992][ T6061] usb 2-1: config 0 descriptor??
[  246.912758][ T6061] cp210x 2-1:0.0: cp210x converter detected
[  246.971369][   T97] usb 4-1: USB disconnect, device number 8
[  247.150609][ T1094] TC_ACT_REPEAT abuse ?
[  247.308339][ T6061] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  247.316515][ T6061] usb 2-1: cp210x converter now attached to ttyUSB0
[  247.520375][ T6061] usb 2-1: USB disconnect, device number 24
[  247.542023][ T6061] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  247.556342][ T6061] cp210x 2-1:0.0: device disconnected
[  247.883800][T10429] loop3: detected capacity change from 0 to 40427
[  247.888192][T10429] F2FS-fs (loop3): build fault injection rate: 771
[  247.902594][T10429] F2FS-fs (loop3): invalid crc value
[  247.962337][T10429] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  247.967099][T10429] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  247.970218][   T97] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  248.008990][T10436] f2fs_ckpt-7:3: attempt to access beyond end of device
[  248.008990][T10436] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  248.018005][T10436] CPU: 0 UID: 0 PID: 10436 Comm: f2fs_ckpt-7:3 Not tainted syzkaller #0 PREEMPT(full) 
[  248.018027][T10436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  248.018036][T10436] Call Trace:
[  248.018043][T10436]  <TASK>
[  248.018051][T10436]  dump_stack_lvl+0x189/0x250
[  248.018075][T10436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.018092][T10436]  ? __pfx_queue_work_on+0x10/0x10
[  248.018106][T10436]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  248.018125][T10436]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  248.018156][T10436]  f2fs_handle_critical_error+0x37c/0x540
[  248.018182][T10436]  f2fs_write_end_io+0x886/0xb60
[  248.018215][T10436]  __submit_merged_bio+0x27a/0x6a0
[  248.018232][T10436]  ? up_write+0x1c4/0x420
[  248.018253][T10436]  __submit_merged_write_cond+0x44c/0x530
[  248.018279][T10436]  f2fs_sync_node_pages+0x1479/0x15e0
[  248.018316][T10436]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  248.018358][T10436]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  248.018377][T10436]  ? up_write+0x1c4/0x420
[  248.018390][T10436]  ? do_raw_spin_unlock+0x4d/0x240
[  248.018410][T10436]  f2fs_write_checkpoint+0xe6f/0x1df0
[  248.018443][T10436]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  248.018491][T10436]  ? down_write+0x162/0x1f0
[  248.018504][T10436]  ? __pfx_down_write+0x10/0x10
[  248.018517][T10436]  ? __pfx___schedule+0x10/0x10
[  248.018543][T10436]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  248.018561][T10436]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  248.018636][T10436]  issue_checkpoint_thread+0xd9/0x260
[  248.018655][T10436]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  248.018671][T10436]  ? __pfx_autoremove_wake_function+0x10/0x10
[  248.018688][T10436]  ? __kthread_parkme+0x7b/0x200
[  248.018703][T10436]  ? __kthread_parkme+0x1a1/0x200
[  248.018724][T10436]  kthread+0x711/0x8a0
[  248.018744][T10436]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  248.018758][T10436]  ? __pfx_kthread+0x10/0x10
[  248.018777][T10436]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.018794][T10436]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.018806][T10436]  ? __pfx_kthread+0x10/0x10
[  248.018823][T10436]  ret_from_fork+0x3fc/0x770
[  248.018841][T10436]  ? __pfx_ret_from_fork+0x10/0x10
[  248.018861][T10436]  ? __switch_to_asm+0x39/0x70
[  248.018876][T10436]  ? __switch_to_asm+0x33/0x70
[  248.018891][T10436]  ? __pfx_kthread+0x10/0x10
[  248.018906][T10436]  ret_from_fork_asm+0x1a/0x30
[  248.018934][T10436]  </TASK>
[  248.018942][T10436] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  248.120610][T10436] CPU: 0 UID: 0 PID: 10436 Comm: f2fs_ckpt-7:3 Not tainted syzkaller #0 PREEMPT(full) 
[  248.120630][T10436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  248.120637][T10436] Call Trace:
[  248.120643][T10436]  <TASK>
[  248.120649][T10436]  dump_stack_lvl+0x189/0x250
[  248.120674][T10436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.120690][T10436]  ? __pfx_queue_work_on+0x10/0x10
[  248.120703][T10436]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  248.120723][T10436]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  248.120753][T10436]  f2fs_handle_critical_error+0x37c/0x540
[  248.120779][T10436]  f2fs_write_end_io+0x886/0xb60
[  248.120811][T10436]  __submit_merged_bio+0x27a/0x6a0
[  248.120828][T10436]  ? up_write+0x1c4/0x420
[  248.120849][T10436]  __submit_merged_write_cond+0x44c/0x530
[  248.120874][T10436]  f2fs_sync_node_pages+0x1479/0x15e0
[  248.120912][T10436]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  248.120957][T10436]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  248.120976][T10436]  ? up_write+0x1c4/0x420
[  248.120988][T10436]  ? do_raw_spin_unlock+0x4d/0x240
[  248.121008][T10436]  f2fs_write_checkpoint+0xe6f/0x1df0
[  248.121046][T10436]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  248.121098][T10436]  ? down_write+0x162/0x1f0
[  248.121112][T10436]  ? __pfx_down_write+0x10/0x10
[  248.121127][T10436]  ? __pfx___schedule+0x10/0x10
[  248.121153][T10436]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  248.121172][T10436]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  248.121203][T10436]  issue_checkpoint_thread+0xd9/0x260
[  248.121220][T10436]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  248.121235][T10436]  ? __pfx_autoremove_wake_function+0x10/0x10
[  248.121252][T10436]  ? __kthread_parkme+0x7b/0x200
[  248.121267][T10436]  ? __kthread_parkme+0x1a1/0x200
[  248.121288][T10436]  kthread+0x711/0x8a0
[  248.121307][T10436]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  248.121321][T10436]  ? __pfx_kthread+0x10/0x10
[  248.121338][T10436]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.121356][T10436]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.121368][T10436]  ? __pfx_kthread+0x10/0x10
[  248.121385][T10436]  ret_from_fork+0x3fc/0x770
[  248.121403][T10436]  ? __pfx_ret_from_fork+0x10/0x10
[  248.121423][T10436]  ? __switch_to_asm+0x39/0x70
[  248.121438][T10436]  ? __switch_to_asm+0x33/0x70
[  248.121451][T10436]  ? __pfx_kthread+0x10/0x10
[  248.121468][T10436]  ret_from_fork_asm+0x1a/0x30
[  248.121501][T10436]  </TASK>
[  248.121507][T10436] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  248.229869][   T97] usb 3-1: Using ep0 maxpacket: 32
[  248.233551][   T97] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  248.237334][   T97] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.241657][   T97] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  248.245507][   T97] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  248.249480][   T97] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  248.256497][   T97] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  248.259834][   T97] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.263517][   T97] usb 3-1: Product: syz
[  248.265132][   T97] usb 3-1: Manufacturer: syz
[  248.266995][   T97] usb 3-1: SerialNumber: syz
[  248.660958][T10450] loop3: detected capacity change from 0 to 8
[  248.669582][T10450] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  248.685342][T10450] cramfs: Error -5 while decompressing!
[  248.687802][T10450] cramfs: ffffffff99bf6668(26)->ffff888124f04000(4096)
[  248.694959][T10450] cramfs: Error -3 while decompressing!
[  248.697128][T10450] cramfs: ffffffff99bf6682(26)->ffff888124f02000(4096)
[  248.702047][T10450] cramfs: Error -3 while decompressing!
[  248.705486][T10450] cramfs: ffffffff99bf669c(16)->ffff888124f05000(4096)
[  248.708260][T10450] cramfs: Error -5 while decompressing!
[  248.713365][T10450] cramfs: ffffffff99bf6668(26)->ffff888124f04000(4096)
[  248.718292][   T33] audit: type=1800 audit(1757668661.791:25): pid=10450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1766" name="file2" dev="loop3" ino=348 res=0 errno=0
[  248.769829][ T6060] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  249.458387][   T97] cdc_ncm 3-1:1.0: bind() failure
[  249.468288][   T97] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  249.476293][   T97] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  249.482064][   T97] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  249.490633][   T97] usb 3-1: USB disconnect, device number 24
[  249.612603][ T6060] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  249.616628][ T6060] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  249.621101][ T6060] usb 2-1: config 1 has no interface number 0
[  249.623169][ T6060] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  249.626587][ T6060] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  249.631810][ T6060] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  249.635480][ T6060] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.638645][ T6060] usb 2-1: Product: syz
[  249.642325][ T6060] usb 2-1: Manufacturer: syz
[  249.644291][ T6060] usb 2-1: SerialNumber: syz
[  249.771468][T10452] loop3: detected capacity change from 0 to 32768
[  249.784548][T10452] ERROR: (device loop3): diAllocAG: numfree > numinos
[  249.784548][T10452] 
[  249.788400][T10452] ERROR: (device loop3): remounting filesystem as read-only
[  249.793458][T10452] ialloc: diAlloc returned -5!
[  250.481256][ T6060] cdc_ncm 2-1:1.1: bind() failure
[  250.708577][ T6061] usb 2-1: USB disconnect, device number 25
[  252.178281][T10487] TC_ACT_REPEAT abuse ?
[  252.259445][   T97] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  252.270748][ T1208] TC_ACT_REPEAT abuse ?
[  252.273374][ T1094] TC_ACT_REPEAT abuse ?
[  252.439915][   T97] usb 4-1: Using ep0 maxpacket: 32
[  252.468244][   T97] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  252.479169][   T97] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  252.488494][   T97] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.540577][   T97] usb 4-1: config 0 descriptor??
[  252.707594][T10497] loop1: detected capacity change from 0 to 512
[  252.964559][   T97] steelseries 0003:1038:1410.0010: collection stack underflow
[  252.967795][   T97] steelseries 0003:1038:1410.0010: item 0 4 0 12 parsing failed
[  252.982509][   T97] steelseries 0003:1038:1410.0010: parse failed
[  252.984507][   T97] steelseries 0003:1038:1410.0010: probe with driver steelseries failed with error -22
[  253.153063][ T6060] syz_tun: tun_net_xmit 130
[  253.165229][ T6061] usb 4-1: USB disconnect, device number 9
[  253.471571][T10516] loop2: detected capacity change from 0 to 32768
[  253.491439][T10516] ERROR: (device loop2): dbAlloc: unable to allocate blocks
[  253.491439][T10516] 
[  253.498414][T10516] ERROR: (device loop2): remounting filesystem as read-only
[  253.582837][T10526] loop1: detected capacity change from 0 to 256
[  253.598960][T10526] FAT-fs (loop1): Directory bread(block 64) failed
[  253.610093][T10526] FAT-fs (loop1): Directory bread(block 65) failed
[  253.612830][T10526] FAT-fs (loop1): Directory bread(block 66) failed
[  253.616394][T10526] FAT-fs (loop1): Directory bread(block 67) failed
[  253.626737][T10526] FAT-fs (loop1): Directory bread(block 68) failed
[  253.639203][T10526] FAT-fs (loop1): Directory bread(block 69) failed
[  253.643569][T10526] FAT-fs (loop1): Directory bread(block 70) failed
[  253.646367][T10526] FAT-fs (loop1): Directory bread(block 71) failed
[  253.652338][T10526] FAT-fs (loop1): Directory bread(block 72) failed
[  253.655000][T10526] FAT-fs (loop1): Directory bread(block 73) failed
[  253.699391][   T97] syz_tun: tun_net_xmit 130
[  253.764797][T10528] use of bytesused == 0 is deprecated and will be removed in the future,
[  253.768330][T10528] use the actual size instead.
[  254.609262][   T97] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  254.760692][   T97] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  254.763598][   T97] usb 4-1: config 0 has no interface number 0
[  254.769029][   T97] usb 4-1: config 0 interface 255 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  254.773273][   T97] usb 4-1: config 0 interface 255 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  254.790380][   T97] usb 4-1: config 0 interface 255 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  254.797407][   T97] usb 4-1: config 0 interface 255 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  254.809006][   T97] usb 4-1: config 0 interface 255 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  254.824583][   T97] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  254.827824][   T97] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.838557][   T97] usb 4-1: Product: syz
[  254.842001][   T97] usb 4-1: Manufacturer: syz
[  254.848163][   T97] usb 4-1: SerialNumber: syz
[  254.856697][   T97] usb 4-1: config 0 descriptor??
[  254.894285][T10540] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  254.898695][   T97] iguanair 4-1:0.255: probe with driver iguanair failed with error -12
[  254.939642][T10545] loop2: detected capacity change from 0 to 128
[  254.947497][T10545] ext2: Unknown parameter 'dont_appraise'
[  255.363951][   T97] usb 4-1: USB disconnect, device number 10
[  255.488412][ T1366] ieee802154 phy0 wpan0: encryption failed: -22
[  255.500282][ T1366] ieee802154 phy1 wpan1: encryption failed: -22
[  257.288032][T10574] loop1: detected capacity change from 0 to 256
[  257.297637][T10574] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  257.397629][T10574] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  257.897571][   T85] Bluetooth: hci3: Frame reassembly failed (-84)
[  257.913831][ T1145] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 0
[  257.918286][   T85] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  258.805935][T10597] netlink: 296 bytes leftover after parsing attributes in process `syz.1.1831'.
[  259.339217][T10611] loop1: detected capacity change from 0 to 32768
[  259.343512][T10611] (syz.1.1838,10611,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  259.352926][T10611] (syz.1.1838,10611,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  259.368364][T10611] JBD2: Ignoring recovery information on journal
[  259.397884][T10611] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  259.447253][T10611] 
[  259.448261][T10611] ======================================================
[  259.451242][T10611] WARNING: possible circular locking dependency detected
[  259.454058][T10611] syzkaller #0 Not tainted
[  259.456228][T10611] ------------------------------------------------------
[  259.459965][T10611] syz.1.1838/10611 is trying to acquire lock:
[  259.462228][T10611] ffff888021eb6618 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x455/0xb30
[  259.465783][T10611] 
[  259.465783][T10611] but task is already holding lock:
[  259.468620][T10611] ffff888122c58660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270
[  259.472871][T10611] 
[  259.472871][T10611] which lock already depends on the new lock.
[  259.472871][T10611] 
[  259.476951][T10611] 
[  259.476951][T10611] the existing dependency chain (in reverse order) is:
[  259.480824][T10611] 
[  259.480824][T10611] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
[  259.484181][T10611]        lock_acquire+0x120/0x360
[  259.486277][T10611]        down_write+0x96/0x1f0
[  259.488321][T10611]        ocfs2_lock_global_qf+0x1e8/0x270
[  259.490562][T10611]        ocfs2_acquire_dquot+0x2b0/0xb30
[  259.492697][T10611]        dqget+0x7b1/0xf10
[  259.495121][T10611]        dquot_set_dqblk+0x2b/0xfa0
[  259.497169][T10611]        quota_setquota+0x4b7/0x540
[  259.499214][T10611]        __se_sys_quotactl+0x279/0x950
[  259.501393][T10611]        do_syscall_64+0xfa/0x3b0
[  259.503411][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.506000][T10611] 
[  259.506000][T10611] -> #5 (&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}:
[  259.510007][T10611]        lock_acquire+0x120/0x360
[  259.511951][T10611]        down_write+0x96/0x1f0
[  259.513825][T10611]        ocfs2_lock_global_qf+0x1ca/0x270
[  259.516010][T10611]        ocfs2_acquire_dquot+0x2b0/0xb30
[  259.518139][T10611]        dqget+0x7b1/0xf10
[  259.519886][T10611]        dquot_set_dqblk+0x2b/0xfa0
[  259.521997][T10611]        quota_setquota+0x4b7/0x540
[  259.524131][T10611]        __se_sys_quotactl+0x279/0x950
[  259.526240][T10611]        do_syscall_64+0xfa/0x3b0
[  259.528207][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.530685][T10611] 
[  259.530685][T10611] -> #4 (&dquot->dq_lock){+.+.}-{4:4}:
[  259.533555][T10611]        lock_acquire+0x120/0x360
[  259.535487][T10611]        __mutex_lock+0x187/0x1350
[  259.537557][T10611]        dqget+0x72a/0xf10
[  259.539350][T10611]        dquot_transfer+0x4b8/0x6d0
[  259.541397][T10611]        ext4_setattr+0x865/0x1bc0
[  259.543455][T10611]        notify_change+0xb36/0xe40
[  259.545451][T10611]        chown_common+0x40c/0x5c0
[  259.547529][T10611]        do_fchownat+0x161/0x270
[  259.549547][T10611]        __x64_sys_lchown+0x85/0xa0
[  259.551635][T10611]        do_syscall_64+0xfa/0x3b0
[  259.553588][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.556031][T10611] 
[  259.556031][T10611] -> #3 (&ei->xattr_sem){++++}-{4:4}:
[  259.558986][T10611]        lock_acquire+0x120/0x360
[  259.560967][T10611]        down_read+0x46/0x2e0
[  259.562883][T10611]        ext4_setattr+0x855/0x1bc0
[  259.564868][T10611]        notify_change+0xb36/0xe40
[  259.566881][T10611]        chown_common+0x40c/0x5c0
[  259.568888][T10611]        do_fchownat+0x161/0x270
[  259.570779][T10611]        __x64_sys_chown+0x82/0xa0
[  259.572746][T10611]        do_syscall_64+0xfa/0x3b0
[  259.574705][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.577157][T10611] 
[  259.577157][T10611] -> #2 (jbd2_handle){++++}-{0:0}:
[  259.579995][T10611]        lock_acquire+0x120/0x360
[  259.581939][T10611]        start_this_handle+0x1fa7/0x21c0
[  259.584100][T10611]        jbd2__journal_start+0x2c1/0x5b0
[  259.586264][T10611]        jbd2_journal_start+0x2a/0x40
[  259.588661][T10611]        ocfs2_start_trans+0x376/0x6d0
[  259.590858][T10611]        ocfs2_mknod+0xe93/0x2050
[  259.592868][T10611]        ocfs2_create+0x1a5/0x440
[  259.594853][T10611]        path_openat+0x14f4/0x3830
[  259.596852][T10611]        do_filp_open+0x1fa/0x410
[  259.598914][T10611]        do_sys_openat2+0x121/0x1c0
[  259.601008][T10611]        __x64_sys_open+0x11e/0x150
[  259.603019][T10611]        do_syscall_64+0xfa/0x3b0
[  259.604966][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.607450][T10611] 
[  259.607450][T10611] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  259.610684][T10611]        lock_acquire+0x120/0x360
[  259.612672][T10611]        down_read+0x46/0x2e0
[  259.614516][T10611]        ocfs2_start_trans+0x36a/0x6d0
[  259.616733][T10611]        ocfs2_mknod+0xe93/0x2050
[  259.618695][T10611]        ocfs2_create+0x1a5/0x440
[  259.620689][T10611]        path_openat+0x14f4/0x3830
[  259.622687][T10611]        do_filp_open+0x1fa/0x410
[  259.624641][T10611]        do_sys_openat2+0x121/0x1c0
[  259.626635][T10611]        __x64_sys_open+0x11e/0x150
[  259.628736][T10611]        do_syscall_64+0xfa/0x3b0
[  259.630694][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.633145][T10611] 
[  259.633145][T10611] -> #0 (sb_internal#4){.+.+}-{0:0}:
[  259.635994][T10611]        validate_chain+0xb9b/0x2140
[  259.638055][T10611]        __lock_acquire+0xab9/0xd20
[  259.640189][T10611]        lock_acquire+0x120/0x360
[  259.642166][T10611]        ocfs2_start_trans+0x26b/0x6d0
[  259.644367][T10611]        ocfs2_acquire_dquot+0x455/0xb30
[  259.646588][T10611]        dqget+0x7b1/0xf10
[  259.648315][T10611]        dquot_set_dqblk+0x2b/0xfa0
[  259.650439][T10611]        quota_setquota+0x4b7/0x540
[  259.652625][T10611]        __se_sys_quotactl+0x279/0x950
[  259.654893][T10611]        do_syscall_64+0xfa/0x3b0
[  259.657028][T10611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.659762][T10611] 
[  259.659762][T10611] other info that might help us debug this:
[  259.659762][T10611] 
[  259.663528][T10611] Chain exists of:
[  259.663528][T10611]   sb_internal#4 --> &ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key
[  259.663528][T10611] 
[  259.669718][T10611]  Possible unsafe locking scenario:
[  259.669718][T10611] 
[  259.672648][T10611]        CPU0                    CPU1
[  259.674569][T10611]        ----                    ----
[  259.676539][T10611]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  259.678647][T10611]                                lock(&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]);
[  259.682261][T10611]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  259.685517][T10611]   rlock(sb_internal#4);
[  259.687219][T10611] 
[  259.687219][T10611]  *** DEADLOCK ***
[  259.687219][T10611] 
[  259.690255][T10611] 4 locks held by syz.1.1838/10611:
[  259.692242][T10611]  #0: ffff888021eb60e0 (&type->s_umount_key#101){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  259.696198][T10611]  #1: ffff8880381300a8 (&dquot->dq_lock){+.+.}-{4:4}, at: ocfs2_acquire_dquot+0x2a3/0xb30
[  259.699771][T10611]  #2: ffff888122c589c0 (&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x1ca/0x270
[  259.704690][T10611]  #3: ffff888122c58660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270
[  259.709044][T10611] 
[  259.709044][T10611] stack backtrace:
[  259.711336][T10611] CPU: 0 UID: 0 PID: 10611 Comm: syz.1.1838 Not tainted syzkaller #0 PREEMPT(full) 
[  259.711355][T10611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  259.711364][T10611] Call Trace:
[  259.711372][T10611]  <TASK>
[  259.711381][T10611]  dump_stack_lvl+0x189/0x250
[  259.711402][T10611]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.711449][T10611]  ? __pfx__printk+0x10/0x10
[  259.711468][T10611]  ? print_lock_name+0xde/0x100
[  259.711488][T10611]  print_circular_bug+0x2ee/0x310
[  259.711506][T10611]  check_noncircular+0x134/0x160
[  259.711523][T10611]  validate_chain+0xb9b/0x2140
[  259.711545][T10611]  __lock_acquire+0xab9/0xd20
[  259.711566][T10611]  ? ocfs2_acquire_dquot+0x455/0xb30
[  259.711582][T10611]  lock_acquire+0x120/0x360
[  259.711600][T10611]  ? ocfs2_acquire_dquot+0x455/0xb30
[  259.711619][T10611]  ? do_raw_spin_unlock+0x4d/0x240
[  259.711637][T10611]  ocfs2_start_trans+0x26b/0x6d0
[  259.711654][T10611]  ? ocfs2_acquire_dquot+0x455/0xb30
[  259.711672][T10611]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  259.711688][T10611]  ? do_raw_spin_unlock+0x4d/0x240
[  259.711705][T10611]  ? _raw_spin_unlock+0x28/0x50
[  259.711724][T10611]  ? ocfs2_qinfo_unlock+0x121/0x150
[  259.711741][T10611]  ocfs2_acquire_dquot+0x455/0xb30
[  259.711759][T10611]  ? from_kuid+0x1b0/0x640
[  259.711778][T10611]  ? __pfx_ocfs2_acquire_dquot+0x10/0x10
[  259.711797][T10611]  ? percpu_counter_add_batch+0xea/0x1e0
[  259.711818][T10611]  dqget+0x7b1/0xf10
[  259.711834][T10611]  dquot_set_dqblk+0x2b/0xfa0
[  259.711852][T10611]  quota_setquota+0x4b7/0x540
[  259.711871][T10611]  ? __pfx_quota_setquota+0x10/0x10
[  259.711898][T10611]  ? do_quotactl+0x734/0x860
[  259.711918][T10611]  __se_sys_quotactl+0x279/0x950
[  259.711936][T10611]  ? __se_sys_futex+0x36f/0x400
[  259.711955][T10611]  ? __pfx___se_sys_quotactl+0x10/0x10
[  259.711973][T10611]  ? rcu_is_watching+0x15/0xb0
[  259.711987][T10611]  ? do_syscall_64+0xbe/0x3b0
[  259.712003][T10611]  do_syscall_64+0xfa/0x3b0
[  259.712017][T10611]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.712030][T10611]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.712043][T10611]  ? exc_page_fault+0x9f/0xf0
[  259.712056][T10611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.712069][T10611] RIP: 0033:0x7fea34b8eba9
[  259.712083][T10611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.712095][T10611] RSP: 002b:00007fea35956038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  259.712112][T10611] RAX: ffffffffffffffda RBX: 00007fea34dd5fa0 RCX: 00007fea34b8eba9
[  259.712123][T10611] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffff80000800
[  259.712133][T10611] RBP: 00007fea34c11e19 R08: 0000000000000000 R09: 0000000000000000
[  259.712141][T10611] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000
[  259.712149][T10611] R13: 00007fea34dd6038 R14: 00007fea34dd5fa0 R15: 00007ffdfce89728
[  259.712165][T10611]  </TASK>
[  259.823590][    C0] vkms_vblank_simulate: vblank timer overrun
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  259.948661][ T6001] Bluetooth: hci3: command 0x1003 tx timeout
[  259.960152][   T54] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  260.295542][ T5745] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.363550][ T5745] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.373694][T10610] ocfs2: Unmounting device (7,1) on (node local)
[  260.423491][ T5745] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.462931][ T5745] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.535532][ T5745] bridge_slave_1: left allmulticast mode
[  260.537740][ T5745] bridge_slave_1: left promiscuous mode
[  260.541066][ T5745] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.545163][ T5745] bridge_slave_0: left allmulticast mode
[  260.547071][ T5745] bridge_slave_0: left promiscuous mode
[  260.549284][ T5745] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.631807][ T5745] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.636547][ T5745] bond0 (unregistering): Released all slaves
[  260.710740][ T5745] IPVS: stopping backup sync thread 9201 ...
[  260.862974][ T5745] hsr_slave_0: left promiscuous mode
[  260.865801][ T5745] hsr_slave_1: left promiscuous mode
[  260.868709][ T5745] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  260.871769][ T5745] batman_adv: batadv0: Removing interface: batadv_slave_0
[  260.877850][ T5745] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  260.888327][ T5745] batman_adv: batadv0: Removing interface: batadv_slave_1
[  260.894680][ T5745] veth1_macvtap: left promiscuous mode
[  260.897067][ T5745] veth0_macvtap: left promiscuous mode
[  260.899852][ T5745] veth1_vlan: left promiscuous mode
[  261.100299][ T5745] team0 (unregistering): Port device team_slave_1 removed
[  261.130110][ T5745] team0 (unregistering): Port device team_slave_0 removed
[  261.547538][ T5745] IPVS: stop unused estimator thread 0...
[  261.594975][ T5745] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  261.598922][ T5745] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.652326][ T5745] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  261.656528][ T5745] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.731894][ T5745] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  261.735823][ T5745] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.791821][ T5745] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  261.795823][ T5745] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.915271][ T5745] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.956729][ T5745] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.014459][ T5745] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.054693][ T5745] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.115791][ T5745] bridge_slave_1: left allmulticast mode
[  262.118024][ T5745] bridge_slave_1: left promiscuous mode
[  262.122789][ T5745] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.127872][ T5745] bridge_slave_0: left allmulticast mode
[  262.130509][ T5745] bridge_slave_0: left promiscuous mode
[  262.132835][ T5745] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.139470][ T5745] bridge_slave_1: left allmulticast mode
[  262.141648][ T5745] bridge_slave_1: left promiscuous mode
[  262.143893][ T5745] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.147746][ T5745] bridge_slave_0: left allmulticast mode
[  262.152150][ T5745] bridge_slave_0: left promiscuous mode
[  262.154407][ T5745] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.334993][ T5745] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  262.340547][ T5745] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  262.344707][ T5745] bond0 (unregistering): Released all slaves
[  262.466601][ T5745] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  262.471569][ T5745] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  262.476116][ T5745] bond0 (unregistering): Released all slaves
[  262.889867][ T5745] hsr_slave_0: left promiscuous mode
[  262.892522][ T5745] hsr_slave_1: left promiscuous mode
[  262.895024][ T5745] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.899236][ T5745] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.902587][ T5745] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.905547][ T5745] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.911795][ T5745] hsr_slave_0: left promiscuous mode
[  262.914508][ T5745] hsr_slave_1: left promiscuous mode
[  262.917058][ T5745] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.920295][ T5745] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.923988][ T5745] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.926995][ T5745] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.937957][ T5745] veth1_macvtap: left promiscuous mode
[  262.942386][ T5745] veth0_macvtap: left promiscuous mode
[  262.944705][ T5745] veth1_vlan: left promiscuous mode
[  262.946879][ T5745] veth0_vlan: left promiscuous mode
[  262.952062][ T5745] veth1_macvtap: left promiscuous mode
[  262.954361][ T5745] veth0_macvtap: left promiscuous mode
[  262.956701][ T5745] veth1_vlan: left promiscuous mode
[  262.959649][ T5745] veth0_vlan: left promiscuous mode
[  263.177439][ T5745] team0 (unregistering): Port device team_slave_1 removed
[  263.203685][ T5745] team0 (unregistering): Port device team_slave_0 removed
[  263.474047][ T5745] team0 (unregistering): Port device team_slave_1 removed
[  263.501598][ T5745] team0 (unregistering): Port device team_slave_0 removed
[  264.062155][ T5745] IPVS: stop unused estimator thread 0...
[  264.068691][ T5745] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
08:34:54  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000028ad RDI=00000000000028ae RBP=00000000000003f8 RSP=ffffc9000296ef90
R8 =ffff888020800237 R9 =1ffff11004100046 R10=dffffc0000000000 R11=ffffffff854f6e40
R12=dffffc0000000000 R13=ffffffff99b008d1 R14=ffffffff99df5420 R15=0000000000000000
RIP=ffffffff854f6ebc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fea359566c0 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fea34b733a0 CR3=000000002980e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fea34c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ebd4752335483600 RBX=ffffffff819683f8 RCX=ebd4752335483600 RDX=0000000000000001
RSI=ffffffff8be33960 RDI=ffffffff819683f8 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa3a030 R13=0000000000000001 R14=0000000000000001 R15=1ffff11020005000
RIP=ffffffff8b7a23f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33e16ff8 CR3=000000010fce8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007efceca12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
