last executing test programs:

1m59.660934829s ago: executing program 1 (id=438):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f0000002240)=""/4103, 0x0, 0x0, 0x0, 0x0})

1m59.530157622s ago: executing program 1 (id=439):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg(r0, &(0x7f0000000540)=[{{&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0xa, 0x1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000300)='>', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x2, 0xc88c4)

1m59.461148717s ago: executing program 1 (id=440):
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

1m58.760686873s ago: executing program 1 (id=448):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2048c5, &(0x7f0000000340)={[{@utf8no}, {@shortname_winnt}, {@rodir}, {@fat=@nfs_nostale_ro}, {}, {@uni_xlate}, {@fat=@showexec}, {@fat=@usefree}, {@fat=@nfs_nostale_ro}, {@uni_xlate}, {@fat=@showexec}, {@numtail}]}, 0x0, 0x29f, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020)

1m58.709239224s ago: executing program 1 (id=450):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
write(r0, &(0x7f0000000300)="89ba41c97928dec7cec15a160d3dba2553b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a4bce636ea8d2b882b2b49ef18e2a96e41f206d930eda2769c5ee6d5e3d541ce9a21c3ce5cb5fbdad9a45de0000000000000000000000000000f1d3b9821c18", 0x3f80)

1m58.437998247s ago: executing program 1 (id=452):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)

1m58.294539916s ago: executing program 32 (id=452):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)

32.155403083s ago: executing program 2 (id=1292):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x2, 0x0, &(0x7f0000000040))

32.011640105s ago: executing program 2 (id=1294):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0)

31.938296343s ago: executing program 2 (id=1295):
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg(r4, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
write$cgroup_devices(r5, 0x0, 0x9)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4)

30.842052474s ago: executing program 2 (id=1299):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000580)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x1b5008, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x84000, 0x0)

30.783235446s ago: executing program 2 (id=1300):
r0 = memfd_create(&(0x7f0000000040)='\x00'/12, 0x4)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000002, 0x11, r0, 0x0)
ftruncate(r0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x20, &(0x7f00000005c0)="f1c13cab0dc1a463", 0x8)

30.485142813s ago: executing program 2 (id=1301):
setrlimit(0x40000000000008, &(0x7f00000002c0)={0x0, 0x5})
setresuid(0x0, 0xee00, 0x0)
mlock2(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0)

30.353295947s ago: executing program 33 (id=1301):
setrlimit(0x40000000000008, &(0x7f00000002c0)={0x0, 0x5})
setresuid(0x0, 0xee00, 0x0)
mlock2(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0)

2.953639025s ago: executing program 0 (id=1517):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x2000800, &(0x7f0000002500)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d392c757466382c646d61736b3d30303030303030303030303030303030303030303030342c757466382c6572726f72733d72656d6f756e742d726f2c646d61736b3d30303030303030303030303030303030303030303332372c666d61736b3d30303030303030303030303030303030303030303030312c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c696f636861727365743d69736f383835392d332c00e2edce5a4a075f73c2c28f"], 0x4, 0x1549, &(0x7f0000000340)="$eJzs3AucTtXaAPDnWWvtMSS9TXIZ1lrP5k0uyyRJLklySZIkSUISkiY5kpAYcksakpBchuQyhOQyMWnc7/dLQpOkSZKQ3JL1/YTP6au+c85X5/j9vnn+v9/+Wc+79rP22vO827v3Gq9vOw+p2bhWtYZEBH8KXvgjCQBiAWAAAFwDAAEAlIsrF3e+P6fEpD93EPbXeij1Ss+AXUlc/+yN65+9cf2zN65/9sb1z964/tkb1z974/ozlp1tmlbwWt6y78br/9kZf/7/P5JVesyXa0pf3wUg5p9N4fpnb1z//7eCf2Ynrn/2xvXPrmKv9ATYX2nW/y2Nr//sIMcf9nD9szeuP2PZ2S/rwDnhiq9DX6kNItn7dyBX+v3HGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUwBwqX2l58UYY4wxxhhjjLG/js9xpWfAGGOMMcYYY4yxfz8EARIUBBADOSAWckIuEABwNeSBayAC10IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDQkwE1QBm6GsnALlINboTzcBhWgIlSCynA7VIE7oCrcCdXgLqgONaAm1IK7oTbcA3XgXqgL90E9uB/qwwPQAB6EhvAQNIKHoTE8Ak3gUWgKzf77DP71/BehO7wEPaAnJEEv6A0vQx/oC/2gPwyAV2AgvAqD4DVIhsEwBF6HofAGDIM3YTiMgJHwFoyCt2E0jIGxMA5SYDxMgHdgIrwLk2AyTIGpkArTYDq8BzNgJsyC92E2fABzYC7Mg/mQBh/CAlgI6fARLIKPIQMWwxJYCstgOayAlbAKVsMaWPtTH1gPG2AjbILNsAW2wjbYDjvgE9gJn8Iu2P3GXADIhM//KB/W/W7+yUv5sAc+g0zogoCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBm7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vi3Xg39sI6WAfrYl2sh/UuLU9hQ2yIjbARNsbG2ASbYFNsis2xObbAFtgSW2IrbIVtsA22xbbYDtthIiZie2yPHbADdsSO2Ak7YWfsjF2wK3bNejEH4Ev4EvbE6qIX9sbe2AeTc/TD/tgfX8GB+Cq+iq9hMg7GIfg6vo5v4DA8gcNxBI7EkVhFvI2jcQySGIcpmIITcAJOxIk4CSfjZJyKqTgNp+N0nIEzcSa+j7PxA/wA5+JcnI9pmIYLcCGmYzouwpOYgYtxCS7FZbgcl+FKXIUrcQ2uxTW4HtfjRtyIm3EzbsWtuB234yeoAPBT3I27MRkzMRP34l7ch/twP+7HLMzCA3gAD+JBPISH8DAexiN4FI/hUTyOx/EEnsRTeArP4Bk8i8/Hf93okxKrk0Gcp4QSMSJGxIpYkUvkErlFbpFH5BERERFxIk7kFXlFPpFPFBAFRLyIF4VFYWGEESTCGAAQUREVxUQxUVwUFyVFSeGEEwkiQZQRZURZUVaUE7eK8uI2UUFUFK1dZVFZVBFtXFVxp6gmqonqooaoKWqJWqK2qC3qiDqirqgr6ol6or54QDQQvbAfPiTOV6axGIxNxBBsKpoJefH6bymGYSvRWrQRT4oROBzbiZYuUTwj2ovR2EH8TYzB50QnMQ47ixdEF9FVdBMviu6ilesheopJ2Ev0FlOxj+gr+on+YgbWEO/j7Jw1xWsiWQwWQ8TrYj6+IYaJN8VwMUKMFG+JUeJtMVqMEWPFOJEixosJ4h0xUbwrJonJYoqYKlLFNDFdvCdmiJlilnhfzBYfiDlirpgn5os08aFYIBaKdPGRWCQ+FhlisVgiloplYrlYIVaKVWK1WCPWinVivdggNopNYrPYIraKbWK72CE+ETvFp2KX2C32iM9Epvhc7BVfiH3iS7FffCWyxNfigPhGHBTfikPiO3FYfC+OiKPimPhBHBc/ihPipDglTosz4idxVvwszgkvQKIUUkolAxkjc8hYmVPmklfJ3DK4+NO9VsbJ62Reeb3MJ/PLArKgjJeFZGGppZFWkgxlEVlURuUNspi8URaXJWRJWUo6WVomyJtkGXmzLCtvkeXkrbK8vE1WkBVlJVlZ3i6ryDskRC4co7qsIWvKWvJumQT3yDryXllX3ifryftlffmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k83lY7KFfFy2lE/IVrK1bCOflG3lU7KdfFomymdke+kvvkWek53k87KzfEF2kV1lN/mzPCe97CF7SugFsrd8WfaRfWU/2V8OkK/IgfJVOUi+JpPlYDlEvi6HyjfkMPmmHC5HyJHyLTlKvi1HyzFyrBwnU+R4OUG+IyfKd+UkOVlOkVNlqpwm+10caZaU/zD/nd/JH/TL0TfKTXKz3CK3ym1yu9whP5E75U65S+6Se+QemSkz5V65V+6T++R+uV9mySx5QB6QB+VBeUgekoflYXlEHpWn5Q/yuPxRnpAn5Ul5Wp6RZ+TZiz8DUKiEkkqpQMWoHCpW5VS51FUqt7pa5VHXqIi6VsWp61Redb3Kp/KrAqqgileFVGGllVFWkQpVEVVURdUNePENo0qqUsqp0ipB3fS/5ReHX+erYupGVVyV+FX+pfkl/cH8WqgWqqVqqVqpVqqNaqPaqraqnWqnElWiaq/aqw6qg+qoOqpOqpPqrDqrLqqL6qa6qe6qu+qheqgklaR6q5dVH9VX9VP91QD1ihqoBqpBapBKVslqiBqihqqhapgapoar4WqkGqlGqVFqtBqtxqqxKkWlqAlqgpqoJqpJapKaoqaoVJWqpqvpaoaaoWapWWq2mq3mqDlqnpqn0lSaWqAWqHSVrhapRSpDLVaL1VK1VC1Xy9VKtVKtVqvVWrVWrVfrVYbapDapLWqL2qa2qR1qh9qpdqpdapfao/aoTJWp9qq9ap/ap/ar/SpLZakD6oA6qA6qQ+qQOqwOqyPqiDqmjqnj6rg6oU6oU+qUOqPOqLPqrDqnzp2/7QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCx6NLghKBbcGBQPSgQlg1KBC0oHCTEXO4NbgnLBrUH54LagQlAxqBRUDm4PqgR3BFWDO4NqwV1B9aBGUDOoFdwd1A7uCeoE9wZ1g/uCesH9Qf3ggaBB8GDQMHgoaBQ8HDQOHgmaBI8GTYNmQfPgsaBFcHNQ9i8b3/sT+Z9wPXRPnaR76d76Zd1H99X9dH89QL+iB+pX9SD9mk7Wg/UQ/boeqt/Qw/SbergeoUfqt/Qo/bYercfosXqcTtHj9QT9jp6o39WT9GQ9RU/VqXqanq7f0zP0TD1Lv69n6w/0HD1Xz9PzdZr+UC/QC3W6/kgv0h/rDL1YL9FL9TK9XK/QK/UqvVqv0Wv1Or1eb9Ab9Sa9WW/RW/U2vV3v0J/onfpTvUvv1nv0ZzpTf6736i/0Pv2l3q+/0ln6a31Af6MP6m/1If2dPqy/10f0UX1M/6CP6x/1CX1Sn9Kn9Rn9kz6rf9bntD9/c3/+490oo0yMiTGxJtbkMrlMbpPb5DF5TMRETJyJM3lNXpPP5DMFTAETb+JNYVPYnEeGTBFTxERN1BQzxUxxU9yUNCWNM84kmARTxpQxZU1ZU86UM+VNeVPBVDCVTCVzu7nd3GHuMHeaO81d5i5Tw9QwtUwtU9vUNnVMHVPX1DX1TD1T39Q3DUwD09A0NI1MI9PYNDZNTBPT1DQ1zU1z08K0MC1NS9PKtDJtTBvT1rQ17Uw7k2gSTXvT3nQwHUxH09F0Mp1MZ9PZdDFdTDfTzXQ33U0P08MkmSTT2/Q2fUwf08/0MwPMADPQDDSDzCCTbJLNEDPEDDVDzTAzzAw3I8zI8zeq5m0z2owxY804k2JSzAQzwUw0E80kM8lMMVNMqkk10810M8PMMLPMLDPbzDZzzBwzz8wzaSbNLDALTLpJN4vMIpNhMswSs8QsM8vMCrPCrDKrzBqzxqyDdWaD2WA2mU1mi9litpltZofZYXaanWaX2WX2mD0m02SavWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzpj8Fz8vvYm1OW0ue5XNba+2eew19n/GBWxBG28L2cJW23w2/69iY60tbkvYkraUdba0TbA3/SauYCvaSrayvd1WsXfYqr+Ja9t7bB17r61r77O17N2/iuvZ+219+4htgAhgm9lG9jHb2D5im9hHbVPbzDa3j9m29inbzj5tE+0ztr199jfxArvQrrKr7Rq71u6yu+0pe9oetN/aM/Yn28P2tAPsK3agfdUOsq/ZZDv4N/FI+5YdZd+2o+0YO9aO+008xU61qXaanW7fszPszN/EafZDO9um2zl2rp1n5/8Sn59Tuv3ILrIf2wwbwBK71C6zy+0Ku/K/57rUrrcb7Ea7035qt9itdpvdbndcuhG2u+0e+5nNtJ/bA/Ybu89+affbQzbLfv1LfP78Dtnv7GH7vT1ij9pj9gd73P6oLmWfP/cf7M/2nPUWCAlIkqKAYigHxVJOykVXUW66mvLQNRShaymOrqO8dD3lo/xUgApSPBWiwqTJkCWikIpQUYrSDXRpeiWpFDkqTQl0E5Whm6ks3ULl6FYqT7dRBapIlagy3U5V6A6qSndSNbqLqlMNqkm16G6qTfdQHbqX6tJ9VI/up/r0ADWgB6khPUSN6GFqTI9QE3qUmlIzak6PUQt6nFrSE9SKWlMbepLa0lPUjp6mRHqG2tOz1IH+Rh3pOepEz1NneoG6UFfqRi9Sd3qJelBPSqJe1Jtepj7Ul/pRfxpAr9BAepUG0WuUTINpCL1OQ+kNGkZv0nAaQSPpLRpFb9NoGkNjaRyl0HiaQO/QRHqXJtFkmkJTKZWm0XR6j2bQTJpF79Ns+oDm0FyaR/MpjT6kBbSQ0ukjWkQfUwYtpiW0lJbRclpBK2kVraY1tJbW0XraQBtpE22mLbSVttF22kGf0E76lHbRbtpDn1EmfU576QvaR1/SfvqKsuhrOkDf0EH6lg7Rd74nfU9H6Cgdox/oOP1IJ+gknaLTdIZ+orP0M50jTxBiKEIZqjAIY8IcYWyYM8wVXhXmDq8O84TXhJHw2jAuvC7MG14f5gvzhwXCgmF8WCgsHOrQhDakMAyLhEXDaHhDWCy8MSwelghLhqVCF5YOE8KbwjLhzWHZ8JawXHhrWD68LawQVgwfua9yeHtYJbwjrBreGVYL7wqrhzXCmmGt8O6wdnhPWCe8N6wb3heWDe8P64cPhA3CB8OG4UNho/DhsHH4SNgkfDRsGjYLm4ePhS3Cx8OW4RNhq7B12CZ8MmwbPhW2C58OE8Nnwvbhs7/037/wj/uTwl5h7/Dl8OXQ+3vlvOj8aFr0w+iC6MJoevSj6KLox9GM6OLokujS6LLo8uiK6Mroqujq6Jro2ui66ProhujGqPe1coBDJ5x0ygUuxuVwsS6ny+Wucrnd1S6Pu8ZF3LUuzl3n8rrrXT6X3xVwBV28K+QKO+2Ms45c6Iq4oi7qbnDF3I2uuCvhSrpSzrnSLsE95lq4Fq6le8K1cq1dG/eke9I95Z5yT7un3TOuvXvWdXB/cx3dc66Te949715wXVxX18296Lq78XkuXJNJrrfr7fq4Pq6f6+cGuAFuoBvoBrlBLtkluyFuiBvqhrphbpgb7oa7kW6kG+VGudFutBvrxroUl+ImuAluopvoJrlJboqb4lJdqpvuprsZboarMvPCUea4OW6em+fSXJpb4M7fM6a7RW6Ry3AZbolb4pa5ZW6FW+FWuVVujVvj1rl1boPb4Da5TW6L2+K2uW1uh9vhdrqdbpe/5sKgLtPtdXvdPrfP7XdfuSz3tTvgvnEH3bfukPvOHXbfuyPuqDvmfnDH3Y/uhDvpTrnT7oz7yZ11P7tzzruUyPjIhMg7kYmRdyOTIpMjUyJTI6mRaZHpkfciMyIzI7Mi70dmRz6IzInMjcyLzI+kRT6MLIgsjKRHPoosinwcyYgsjiyJLI0siyyPeF9oS+iL+KI+6m/wxfyNvrgv4Uv6Ut750j7B3+TL+Jt9WX+LL+dv9eX9bb6Cr+gr+Ud9U9/MN/eP+Rb+cd/SP+Fb+da+jX/St/VP+Xb+aZ/on/Ht/bO+g/+b7+if8538876zf8F38V19N/+i7+5f8j18T5/ke/ne/mXfx/f1/Xx/P8C/4gf6V/0g/5pP9oP9EP+6H+rf8MP8m364H+FHxrzlR116RIZxPsWP9xP8O36if9dP8pP9FD/Vp/ppfrp/z8/wM/0s/76f7T/wc/xcP8/P92n+Q7/AL/Tp/iO/yH/sM/ziS0uyfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf57X6H/8Tv9J/6XX633+M/85n+c7/Xf+H3+S/9fv+Vz/Jf+wP+G3/Qf+sP+e/8Yf+9P+KP+mP+B3/c/+hP+JP+lD/tz/if/Fn/sz/H31ljjDHGGPunjL/cFL/uubCc3+t3csTf7dwbAK7eWjDr7/vP31Guy3eh3VfEt40AwDM9Oz90aatePSkp6eK+GRKConMBLv0m6Lxflo0vxouhDTwFidAayvzu/PuKrmfoH4wfvRUg19/lxMLl+PL4XwBg0u+M//iTIxeUD0/F/S/jzwUoXvRyTk64HC+GNr+sr7SGsn8w//wt/8H8c36ZAtDq73Jyw+X48vwT4Al4FhJ/tSdjjDHGGGOMMXZBX1Gp46Xnz0v/4vP3ns/j1eWcHHA5/kfP54wxxhhjjDHGGLvynuva7enHL31z7/HExNYdf3nln2lU/Vd2/tcbTeDfNTI3frfhPcClVxQA/MkBAc435H/yLDb/R46VfPFq+Z9dy077ALoVu/ilx7/uoLF/vhb/l8aV+huJMcYYY4wx9u9y+ab/16+rKzUhxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsG/pP/HdiV/ocGWOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsSvtvwIAAP//2AP46Q==")
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(0x0, 0x0, 0x194)
getdents(r3, 0x0, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)

2.130687416s ago: executing program 4 (id=1523):
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)

2.130087095s ago: executing program 4 (id=1525):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000400), 0x1, 0x0)
writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000440)="688b", 0x2}, {0x0}], 0x2)

2.044410443s ago: executing program 4 (id=1526):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r1, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
tkill(r5, 0xb)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50)

1.823651242s ago: executing program 0 (id=1527):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x800, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'macgreek'}}, {@umask={'umask', 0x3d, 0x4}}, {@namecase}, {@namecase}, {@fmask={'fmask', 0x3d, 0x8}}, {@discard}, {@keep_last_dots}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@discard}, {@errors_continue}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.freeze\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xec)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001840)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x26e1, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

1.466547959s ago: executing program 0 (id=1528):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@mpls_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0)

1.357241289s ago: executing program 0 (id=1529):
r0 = syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200010, &(0x7f0000000280)={[{@iocharset={'iocharset', 0x3d, 'cp855'}}, {}, {@uid}, {@gid}, {@uid_forget}, {@longad}, {@undelete}, {@unhide}, {@unhide}]}, 0x1, 0xc43, &(0x7f0000001040)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x200027, &(0x7f0000000480)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYRESHEX=r0, @ANYRESHEX, @ANYRES16, @ANYRESDEC, @ANYRES16], 0xb, 0x0, &(0x7f0000000000))

1.110873955s ago: executing program 0 (id=1532):
syz_mount_image$erofs(&(0x7f0000000280), &(0x7f0000000140)='./file0\x00', 0x1000801, &(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="fcdf5883c81a6c1f703ca4d658f2464326cfe486a0970f633f6977"], 0x1, 0x1ca, &(0x7f00000008c0)="$eJzsmb+uEkEUxr+Z3QvcG2NiY2GjiTfxmlyW3UUNjQU+gQn4r5PIStAFDGwBJBbExsbH8BUsqCzs7Gy1UBMTCymt18xw2B35J8QQSTy/hNlvZs7MnDnAVwAYhvlv+frl5+dXt0rVUwBncIwsjX+30hhpxH/Kkfj4+l377PPx/H4CQBxvfr4N4G3ZQkT9OP599TE9q5CJvgOJq6TvQcAh/RASd0kHEHhA+omhO4ckwsB51Anrj5th4KrGU42vmuJ8fpORQB1AjvITxnxvMHxaC8OgOy8O4tk5C1Pbij/Uz56UJW4a9VPv1/2XL0aqP6uNa9TPg4RHugiBCukSsnAcJy2Jcf8Ldrq/tcn990Gcy6+LOd2DDFn8AyGMkUMl1Bc6GTk/Gb9fXPVtl4ld2u2VQZ69MPXh6O92zpAJLI1J/VNZ7hXDn2zYiX8UotazQm8wzDdbtUbQCNq+X7zhXnPd635BG9G0XeN/Oe1PR8b+BytiMyKDfi2Kul4fiLpe0venreG4lTedH3qN1P4ncXJ5uof6qOhrZ5efIegl9VOpE2tl8gzDMAzDMAzDMAzDMAzDMFtxEUL/Ckp/VMUr8G/r6F8BAAD///ckZMc=")
openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0)
syz_open_dev$cec(0x0, 0x0, 0xc0b02)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
r1 = timerfd_create(0x9, 0x800)
timerfd_settime(r1, 0x1, &(0x7f00000006c0)={{}, {0x0, 0x989680}}, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a000000205800034824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300", 0x42}], 0x1)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r7, 0x5421, &(0x7f0000000280)=0x4)
setsockopt$inet_tcp_int(r7, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e20, @dev}, 0x10)
mount_setattr(0xffffffffffffffff, 0x0, 0x1100, &(0x7f0000000240)={0x100000, 0x1, 0x80000, {r0}}, 0x20)

1.023022873s ago: executing program 4 (id=1536):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r3)
sendmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000014c0)="c61f6b65c4e662a0a5c3fe7b614b98ed0825ea99c9156ccb4d0a1273144cba4fcd32b18eba1b1169c3104425d267253d9dde3a884292a6593cc151240885d2b02bd4d9f55671d28245417fbfcef33121972f43f96f5b55cafc9500e97ad170dc3605dae4c1085431f46655c964f28105dca1a82eb05565b34de6285e58c794b2f2d6ee4504bf1b18ba27dd8661c0c9841358ac22b222c8342b8502470925b9e5fc5b12003fe4f8cda1f659972be91ab4646737138d910c04a79d8fd5a0339898101c665d6eeba87d259daebbb299c9c6fe196691b2f38b80a89a40256e0ee1956576273723b144b164eada4a9698f653326e01b383487b65cb45f87e8b7ffef89199bf122bc314200beea1d308d17a943197bb20da0ca617ccd97a0ce6f400c72334b6f6e9d2bc15103b36a4e7a239309573adc96344d8df742ffbedfe11a1b0ab7027fc0e438307098e76d6ec8e926ae910ee1be27a6da4fb7eaf4ccba9cfb09f5de3449d4a1392bb1964f3a5b623787d04976a71df9de13b9069001801e822d5fba376db6ed58983c89ea0260c9e979c33e7c2a0f91f49fc9c35b1911537da3b35065882dbbfd091e187b7cc789c8512ce3c08f1568f50b2813ea4af733a60f3b3618be60e17c7dd92ad2186e8678e67423f67311267d42a02d3815f6e4923f757869db41edd95f2798b3c0a81cd55eb1e40b1252ccfd3707334a523788170f99d5f94cfc82642a4fc423a6758894239920164e3dc34746042dbff2f2a2b76c3910655c1c68204309ffc3351ac522fe56296122242909e7e732edacc0fd8975af385139c2ebe1bbd1cccd92654ff175bb79d7797c96380bb12c713e9ab9759895575b302451a1268faf910986497d8d689f7ad590915609ccd8c79405f05f0ab2f935186834861f180b63c683d3f85001084e50981c7114bd5eca726f9bdca6c75293d34727c658a7c5b04a4c337cf0a7e2f76b3d7a6bb6691ca01883d54d28bedb2fd11468884b7084aa297307917029be211e04cc264ad05f106e81b9a5a65568744274d2a21fc0788344128f25d7ba37a38c07c52081af5c19461c367cab0fd1f7f961dfa71c9c90b608f3d2de6d730b0ed26dbcccedf34d2e26dfff0995fa0f0704f8c5a5a120ffd8e98f9f12a8f2a23b8494d472a9f70c46b413242b8a50d9abac467f4f58958bec472c2630a065ca7095b18938961b59b5858244c91b01bc9c83aacea6e6f5de5cfe5643fc8f145754fbfa95ce6ebe207df04982cba0c8c80e080151f259bd372741b798f9b6458f8f6965e62bc90ed6eb44e09edeaf6270c92298d89d0a0c1abd935b963a6da5a910bb7a11678e339c827ad7474d62ceec3ccc0c66a61d5cb8570b7abb5d2d7235824ddae27c414210863a47f534f13a512bd80b6d5452d4ca6181387b3378e4c19283d479627bd31b91a4a79032d9282fcfc137f4de3eaa2ac8e0cfd497998ed0610d6256eacf3076ebad4c99d209a38bb97fb3da3aa618c5558cbd58d58dc9e082183b661845ce6905dfce21ce88115c8d7d726e239a42aacceec0e882ed6e5bebfe6943a6468bdfde23df4325ca765f176d1815b3886a3f002b0e2678624b27fada56f214bb14a5c15fa11da035af79a371641ad8c85e815588c57c8121da39fa32310b49d99caad3e83f311ea8ee96b9525547a1fd95dc694094d2149a2939fa45c8c0e45e367d59484cc12ecfc4f0d9450d1b47e72dc49608b444c4a60249b1cd6d626062f6144c5cfbd9c60016a75dea7260f1944cb5d70a0e304535f978b1c3f47c8201a19f4cc12d0511fadb7894d9ab9ac20a319355ede82490eacc2f8afd4b93bb375b5a334cb61d0d5664beb17565ea926b43eaa05eb4de1a0bc7c4a9ce3bea250af52933e746530f3ae63e22f6eaed85d8ce51bd185ee40988cfb4e88532a2ffd2f65be0e9254d9392bf56454dde105042e731e8c206adb0a8c585317529e503a6c58865e01a17bc6261422ce39ffc9335aafd8f50eeb3b6a2d7db0e3845d6c4dfd4a53568bce0f6d1fb75d630a17063df5588f2000e6fe174736f2c6aeb9dedbd574b51fb956dfd1656b5cda5147fb7da2c937baf9c3940431719ecd3dadb7a06079bb4ef9b8ff59d7e0041b32f5fcc2daa1d6603f5f5800b9fa610b3d09e3a006b27fab7a8ecdfb7b6c2ab5a9c91868e2c5f3298575772b7a3fc340eeb0318f5a6c41e3d2525976fc6f8fb9763e1b107ffa255be08033a8f8be70c8c67e22be47bda14e843e9df446cf3aca53b903cf9d556ba6c5279dbe3fc78b207705d5968e46ff654b891cd21b88f86207a10e1aa0dcf3ca0bdccd712632063b7a4c8df90c9c2ef256be8b754248ef4f55f548b1c7c2b151348ff958652e36a5859a842519ea0cd4d82bd3bd7ff554870a67971077aa18406513fce653de7744f7457b6efbf33acd153342a57d39acc44809f1657fc676660120dc0384e41902497292acc8fede31cbd3c6eefbcca9b40eeb3a3d8876d247a6c1ca1cfc7683272ce693958d87e05953504ae7e924908760b729bcfdcd4788f99bd76f8e1a118641b70efbd0b75a77f69862737a87d31412a22fa46ba4cdcd271e9cb99a978c658f9d444a72c4c0f5197ce135136d9d17eed6976789a52e41318992fd8bd1eb79121bd91ee991227d7616464a76c91426da232579b0c4a4dde89497c8951438cc1c435583cf4311be2cdcb134bd12495d9924724237b6a11a40385e48f18de5d30df746f8045a0025b76482a7bb485ea5535df7110a34bc91c318c460b8ce7da8b13965c67636b9ab943e4d28dcb8335525fd49a9e219805a38f03dcffed051ff6298445ebe052478077de70317a6b3520213a6ed5ba1f4ed1c063df46cabaf2e117a383787dbcd5e16b62fead459da8e3f322389ed1da8e13f5267921ddceb3e403f93ff31b3ed00ded86d3cdbebf462ce3d35b0c50772533b8b9c94e5195411c1ca42901e27f2c6852777749a9fb3be5b8c5f1fec4824ff54727c9a2f7479da21d2769e1a0951a8d0ff840d6ab58794422b83bce3dcbba7f3ed42c189390a03d70cb380e6f1a77630410a933724cdae0a3754d47df49ff13f6084aaf32ddb10dbbce3baffd8042659dd2ca4172b58388c10c7e44d6f01c64c5423c16e4768d5aa29f386570a9a081adfebdfe9b130854abf5406a26a01c48862b0745ae3f3ada1b3f65546110bd718c3668017ed1fa6f5ab490b206f56590700d54d314e4c38ed8739bfd86776cc18f0c3bde9c133b996a98bb0e2a01c3272139c82c84b9ed2d3baa11f7c28eabe1482f7e4cbcaa1334832a412c6a819ee21bbdcf121f5ee3ed460e9feafa3383d27027a97608ece63fcfb07cb06f16f98884f4374eb1ec7e0a5ee21eda7cca278509f5a66bfc0fbd9924b8e746b61914a44a76f13287b3cc94c502753743e54b23f5661bc485d4e1ca506b11f24b3becf95ccfba52bc3895d4c4f81c6983ee9b86d219597189045cae672246c5f2d1a36afebdbb87602a56b53662eb07670ed78dc939e998a836e43f9d0a3a34bfbe8839cb2a780f3227d4cc99f432349b3292da13a966e86a4408cd214f52d0ce72b4b0f770c570dfdc12c9e3ca34e6620950dbd89a7919590f3a096e59844f494f939e5dd507c8b676ae5f3fc6f02e69b4cb071bf3c793afba1c3cf1d648438fd8322ae5251f5b51cca04cc8c906217eb20206c09bef498d547f0527a4e45a0a390544364f6e64310bce0de35338fa7d44f864fb83917cdc5ac0613c9780f0a4fade1cab8317842aaff3c18254bc02758627023b2e44aff1ddd0a068201ec5be6928f3ddcea46d69d6e0fe7e897cf46177a43f60d419644df82e5e9ab6e6d0fbd3d3e2be9bbc50c916b669c5c103e76b0d6ea3534f9456efd97e896d723128c3118e1651f5428d39586454fac508a95f37218c5a745dfa4c1d088841d74c018e9a4688d25e4899b61b41b49b5cff506110d85293c1b238366354d3d6520f1be67e6e262e04b16d9fe669eca8a6bf04e8f9d1419d0bc3a2dbcecb4a54702126ce760d4122233975c2ea94376c673aa9543d49be614d269e3d4c3bfaf1698b0d26e4428204157f042e50e34778b3a26ad1670a9450722e0a776c952896ae51530c307c199eb3b02636c9780c1b4e8f438f40dc264c29dfd42e4de476ebd3711694047842bffa4063fed5bb26bf081b0909323b992b7744bd4a4016a0befb39dc1b6b002933a812cb50bbf27d40b99153ab1358ede854f7a85086afdb22bd07c9f08fb1a92a54721c0abc6e439be2b9751e0e35837c7db9d8621b12c4c01cb743d53c207e5c04d71a32e1e1cd705e30dff02a2128923bdfc19e02c9b8e6d222e222047bd7004f4912629d189b46b159661abdfc376017ad69a47425f6e6e2db7ec37123ac6c151af5cab09b654e86b4bc69615010ea990ba3b9cbb7b576cf37f92c18fe312f26ce066a40061fb5364fed1677c01b2c8d3ec803685a41a10cf2ebba75056869684ad47125cbc4ef86cccb17c747881d66575fd042f679d253920f1bb16bc14b5b752190de8aad4fe1f4ffc8a60b48eeaf33cdb87ddae2dba35215420e8671e889eb75b9184dfa03e7e5a72103cffbbcd524ff26111d2f04c1ba365e89200470ffd922584458323fdebf8d502781ecd77ef473e9eb5cc663aaa867de3702134220db23bf4309815e3d0128bb797b91526579150261408c84673f2ca3d41cdfb45e8ca8e8547c8f79fab98dff90a7df16949638ebd116760d77ea1c8798d45e2cb294d6b208c920cbef8c2aa5f50d7e10ca0f6702d338dd3c8a983356bfea327f3322b1cf0b804302661fa909f46b8202e16f0469bf23dc71c442265b849dee2fddfacebe6d4502e85011ebe58bb692642d0b26a34c60104500bd9b41250869ab56dc1a3a748a62d10d0cf64c657fcd1e71e9b27ddcc98c06caff2bd40b281f5e5da3622e9bc553968e0e337c5ca2d6f4068462e25e30d498554ae1e79d2d6eaf6cfb6bb89e2d387d840539872aaf7c2e40c407603ccb3405b0e54381c86a41e717d2f34995121bce8eb3a19a19c02d9a86de2563c5f3c87c98192c83bba2bf496530c9d0f4de813625baea300cb1f524ac06ed2f982faf3c81b4ba0da149d22398a0a0e55a14b258b6fcf82acd2c40cbe68af6e1d4dd893d73335166d6635982f7d44258f4a0a93b6d5a885d77d88c6e5f04c0c488b47725355841ad85db7bd14bf3c191724a6a9ddb3a6ce447cbfdf5cd479f32d4643be5c3ced56d092822a77f22d5d73ea1ae96f9cd16fc9135f302b6fa95e5f229f1221906290f3aa69ef3ec7843f283fc8eb256a815939426449c9d25b6ca88ed66509979c8a871b50c3f3eeb0588ae23206b652062a92f154ac506ccdbbebf080f8c0f9320eae2fbfac7937264d5eada0b260aa0ade98d0148f12ae59b712487fdbf209405b0209ba8a775fc973db1cff7b0624f3a3053a75f846e6456eafe23e342e05c0963600122e50dde5f2177ca6f7dec0f04d19f9e1141280c9a9c4220885d011ecb3f2ce06e71a71a4a49fb562bc64eabfedae267c5cefc0ce6a3997135007a9a0e5c7a478ceaeaf7ed1541083e61deb357d25564e2106774efa2b7f847e287e7b205b8a5f8a08a93f9a80c05202b61fe74ca6a7748ecb6e635a9100bde292f2d13d6e6c3b5262578c99176353c6731b2102d7acca98052e0e20316606e42f47d039a31725622875bd42", 0xfd1}], 0x1}, 0x20000000)

1.021256456s ago: executing program 3 (id=1538):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0xf, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b00)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x2}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xfffffff0}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20002031}, 0x20084014)

588.971027ms ago: executing program 3 (id=1539):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendmmsg$sock(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000001c0)="4410", 0x2}], 0x1, &(0x7f0000000480)=[@timestamping={{0x14, 0x1, 0x25, 0x8000000}}], 0x18}}], 0x1, 0x24000080)

443.582891ms ago: executing program 3 (id=1540):
syz_emit_ethernet(0x6a, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1, {[@timestamp_addr={0x44, 0xc, 0xff, 0x1, 0x1, [{@broadcast, 0x8}]}, @ssrr={0x89, 0x1f, 0xbd, [@private=0xa010102, @remote, @broadcast, @loopback, @dev={0xac, 0x14, 0x14, 0x2c}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2]}]}}}}}}}, 0x0)

321.424191ms ago: executing program 3 (id=1541):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000040)={0xd0, 0xfffffffffffffdfe})

321.201369ms ago: executing program 3 (id=1542):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001000210029bd70000000000003000000180001801398"], 0x2c}}, 0x0)

244.726997ms ago: executing program 3 (id=1543):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)

36.858263ms ago: executing program 4 (id=1544):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="0c030000160001002bbd7000fedbdf250a0101faffffff000000000000000000fe8800060000000000000000000001014e2300004e2400000a0080201d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa000004d533000000ac1414100000000000000000000000000800000000000000b507000000000000000000000000000006000000000000000900000000000000faffffffffffffffffffffff000000000300000000000000020000000000000002000000000000000100000000000000faffffffffffffff0000000001000100f9ffffff2abd700000000000020002060100000000000000080000004f07000008001f0004000000c40003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0030000321333564941bd8413584a4c44374d31b8f5e4d1355de14a49707701f6856ff3544e1109e72765f583b84d4288bbcd0bd84ea340fc4f45636f516084e86baabda0fa429673acf5c6613af21f9f90878587479a0803e1676bb5e8fc177493a23d7948ab20d8fd37a714695af5d1aedbf7a389065fe0132556ebb3199f080016"], 0x30c}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)

3.421294ms ago: executing program 0 (id=1545):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xcc, 0xc, 0x0, 0xffffffffffffffff, 0x1}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3, r1}, 0xc)

0s ago: executing program 4 (id=1546):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f1585231b560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})

kernel console output (not intermixed with test programs):

 loop3): mounted with root inode @ nid 36.
[  122.120436][  T792] hub 3-1:0.0: 1 port detected
[  123.263653][ T7347] loop3: detected capacity change from 0 to 32768
[  123.417859][ T1271] usb 3-1: USB disconnect, device number 7
[  123.428663][ T7347] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.497421][ T5962] usb 3-1-port1: config error
[  123.601634][ T7347] XFS (loop3): Ending clean mount
[  123.645454][ T6976] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.895400][ T7373] loop0: detected capacity change from 0 to 512
[  123.940358][ T7373] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.951457][ T7373] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.002135][ T7373] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  124.011882][ T7373] EXT4-fs (loop0): Remounting filesystem read-only
[  124.056247][ T7382] loop2: detected capacity change from 0 to 512
[  124.060397][ T5913] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.084017][   T27] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  124.089514][   T27] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  124.104841][ T7382] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.135363][ T7382] ext4 filesystem being mounted at /182/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.167815][ T7386] loop3: detected capacity change from 0 to 512
[  124.206948][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.225406][ T7386] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.249878][ T7386] ext4 filesystem being mounted at /23/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.302204][ T7393] ubi31: attaching mtd0
[  124.330417][ T7393] ubi31: scanning is finished
[  124.341949][ T7393] ubi31: empty MTD device detected
[  124.418488][ T7395] netlink: 36 bytes leftover after parsing attributes in process `syz.2.579'.
[  124.425602][ T7395] netlink: 16 bytes leftover after parsing attributes in process `syz.2.579'.
[  124.448906][ T6976] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.456852][ T7393] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  124.460508][ T7393] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  124.465863][ T7393] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  124.468997][ T7393] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  124.472225][ T7393] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  124.482159][ T7393] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  124.486610][ T7393] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1979902533
[  124.491051][ T7393] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  124.497711][ T7396] ubi31: background thread "ubi_bgt31d" started, PID 7396
[  124.579544][ T7400] netlink: 'syz.2.581': attribute type 2 has an invalid length.
[  124.588562][ T7400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.581'.
[  125.413100][ T7420] netlink: 24 bytes leftover after parsing attributes in process `syz.2.588'.
[  126.076407][ T7438] loop0: detected capacity change from 0 to 1024
[  126.319789][ T7433] loop2: detected capacity change from 0 to 32768
[  126.328776][ T7433] XFS: noikeep mount option is deprecated.
[  126.391564][ T7433] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  126.414490][ T7433] XFS (loop2): Ending clean mount
[  126.421683][ T7433] XFS (loop2): Quotacheck needed: Please wait.
[  126.448868][ T7433] XFS (loop2): Quotacheck: Done.
[  126.473719][ T7448] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  126.537429][ T5919] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  126.845524][ T7450] loop0: detected capacity change from 0 to 32768
[  126.859108][ T7450] XFS: ikeep mount option is deprecated.
[  126.861533][ T7450] XFS: attr2 mount option is deprecated.
[  126.863955][ T7450] XFS: noikeep mount option is deprecated.
[  126.901153][ T7450] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  126.941322][ T7450] XFS (loop0): Ending clean mount
[  126.952433][ T7450] XFS (loop0): Quotacheck needed: Please wait.
[  127.000390][ T7450] XFS (loop0): Quotacheck: Done.
[  127.013450][   T33] audit: type=1800 audit(1758711026.124:5): pid=7450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.598" name="bus" dev="loop0" ino=4426 res=0 errno=0
[  127.023259][ T7453] loop2: detected capacity change from 0 to 32768
[  127.096039][ T7453] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  127.096050][ T7453]   allowing incompatible features above 0.0: (unknown version)
[  127.096055][ T7453]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  127.109010][ T5913] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  127.110906][ T7453] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  127.116679][ T7453] bcachefs (loop2): initializing new filesystem
[  127.132859][ T7453] bcachefs (loop2): going read-write
[  127.159344][ T7453] bcachefs (loop2): marking superblocks
[  127.207729][ T7453] bcachefs (loop2): initializing freespace
[  127.226456][ T7453] bcachefs (loop2): done initializing freespace
[  127.242807][ T7453] bcachefs (loop2): reading snapshots table
[  127.250168][ T7453] bcachefs (loop2): reading snapshots done
[  127.289136][ T7453] bcachefs (loop2):  loop2: Superblock write was silently dropped! (seq 0 expected 42)
[  127.295680][ T7453] bcachefs (loop2): done starting filesystem
[  127.396883][ T5919] bcachefs (loop2): shutting down
[  127.401417][ T5919] bcachefs (loop2): going read-only
[  127.403817][ T5919] bcachefs (loop2): finished waiting for writes to stop
[  127.414340][ T5919] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  127.449995][ T5919] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  127.462943][ T5919] bcachefs (loop2): clean shutdown complete, journal seq 4
[  127.471610][ T5919] bcachefs (loop2): marking filesystem clean
[  127.525620][ T7483] program syz.0.605 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  127.552368][ T5919] bcachefs (loop2): shutdown complete
[  128.607268][ T7493] syz_tun: entered allmulticast mode
[  128.646761][    C0] mroute: pending queue full, dropping entries
[  128.716240][ T7494] mroute: pending queue full, dropping entries
[  128.722093][ T7494] mroute: pending queue full, dropping entries
[  128.760699][ T7493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.610'.
[  128.771719][ T7492] syz_tun: left allmulticast mode
[  129.084895][ T7508] loop0: detected capacity change from 0 to 65
[  129.103756][ T7508] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[  129.198524][ T7510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.618'.
[  129.349181][   T47] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  129.555818][   T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.559649][   T47] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[  129.562808][   T47] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  129.565930][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.596836][   T47] usb 4-1: config 0 descriptor??
[  129.630033][ T7524] fuse: Unknown parameter 'grou00000000000000000000'
[  129.954840][   T47] Bluetooth: Can't get state to change to load ram patch err
[  129.960292][   T47] Bluetooth: Loading patch file failed
[  129.962770][   T47] ath3k 4-1:0.0: probe with driver ath3k failed with error -71
[  129.968303][   T47] usb 4-1: USB disconnect, device number 3
[  130.190503][ T7526] bridge_slave_0: left allmulticast mode
[  130.193178][ T7526] bridge_slave_0: left promiscuous mode
[  130.198760][ T7526] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.211936][ T7526] bridge_slave_1: left allmulticast mode
[  130.214543][ T7526] bridge_slave_1: left promiscuous mode
[  130.218269][ T7526] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.229770][ T7526] bond0: (slave bond_slave_0): Releasing backup interface
[  130.238250][ T7526] bond0: (slave bond_slave_1): Releasing backup interface
[  130.254109][ T7526] team0: Port device team_slave_0 removed
[  130.263976][ T7526] team0: Port device team_slave_1 removed
[  130.267144][ T7526] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.273556][ T7526] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.279852][ T7526] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.283751][ T7526] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.295079][ T7526] bond0: (slave macvlan0): Releasing backup interface
[  130.297511][ T7528] netlink: 'syz.0.623': attribute type 10 has an invalid length.
[  130.359580][ T7526] veth1_vlan: left allmulticast mode
[  130.417863][ T7528] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.426858][ T7528] team0: Port device bond0 added
[  130.797463][ T7549] loop3: detected capacity change from 0 to 2048
[  130.840398][ T7551] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  130.883731][ T7551] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  130.888809][ T7551] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  130.903487][ T7551] Remounting filesystem read-only
[  130.940246][ T7552] netlink: 24 bytes leftover after parsing attributes in process `syz.2.630'.
[  131.136435][ T6976] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  131.839462][ T7570] netlink: 8 bytes leftover after parsing attributes in process `syz.2.639'.
[  132.215502][ T7598] netlink: 'syz.2.653': attribute type 21 has an invalid length.
[  132.218372][ T7598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'.
[  132.528635][ T7604] loop0: detected capacity change from 0 to 40427
[  132.536007][ T7604] F2FS-fs (loop0): build fault injection rate: 14
[  132.538656][ T7604] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  132.544058][ T7604] F2FS-fs (loop0): invalid crc value
[  132.548072][ T7602] loop3: detected capacity change from 0 to 32768
[  132.557788][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  132.572092][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  132.636191][ T7604] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  132.640111][ T7604] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  132.648922][ T7604] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  132.666660][ T7604] F2FS-fs (loop0): Stopped filesystem due to reason: 0
[  132.770648][ T7610] netlink: 64 bytes leftover after parsing attributes in process `syz.3.657'.
[  133.056673][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  133.453526][ T5920] Bluetooth: hci2: unexpected event for opcode 0x204e
[  134.918143][ T7668] capability: warning: `syz.3.683' uses 32-bit capabilities (legacy support in use)
[  135.168115][ T7680] netlink: 268 bytes leftover after parsing attributes in process `syz.3.687'.
[  135.172581][ T7680] unsupported nla_type 65024
[  136.104927][ T7695] loop0: detected capacity change from 0 to 4096
[  136.123178][ T7695] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  136.404284][ T7695] ntfs3(loop0): ino=19, mi_enum_attr
[  136.415204][ T7695] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  136.757239][ T7713] netlink: 'syz.2.703': attribute type 27 has an invalid length.
[  136.797449][ T7715] loop2: detected capacity change from 0 to 2048
[  136.818994][ T7717] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  136.821355][ T7717] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  136.827724][ T7717] vhci_hcd vhci_hcd.0: Device attached
[  136.832199][ T7717] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  136.834717][ T7717] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  136.840656][ T7717] vhci_hcd vhci_hcd.0: Device attached
[  136.845255][ T6087]  loop2: p2 p3 < > p4 < p5 >
[  136.848185][ T6087] loop2: partition table partially beyond EOD, truncated
[  136.851283][ T7718] usbip_core: unknown command
[  136.853871][ T7718] vhci_hcd: unknown pdu 4006317609
[  136.854259][ T6087] loop2: p3 start 4284289 is beyond EOD, truncated
[  136.856027][ T7718] usbip_core: unknown command
[  136.863458][ T5942] vhci_hcd: stop threads
[  136.865616][ T5942] vhci_hcd: release socket
[  136.867730][ T5942] vhci_hcd: disconnect device
[  136.877392][ T7720] vhci_hcd: connection closed
[  136.880762][ T5942] vhci_hcd: stop threads
[  136.884990][ T5942] vhci_hcd: release socket
[  136.885023][ T7715]  loop2: p2 p3 < > p4 < p5 >
[  136.886860][ T5942] vhci_hcd: disconnect device
[  136.895247][ T7715] loop2: partition table partially beyond EOD, truncated
[  136.900197][ T7715] loop2: p3 start 4284289 is beyond EOD, truncated
[  136.972684][ T5922] udevd[5922]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory
[  136.975326][ T6087] udevd[6087]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  136.987277][ T1271] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  136.987578][ T6089] udevd[6089]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  137.018600][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.2.707'.
[  137.023832][ T7725] netlink: 24 bytes leftover after parsing attributes in process `syz.2.707'.
[  137.151123][ T1271] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  137.159311][ T1271] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  137.169594][ T1271] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  137.173040][ T1271] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  137.175699][ T1271] usb 4-1: SerialNumber: syz
[  137.408794][ T1271] usb 4-1: 0:2 : does not exist
[  137.432371][ T1271] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  137.444017][ T1271] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5)
[  137.456957][ T1271] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5)
[  137.483019][ T1271] usb 4-1: USB disconnect, device number 4
[  138.121848][ T7741] loop3: detected capacity change from 0 to 16384
[  138.126300][ T7741] bcachefs (/dev/loop3): error validating superblock: Invalid option invalid compression opt 240
[  138.130671][ T7741] bcachefs: bch2_fs_get_tree() error: invalid_sb_opt_compression
[  138.192557][ T7743] netlink: 'syz.3.715': attribute type 1 has an invalid length.
[  138.205955][ T7743] netlink: 244 bytes leftover after parsing attributes in process `syz.3.715'.
[  138.474908][ T7755] openvswitch: netlink: VXLAN extension message has 3 unknown bytes.
[  138.590218][ T1271] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  138.752781][ T1271] usb 3-1: Using ep0 maxpacket: 8
[  138.756697][ T1271] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  138.760176][ T1271] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  138.764328][ T1271] usb 3-1: config 0 has no interface number 0
[  138.767157][ T1271] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  138.770920][ T1271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.775883][  T792] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  138.777034][ T1271] usb 3-1: config 0 descriptor??
[  138.936873][  T792] usb 4-1: Using ep0 maxpacket: 16
[  138.940825][  T792] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  138.943881][  T792] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  138.948079][  T792] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  138.954856][  T792] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  138.958156][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.961503][  T792] usb 4-1: Product: syz
[  138.963013][  T792] usb 4-1: Manufacturer: syz
[  138.964590][  T792] usb 4-1: SerialNumber: syz
[  139.028403][ T1271] usb 3-1: USB disconnect, device number 8
[  139.414459][  T792] usb 4-1: 0:2 : does not exist
[  139.858524][ T7761] loop2: detected capacity change from 0 to 32768
[  139.862327][ T7761] XFS: noikeep mount option is deprecated.
[  139.864912][ T7761] XFS: ikeep mount option is deprecated.
[  139.915670][ T7761] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  139.920106][ T7761] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  139.947596][ T7761] XFS (loop2): Ending clean mount
[  139.951352][ T7761] XFS (loop2): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x1149 dinode
[  139.956567][ T7761] XFS (loop2): Unmount and run xfs_repair
[  139.959114][ T7761] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  139.962299][ T7761] 00000000: 49 4e 00 00 03 00 00 00 00 00 00 00 00 00 00 00  IN..............
[  139.966271][ T7761] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  139.969862][ T7761] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  139.973530][ T7761] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  139.977555][ T7761] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  139.981250][ T7761] 00000050: 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  139.984910][ T7761] 00000060: ff ff ff ff 33 07 81 4a 00 00 00 00 00 00 00 00  ....3..J........
[  139.989313][ T7761] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  139.993292][ T7761] XFS (loop2): Internal error xfs_trans_cancel at line 975 of file fs/xfs/xfs_trans.c.  Caller xfs_qm_qino_alloc+0x252/0x6a0
[  139.998714][ T7761] CPU: 0 UID: 0 PID: 7761 Comm: syz.2.724 Not tainted syzkaller #0 PREEMPT(full) 
[  139.998734][ T7761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  139.998743][ T7761] Call Trace:
[  139.998749][ T7761]  <TASK>
[  139.998757][ T7761]  dump_stack_lvl+0x189/0x250
[  139.998779][ T7761]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.998801][ T7761]  ? xfs_error_report+0x97/0xd0
[  139.998817][ T7761]  ? xfs_qm_qino_alloc+0x252/0x6a0
[  139.998843][ T7761]  ? xfs_qm_qino_alloc+0x252/0x6a0
[  139.998863][ T7761]  xfs_trans_cancel+0x1c8/0x3f0
[  139.998881][ T7761]  ? xfs_qm_qino_alloc+0x252/0x6a0
[  139.998902][ T7761]  xfs_qm_qino_alloc+0x252/0x6a0
[  139.998925][ T7761]  ? __pfx_xfs_qm_qino_alloc+0x10/0x10
[  139.998960][ T7761]  xfs_qm_init_quotainos+0x73c/0x980
[  139.998983][ T7761]  ? __pfx_xfs_qm_init_quotainos+0x10/0x10
[  139.999006][ T7761]  ? rcu_is_watching+0x15/0xb0
[  139.999025][ T7761]  ? __raw_spin_lock_init+0x45/0x100
[  139.999042][ T7761]  ? __list_lru_init+0x39a/0x5c0
[  139.999062][ T7761]  xfs_qm_init_quotainfo+0x181/0x1160
[  139.999079][ T7761]  ? xa_load+0x60/0x210
[  139.999100][ T7761]  ? xa_load+0x60/0x210
[  139.999114][ T7761]  ? __pfx_xfs_qm_init_quotainfo+0x10/0x10
[  139.999138][ T7761]  ? xfs_group_rele+0xb4/0x220
[  139.999157][ T7761]  xfs_qm_mount_quotas+0xa6/0x670
[  139.999180][ T7761]  xfs_mountfs+0x1b6f/0x2330
[  139.999208][ T7761]  ? __pfx_xfs_mountfs+0x10/0x10
[  139.999229][ T7761]  ? xfs_setup_dax_always+0x20f/0x290
[  139.999247][ T7761]  xfs_fs_fill_super+0x11b3/0x1600
[  139.999267][ T7761]  get_tree_bdev_flags+0x40e/0x4d0
[  139.999288][ T7761]  ? __pfx_xfs_fs_fill_super+0x10/0x10
[  139.999301][ T7761]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  139.999325][ T7761]  vfs_get_tree+0x92/0x2b0
[  139.999344][ T7761]  do_new_mount+0x2a2/0x9e0
[  139.999364][ T7761]  ? ns_capable+0x8a/0xf0
[  139.999378][ T7761]  ? __pfx_do_new_mount+0x10/0x10
[  139.999392][ T7761]  ? path_mount+0x61c/0xfe0
[  139.999407][ T7761]  ? user_path_at+0x44/0x60
[  139.999427][ T7761]  __se_sys_mount+0x317/0x410
[  139.999448][ T7761]  ? __pfx___se_sys_mount+0x10/0x10
[  139.999469][ T7761]  ? do_syscall_64+0xbe/0x3b0
[  139.999482][ T7761]  ? __x64_sys_mount+0x20/0xc0
[  139.999528][ T7761]  do_syscall_64+0xfa/0x3b0
[  139.999543][ T7761]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.999558][ T7761]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.999573][ T7761]  ? exc_page_fault+0x9f/0xf0
[  139.999585][ T7761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.999597][ T7761] RIP: 0033:0x7f9c34f903ca
[  139.999610][ T7761] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.999620][ T7761] RSP: 002b:00007f9c35ef2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  139.999636][ T7761] RAX: ffffffffffffffda RBX: 00007f9c35ef2ef0 RCX: 00007f9c34f903ca
[  139.999644][ T7761] RDX: 00002000000001c0 RSI: 0000200000009740 RDI: 00007f9c35ef2eb0
[  139.999652][ T7761] RBP: 00002000000001c0 R08: 00007f9c35ef2ef0 R09: 0000000004200000
[  139.999659][ T7761] R10: 0000000004200000 R11: 0000000000000246 R12: 0000200000009740
[  139.999667][ T7761] R13: 00007f9c35ef2eb0 R14: 0000000000009871 R15: 0000200000000280
[  139.999688][ T7761]  </TASK>
[  140.000314][ T7761] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_trans_cancel+0x1e1/0x3f0 (fs/xfs/xfs_trans.c:976).  Shutting down filesystem.
[  140.094260][  T792] usb 4-1: 1:0: bogus dB values (-12637/-11528), disabling dB reporting
[  140.094770][ T7761] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  140.102100][  T792] usb 4-1: 1:0: failed to get current value for ch 0 (-22)
[  140.104553][ T7761] XFS (loop2): Failed to initialize disk quotas, err -117.
[  140.147823][  T792] usb 4-1: USB disconnect, device number 5
[  140.150604][ T7761] XFS (loop2): Error -5 reserving per-AG metadata reserve pool.
[  140.891975][ T7784] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  140.902032][ T7784] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  140.978321][ T7782] loop2: detected capacity change from 0 to 32768
[  140.986353][ T7782] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  140.986353][ T7782] clean (size 2912):
[  140.986353][ T7782] flags:          0
[  140.986353][ T7782] journal_seq:    8
[  140.986353][ T7782] prio_ptrs: 
[  140.986353][ T7782] usage: type=key_version v=0
[  140.986353][ T7782] usage: type=reserved v=0
[  140.986353][ T7782] usage: type=reserved v=0
[  140.986353][ T7782] usage: type=reserved v=0
[  140.986353][ T7782] usage: type=reserved v=0
[  140.986353][ T7782] data_usage: btree: 1/1 [0]=2816
[  140.986353][ T7782] data_usage: journal: 1/1 [0]=0
[  140.986353][ T7782] data_usage: user: 1/1 [0]=32
[  140.986353][ T7782] dev_usage: dev=0  
[  140.986353][ T7782]   free: buckets=83 sectors=0 fragmented=0
[  140.986353][ T7782]   sb: buckets=25 sectors=6152 fragmented=248
[  140.986353][ T7782]   journal: buckets=8 sectors=2048 fragmented=0
[  140.986353][ T7782]   btree: buckets=11 sectors=2816 fragmented=0
[  140.986353][ T7782]   user: buckets=1 sectors=32 fragmented=224
[  140.986353][ T7782]   cached: buckets=0 sectors=0 fragmented=0
[  140.986353][ T7782]   parity: buckets=0 sectors=0 fragmented=0
[  140.986353][ T7782]   stripe: buckets=0 sectors=0 fragmented=0
[  140.986353][ T7782]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  140.986353][ T7782]   need_discard: buckets=0 sectors=0 fragmented=0
[  140.986353][ T7782] clock: read=0
[  140.986353][ T7782] clock: write=1288
[  140.986353][ T7782] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee3
[  140.986451][ T7782] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  141.230819][ T7790] Driver unsupported XDP return value 0 on prog  (id 81) dev N/A, expect packet loss!
[  141.317094][ T7788] overlayfs: failed lookup in lower (newroot/209, name='file0', err=-40): overlapping layers
[  141.700719][ T7797] loop2: detected capacity change from 0 to 40427
[  141.704727][ T7797] F2FS-fs: inline xattr size is out of range: 6 ~ 903
[  142.544665][ T1271] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  142.709288][ T1271] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  142.712714][ T1271] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1
[  142.727356][ T1271] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10
[  142.731300][ T1271] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  142.735056][ T1271] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 255, setting to 64
[  142.739120][ T1271] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  142.745367][ T1271] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  142.748358][ T1271] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  142.819654][ T7835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.750'.
[  142.955852][ T1271] usb 1-1: Manufacturer: syz
[  142.961846][ T1271] usb 1-1: config 0 descriptor??
[  143.189506][ T5949] usb 1-1: USB disconnect, device number 8
[  143.270788][ T1271] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  143.433172][ T1271] usb 3-1: Using ep0 maxpacket: 8
[  143.436608][ T1271] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.440884][ T1271] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  143.444979][ T1271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.449117][ T1271] usb 3-1: config 0 descriptor??
[  143.452850][ T1271] iowarrior 3-1:0.0: no interrupt-in endpoint found
[  143.677946][ T5949] usb 3-1: USB disconnect, device number 9
[  144.432683][ T7871] netlink: 'syz.2.767': attribute type 1 has an invalid length.
[  144.491915][ T7871] 8021q: adding VLAN 0 to HW filter on device bond1
[  144.509640][ T7875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.767'.
[  144.992166][ T7895] vlan2: entered allmulticast mode
[  145.000265][ T7895] batadv0: entered allmulticast mode
[  145.087428][ T7899] loop3: detected capacity change from 0 to 256
[  145.133832][ T7899] FAT-fs (loop3): Directory bread(block 64) failed
[  145.152955][ T7899] FAT-fs (loop3): Directory bread(block 65) failed
[  145.161678][ T7899] FAT-fs (loop3): Directory bread(block 66) failed
[  145.174820][ T7899] FAT-fs (loop3): Directory bread(block 67) failed
[  145.192332][ T7899] FAT-fs (loop3): Directory bread(block 68) failed
[  145.201263][ T7899] FAT-fs (loop3): Directory bread(block 69) failed
[  145.206132][ T7901] loop2: detected capacity change from 0 to 256
[  145.208934][ T7899] FAT-fs (loop3): Directory bread(block 70) failed
[  145.218705][ T7899] FAT-fs (loop3): Directory bread(block 71) failed
[  145.224615][ T7901] exFAT-fs (loop2): failed to read boot sector
[  145.229529][ T7899] FAT-fs (loop3): Directory bread(block 72) failed
[  145.233475][ T7901] exFAT-fs (loop2): failed to recognize exfat type
[  145.237672][ T7899] FAT-fs (loop3): Directory bread(block 73) failed
[  145.719168][ T5949] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  145.881683][ T5949] usb 3-1: Using ep0 maxpacket: 16
[  145.886690][ T5949] usb 3-1: unable to get BOS descriptor or descriptor too short
[  145.890530][ T5949] usb 3-1: config 13 has an invalid interface number: 50 but max is 0
[  145.893458][ T5949] usb 3-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  145.897851][ T5949] usb 3-1: config 13 has no interface number 0
[  145.899976][ T5949] usb 3-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16
[  145.904187][ T5949] usb 3-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  145.909203][ T5949] usb 3-1: config 13 interface 50 has no altsetting 0
[  145.914751][ T5949] usb 3-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  145.918837][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.921636][ T5949] usb 3-1: Product: syz
[  145.923185][ T5949] usb 3-1: Manufacturer: syz
[  145.925756][ T5949] usb 3-1: SerialNumber: syz
[  145.929735][ T7907] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  146.164814][ T5949] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  146.171138][ T5949] usb 3-1: MIDIStreaming interface descriptor not found
[  146.178639][ T7923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.790'.
[  146.205208][ T5949] usb 3-1: USB disconnect, device number 10
[  146.258600][ T6436] udevd[6436]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  146.265744][ T6982] udevd[6982]: setting mode of /dev/dmmidi3 to 020660 failed: No such file or directory
[  146.269948][ T6982] udevd[6982]: setting owner of /dev/dmmidi3 to uid=0, gid=29 failed: No such file or directory
[  146.283988][ T7927] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd
[  146.288217][ T1271] kernel write not supported for file /501/clear_refs (pid: 1271 comm: kworker/0:2)
[  146.501276][ T7939] loop3: detected capacity change from 0 to 128
[  146.508635][ T7939] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  146.516817][ T7939] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  146.555506][ T1089] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  146.628823][ T7937] loop0: detected capacity change from 0 to 32768
[  146.642140][ T7937] __jfs_setxattr: xattr_size = 2175, new_size = 14921
[  146.817794][ T7943] loop3: detected capacity change from 0 to 32768
[  146.827771][ T7943] (syz.3.799,7943,1):ocfs2_initialize_super:2087 ERROR: couldn't mount because of unsupported optional features (1).
[  146.833066][ T7943] (syz.3.799,7943,1):ocfs2_fill_super:1177 ERROR: status = -22
[  147.310778][ T7953] loop2: detected capacity change from 0 to 64
[  147.495910][ T5949] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  148.011860][ T5949] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 52, changing to 7
[  148.023514][ T5949] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 9272, setting to 1024
[  148.030948][ T5949] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  148.034711][ T5949] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.041227][ T5949] usb 1-1: config 0 descriptor??
[  148.284424][ T5949] ath6kl: Failed to submit usb control message: -71
[  148.287249][ T5949] ath6kl: unable to send the bmi data to the device: -71
[  148.289729][ T5949] ath6kl: Unable to send get target info: -71
[  148.305853][ T5949] ath6kl: Failed to init ath6kl core: -71
[  148.317934][ T5949] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  148.420424][ T7971] loop3: detected capacity change from 0 to 128
[  148.430199][ T7971] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  148.446836][ T7971] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.459829][ T5949] usb 1-1: USB disconnect, device number 9
[  149.868793][  T792] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  150.032012][  T792] usb 3-1: Using ep0 maxpacket: 32
[  150.038763][  T792] usb 3-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.042187][  T792] usb 3-1: config 0 interface 0 altsetting 252 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  150.046232][  T792] usb 3-1: config 0 interface 0 has no altsetting 0
[  150.048667][  T792] usb 3-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[  150.051723][  T792] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.072188][  T792] usb 3-1: config 0 descriptor??
[  150.193309][ T7986] loop0: detected capacity change from 0 to 128
[  150.213537][ T7987] loop3: detected capacity change from 0 to 2048
[  150.232345][ T7987] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.526984][  T792] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[  150.530458][  T792] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[  150.533501][  T792] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[  150.536403][  T792] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[  150.539592][  T792] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[  150.549175][  T792] magicmouse 0003:05AC:0324.0002: hidraw0: USB HID v80.00 Device [HID 05ac:0324] on usb-dummy_hcd.2-1/input0
[  150.555079][  T792] magicmouse 0003:05AC:0324.0002: magicmouse input not registered
[  150.563625][  T792] magicmouse 0003:05AC:0324.0002: probe with driver magicmouse failed with error -12
[  150.584879][ T5949] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  150.752846][ T5949] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.761123][ T7980] loop2: detected capacity change from 0 to 8
[  150.770685][ T5949] usb 1-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  150.774347][ T5949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.777779][ T7980] unable to read inode lookup table
[  150.787799][  T792] usb 3-1: USB disconnect, device number 11
[  150.798725][ T5949] usb 1-1: Product: syz
[  150.806030][ T5949] usb 1-1: Manufacturer: syz
[  150.813274][ T5949] usb 1-1: SerialNumber: syz
[  150.825596][ T5949] usb 1-1: config 0 descriptor??
[  150.835621][ T5949] pn533_usb 1-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  151.059096][ T5949] usb 1-1: USB disconnect, device number 10
[  151.787782][ T6058] kernel write not supported for file /snd/seq (pid: 6058 comm: kworker/0:7)
[  151.962864][ T8016] loop2: detected capacity change from 0 to 4096
[  152.022829][ T8019] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  152.217013][ T8008] loop0: detected capacity change from 0 to 32768
[  152.247849][ T8008] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.825 (8008)
[  152.393692][ T8025] loop2: detected capacity change from 0 to 40427
[  152.397618][ T8025] F2FS-fs (loop2): build fault injection rate: 14
[  152.399916][ T8025] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  152.407485][ T8025] F2FS-fs (loop2): invalid crc value
[  152.413927][ T8008] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  152.414078][    C1] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  152.427311][    C1] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  152.441397][ T8008] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  152.457461][ T8008] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  152.460314][ T8025] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  152.465745][ T8025] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  152.472816][ T8025] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  152.528662][ T8025] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  152.537171][ T8025] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_convert_inline_inode+0x677/0x880
[  152.542429][ T8025] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  152.551038][ T8025] F2FS-fs (loop2): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab1/0x1cf0
[  152.555694][ T8025] F2FS-fs (loop2): inconsistent node block, node_type:0, nid:16, node_footer[nid:16,ino:3,ofs:191623,cpver:0,blkaddr:0]
[  152.568599][ T8025] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_evict_inode+0x782/0x19c0
[  152.608196][ T5919] syz-executor: attempt to access beyond end of device
[  152.608196][ T5919] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  152.616291][ T5919] CPU: 0 UID: 0 PID: 5919 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  152.616312][ T5919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.616318][ T5919] Call Trace:
[  152.616323][ T5919]  <TASK>
[  152.616327][ T5919]  dump_stack_lvl+0x189/0x250
[  152.616343][ T5919]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.616385][ T5919]  ? __pfx_queue_work_on+0x10/0x10
[  152.616396][ T5919]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.616413][ T5919]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.616454][ T5919]  f2fs_handle_critical_error+0x37c/0x540
[  152.616475][ T5919]  f2fs_write_end_io+0x886/0xb60
[  152.616492][ T5919]  __submit_merged_bio+0x27a/0x6a0
[  152.616510][ T5919]  __submit_merged_write_cond+0x255/0x530
[  152.616535][ T5919]  f2fs_write_data_pages+0x261d/0x3000
[  152.616570][ T5919]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.616629][ T5919]  ? __lock_acquire+0xab9/0xd20
[  152.616647][ T5919]  ? do_raw_spin_lock+0x121/0x290
[  152.616667][ T5919]  ? do_raw_spin_unlock+0x4d/0x240
[  152.616680][ T5919]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.616691][ T5919]  do_writepages+0x32e/0x550
[  152.616714][ T5919]  ? do_raw_spin_unlock+0x4d/0x240
[  152.616726][ T5919]  filemap_fdatawrite+0x199/0x240
[  152.616736][ T5919]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.616763][ T5919]  ? do_raw_spin_unlock+0x4d/0x240
[  152.616773][ T5919]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.616787][ T5919]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.616804][ T5919]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.616829][ T5919]  ? kill_f2fs_super+0x298/0x6c0
[  152.616838][ T5919]  kill_f2fs_super+0x2c3/0x6c0
[  152.616848][ T5919]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.616854][ T5919]  ? radix_tree_delete_item+0x2b6/0x400
[  152.616863][ T5919]  ? shrinker_free+0x2ce/0x3e0
[  152.616872][ T5919]  deactivate_locked_super+0xbc/0x130
[  152.616882][ T5919]  cleanup_mnt+0x425/0x4c0
[  152.616907][ T5919]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.616917][ T5919]  task_work_run+0x1d4/0x260
[  152.616928][ T5919]  ? __pfx_task_work_run+0x10/0x10
[  152.616935][ T5919]  ? __x64_sys_umount+0x122/0x160
[  152.616947][ T5919]  ? exit_to_user_mode_loop+0x40/0x110
[  152.616958][ T5919]  exit_to_user_mode_loop+0xec/0x110
[  152.616968][ T5919]  do_syscall_64+0x2bd/0x3b0
[  152.616976][ T5919]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.616982][ T5919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.616989][ T5919]  ? exc_page_fault+0x9f/0xf0
[  152.616996][ T5919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.617002][ T5919] RIP: 0033:0x7f9c34f8ff57
[  152.617010][ T5919] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.617016][ T5919] RSP: 002b:00007ffc5f79b5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.617024][ T5919] RAX: 0000000000000000 RBX: 00007f9c35011c2d RCX: 00007f9c34f8ff57
[  152.617028][ T5919] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5f79b670
[  152.617032][ T5919] RBP: 00007ffc5f79b670 R08: 0000000000000000 R09: 0000000000000000
[  152.617036][ T5919] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc5f79c700
[  152.617040][ T5919] R13: 00007f9c35011c2d R14: 0000000000024b90 R15: 00007ffc5f79c740
[  152.617052][ T5919]  </TASK>
[  152.617289][ T5919] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  152.618196][ T8008] BTRFS info (device loop0): rebuilding free space tree
[  152.767579][ T8008] BTRFS info (device loop0): disabling free space tree
[  152.769821][ T8008] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  152.773438][ T8008] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  152.780838][ T8008] BTRFS info (device loop0): enabling ssd optimizations
[  152.783453][ T8008] BTRFS info (device loop0): turning off barriers
[  152.785629][ T8008] BTRFS info (device loop0): turning on flush-on-commit
[  152.788188][ T8008] BTRFS info (device loop0): enabling disk space caching
[  152.790750][ T8008] BTRFS info (device loop0): force clearing of disk cache
[  152.793210][ T8008] BTRFS info (device loop0): force lzo compression, level 1
[  152.795745][ T8008] BTRFS info (device loop0): max_inline set to 86
[  152.828649][ T5913] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  152.999072][ T8062] loop2: detected capacity change from 0 to 512
[  153.005056][ T8062] EXT4-fs (loop2): Test dummy encryption mode enabled
[  153.024572][ T8062] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  153.036577][ T8062] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[  153.045879][ T8062] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.068010][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.357366][ T6058] usb 3-1: new low-speed USB device number 12 using dummy_hcd
[  153.523617][ T6058] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  153.527055][ T6058] usb 3-1: config 0 has no interface number 0
[  153.529592][ T6058] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  153.534159][ T6058] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  153.538551][ T6058] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  153.544302][ T6058] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.549794][ T6058] usb 3-1: config 0 descriptor??
[  153.555276][ T8067] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  153.562048][ T6058] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  153.698250][ T8069] loop3: detected capacity change from 0 to 1024
[  153.704657][ T8069] EXT4-fs: Ignoring removed bh option
[  153.706943][ T8069] EXT4-fs: inline encryption not supported
[  153.718750][ T8069] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  153.727989][ T8069] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e018, mo2=0001]
[  153.732628][ T8069] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.843: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[  153.740297][ T8069] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.843: couldn't read orphan inode 11 (err -117)
[  153.747026][ T8069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.766156][ T8069] System zones: 0-1, 3-12
[  153.768393][ T8069] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  153.792715][ T6976] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.795703][  T792] usb 3-1: USB disconnect, device number 12
[  154.743981][ T6058] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  154.907710][ T6058] usb 3-1: Using ep0 maxpacket: 16
[  154.911595][ T6058] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.916129][ T6058] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  154.921736][ T6058] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  154.925162][ T6058] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.939786][ T6058] usb 3-1: config 0 descriptor??
[  155.285729][ T5949] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  155.388578][ T6058] HID 045e:07da: Invalid code 65791 type 1
[  155.391079][ T6058] HID 045e:07da: Invalid code 768 type 1
[  155.393395][ T6058] HID 045e:07da: Invalid code 769 type 1
[  155.395718][ T6058] HID 045e:07da: Invalid code 770 type 1
[  155.398227][ T6058] HID 045e:07da: Invalid code 771 type 1
[  155.400575][ T6058] HID 045e:07da: Invalid code 772 type 1
[  155.402876][ T6058] HID 045e:07da: Invalid code 773 type 1
[  155.405270][ T6058] HID 045e:07da: Invalid code 774 type 1
[  155.408083][ T6058] HID 045e:07da: Invalid code 775 type 1
[  155.410213][ T6058] HID 045e:07da: Invalid code 776 type 1
[  155.420705][ T6058] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0003/input/input8
[  155.461472][ T5949] usb 4-1: Using ep0 maxpacket: 8
[  155.464939][ T8098] loop0: detected capacity change from 0 to 512
[  155.466116][ T5949] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  155.476174][ T5949] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  155.479444][ T8098] EXT4-fs (loop0): Test dummy encryption mode enabled
[  155.480056][ T5949] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  155.499267][ T8098] EXT4-fs error (device loop0): __ext4_iget:5464: inode #11: block 1: comm syz.0.855: invalid block
[  155.506342][ T6058] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  155.509083][ T8098] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.855: couldn't read orphan inode 11 (err -117)
[  155.510716][ T5949] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  155.519461][ T8098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.549673][ T5949] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  155.553498][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.586775][ T8098] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  155.613348][ T8098] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters
[  155.639032][ T5913] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.797762][ T5949] usb 4-1: GET_CAPABILITIES returned 0
[  155.799868][ T5949] usbtmc 4-1:16.0: can't read capabilities
[  155.955733][ T8112] loop0: detected capacity change from 0 to 256
[  155.962525][ T8112] exfat: Deprecated parameter 'namecase'
[  155.965156][ T8112] exfat: Deprecated parameter 'utf8'
[  155.972730][ T8112] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  156.106545][   T24] usb 4-1: USB disconnect, device number 6
[  156.285829][ T5962] usb 3-1: USB disconnect, device number 13
[  157.019519][ T8119] netlink: 104 bytes leftover after parsing attributes in process `syz.3.862'.
[  157.226416][ T8127] loop0: detected capacity change from 0 to 512
[  157.244399][ T8127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.250782][ T8127] ext4 filesystem being mounted at /246/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.421404][ T8136] QAT: failed to copy from user cfg_data.
[  157.546416][ T8139] binder: binder_mmap: 8137 200000000000-200000b36000 bad vm_flags failed -1
[  157.559473][   T24] IPVS: starting estimator thread 0...
[  157.565479][ T8139] binder: 8137:8139 ioctl c00c620f 0 returned -14
[  157.680174][ T8140] IPVS: using max 83 ests per chain, 199200 per kthread
[  158.607221][ T8156] netlink: 4 bytes leftover after parsing attributes in process `syz.2.874'.
[  158.832692][ T5913] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.883723][  T792] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  159.045250][  T792] usb 3-1: Using ep0 maxpacket: 32
[  159.049461][  T792] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.054327][  T792] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  159.066378][  T792] usb 3-1: New USB device found, idVendor=093b, idProduct=a104, bcdDevice= 0.01
[  159.074391][  T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.081812][  T792] usb 3-1: Product: syz
[  159.084478][  T792] usb 3-1: Manufacturer: syz
[  159.087555][  T792] usb 3-1: SerialNumber: syz
[  159.122475][  T792] usb 3-1: config 0 descriptor??
[  159.156913][  T792] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  159.482595][ T8174] loop0: detected capacity change from 0 to 128
[  159.645067][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.645067][   T27] loop0: rw=1, sector=145, nr_sectors = 16 limit=128
[  159.657246][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.657246][   T27] loop0: rw=1, sector=169, nr_sectors = 8 limit=128
[  159.664796][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.664796][   T27] loop0: rw=1, sector=185, nr_sectors = 8 limit=128
[  159.670376][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.670376][   T27] loop0: rw=1, sector=201, nr_sectors = 8 limit=128
[  159.678361][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.678361][   T27] loop0: rw=1, sector=217, nr_sectors = 8 limit=128
[  159.684189][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.684189][   T27] loop0: rw=1, sector=233, nr_sectors = 8 limit=128
[  159.690459][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.690459][   T27] loop0: rw=1, sector=249, nr_sectors = 8 limit=128
[  159.697683][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.697683][   T27] loop0: rw=1, sector=265, nr_sectors = 8 limit=128
[  159.703378][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.703378][   T27] loop0: rw=1, sector=281, nr_sectors = 8 limit=128
[  159.709032][   T27] kworker/u10:0: attempt to access beyond end of device
[  159.709032][   T27] loop0: rw=1, sector=297, nr_sectors = 8 limit=128
[  159.901090][ T5949] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  160.076255][ T5949] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.079957][ T5949] usb 4-1: config 0 interface 0 has no altsetting 0
[  160.084961][ T5949] usb 4-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00
[  160.091559][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.102920][ T5949] usb 4-1: config 0 descriptor??
[  160.147233][ T8193] syzkaller1: tun_chr_ioctl cmd 1074025677
[  160.149947][ T8193] syzkaller1: linktype set to 774
[  160.740977][ T5949] wacom 0003:056A:00BA.0004: unbalanced delimiter at end of report description
[  160.744506][ T5949] wacom 0003:056A:00BA.0004: parse failed
[  160.746941][ T5949] wacom 0003:056A:00BA.0004: probe with driver wacom failed with error -22
[  160.837331][ T5949] usb 4-1: USB disconnect, device number 7
[  161.444030][ T8212] netlink: 'syz.3.899': attribute type 7 has an invalid length.
[  161.831412][ T5949] usb 3-1: USB disconnect, device number 14
[  162.905998][ T8241] loop2: detected capacity change from 0 to 32768
[  162.910832][ T8241] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.914 (8241)
[  162.941161][ T8241] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  162.944617][ T8241] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  162.992064][ T8258] input: syz1 as /devices/virtual/input/input9
[  163.086546][ T8268] loop3: detected capacity change from 0 to 256
[  163.095518][ T8241] BTRFS info (device loop2): enabling ssd optimizations
[  163.104809][ T8268] FAT-fs (loop3): Directory bread(block 64) failed
[  163.107591][ T8268] FAT-fs (loop3): Directory bread(block 65) failed
[  163.108275][ T8241] BTRFS info (device loop2): turning on async discard
[  163.113120][ T8268] FAT-fs (loop3): Directory bread(block 66) failed
[  163.116552][ T8268] FAT-fs (loop3): Directory bread(block 67) failed
[  163.117767][ T8241] BTRFS info (device loop2): enabling free space tree
[  163.121866][ T8268] FAT-fs (loop3): Directory bread(block 68) failed
[  163.126916][ T8268] FAT-fs (loop3): Directory bread(block 69) failed
[  163.130531][ T8268] FAT-fs (loop3): Directory bread(block 70) failed
[  163.133184][ T8268] FAT-fs (loop3): Directory bread(block 71) failed
[  163.135959][ T8268] FAT-fs (loop3): Directory bread(block 72) failed
[  163.138756][ T8268] FAT-fs (loop3): Directory bread(block 73) failed
[  163.216725][ T5919] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  163.788877][ T8290] No buffer was provided with the request
[  164.206359][ T8303] loop3: detected capacity change from 0 to 2048
[  164.214529][ T8303] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  165.276485][ T8338] loop2: detected capacity change from 0 to 24
[  165.459987][ T8348] loop2: detected capacity change from 0 to 8
[  166.480763][ T8362] kAFS: unable to lookup cell '\/'
[  166.698818][ T8367] loop2: detected capacity change from 0 to 1764
[  167.100292][ T8379] loop2: detected capacity change from 0 to 4096
[  167.103978][ T8379] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  167.140720][ T8379] ntfs3(loop2): ino=19, mi_enum_attr
[  167.142758][ T8379] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  167.294576][ T5962] IPVS: starting estimator thread 0...
[  167.301601][ T8377] loop0: detected capacity change from 0 to 32768
[  167.373569][ T8377] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  167.401642][ T8388] IPVS: using max 84 ests per chain, 201600 per kthread
[  167.464290][ T8400] bridge_slave_0: default FDB implementation only supports local addresses
[  167.475046][ T8400] bridge_slave_0: default FDB implementation only supports local addresses
[  167.477029][ T5913] ocfs2: Unmounting device (7,0) on (node local)
[  168.548234][ T8418] loop3: detected capacity change from 0 to 512
[  168.552639][ T8418] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  169.504831][ T8454] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (pcl812)
[  170.127941][ T8461] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1002'.
[  170.753923][ T8467] loop0: detected capacity change from 0 to 64
[  170.950745][ T8475] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  171.024269][ T8479] loop2: detected capacity change from 0 to 512
[  171.214382][ T8479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.218691][ T8479] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.805288][ T8479] 9p: Unknown access argument unt-ro: -22
[  171.875039][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.004816][ T8498] loop2: detected capacity change from 0 to 4096
[  172.014746][ T8498] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  172.105663][ T8500] ALSA: mixer_oss: invalid OSS volume 'LI'
[  172.162965][ T8498] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  172.341345][ T8513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1026'.
[  172.436044][ T8518] loop3: detected capacity change from 0 to 512
[  172.453675][ T8518] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.464097][ T8522] loop2: detected capacity change from 0 to 764
[  172.589885][ T6976] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.665475][ T8529] loop3: detected capacity change from 0 to 512
[  172.671775][ T8529] EXT4-fs: Ignoring removed i_version option
[  172.684105][ T8529] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  172.710167][ T8529] EXT4-fs (loop3): 1 truncate cleaned up
[  172.713917][ T8529] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.762606][ T6976] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.797631][   T24] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  172.959995][   T24] usb 1-1: config index 0 descriptor too short (expected 69, got 36)
[  172.966675][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.980796][   T24] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  172.984935][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.990431][   T24] usb 1-1: Product: syz
[  172.992276][   T24] usb 1-1: Manufacturer: syz
[  172.994301][   T24] usb 1-1: SerialNumber: syz
[  172.998541][   T24] usb 1-1: config 0 descriptor??
[  173.009104][   T24] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  173.470923][ T8549] loop3: detected capacity change from 0 to 2048
[  173.481544][ T8549] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d
[  173.485812][ T8549] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  173.699178][ T8561] loop3: detected capacity change from 0 to 164
[  173.707213][ T8561] isofs_fill_super: get root inode failed
[  173.908674][   T24] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71
[  173.922273][   T24] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  173.932838][   T24] usb 1-1: USB disconnect, device number 11
[  173.964836][ T8575] loop3: detected capacity change from 0 to 512
[  173.968311][ T8575] EXT4-fs: Ignoring removed nobh option
[  173.977284][ T8575] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1052: iget: bad i_size value: 38620345925642
[  173.989633][ T8575] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1052: couldn't read orphan inode 15 (err -117)
[  173.994851][ T8575] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.073312][ T8575] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.1052: bg 0: block 5: invalid block bitmap
[  174.081153][ T8575] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 16 with error 28
[  174.087262][ T8575] EXT4-fs (loop3): This should not happen!! Data will be lost
[  174.087262][ T8575] 
[  174.091695][ T8575] EXT4-fs (loop3): Total free blocks count 0
[  174.095461][ T8575] EXT4-fs (loop3): Free/Dirty block details
[  174.099504][ T8575] EXT4-fs (loop3): free_blocks=0
[  174.101631][ T8575] EXT4-fs (loop3): dirty_blocks=2468
[  174.103990][ T8575] EXT4-fs (loop3): Block reservation details
[  174.107175][ T8575] EXT4-fs (loop3): i_reserved_data_blocks=2468
[  174.114270][ T1098] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 16 with max blocks 2048 with error 28
[  174.206504][ T8585] loop3: detected capacity change from 0 to 2048
[  174.225983][ T8585] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.314232][ T8593] input: syz1 as /devices/virtual/input/input10
[  174.573269][ T8608] loop3: detected capacity change from 0 to 2048
[  174.604442][ T8608] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.694241][ T8613] loop3: detected capacity change from 0 to 256
[  174.695674][ T8614] loop0: detected capacity change from 0 to 8
[  174.698819][ T8613] exfat: Deprecated parameter 'namecase'
[  174.719040][ T8613] exfat: Deprecated parameter 'namecase'
[  174.734971][ T8613] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d)
[  174.861412][ T8620] loop0: detected capacity change from 0 to 8192
[  174.867397][ T8622] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  174.894419][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.899315][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.905074][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.909596][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.917376][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.923472][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.931436][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.937916][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.942855][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.945820][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.948816][ T8620] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043)
[  174.954303][   T33] audit: type=1800 audit(1758711070.373:6): pid=8620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1073" name="file2" dev="loop0" ino=1048666 res=0 errno=0
[  175.024720][ T8628] syz.3.1078(8628): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  175.122423][ T8632] netlink: 'syz.3.1079': attribute type 10 has an invalid length.
[  175.133697][ T8632] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  175.186701][ T5920] Bluetooth: hci1: link tx timeout
[  175.191840][ T5920] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  175.202441][ T5920] Bluetooth: hci1: link tx timeout
[  175.204693][ T5920] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  175.208527][ T5920] Bluetooth: hci1: link tx timeout
[  175.211192][ T5920] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  175.217464][ T5920] Bluetooth: hci1: link tx timeout
[  175.219735][ T5920] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  175.223350][ T5920] Bluetooth: hci1: link tx timeout
[  175.225558][ T5920] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  175.290047][ T8643] loop2: detected capacity change from 0 to 256
[  175.294270][ T8643] exfat: Deprecated parameter 'utf8'
[  175.312981][ T8643] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xd9b3646f, utbl_chksum : 0xe619d30d)
[  175.371881][ T8647] loop0: detected capacity change from 0 to 2048
[  175.397915][ T8647] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  175.451513][ T8649] loop3: detected capacity change from 0 to 4096
[  175.742048][ T8659] loop0: detected capacity change from 0 to 256
[  175.769931][ T8651] loop2: detected capacity change from 0 to 40427
[  175.791761][ T8651] F2FS-fs (loop2): Image doesn't support compression
[  175.794722][ T8651] F2FS-fs (loop2): build fault injection rate: 690
[  175.798753][ T8661] loop3: detected capacity change from 0 to 1024
[  175.816639][ T8651] F2FS-fs (loop2): build fault injection type: 0x35f7
[  175.836595][ T8651] F2FS-fs (loop2): invalid crc value
[  175.855770][ T8661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.868106][ T8661] ext4 filesystem being mounted at /238/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  175.883838][ T8661] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1093: bg 0: block 480: padding at end of block bitmap is not set
[  175.907487][ T8661] EXT4-fs (loop3): Remounting filesystem read-only
[  175.916244][ T8651] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  175.923524][ T8651] F2FS-fs (loop2): Start checkpoint disabled!
[  175.939669][ T6976] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.990474][ T8651] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  176.327473][ T8676] loop3: detected capacity change from 0 to 32768
[  176.349575][   T33] audit: type=1800 audit(1758711071.665:7): pid=8676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1100" name="bus" dev="loop3" ino=7 res=0 errno=0
[  176.458436][   T33] audit: type=1326 audit(1758711071.758:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8687 comm="syz.2.1105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c34f8ec29 code=0x7ffc0000
[  176.474605][   T33] audit: type=1326 audit(1758711071.776:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8687 comm="syz.2.1105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c34f8ec29 code=0x7ffc0000
[  176.490908][   T33] audit: type=1326 audit(1758711071.776:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8687 comm="syz.2.1105" exe="/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f9c34f8ec29 code=0x7ffc0000
[  176.510275][   T33] audit: type=1326 audit(1758711071.776:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8687 comm="syz.2.1105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c34f8ec29 code=0x7ffc0000
[  176.561234][ T8692] loop2: detected capacity change from 0 to 1024
[  176.570640][ T8692] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  176.575505][ T8692] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  176.581666][ T8692] jbd2_journal_init_inode: Cannot locate journal superblock
[  176.584813][ T8692] EXT4-fs (loop2): Could not load journal inode
[  177.025550][ T8701] loop3: detected capacity change from 0 to 128
[  177.102126][ T8701] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  177.115942][ T8701] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  177.436267][ T5920] Bluetooth: hci1: command 0x0406 tx timeout
[  178.004487][ T8706] loop3: detected capacity change from 0 to 4096
[  178.562146][   T33] audit: type=1326 audit(1758711073.687:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c358ec29 code=0x7ffc0000
[  178.583591][   T33] audit: type=1326 audit(1758711073.687:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f54c358d590 code=0x7ffc0000
[  178.597021][   T33] audit: type=1326 audit(1758711073.687:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f54c358d590 code=0x7ffc0000
[  178.610642][   T33] audit: type=1326 audit(1758711073.687:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54c358ec29 code=0x7ffc0000
[  178.928721][ T8740] syz.3.1127 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  179.024290][ T8748] loop3: detected capacity change from 0 to 2048
[  179.039143][ T8748] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  179.177261][ T8756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1135'.
[  179.213496][ T8759] loop2: detected capacity change from 0 to 512
[  179.240220][ T8759] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  179.261064][ T8759] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.266620][ T8759] ext4 filesystem being mounted at /354/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.296356][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.406824][ T5949] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  179.577544][ T5949] usb 4-1: Using ep0 maxpacket: 16
[  179.581898][ T5949] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  179.586598][ T5949] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  179.590947][ T5949] usb 4-1: config 0 interface 0 has no altsetting 0
[  179.594117][ T5949] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  179.598207][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.609220][ T5949] usb 4-1: config 0 descriptor??
[  180.110553][ T5949] cougar 0003:060B:500A.0005: unexpected long global item
[  180.114304][ T5949] cougar 0003:060B:500A.0005: parse failed
[  180.116997][ T5949] cougar 0003:060B:500A.0005: probe with driver cougar failed with error -22
[  180.143368][ T8774] binder: 8773:8774 unknown command 1079755931
[  180.145874][ T8774] binder: 8773:8774 ioctl c0306201 200000000080 returned -22
[  180.305528][  T792] usb 4-1: USB disconnect, device number 8
[  180.520494][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  180.681261][   T24] usb 1-1: Using ep0 maxpacket: 16
[  180.686902][   T24] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  180.690310][   T24] usb 1-1: config 0 has no interface number 0
[  180.693923][   T24] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  180.698013][   T24] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  180.702209][   T24] usb 1-1: config 0 interface 41 has no altsetting 0
[  180.709002][   T24] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  180.712643][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.715975][   T24] usb 1-1: Product: syz
[  180.717762][   T24] usb 1-1: Manufacturer: syz
[  180.719693][   T24] usb 1-1: SerialNumber: syz
[  180.724107][   T24] usb 1-1: config 0 descriptor??
[  180.731513][ T8778] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  180.734602][ T8778] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  180.962004][   T24] dm9601 1-1:0.41: probe with driver dm9601 failed with error -71
[  180.968341][   T24] sr9700 1-1:0.41: probe with driver sr9700 failed with error -71
[  180.977071][   T24] usb 1-1: USB disconnect, device number 12
[  181.168754][  T792] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  181.331301][  T792] usb 4-1: Using ep0 maxpacket: 8
[  181.339289][  T792] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  181.343629][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.347279][  T792] usb 4-1: Product: syz
[  181.349350][  T792] usb 4-1: Manufacturer: syz
[  181.351428][  T792] usb 4-1: SerialNumber: syz
[  181.356189][  T792] usb 4-1: config 0 descriptor??
[  181.361768][  T792] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  181.366576][  T792] dvb-usb: bulk message failed: -22 (2/0)
[  181.378528][  T792] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  181.383657][  T792] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  181.391157][  T792] usb 4-1: media controller created
[  181.412880][  T792] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  181.473563][ T8786] loop2: detected capacity change from 0 to 512
[  181.485229][ T8786] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  181.499928][ T8786] EXT4-fs (loop2): 1 truncate cleaned up
[  181.509242][ T8786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.565194][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.596094][  T792] cxusb: set interface failed
[  181.601475][  T792] dvb-usb: bulk message failed: -22 (1/0)
[  181.640953][ T8793] loop2: detected capacity change from 0 to 512
[  181.664189][  T792] DVB: Unable to find symbol mt352_attach()
[  181.664253][ T8793] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  181.666314][  T792] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  181.687320][ T8793] EXT4-fs (loop2): invalid journal inode
[  181.691921][ T8793] EXT4-fs (loop2): can't get journal size
[  181.694639][ T8793] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a056c119, mo2=0002]
[  181.697758][ T8793] System zones: 1-12, 13-13
[  181.706957][ T8793] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.1149: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  181.723237][ T8793] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1149: couldn't read orphan inode 15 (err -117)
[  181.732970][  T792] rc_core: IR keymap rc-dvico-portable not found
[  181.735220][  T792] Registered IR keymap rc-empty
[  181.735725][ T8793] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.739130][  T792] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  181.747450][  T792] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input11
[  181.761799][  T792] dvb-usb: schedule remote query interval to 100 msecs.
[  181.764221][  T792] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  181.774583][  T792] usb 4-1: USB disconnect, device number 9
[  181.848733][ T8801] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  181.864722][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.908639][  T792] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  181.945923][ T8805] loop2: detected capacity change from 0 to 1024
[  182.019327][   T54] hfsplus: b-tree write err: -5, ino 4
[  182.106902][ T8809] loop2: detected capacity change from 0 to 4096
[  182.111806][ T8809] EXT4-fs (loop2): Test dummy encryption mode enabled
[  182.116121][ T8809] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  182.119447][ T8809] System zones: 0-5
[  182.129527][ T8809] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.204505][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.573946][ T8817] loop3: detected capacity change from 0 to 256
[  182.628056][ T8817] FAT-fs (loop3): Directory bread(block 64) failed
[  182.635819][ T8817] FAT-fs (loop3): Directory bread(block 65) failed
[  182.648793][ T8817] FAT-fs (loop3): Directory bread(block 66) failed
[  182.653324][ T8817] FAT-fs (loop3): Directory bread(block 67) failed
[  182.661745][ T8817] FAT-fs (loop3): Directory bread(block 68) failed
[  182.672477][ T8817] FAT-fs (loop3): Directory bread(block 69) failed
[  182.675728][ T8817] FAT-fs (loop3): Directory bread(block 70) failed
[  182.679203][ T8817] FAT-fs (loop3): Directory bread(block 71) failed
[  182.682054][ T8817] FAT-fs (loop3): Directory bread(block 72) failed
[  182.688243][ T8817] FAT-fs (loop3): Directory bread(block 73) failed
[  182.737135][ T8817] FAT-fs (loop3): Filesystem has been set read-only
[  182.745830][ T8826] loop2: detected capacity change from 0 to 256
[  182.748691][   T33] kauditd_printk_skb: 7 callbacks suppressed
[  182.748700][   T33] audit: type=1800 audit(1758711077.563:23): pid=8817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1160" name="rdma.current" dev="loop3" ino=1048668 res=0 errno=0
[  182.820588][ T8828] input: syz0 as /devices/virtual/input/input12
[  183.248983][ T6058] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  183.414989][ T6058] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  183.420273][ T6058] usb 4-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0
[  183.424062][ T6058] usb 4-1: Product: syz
[  183.428422][ T6058] usb 4-1: config 0 descriptor??
[  183.438345][ T6058] cp210x 4-1:0.0: cp210x converter detected
[  183.498110][  T792] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  183.660606][  T792] usb 1-1: Using ep0 maxpacket: 16
[  183.666744][  T792] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.671761][  T792] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  183.679243][  T792] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  183.683436][  T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.686810][  T792] usb 1-1: Product: syz
[  183.688712][  T792] usb 1-1: Manufacturer: syz
[  183.690684][  T792] usb 1-1: SerialNumber: syz
[  183.883310][ T6058] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  183.892548][ T6058] usb 4-1: cp210x converter now attached to ttyUSB0
[  183.934542][ T8850] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  183.955761][ T8859] netlink: 'syz.2.1178': attribute type 10 has an invalid length.
[  183.967656][ T8859] dummy0: entered promiscuous mode
[  183.970927][ T8859] dummy0: entered allmulticast mode
[  183.977534][ T8859] team0: Port device dummy0 added
[  183.982540][ T8859] netlink: 'syz.2.1178': attribute type 10 has an invalid length.
[  183.993181][ T8859] dummy0: left promiscuous mode
[  183.994956][ T8859] dummy0: left allmulticast mode
[  183.999684][ T8859] team0: Port device dummy0 removed
[  184.004264][ T8859] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  184.040650][ T8861] loop2: detected capacity change from 0 to 2048
[  184.045537][ T8861] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  184.058054][ T8862] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  184.062851][ T8861] bio_check_eod: 57 callbacks suppressed
[  184.062874][ T8861] syz.2.1179: attempt to access beyond end of device
[  184.062874][ T8861] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  184.123787][   T24] usb 4-1: USB disconnect, device number 10
[  184.151565][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  184.171844][ T8866] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  184.181322][   T24] cp210x 4-1:0.0: device disconnected
[  184.197612][ T8866] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  184.495741][ T6058] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  184.604160][ T8850] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  184.660013][ T6058] usb 3-1: unable to get BOS descriptor or descriptor too short
[  184.663621][ T6058] usb 3-1: not running at top speed; connect to a high speed hub
[  184.667339][ T6058] usb 3-1: config 1 has an invalid interface number: 130 but max is 0
[  184.670624][ T6058] usb 3-1: config 1 has no interface number 0
[  184.677375][ T6058] usb 3-1: config 1 interface 130 altsetting 3 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  184.682805][ T6058] usb 3-1: config 1 interface 130 has no altsetting 0
[  184.694438][ T6058] usb 3-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice=84.ac
[  184.700690][ T6058] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.703546][ T6058] usb 3-1: Product: syz
[  184.706535][ T6058] usb 3-1: Manufacturer: syz
[  184.709255][ T6058] usb 3-1: SerialNumber: syz
[  184.720794][ T8868] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  184.825801][  T792] cdc_ncm 1-1:1.0: failed to get mac address
[  184.951705][ T6058] dvb-usb: found a 'Gigabyte U7000' in cold state, will try to load a firmware
[  184.975464][ T6058] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  184.978613][ T6058] dib0700: firmware download failed at 7 with -71
[  184.986929][ T6058] usb 3-1: USB disconnect, device number 15
[  185.043589][  T792] cdc_ncm 1-1:1.0: bind() failure
[  185.060805][  T792] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  185.063178][  T792] cdc_ncm 1-1:1.1: bind() failure
[  185.167001][ T8881] loop3: detected capacity change from 0 to 128
[  185.170255][ T8881] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  185.175586][ T8881] hpfs: filesystem error: improperly stopped
[  185.181546][ T8881] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  185.185688][ T8881] hpfs: You really don't want any checks? You are crazy...
[  185.194807][ T8881] hpfs: hpfs_map_sector(): read error
[  185.197158][ T8881] hpfs: code page support is disabled
[  185.201872][ T8881] hpfs: hpfs_map_4sectors(): unaligned read
[  185.204751][ T8881] hpfs: hpfs_map_4sectors(): unaligned read
[  185.207133][ T8881] hpfs: filesystem error: unable to find root dir
[  185.216088][ T8881] hpfs: hpfs_map_4sectors(): unaligned read
[  185.291476][  T792] usb 1-1: USB disconnect, device number 13
[  185.303472][ T8885] loop3: detected capacity change from 0 to 128
[  185.832204][   T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  186.055614][   T24] usb 4-1: Using ep0 maxpacket: 32
[  186.118438][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  186.133021][   T24] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  186.137132][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.141609][   T24] usb 4-1: Product: syz
[  186.143623][   T24] usb 4-1: Manufacturer: syz
[  186.145838][   T24] usb 4-1: SerialNumber: syz
[  186.161819][   T24] usb 4-1: config 0 descriptor??
[  186.165340][ T8891] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  186.181619][   T24] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input13
[  186.362299][ T8905] loop0: detected capacity change from 0 to 1024
[  186.431436][ T6058] usb 4-1: USB disconnect, device number 11
[  186.431539][    C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  186.631044][ T8914] nftables ruleset with unbound chain
[  186.883206][ T5920] Bluetooth: Frame is too long (len 16, expected len 4)
[  187.318181][ T8949] net veth1_virt_wifi : renamed from virt_wifi0
[  187.415923][ T8955] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1220'.
[  188.268316][ T5920] Bluetooth: hci1: command 0x0406 tx timeout
[  188.304365][   T33] audit: type=1800 audit(1758711082.695:24): pid=8976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1229" name="bus" dev="tmpfs" ino=2032 res=0 errno=0
[  188.691889][ T8988] loop0: detected capacity change from 0 to 256
[  188.734593][ T8988] exFAT-fs (loop0): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d)
[  188.771285][ T8986] exFAT-fs (loop0): valid_size(10) is greater than size(0)
[  188.784839][ T8986] exFAT-fs (loop0): error, in sector 160, dentry 11 should be unused, but 0xc1
[  188.790523][ T8986] exFAT-fs (loop0): Filesystem has been set read-only
[  189.836253][ T9016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1244'.
[  189.850016][ T9023] loop2: detected capacity change from 0 to 8
[  189.856501][ T9023] squashfs image failed sanity check
[  190.116995][ T9039] loop0: detected capacity change from 0 to 1024
[  190.160572][ T9039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.168256][ T1271] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  190.208794][ T9048] binfmt_misc: register: failed to install interpreter file ./file0
[  190.238759][ T9039] EXT4-fs error (device loop0): ext4_get_first_dir_block:3552: inode #11: comm syz.0.1253: directory missing '..'
[  190.283843][ T5913] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.335846][ T1271] usb 3-1: Using ep0 maxpacket: 32
[  190.340276][ T1271] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  190.347343][ T1271] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  190.352019][ T1271] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  190.355421][ T1271] usb 3-1: config 1 has no interface number 0
[  190.362425][ T1271] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  190.366456][ T1271] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  190.371809][ T1271] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  190.375233][ T1271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.396109][ T1271] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  190.911395][ T9061] loop0: detected capacity change from 0 to 1024
[  191.189247][ T1271] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  191.531244][   T24] usb 3-1: USB disconnect, device number 16
[  191.551494][   T24] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  192.657750][ T9103] netlink: 'syz.0.1278': attribute type 8 has an invalid length.
[  193.081006][ T9115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1282'.
[  193.190564][ T9121] loop2: detected capacity change from 0 to 512
[  193.219351][ T9121] EXT4-fs: Ignoring removed nomblk_io_submit option
[  193.222273][ T9121] EXT4-fs: Ignoring removed nomblk_io_submit option
[  193.240437][ T9121] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  193.269498][ T9121] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  193.277009][ T9121] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  193.303093][ T9121] EXT4-fs (loop2): 1 truncate cleaned up
[  193.306973][ T9121] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.349419][ T9121] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  193.390982][ T5919] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.410407][ T9131] loop0: detected capacity change from 0 to 2048
[  193.419516][ T9131] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  193.433758][   T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  193.618493][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.622645][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.626408][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  193.632973][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  193.636411][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.642358][   T24] usb 4-1: config 0 descriptor??
[  194.592564][ T6058] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  194.674976][   T24] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  194.763950][ T6058] usb 1-1: not running at top speed; connect to a high speed hub
[  194.776211][ T6058] usb 1-1: config 186 has an invalid interface number: 40 but max is 0
[  194.786110][ T6058] usb 1-1: config 186 has no interface number 0
[  194.790314][ T6058] usb 1-1: config 186 interface 40 has no altsetting 0
[  194.799178][ T6058] usb 1-1: New USB device found, idVendor=03eb, idProduct=21fe, bcdDevice=73.53
[  194.802559][ T6058] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.816130][ T6058] usb 1-1: Product: syz
[  194.817691][ T6058] usb 1-1: Manufacturer: syz
[  194.819515][ T6058] usb 1-1: SerialNumber: syz
[  194.858224][ T1271] usb 4-1: USB disconnect, device number 12
[  195.052759][ T5942] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  195.064511][ T5942] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.074761][ T6058] igorplugusb 1-1:186.40: endpoint incorrect
[  195.093827][ T6058] usb 1-1: USB disconnect, device number 14
[  195.210666][ T5942] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  195.214756][ T5942] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.285524][ T5942] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  195.293425][ T5942] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.353996][ T5942] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  195.357883][ T5942] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.391807][ T5920] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  195.397684][ T5920] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  195.403017][ T5920] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  195.425404][ T5920] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  195.441251][ T5920] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  195.560470][ T5942] bridge_slave_1: left allmulticast mode
[  195.562996][ T5942] bridge_slave_1: left promiscuous mode
[  195.565534][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.591429][ T5942] bridge_slave_0: left allmulticast mode
[  195.593949][ T5942] bridge_slave_0: left promiscuous mode
[  195.596397][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.960324][ T9167] loop0: detected capacity change from 0 to 32768
[  196.007056][ T9167] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  196.037377][ T9167] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  196.041876][ T9167] XFS (loop0): Unmount and run xfs_repair
[  196.044468][ T9167] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  196.047514][ T9167] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 20 00  XAGF.......... .
[  196.051091][ T9167] 00000010: 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01  ................
[  196.054762][ T9167] 00000020: 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 06  ................
[  196.058896][ T9167] 00000030: 00 00 00 06 00 00 13 e3 00 00 13 e0 00 00 00 00  ................
[  196.062701][ T9167] 00000040: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ..BNy.B..... ...
[  196.074424][ T9167] 00000050: 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 01  ................
[  196.078468][ T9167] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  196.082068][ T9167] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  196.088575][ T9167] XFS (loop0): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  196.092828][ T9167] XFS (loop0): Error -117 reserving per-AG metadata reserve pool.
[  196.101843][ T9167] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1f0/0x240 (fs/xfs/xfs_fsops.c:566).  Shutting down filesystem.
[  196.108119][ T9167] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[  196.111752][ T9167] XFS (loop0): Ending clean mount
[  196.118643][ T9167] XFS (loop0): Failed to initialize disk quotas, err -5.
[  196.162491][ T5913] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  196.368089][ T5942] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.375825][ T5942] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.383494][ T5942] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  196.396174][ T5942] bond0 (unregistering): Released all slaves
[  196.416671][ T9177] loop0: detected capacity change from 0 to 4096
[  196.421088][ T9177] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  196.624038][ T5942] bond1 (unregistering): Released all slaves
[  196.688037][ T9181] loop0: detected capacity change from 0 to 256
[  196.731655][ T9181] exfat: Unknown parameter ''
[  197.141297][ T9191] loop3: detected capacity change from 0 to 512
[  197.553089][ T5942] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  197.558478][ T5942] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.714416][   T56] Bluetooth: hci2: command tx timeout
[  197.821356][ T5942] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  197.823972][ T5942] batman_adv: batadv0: Removing interface: batadv_slave_1
[  197.834800][ T5942] veth1_macvtap: left promiscuous mode
[  197.836759][ T5942] veth0_macvtap: left promiscuous mode
[  197.838721][ T5942] veth1_vlan: left promiscuous mode
[  197.840553][ T5942] veth0_vlan: left promiscuous mode
[  199.084851][ T5942] team_slave_1 (unregistering): left promiscuous mode
[  199.088027][ T5942] team_slave_1 (unregistering): left allmulticast mode
[  199.094073][ T5942] team0 (unregistering): Port device team_slave_1 removed
[  199.169255][ T5942] team_slave_0 (unregistering): left promiscuous mode
[  199.173522][ T5942] team_slave_0 (unregistering): left allmulticast mode
[  199.179777][ T5942] team0 (unregistering): Port device team_slave_0 removed
[  199.639322][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  199.722966][ T9232] loop0: detected capacity change from 0 to 256
[  199.728434][ T9232] exfat: Deprecated parameter 'utf8'
[  199.730927][ T9232] exfat: Deprecated parameter 'utf8'
[  199.735432][ T9232] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x110009d0, checksum : 0x1119abd0)
[  199.740245][ T9232] exFAT-fs (loop0): invalid boot region
[  199.744196][ T9232] exFAT-fs (loop0): failed to recognize exfat type
[  199.966304][   T56] Bluetooth: hci2: command tx timeout
[  200.049098][ T9153] chnl_net:caif_netlink_parms(): no params data found
[  200.302249][ T9153] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.308958][ T9153] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.316005][ T9153] bridge_slave_0: entered allmulticast mode
[  200.332691][ T9153] bridge_slave_0: entered promiscuous mode
[  200.346771][ T9153] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.353706][ T9153] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.362681][ T9153] bridge_slave_1: entered allmulticast mode
[  200.366596][ T9153] bridge_slave_1: entered promiscuous mode
[  200.477776][ T9153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.482913][ T5942] IPVS: stop unused estimator thread 0...
[  200.508725][ T9153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.564755][ T9153] team0: Port device team_slave_0 added
[  200.571364][ T9153] team0: Port device team_slave_1 added
[  200.644111][ T9258] netlink: 'syz.3.1332': attribute type 4 has an invalid length.
[  200.647556][ T9258] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1332'.
[  200.961383][ T9153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  200.967686][ T9153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.979446][ T9153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  200.985748][ T9153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  200.988977][ T9153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.000904][ T9153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.110322][ T9153] hsr_slave_0: entered promiscuous mode
[  201.113724][ T9153] hsr_slave_1: entered promiscuous mode
[  201.118834][ T9153] debugfs: 'hsr0' already exists in 'hsr'
[  201.122745][ T9153] Cannot create hsr debugfs directory
[  201.377260][ T9153] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  201.383277][ T9153] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  201.393111][ T9153] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  201.400875][ T9153] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  201.481932][ T9290] loop3: detected capacity change from 0 to 1024
[  201.512249][ T9290] EXT4-fs: Ignoring removed nobh option
[  201.514652][ T9290] EXT4-fs: Ignoring removed bh option
[  201.560586][ T9290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.620875][ T9153] 8021q: adding VLAN 0 to HW filter on device bond0
[  201.676421][ T6976] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.690229][ T9153] 8021q: adding VLAN 0 to HW filter on device team0
[  201.715946][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.719192][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.750452][ T9298] veth2: entered promiscuous mode
[  201.753417][ T9298] veth2: entered allmulticast mode
[  201.768588][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1340'.
[  201.790858][ T9300] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  201.843459][ T9300] batman_adv: batadv0: Removing interface: batadv_slave_1
[  201.876415][   T56] Bluetooth: hci0: command 0x0406 tx timeout
[  201.892055][  T554] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.895253][  T554] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.985317][ T9153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  202.160600][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1346'.
[  202.184370][ T9153] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.220995][ T5920] Bluetooth: hci2: command tx timeout
[  202.392018][ T9153] veth0_vlan: entered promiscuous mode
[  202.402400][ T9153] veth1_vlan: entered promiscuous mode
[  202.423013][ T9153] veth0_macvtap: entered promiscuous mode
[  202.427695][ T9153] veth1_macvtap: entered promiscuous mode
[  202.439639][ T9153] batman_adv: batadv0: Interface activated: batadv_slave_0
[  202.446950][ T9153] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.459821][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.463686][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.468069][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.473229][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.512505][ T6058] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  202.558508][ T3888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.561049][ T3888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.585570][ T3595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.589880][ T3595] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.689345][ T6058] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  202.693944][ T6058] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  202.695675][ T9335] loop4: detected capacity change from 0 to 4096
[  202.698147][ T6058] usb 4-1: config 1 has no interface number 0
[  202.706416][ T6058] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  202.722999][ T6058] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  202.728541][ T6058] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.734188][ T6058] usb 4-1: Product: syz
[  202.735965][ T6058] usb 4-1: Manufacturer: syz
[  202.737957][ T6058] usb 4-1: SerialNumber: syz
[  202.749631][ T6058] usb 4-1: selecting invalid altsetting 1
[  202.966878][ T6058] cdc_ncm 4-1:1.1: bind() failure
[  202.975537][ T6058] usb 4-1: USB disconnect, device number 13
[  203.162254][ T5981] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  203.335747][ T5981] usb 5-1: Using ep0 maxpacket: 8
[  203.360822][ T5981] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  203.370495][ T5981] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  203.375205][ T5981] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  203.382580][ T5981] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  203.391903][ T5981] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  203.395844][ T5981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.653369][ T5981] usb 5-1: GET_CAPABILITIES returned 0
[  203.655948][ T5981] usbtmc 5-1:16.0: can't read capabilities
[  203.906282][    C0] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  203.916455][ T9337] usbtmc 5-1:16.0: Unable to send data, error -71
[  203.932525][ T5981] usb 5-1: USB disconnect, device number 2
[  204.473343][ T5920] Bluetooth: hci2: command tx timeout
[  204.537115][ T9348] loop0: detected capacity change from 0 to 4096
[  204.888774][ T9369] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  204.914251][ T9372] loop0: detected capacity change from 0 to 512
[  204.919585][ T9372] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  204.964739][ T9372] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1366: couldn't read orphan inode 26 (err -116)
[  204.975133][ T9372] EXT4-fs (loop0): Remounting filesystem read-only
[  204.978132][ T9372] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.991567][ T9372] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.020696][ T5913] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.196348][ T9388] loop3: detected capacity change from 0 to 16
[  205.228901][ T9388] erofs (device loop3): mounted with root inode @ nid 36.
[  205.248515][ T9388] erofs (device loop3): readahead error at folio 2 @ nid 89
[  205.252117][ T9388] erofs (device loop3): readahead error at folio 1 @ nid 89
[  205.281222][ T9388] erofs (device loop3): readahead error at folio 0 @ nid 89
[  205.284322][ T9388] erofs (device loop3): read error -117 @ 0 of nid 89
[  205.298080][   T33] audit: type=1800 audit(1758711098.386:25): pid=9388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1373" name="file3" dev="loop3" ino=89 res=0 errno=0
[  205.557555][ T9414] loop3: detected capacity change from 0 to 128
[  205.559428][ T9415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1385'.
[  205.564215][ T9415] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1385'.
[  205.574167][ T9414] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  205.586378][ T9414] ext4 filesystem being mounted at /334/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  205.603918][ T9414] EXT4-fs (loop3): shut down requested (1)
[  205.609714][ T9414] fscrypt (loop3, inode 12): Error -5 getting encryption context
[  205.647345][ T6976] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  205.787410][ T9428] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1391'.
[  205.919694][ T9431] loop0: detected capacity change from 0 to 4096
[  205.931358][ T9431] ntfs3(loop0): It is recommened to use chkdsk.
[  205.939199][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  205.942291][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  205.950236][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  205.952952][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  205.956094][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc1c00
[  205.969082][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc2c00
[  205.979409][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc4c00
[  205.982668][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffc8c00
[  205.990476][ T9431] ntfs3(loop0): try to read out of volume at offset 0x3fffffd0c00
[  206.086663][ T9424] loop4: detected capacity change from 0 to 32768
[  206.136898][ T9424] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1389 (9424)
[  206.163917][ T9424] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  206.168209][ T9424] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  206.188504][ T9434] loop3: detected capacity change from 0 to 40427
[  206.191873][ T9434] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  206.194503][ T9434] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  206.201879][ T9434] F2FS-fs (loop3): invalid crc value
[  206.270098][ T9434] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  206.280703][ T9434] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  206.284697][ T9434] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  206.306640][ T9424] BTRFS info (device loop4): enabling ssd optimizations
[  206.309602][ T9424] BTRFS info (device loop4): enabling free space tree
[  206.312919][   T33] audit: type=1804 audit(1758711099.309:26): pid=9434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1394" name="/newroot/338/bus/file1" dev="loop3" ino=10 res=1 errno=0
[  206.370482][ T1271] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  206.377612][ T9153] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  206.526067][ T9459] netlink: 'syz.4.1396': attribute type 2 has an invalid length.
[  206.536964][ T1271] usb 1-1: Using ep0 maxpacket: 16
[  206.542600][ T1271] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 26232, setting to 64
[  206.568452][ T1271] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  206.572007][ T1271] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.577862][ T1271] usb 1-1: Product: syz
[  206.579519][ T1271] usb 1-1: Manufacturer: syz
[  206.581469][ T1271] usb 1-1: SerialNumber: syz
[  206.593546][ T1271] usb 1-1: config 0 descriptor??
[  206.638413][ T1271] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  206.844688][ T5924] usb 1-1: Failed to submit usb control message: -71
[  206.845146][ T1271] usb 1-1: USB disconnect, device number 15
[  206.850589][ T5924] usb 1-1: unable to send the bmi data to the device: -71
[  206.868151][ T5924] usb 1-1: unable to get target info from device
[  206.874365][ T5924] usb 1-1: could not get target info (-71)
[  206.876879][ T5924] usb 1-1: could not probe fw (-71)
[  206.992250][ T9468] netlink: 'syz.4.1399': attribute type 3 has an invalid length.
[  207.044262][ T9471] tc_dump_action: action bad kind
[  207.195469][ T9477] loop4: detected capacity change from 0 to 4096
[  207.593772][   T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  207.756287][ T6976] syz-executor: attempt to access beyond end of device
[  207.756287][ T6976] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  207.768193][ T6976] CPU: 1 UID: 0 PID: 6976 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  207.768221][ T6976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  207.768230][ T6976] Call Trace:
[  207.768236][ T6976]  <TASK>
[  207.768243][ T6976]  dump_stack_lvl+0x189/0x250
[  207.768270][ T6976]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.768286][ T6976]  ? __pfx_queue_work_on+0x10/0x10
[  207.768299][ T6976]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  207.768320][ T6976]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  207.768347][ T6976]  f2fs_handle_critical_error+0x37c/0x540
[  207.768373][ T6976]  f2fs_write_end_io+0x886/0xb60
[  207.768399][ T6976]  __submit_merged_bio+0x27a/0x6a0
[  207.768417][ T6976]  ? up_write+0x1c4/0x420
[  207.768436][ T6976]  __submit_merged_write_cond+0x44c/0x530
[  207.768460][ T6976]  f2fs_sync_node_pages+0x1479/0x15e0
[  207.768490][ T6976]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  207.768525][ T6976]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  207.768543][ T6976]  ? up_write+0x1c4/0x420
[  207.768554][ T6976]  ? do_raw_spin_unlock+0x4d/0x240
[  207.768573][ T6976]  f2fs_write_checkpoint+0xe6f/0x1df0
[  207.768602][ T6976]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  207.768646][ T6976]  ? kill_f2fs_super+0x298/0x6c0
[  207.768665][ T6976]  kill_f2fs_super+0x2c3/0x6c0
[  207.768682][ T6976]  ? __pfx_kill_f2fs_super+0x10/0x10
[  207.768694][ T6976]  ? radix_tree_delete_item+0x2b6/0x400
[  207.768738][ T6976]  ? shrinker_free+0x2ce/0x3e0
[  207.768756][ T6976]  deactivate_locked_super+0xbc/0x130
[  207.768773][ T6976]  cleanup_mnt+0x425/0x4c0
[  207.768788][ T6976]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.768804][ T6976]  task_work_run+0x1d4/0x260
[  207.768824][ T6976]  ? __pfx_task_work_run+0x10/0x10
[  207.768838][ T6976]  ? __x64_sys_umount+0x122/0x160
[  207.768856][ T6976]  ? exit_to_user_mode_loop+0x40/0x110
[  207.768877][ T6976]  exit_to_user_mode_loop+0xec/0x110
[  207.768893][ T6976]  do_syscall_64+0x2bd/0x3b0
[  207.768907][ T6976]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.768919][ T6976]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.768930][ T6976]  ? exc_page_fault+0x9f/0xf0
[  207.768944][ T6976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.768955][ T6976] RIP: 0033:0x7fcf2dd8ff57
[  207.768968][ T6976] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  207.768993][ T6976] RSP: 002b:00007fff2dbd26d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  207.769008][ T6976] RAX: 0000000000000000 RBX: 00007fcf2de11c2d RCX: 00007fcf2dd8ff57
[  207.769016][ T6976] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff2dbd2790
[  207.769022][ T6976] RBP: 00007fff2dbd2790 R08: 0000000000000000 R09: 0000000000000000
[  207.769030][ T6976] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff2dbd3820
[  207.769037][ T6976] R13: 00007fcf2de11c2d R14: 0000000000030f17 R15: 00007fff2dbd3860
[  207.769057][ T6976]  </TASK>
[  207.769063][ T6976] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  207.907577][   T24] usb 5-1: Using ep0 maxpacket: 8
[  207.930310][   T24] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  207.946135][   T24] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  207.950003][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.955073][   T24] usb 5-1: Product: syz
[  207.956926][   T24] usb 5-1: Manufacturer: syz
[  207.958934][   T24] usb 5-1: SerialNumber: syz
[  207.965562][   T24] usb 5-1: config 0 descriptor??
[  207.977452][   T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  207.980320][   T24] usb 5-1: setting power ON
[  207.981871][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  207.986264][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  207.989968][   T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  207.993103][   T24] usb 5-1: media controller created
[  208.012936][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  208.066967][   T24] usb 5-1: selecting invalid altsetting 6
[  208.072131][   T24] usb 5-1: digital interface selection failed (-22)
[  208.074877][   T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  208.093110][   T24] usb 5-1: setting power OFF
[  208.095854][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  208.100585][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  208.105553][   T24] (NULL device *): no alternate interface
[  208.147924][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  208.220021][ T9502] wg2: entered promiscuous mode
[  208.222647][ T9502] wg2: entered allmulticast mode
[  208.258082][ T6058] usb 5-1: USB disconnect, device number 3
[  208.343656][ T9506] loop0: detected capacity change from 0 to 256
[  208.797288][ T5942] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x6
[  208.954784][ T9533] loop0: detected capacity change from 0 to 8
[  209.008057][ T9533] SQUASHFS error: Failed to read block 0xdfa: -5
[  209.011256][ T9533] SQUASHFS error: Unable to read metadata cache entry [dfa]
[  209.028293][ T9533] SQUASHFS error: Failed to read block 0x4e8: -5
[  209.033057][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.038421][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.041027][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.043823][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.047838][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.050981][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.053664][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.057475][ T9533] SQUASHFS error: Failed to read block 0x4de: -5
[  209.060405][ T9533] SQUASHFS error: Failed to read block 0x4e8: -5
[  209.063197][   T33] audit: type=1800 audit(1758711101.857:27): pid=9533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1427" name="file1" dev="loop0" ino=5 res=0 errno=0
[  210.373991][ T9535] loop3: detected capacity change from 0 to 32768
[  210.473847][ T9535] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  210.636950][   T33] audit: type=1800 audit(1758711103.260:28): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1429" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  210.845734][ T9560] loop4: detected capacity change from 0 to 164
[  210.889622][ T9560] isofs_fill_super: root inode is not a directory. Corrupted media?
[  210.990656][ T6976] ocfs2: Unmounting device (7,3) on (node local)
[  211.135455][ T9570] loop0: detected capacity change from 0 to 256
[  211.162285][ T9570] exfat: Deprecated parameter 'utf8'
[  211.196482][ T9570] exfat: Deprecated parameter 'namecase'
[  211.199040][ T9570] exfat: Deprecated parameter 'namecase'
[  211.213707][ T9570] exfat: Deprecated parameter 'utf8'
[  211.247483][ T9570] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x0fac38ce, utbl_chksum : 0xe619d30d)
[  211.258568][ T9572] input: syz1 as /devices/virtual/input/input14
[  211.303460][ T9570] exFAT-fs (loop0): start_clu is invalid cluster(0x400)
[  212.275603][ T9584] loop3: detected capacity change from 0 to 32768
[  212.324355][ T9584] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  212.516599][ T9584] XFS (loop3): Ending clean mount
[  212.542136][ T9584] XFS (loop3): Quotacheck needed: Please wait.
[  212.652814][ T9584] XFS (loop3): Quotacheck: Done.
[  212.836558][ T6976] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  213.424738][ T9609] loop3: detected capacity change from 0 to 4096
[  213.428882][ T9609] ntfs3(loop3): Primary boot: invalid bytes per index 2(-1).
[  213.447246][ T9609] ntfs3(loop3): try to read out of volume at offset 0x1ffe00
[  214.130557][ T9619] loop3: detected capacity change from 0 to 40427
[  214.141407][ T9619] F2FS-fs (loop3): invalid crc value
[  214.209282][ T9619] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  214.217760][ T9619] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  214.558359][ T9645] loop3: detected capacity change from 0 to 2048
[  214.599784][ T9645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  214.608955][ T9652] cgroup: noprefix used incorrectly
[  214.750611][ T9657] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  214.763128][ T9657] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 476 with error 28
[  214.772060][ T9657] EXT4-fs (loop3): This should not happen!! Data will be lost
[  214.772060][ T9657] 
[  214.778360][ T9657] EXT4-fs (loop3): Total free blocks count 0
[  214.785767][ T9657] EXT4-fs (loop3): Free/Dirty block details
[  214.791144][ T9657] EXT4-fs (loop3): free_blocks=2415919104
[  214.795819][ T9657] EXT4-fs (loop3): dirty_blocks=480
[  214.802821][ T9657] EXT4-fs (loop3): Block reservation details
[  214.805415][ T9657] EXT4-fs (loop3): i_reserved_data_blocks=30
[  214.935998][ T2919] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  215.102808][ T9676] comedi comedi2: dt2814: I/O port conflict (0x780e041b,2)
[  215.412133][ T9685] loop3: detected capacity change from 0 to 16
[  215.431033][ T9685] erofs (device loop3): mounted with root inode @ nid 36.
[  215.746200][ T9684] loop0: detected capacity change from 0 to 1024
[  215.819314][ T9684] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.846922][ T9690] loop4: detected capacity change from 0 to 64
[  215.888031][ T5913] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.983592][ T9694] loop0: detected capacity change from 0 to 4096
[  215.997145][   T33] audit: type=1326 audit(1758711108.253:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9695 comm="syz.4.1475" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff6c638ec29 code=0x0
[  216.585152][ T9714] loop3: detected capacity change from 0 to 32768
[  216.591783][ T9714] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 ./bus (7:3) scanned by syz.3.1482 (9714)
[  216.601212][ T9714] btrfs: Unknown parameter 'dont_appraise'
[  216.961854][   T33] audit: type=1326 audit(1758711109.121:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  216.999060][   T33] audit: type=1326 audit(1758711109.121:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcf2dd8d590 code=0x7ffc0000
[  217.023270][   T33] audit: type=1326 audit(1758711109.121:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  217.059561][ T5920] Bluetooth: hci1: unexpected event for opcode 0x1408
[  217.072078][   T33] audit: type=1326 audit(1758711109.121:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  217.138540][   T33] audit: type=1326 audit(1758711109.148:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  217.158424][   T33] audit: type=1326 audit(1758711109.148:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  217.167677][   T33] audit: type=1326 audit(1758711109.148:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  217.176860][   T33] audit: type=1326 audit(1758711109.148:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9715 comm="syz.3.1483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2dd8ec29 code=0x7ffc0000
[  217.474986][ T5976] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  217.639051][ T5976] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  217.643376][ T5976] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.651550][ T5976] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  217.655256][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.658676][ T5976] usb 5-1: Product: syz
[  217.660490][ T5976] usb 5-1: Manufacturer: syz
[  217.662434][ T5976] usb 5-1: SerialNumber: syz
[  217.672754][ T5976] cdc_mbim 5-1:1.0: skipping garbage
[  218.552895][ T5976] cdc_mbim 5-1:1.0: bind() failure
[  218.588414][ T5976] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  218.600277][ T5976] cdc_ncm 5-1:1.1: bind() failure
[  218.735236][ T5976] usb 5-1: USB disconnect, device number 4
[  219.164054][ T9733] loop4: detected capacity change from 0 to 256
[  219.194102][ T9733] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x7c732dc0, utbl_chksum : 0xe619d30d)
[  219.586918][ T5976] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  219.771484][ T5976] usb 5-1: Using ep0 maxpacket: 16
[  219.790986][ T5976] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  219.801730][ T5976] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  219.816669][ T5976] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  219.820539][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.823508][ T5976] usb 5-1: Product: syz
[  219.824984][ T5976] usb 5-1: Manufacturer: syz
[  219.830443][ T5976] usb 5-1: SerialNumber: syz
[  219.848113][ T5976] usb 5-1: config 0 descriptor??
[  219.860680][ T5976] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  219.864651][ T5976] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  220.539664][ T5976] em28xx 5-1:0.0: chip ID is em2874
[  220.766600][ T5976] usb 5-1: USB disconnect, device number 5
[  220.807083][ T5976] em28xx 5-1:0.0: Disconnecting em28xx
[  220.872083][ T5976] em28xx 5-1:0.0: Freeing device
[  221.307238][ T9761] input: syz0 as /devices/virtual/input/input15
[  221.384211][ T9763] netlink: 'syz.3.1501': attribute type 10 has an invalid length.
[  221.414451][ T9763] team0: Port device dummy0 added
[  221.445841][ T9763] netlink: 'syz.3.1501': attribute type 10 has an invalid length.
[  221.486829][ T9763] team0: Port device dummy0 removed
[  221.492102][ T9763] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  222.009047][ T9776] loop3: detected capacity change from 0 to 32768
[  222.018423][ T9776] btrfs: Deprecated parameter 'usebackuproot'
[  222.029391][ T9776] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  222.036086][ T9776] btrfs: Unknown parameter 'context'
[  222.638381][ T9797] loop0: detected capacity change from 0 to 256
[  222.649284][ T9797] exfat: Deprecated parameter 'utf8'
[  222.651655][ T9797] exfat: Deprecated parameter 'utf8'
[  222.684669][ T9797] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x7bac8b1f, utbl_chksum : 0xe619d30d)
[  223.862963][ T9820] ceph: No mds server is up or the cluster is laggy
[  223.879231][   T24] libceph: connect (1)[c::]:6789 error -101
[  223.893285][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  223.939469][ T9827] loop0: detected capacity change from 0 to 256
[  223.947856][ T9827] exfat: Deprecated parameter 'namecase'
[  223.950316][ T9827] exfat: Deprecated parameter 'namecase'
[  223.988991][ T9827] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  224.107695][ T9814] loop3: detected capacity change from 0 to 32768
[  224.155258][ T9814]  loop3: p1 p2 p3 < p5 p6 >
[  224.159978][ T9814] loop3: p1 size 242222080 extends beyond EOD, truncated
[  224.167691][ T9814] loop3: p2 start 4294967295 is beyond EOD, truncated
[  224.220353][ T9832] loop0: detected capacity change from 0 to 2048
[  224.283584][ T9832] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  224.523011][ T9848] loop0: detected capacity change from 0 to 16
[  224.533188][ T9848] erofs (device loop0): mounted with root inode @ nid 36.
[  225.223854][ T9865] netlink: 'syz.3.1542': attribute type 1 has an invalid length.
[  225.475099][ T9869] netlink: 320 bytes leftover after parsing attributes in process `syz.4.1544'.
[  225.523200][ T9867] loop3: detected capacity change from 0 to 32768
[  225.596793][ T9867] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  225.609785][ T9867] 
[  225.610918][ T9867] ======================================================
[  225.613215][ T9867] WARNING: possible circular locking dependency detected
[  225.615469][ T9867] syzkaller #0 Not tainted
[  225.617367][ T9867] ------------------------------------------------------
[  225.621064][ T9867] syz.3.1543/9867 is trying to acquire lock:
[  225.623309][ T9867] ffff888121710660 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x320
[  225.627100][ T9867] 
[  225.627100][ T9867] but task is already holding lock:
[  225.629877][ T9867] ffff8881217106f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  225.633886][ T9867] 
[  225.633886][ T9867] which lock already depends on the new lock.
[  225.633886][ T9867] 
[  225.637324][ T9867] 
[  225.637324][ T9867] the existing dependency chain (in reverse order) is:
[  225.640289][ T9867] 
[  225.640289][ T9867] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[  225.643453][ T9867]        lock_acquire+0x120/0x360
[  225.645568][ T9867]        down_read+0x46/0x2e0
[  225.647527][ T9867]        ocfs2_init_acl+0x2f9/0x720
[  225.649645][ T9867]        ocfs2_mknod+0x1321/0x2050
[  225.651867][ T9867]        ocfs2_create+0x1a5/0x440
[  225.653990][ T9867]        path_openat+0x14f4/0x3830
[  225.656100][ T9867]        do_filp_open+0x1fa/0x410
[  225.658061][ T9867]        do_sys_openat2+0x121/0x1c0
[  225.659971][ T9867]        __x64_sys_open+0x11e/0x150
[  225.661823][ T9867]        do_syscall_64+0xfa/0x3b0
[  225.663915][ T9867]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.666533][ T9867] 
[  225.666533][ T9867] -> #3 (jbd2_handle){++++}-{0:0}:
[  225.669561][ T9867]        lock_acquire+0x120/0x360
[  225.671680][ T9867]        start_this_handle+0x1fa7/0x21c0
[  225.674036][ T9867]        jbd2__journal_start+0x2c1/0x5b0
[  225.676412][ T9867]        jbd2_journal_start+0x2a/0x40
[  225.678681][ T9867]        ocfs2_start_trans+0x376/0x6d0
[  225.680994][ T9867]        ocfs2_reserve_suballoc_bits+0x711/0x4640
[  225.683645][ T9867]        ocfs2_reserve_new_inode+0x4f4/0xcc0
[  225.686124][ T9867]        ocfs2_symlink+0xac9/0x23e0
[  225.688182][ T9867]        vfs_symlink+0x143/0x2f0
[  225.690290][ T9867]        do_symlinkat+0x1b1/0x3f0
[  225.692389][ T9867]        __x64_sys_symlink+0x7a/0x90
[  225.694529][ T9867]        do_syscall_64+0xfa/0x3b0
[  225.696464][ T9867]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.699110][ T9867] 
[  225.699110][ T9867] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  225.702468][ T9867]        lock_acquire+0x120/0x360
[  225.704583][ T9867]        down_read+0x46/0x2e0
[  225.706565][ T9867]        ocfs2_start_trans+0x36a/0x6d0
[  225.708846][ T9867]        ocfs2_reserve_suballoc_bits+0x711/0x4640
[  225.711541][ T9867]        ocfs2_reserve_new_inode+0x4f4/0xcc0
[  225.714067][ T9867]        ocfs2_symlink+0xac9/0x23e0
[  225.716260][ T9867]        vfs_symlink+0x143/0x2f0
[  225.718331][ T9867]        do_symlinkat+0x1b1/0x3f0
[  225.720473][ T9867]        __x64_sys_symlink+0x7a/0x90
[  225.722537][ T9867]        do_syscall_64+0xfa/0x3b0
[  225.724497][ T9867]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.726771][ T9867] 
[  225.726771][ T9867] -> #1 (sb_internal#6){.+.+}-{0:0}:
[  225.729244][ T9867]        lock_acquire+0x120/0x360
[  225.731003][ T9867]        ocfs2_start_trans+0x26b/0x6d0
[  225.732949][ T9867]        ocfs2_setattr+0x969/0x1b40
[  225.734813][ T9867]        notify_change+0xb36/0xe40
[  225.736638][ T9867]        do_truncate+0x1a4/0x220
[  225.738248][ T9867]        do_ftruncate+0x489/0x540
[  225.740010][ T9867]        __x64_sys_ftruncate+0x92/0xf0
[  225.742209][ T9867]        do_syscall_64+0xfa/0x3b0
[  225.744397][ T9867]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.747062][ T9867] 
[  225.747062][ T9867] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  225.750302][ T9867]        validate_chain+0xb9b/0x2140
[  225.752406][ T9867]        __lock_acquire+0xab9/0xd20
[  225.754156][ T9867]        lock_acquire+0x120/0x360
[  225.755848][ T9867]        down_write+0x96/0x1f0
[  225.757411][ T9867]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  225.759562][ T9867]        ocfs2_xattr_set+0x595/0x11f0
[  225.761396][ T9867]        ocfs2_set_acl+0x701/0x7b0
[  225.763567][ T9867]        ocfs2_iop_set_acl+0x1aa/0x2a0
[  225.765826][ T9867]        vfs_set_acl+0x887/0xb00
[  225.767554][ T9867]        filename_setxattr+0x2e0/0x600
[  225.769529][ T9867]        path_setxattrat+0x364/0x3a0
[  225.771754][ T9867]        __x64_sys_setxattr+0xbc/0xe0
[  225.773975][ T9867]        do_syscall_64+0xfa/0x3b0
[  225.776103][ T9867]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.778474][ T9867] 
[  225.778474][ T9867] other info that might help us debug this:
[  225.778474][ T9867] 
[  225.782557][ T9867] Chain exists of:
[  225.782557][ T9867]   &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem
[  225.782557][ T9867] 
[  225.787470][ T9867]  Possible unsafe locking scenario:
[  225.787470][ T9867] 
[  225.790469][ T9867]        CPU0                    CPU1
[  225.792771][ T9867]        ----                    ----
[  225.794981][ T9867]   lock(&oi->ip_xattr_sem);
[  225.796830][ T9867]                                lock(jbd2_handle);
[  225.798885][ T9867]                                lock(&oi->ip_xattr_sem);
[  225.801128][ T9867]   lock(&ocfs2_file_ip_alloc_sem_key);
[  225.803192][ T9867] 
[  225.803192][ T9867]  *** DEADLOCK ***
[  225.803192][ T9867] 
[  225.806036][ T9867] 3 locks held by syz.3.1543/9867:
[  225.807690][ T9867]  #0: ffff888107ae4428 (sb_writers#40){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  225.810654][ T9867]  #1: ffff8881217109c0 (&type->i_mutex_dir_key#26){+.+.}-{4:4}, at: vfs_set_acl+0x3cd/0xb00
[  225.814173][ T9867]  #2: ffff8881217106f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[  225.818540][ T9867] 
[  225.818540][ T9867] stack backtrace:
[  225.820779][ T9867] CPU: 1 UID: 0 PID: 9867 Comm: syz.3.1543 Not tainted syzkaller #0 PREEMPT(full) 
[  225.820792][ T9867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  225.820797][ T9867] Call Trace:
[  225.820802][ T9867]  <TASK>
[  225.820808][ T9867]  dump_stack_lvl+0x189/0x250
[  225.820821][ T9867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.820830][ T9867]  ? __pfx__printk+0x10/0x10
[  225.820840][ T9867]  ? print_lock_name+0xde/0x100
[  225.820850][ T9867]  print_circular_bug+0x2ee/0x310
[  225.820859][ T9867]  check_noncircular+0x134/0x160
[  225.820869][ T9867]  validate_chain+0xb9b/0x2140
[  225.820877][ T9867]  ? check_path+0x21/0x40
[  225.820885][ T9867]  ? look_up_lock_class+0x74/0x170
[  225.820895][ T9867]  ? register_lock_class+0x51/0x320
[  225.820905][ T9867]  __lock_acquire+0xab9/0xd20
[  225.820915][ T9867]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  225.820925][ T9867]  lock_acquire+0x120/0x360
[  225.820935][ T9867]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  225.820945][ T9867]  ? __lock_acquire+0xab9/0xd20
[  225.820957][ T9867]  down_write+0x96/0x1f0
[  225.820966][ T9867]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[  225.820975][ T9867]  ? __pfx_down_write+0x10/0x10
[  225.820984][ T9867]  ocfs2_try_remove_refcount_tree+0xb6/0x320
[  225.820993][ T9867]  ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10
[  225.821002][ T9867]  ? up_write+0x1c4/0x420
[  225.821009][ T9867]  ? ocfs2_xattr_set+0x334/0x11f0
[  225.821019][ T9867]  ocfs2_xattr_set+0x595/0x11f0
[  225.821030][ T9867]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  225.821038][ T9867]  ? do_raw_spin_unlock+0x4d/0x240
[  225.821047][ T9867]  ? __lock_acquire+0xab9/0xd20
[  225.821058][ T9867]  ? do_raw_spin_unlock+0x4d/0x240
[  225.821066][ T9867]  ? _raw_spin_unlock+0x28/0x50
[  225.821075][ T9867]  ? ocfs2_inode_lock_tracker+0x3ec/0x660
[  225.821084][ T9867]  ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10
[  225.821091][ T9867]  ocfs2_set_acl+0x701/0x7b0
[  225.821099][ T9867]  ? __lock_acquire+0xab9/0xd20
[  225.821109][ T9867]  ocfs2_iop_set_acl+0x1aa/0x2a0
[  225.821116][ T9867]  ? vfs_set_acl+0x3cd/0xb00
[  225.821125][ T9867]  ? __pfx_ocfs2_iop_set_acl+0x10/0x10
[  225.821132][ T9867]  ? evm_inode_set_acl+0xba/0x410
[  225.821141][ T9867]  ? __pfx_evm_inode_set_acl+0x10/0x10
[  225.821154][ T9867]  ? down_write+0x162/0x1f0
[  225.821167][ T9867]  ? __pfx_down_write+0x10/0x10
[  225.821178][ T9867]  ? evm_revalidate_status+0x4f/0xb0
[  225.821190][ T9867]  ? make_vfsuid+0x49/0xa0
[  225.821198][ T9867]  ? inode_owner_or_capable+0xf1/0x1c0
[  225.821207][ T9867]  vfs_set_acl+0x887/0xb00
[  225.821219][ T9867]  filename_setxattr+0x2e0/0x600
[  225.821228][ T9867]  ? __pfx_filename_setxattr+0x10/0x10
[  225.821235][ T9867]  ? getname_flags+0x1e5/0x540
[  225.821243][ T9867]  path_setxattrat+0x364/0x3a0
[  225.821254][ T9867]  ? __pfx_path_setxattrat+0x10/0x10
[  225.821262][ T9867]  ? do_futex+0x333/0x420
[  225.821275][ T9867]  ? rcu_is_watching+0x15/0xb0
[  225.821283][ T9867]  __x64_sys_setxattr+0xbc/0xe0
[  225.821289][ T9867]  do_syscall_64+0xfa/0x3b0
[  225.821297][ T9867]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.821304][ T9867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.821310][ T9867]  ? exc_page_fault+0x9f/0xf0
[  225.821316][ T9867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.821323][ T9867] RIP: 0033:0x7fcf2dd8ec29
[  225.821331][ T9867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.821338][ T9867] RSP: 002b:00007fcf2ec65038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  225.821352][ T9867] RAX: ffffffffffffffda RBX: 00007fcf2dfd5fa0 RCX: 00007fcf2dd8ec29
[  225.821358][ T9867] RDX: 0000000000000000 RSI: 0000200000002a40 RDI: 0000200000002a00
[  225.821363][ T9867] RBP: 00007fcf2de11e41 R08: 0000000000000000 R09: 0000000000000000
[  225.821368][ T9867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  225.821372][ T9867] R13: 00007fcf2dfd6038 R14: 00007fcf2dfd5fa0 R15: 00007fff2dbd3448
[  225.821380][ T9867]  </TASK>
[  225.965926][    C1] vkms_vblank_simulate: vblank timer overrun
[  226.008286][ T6976] ocfs2: Unmounting device (7,3) on (node local)

VM DIAGNOSIS:
10:52:04  Registers:
info registers vcpu 0

CPU#0
RAX=ffff8881035297d8 RBX=ffffea00044f28c0 RCX=ffff88810c9b1cc0 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffc90004637dd0 RSP=ffffc90004637b80
R8 =ffffea00044f28c7 R9 =1ffffd400089e518 R10=dffffc0000000000 R11=fffff9400089e519
R12=dffffc0000000000 R13=1ffffd400089e519 R14=ffff8881035297d8 R15=ffffea00044f28c8
RIP=ffffffff81f978cf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555753a9500 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2e620ff8 CR3=0000000024224000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff8133c59e ffffffff8133c59e XMM01=ffffffff8133c59e ffffffff8133c59e
XMM02=00000008000003b7 ffffffff8133c59e XMM03=0000000100000085 00000000000004b7
XMM04=9500000001000000 8500000000000004 XMM05=b700000008000003 b7fffffff8000002
XMM06=07000000000000a2 bf00000000fff88a XMM07=7b00000000000008 b700000000000000
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f54c3612fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000132d RDI=000000000000132e RBP=00000000000003f8 RSP=ffffc90002e36ab0
R8 =ffff8880216a8237 R9 =1ffff110042d5046 R10=dffffc0000000000 R11=ffffffff854fad60
R12=dffffc0000000000 R13=ffffffff99b028e9 R14=ffffffff99df7460 R15=0000000000000000
RIP=ffffffff854faddc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fcf2ec656c0 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000002a00 CR3=00000000362f0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00746c7561666564 5f6c63615f786973
XMM02=ffffffff8133c59e ffffffff8133c59e XMM03=ffffffff8133c59e ffffffff8133c59e
XMM04=00007fcf2eb0d100 00007fcf2dfa7460 XMM05=00007fcf2dfa7478 00007fcf2dfa74c0
XMM06=00007fcf2dfa74b8 00007fcf2dfa74b0 XMM07=00007fcf2dfa74a8 00007fcf2dfa74a0
XMM08=0000000000000000 00001b7d1475bf98 XMM09=0000000000000000 00007fcf2de12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
