last executing test programs:

15.688916641s ago: executing program 1 (id=273):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

14.775490942s ago: executing program 1 (id=276):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r2 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

14.561056473s ago: executing program 1 (id=277):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)

14.465491347s ago: executing program 4 (id=278):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, 0x0, 0x0, 0x6, 0x7d, 0x0, 0xfffffff9, 0x101, 0x0})

14.350506859s ago: executing program 4 (id=280):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542", 0x5b}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c", 0x6a}], 0x2}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000005c0)="33ca667d02", 0x5}, {&(0x7f0000000b40)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5b", 0x34}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7", 0x34}], 0x3}}], 0x2, 0x0)

14.304098747s ago: executing program 1 (id=281):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xfffff4b8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)

14.185411441s ago: executing program 4 (id=282):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xfffff4b8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)

3.61266657s ago: executing program 0 (id=288):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r4 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

3.612229995s ago: executing program 3 (id=289):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'})
r1 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0xfffffffffffffffd, 0x410000)
ioctl$SNDRV_PCM_IOCTL_DELAY(r1, 0x80084121, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000040)={[0x4]}, 0x0, 0x8)
prlimit64(0x0, 0xe, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000000a0601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070006000000060004404e2100000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

3.164804813s ago: executing program 3 (id=290):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f0000000100)={0x5, "caadb18cf146455470a8f1044db1f5315d8fc9fb43a64ffe4a984647b1aecd47", 0x3})

3.159124517s ago: executing program 2 (id=291):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
socket$xdp(0x2c, 0x3, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)

3.149016833s ago: executing program 0 (id=292):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={0x0, 0x1, 0x6, @broadcast}, 0x10)

3.1220951s ago: executing program 1 (id=293):
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x10, &(0x7f00000005c0)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x54}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = getpid()
r5 = syz_open_procfs(r4, &(0x7f0000000040)='net/snmp\x00')
pread64(r5, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x4e, '\x00', 0x0, 0x2}, 0x94)
r6 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
futex(0x0, 0x2, 0x1, 0x0, 0x0, 0x0)

3.0908835s ago: executing program 4 (id=294):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[], 0x98}}, 0x0)

3.090491715s ago: executing program 3 (id=295):
r0 = syz_clone(0x80000000, 0x0, 0x59, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000040)='stat\x00')
r3 = landlock_create_ruleset(&(0x7f0000000100)={0x3002, 0x3, 0x2}, 0x18, 0x0)
landlock_restrict_self(r3, 0x1)
pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4)

3.003097164s ago: executing program 0 (id=296):
fsopen(0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)

2.990933051s ago: executing program 2 (id=297):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x0, 0x150, 0x150, 0x0, 0xf8010000, 0x500, 0x238, 0x238, 0x500, 0x238, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1a, 0x3, 0xfffffffb, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

2.878314658s ago: executing program 3 (id=298):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd29, 0x0, {0x2, 0x20, 0x20}, [@RTA_IIF={0x8, 0x3, r1}, @RTA_DST={0x8, 0x1, @multicast1}]}, 0x2c}}, 0x0)

2.876850586s ago: executing program 4 (id=299):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x14}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0xc800)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2000000001030101"], 0x20}}, 0x0)

2.181407676s ago: executing program 2 (id=300):
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x64000600)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)

2.179731477s ago: executing program 4 (id=301):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'})
r1 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0xfffffffffffffffd, 0x410000)
ioctl$SNDRV_PCM_IOCTL_DELAY(r1, 0x80084121, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000040)={[0x4]}, 0x0, 0x8)
prlimit64(0x0, 0xe, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000000a0601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070006000000060004404e2100000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

2.001571221s ago: executing program 0 (id=302):
r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x10000, 0x80000)
ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000200)={0x80000000, 0x4, "79475514cf0bdd158fd78d54597bc8073e0d88a5026a6d9a8b74c7a1b8fc0782", 0x4, 0x1, 0xd, 0x9, 0x1})

1.160962142s ago: executing program 0 (id=303):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r4 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

1.149992604s ago: executing program 2 (id=304):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xfffff4b8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)

1.069445436s ago: executing program 3 (id=305):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xfffff4b8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)

612.837016ms ago: executing program 0 (id=306):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file1\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x444a, &(0x7f0000004480)="$eJzs3b1PHGcaAPB3BnwGfx32ufBJJ91KZ+k+hcDV3WHpMMbGYHOOnNhFmvUCa5tkYS1YohQuSGcpVaQUUQorkdJRWUhp0jh/QpqUTm0pKdJEimSFaHdnMTPsmg3ZhWD9fsXOzvv5wLMzvGNp/caJyr355dz8cq6wmCvP3lk+l3unXFpZKIZ4jzSd/9DezU97uvE5edmYn3cscpq5fvHy67fOhfDl3NfPNjY2NkJVb2hqeMv7H75/MLv12BBn+lTHbTLUoeYz7MabIYTT2+Kq6gkh9IUQohDChaRsLDn2hxCOJ3W3Hrx/O9ehaB4/LZ7PP59+uD5ydmrt0Xqzn70uCuHj0h//dXfh27/0jHzzj9YjfnG0Q6EBAAAAAAAAAAAAAAAAAHAATNy4fvO1oeHwJAq9a9H27+tOJMcW34/t3eiYP78szL+f6NyPDAAAAAAAAAAAAAAAAAAAAL85L77/n4tONfn+/3hyHG3Rf+N/3Y+R7pn8//XxS0PDyf7v0bb6fydF313oCSeb7Pue3f/9QqZ/8/3ft8+zW434GvMOhCgeTJ3H8eBgCJ8mG7+fiY7EpfJy5Z93yiuLcx0L48BK57++e38qO8mG/m3mPx7LjN9i//8O+sO2T1P1/HbnPmKvtHT+e1q2++y9qK3r/2Km317kn91L57+3Vta/tcFo/QZQzf8HvTvnfzwzfrfyfyKEkIuqseZSd4DqGqZa3mq9Qlo6/4dqZalbZ/KLbHX9/5jJ/6XM+Pt1/1/N/iGiqXT+f1cr60u1OFx7reU/3vn6v5wZfz/yX41/tV640d25D750/uu5Dr2pJrXfZLv3/4nM+C3zf/jXxX0zTuI8EaU+AWtRvbzF/1dHRjr/fdvqXzz/xW2t/65k+u/V819j3sbzX+P2/7eo/vxHc+n897ds1+71P5np1+37/2ht/cdupfN/pFaWXjsP1F7bzf9UZvxu5b/2VNLXyP+L+8lPh+vln1j/tSWd/6P1wnhri9Xaa239F+28/r+aGX8/1n/V+Ffj7s76qkjn/1jLdtX8f9XG3/9rmX7dz38IQ/6tb9fS+T/esl3t+u/bOf/Tm+/qY3U7/3/t5uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8BYchwIUTyYOo/jwcEQLibnZ8KRaKYwl58plWffXg5hPCnPhVPR3VJ5plDKzy+W54r5QqlUng3hUlJ/OvRFy6VyJb9QuH95c6z+6F6xsFSZKRYqIYSJpPxP4XhjrJn5ykLhfgjhymbd7+Py0v17hcX83PzSf4eGhobC5GYMJ6Piu5XiYqU+e702hKnNvgPRluBq1Vc3YzkWvVVeWVoslGrl17b0KZVnC6UtfaaTug/DyaiytLI4W6gU86Xy3cZ8+2k0OY5P3njjxrXhbfW3o/pxbG/DAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAXejLyn49CCL31sziEMNp4EzVr//hp8Xz++fTD9ZGzU2uP1p+1agcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DM7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2KVj1ASCKAzAbyZFki7HSLUkXdoNgZAU2SB4Aj2Gh9GjeAnvYGFhayGC7KKuu7CNVt/XPJifmfdgHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw3yPqvH/23tEiqf9Y8Ryulqf5791nX9233+4w4zczs9f9XX6w3SVf9RHmzIf0912NomO2li09qS9T5d9nnvn6tu3vvmavi+RchERZZ2/ppyLYthbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGAHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BUAAP//hkEdVg==")
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
truncate(&(0x7f0000000280)='./file1\x00', 0x1fefff)

402.833205ms ago: executing program 2 (id=307):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
socket$xdp(0x2c, 0x3, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)

237.109515ms ago: executing program 2 (id=308):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x3, 0x800}, &(0x7f0000001200)=<r3=>0x0, &(0x7f0000001040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1})
io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0)

194.964963ms ago: executing program 3 (id=309):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070d0000002a940183"], 0x0}, 0x0)

0s ago: executing program 1 (id=310):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00')
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.134' (ED25519) to the list of known hosts.
[   35.427392][ T6513] cgroup: Unknown subsys name 'net'
[   35.547772][ T6513] cgroup: Unknown subsys name 'cpuset'
[   35.551324][ T6513] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   35.768181][ T6513] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SS
[   38.285677][ T6540] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   38.286341][ T6540] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   38.286636][ T6542] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   38.287247][ T6544] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   38.287931][ T6544] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   38.288298][ T6544] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   38.288688][ T6544] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   38.289201][ T6544] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   38.289523][ T6544] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   38.290408][ T6544] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   38.291074][ T6544] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   38.291569][ T6543] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   38.292254][ T6543] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   38.293449][ T6544] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   38.293993][ T6544] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   38.300401][ T6537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   38.323451][ T6544] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   38.323927][ T6544] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   38.325865][ T6537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   38.326946][ T6544] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   38.327105][ T6544] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   38.336138][ T6529] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   38.340651][ T6529] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   38.349029][ T6529] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   38.352225][ T6529] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   38.691976][ T6526] chnl_net:caif_netlink_parms(): no params data found
[   38.749534][ T6527] chnl_net:caif_netlink_parms(): no params data found
[   38.764885][ T6524] chnl_net:caif_netlink_parms(): no params data found
[   38.777077][ T6525] chnl_net:caif_netlink_parms(): no params data found
[   38.854413][ T6538] chnl_net:caif_netlink_parms(): no params data found
[   38.860455][ T6526] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.860625][ T6526] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.860760][ T6526] bridge_slave_0: entered allmulticast mode
[   38.861695][ T6526] bridge_slave_0: entered promiscuous mode
[   38.863816][ T6526] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.863865][ T6526] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.863993][ T6526] bridge_slave_1: entered allmulticast mode
[   38.864811][ T6526] bridge_slave_1: entered promiscuous mode
[   38.943982][ T6524] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.946044][ T6524] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.946182][ T6524] bridge_slave_0: entered allmulticast mode
[   38.947193][ T6524] bridge_slave_0: entered promiscuous mode
[   38.948565][ T6524] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.948626][ T6524] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.948737][ T6524] bridge_slave_1: entered allmulticast mode
[   38.949650][ T6524] bridge_slave_1: entered promiscuous mode
[   38.952523][ T6526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.954607][ T6526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.966941][ T6525] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.967027][ T6525] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.967129][ T6525] bridge_slave_0: entered allmulticast mode
[   38.968071][ T6525] bridge_slave_0: entered promiscuous mode
[   38.979094][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.979164][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.979262][ T6527] bridge_slave_0: entered allmulticast mode
[   38.980122][ T6527] bridge_slave_0: entered promiscuous mode
[   39.008879][ T6525] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.011057][ T6525] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.013375][ T6525] bridge_slave_1: entered allmulticast mode
[   39.016722][ T6525] bridge_slave_1: entered promiscuous mode
[   39.033242][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.033320][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.033443][ T6527] bridge_slave_1: entered allmulticast mode
[   39.034275][ T6527] bridge_slave_1: entered promiscuous mode
[   39.036875][ T6525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.038426][ T6525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.049292][ T6524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.051777][ T6526] team0: Port device team_slave_0 added
[   39.053265][ T6526] team0: Port device team_slave_1 added
[   39.082802][ T6524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.120695][ T6525] team0: Port device team_slave_0 added
[   39.123233][ T6526] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.123290][ T6526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.123353][ T6526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.124801][ T6526] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.124859][ T6526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.124893][ T6526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.138508][ T6538] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.138601][ T6538] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.138738][ T6538] bridge_slave_0: entered allmulticast mode
[   39.139607][ T6538] bridge_slave_0: entered promiscuous mode
[   39.142898][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.144773][ T6524] team0: Port device team_slave_0 added
[   39.150909][ T6525] team0: Port device team_slave_1 added
[   39.162989][ T6538] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.163083][ T6538] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.163215][ T6538] bridge_slave_1: entered allmulticast mode
[   39.164106][ T6538] bridge_slave_1: entered promiscuous mode
[   39.166613][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.174568][ T6524] team0: Port device team_slave_1 added
[   39.229345][ T6524] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.231731][ T6524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.239376][ T6524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.249016][ T6525] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.251006][ T6525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.255459][ T6525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.256623][ T6525] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.256650][ T6525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.256682][ T6525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.277663][ T6538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.279820][ T6527] team0: Port device team_slave_0 added
[   39.282371][ T6538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.283303][ T6524] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.283327][ T6524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.283366][ T6524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.293390][ T6526] hsr_slave_0: entered promiscuous mode
[   39.293976][ T6526] hsr_slave_1: entered promiscuous mode
[   39.305845][ T6527] team0: Port device team_slave_1 added
[   39.319135][ T6525] hsr_slave_0: entered promiscuous mode
[   39.319701][ T6525] hsr_slave_1: entered promiscuous mode
[   39.320006][ T6525] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.320083][ T6525] Cannot create hsr debugfs directory
[   39.355157][ T6538] team0: Port device team_slave_0 added
[   39.378927][ T6524] hsr_slave_0: entered promiscuous mode
[   39.381150][ T6524] hsr_slave_1: entered promiscuous mode
[   39.383221][ T6524] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.385647][ T6524] Cannot create hsr debugfs directory
[   39.394232][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.394295][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.394333][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.400858][ T6538] team0: Port device team_slave_1 added
[   39.427570][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.427629][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.427667][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.483178][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.483237][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.483641][ T6538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.505189][ T6527] hsr_slave_0: entered promiscuous mode
[   39.507445][ T6527] hsr_slave_1: entered promiscuous mode
[   39.509506][ T6527] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.510160][ T6527] Cannot create hsr debugfs directory
[   39.522953][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.523013][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.523053][ T6538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.633123][ T6538] hsr_slave_0: entered promiscuous mode
[   39.634690][ T6538] hsr_slave_1: entered promiscuous mode
[   39.635159][ T6538] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.635189][ T6538] Cannot create hsr debugfs directory
[   39.810965][ T6525] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   39.816476][ T6525] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   39.831419][ T6525] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   39.834971][ T6525] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   39.875874][ T6524] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   39.882885][ T6524] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   39.893074][ T6524] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   39.905960][ T6524] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   39.947796][ T6526] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   39.951535][ T6526] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   39.956709][ T6526] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   39.961401][ T6526] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   40.035758][ T6525] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.044248][ T6526] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.046917][ T6527] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   40.050787][ T6527] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   40.054368][ T6527] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   40.060820][ T6527] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   40.092304][ T6525] 8021q: adding VLAN 0 to HW filter on device team0
[   40.102848][ T6538] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   40.117622][ T6538] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   40.123009][  T263] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.123163][  T263] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.126533][ T6538] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   40.129910][ T6538] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   40.172025][  T236] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.172105][  T236] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.186941][ T6526] 8021q: adding VLAN 0 to HW filter on device team0
[   40.189015][ T6525] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   40.189051][ T6525] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   40.208835][ T6524] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.225185][ T6524] 8021q: adding VLAN 0 to HW filter on device team0
[   40.239512][ T4589] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.239607][ T4589] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.241479][ T4589] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.241526][ T4589] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.258487][ T4589] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.258571][ T4589] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.273427][ T4491] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.273507][ T4491] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.318743][ T6529] Bluetooth: hci3: command tx timeout
[   40.318746][ T6541] Bluetooth: hci1: command tx timeout
[   40.327836][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.366431][ T6527] 8021q: adding VLAN 0 to HW filter on device team0
[   40.391714][ T6525] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.395171][ T6541] Bluetooth: hci4: command tx timeout
[   40.395841][ T6529] Bluetooth: hci2: command tx timeout
[   40.396058][ T6529] Bluetooth: hci0: command tx timeout
[   40.402416][ T6538] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.422134][ T4589] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.422242][ T4589] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.423095][ T4589] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.423137][ T4589] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.448848][ T6538] 8021q: adding VLAN 0 to HW filter on device team0
[   40.479042][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.479138][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.480570][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.480625][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.510807][ T6527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   40.519336][ T6527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   40.592495][ T6526] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.657456][ T6526] veth0_vlan: entered promiscuous mode
[   40.669474][ T6526] veth1_vlan: entered promiscuous mode
[   40.682028][ T6524] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.688084][ T6526] veth0_macvtap: entered promiscuous mode
[   40.718371][ T6526] veth1_macvtap: entered promiscuous mode
[   40.726367][ T6524] veth0_vlan: entered promiscuous mode
[   40.731301][ T6526] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.739003][ T6526] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.743732][ T6526] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.746857][ T6526] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.749513][ T6526] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.752120][ T6526] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.766142][ T6524] veth1_vlan: entered promiscuous mode
[   40.826469][ T6525] veth0_vlan: entered promiscuous mode
[   40.831159][ T6525] veth1_vlan: entered promiscuous mode
[   40.834666][ T6524] veth0_macvtap: entered promiscuous mode
[   40.865995][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.879182][ T6525] veth0_macvtap: entered promiscuous mode
[   40.882278][ T6524] veth1_macvtap: entered promiscuous mode
[   40.886778][ T6538] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.897844][ T6525] veth1_macvtap: entered promiscuous mode
[   40.919183][ T6525] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.923036][  T256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.923119][  T256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.940695][ T6527] veth0_vlan: entered promiscuous mode
[   40.957968][ T6525] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.962994][ T6524] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.964844][ T6524] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.974742][ T6538] veth0_vlan: entered promiscuous mode
[   40.980862][ T6525] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.980926][ T6525] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.981135][ T6525] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.981166][ T6525] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.984597][ T6527] veth1_vlan: entered promiscuous mode
[   40.994473][ T6524] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.994542][ T6524] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.994761][ T6524] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.994792][ T6524] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   41.011737][ T6538] veth1_vlan: entered promiscuous mode
[   41.034423][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.034475][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.052664][ T6527] veth0_macvtap: entered promiscuous mode
[   41.084082][ T6538] veth0_macvtap: entered promiscuous mode
[   41.088825][ T6527] veth1_macvtap: entered promiscuous mode
[   41.109540][ T6538] veth1_macvtap: entered promiscuous mode
[   41.117417][ T4491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.117488][ T4491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.131827][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.147858][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.150539][ T6526] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   41.158763][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.177782][ T1810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.177839][ T1810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.189240][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.200120][ T6527] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   41.200208][ T6527] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   41.200247][ T6527] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   41.200284][ T6527] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   41.277890][ T6538] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   41.277971][ T6538] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   41.281748][ T6538] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   41.281811][ T6538] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   41.321555][  T236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.321625][  T236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.409609][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.414124][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.095080][ T4589] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.095130][ T4589] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.107752][ T4491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.107808][ T4491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.179979][ T1810] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.180036][ T1810] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.242711][  T236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.242776][  T236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.528553][ T6541] Bluetooth: hci3: command tx timeout
[   42.529681][   T52] Bluetooth: hci1: command tx timeout
[   42.530332][   T52] Bluetooth: hci4: command tx timeout
[   42.530390][   T52] Bluetooth: hci0: command tx timeout
[   42.530425][   T52] Bluetooth: hci2: command tx timeout
[   44.696687][ T6529] Bluetooth: hci0: command tx timeout
[   44.698330][   T52] Bluetooth: hci4: command tx timeout
[   44.698413][   T52] Bluetooth: hci1: command tx timeout
[   44.701917][ T6541] Bluetooth: hci2: command tx timeout
[   45.480039][ T6541] Bluetooth: hci3: command tx timeout
[   45.629113][ T6671] syz_tun: entered allmulticast mode
[   45.930754][ T6666] syz_tun: left allmulticast mode
[   47.073815][ T6673] loop3: detected capacity change from 0 to 32768
[   47.085143][ T6537] Bluetooth: hci2: command tx timeout
[   47.085205][ T6537] Bluetooth: hci0: command tx timeout
[   47.085259][ T6537] Bluetooth: hci1: command tx timeout
[   47.085293][ T6537] Bluetooth: hci4: command tx timeout
[   48.053074][ T6541] Bluetooth: hci3: command tx timeout
[   48.286178][ T6673] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4 (6673)
[   48.911945][ T6673] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   48.912096][ T6673] BTRFS info (device loop3): using sha256 (sha256-arm64) checksum algorithm
[   48.912166][ T6673] BTRFS info (device loop3): using free-space-tree
[   48.975526][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[   48.988144][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[   48.991859][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[   49.015428][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[   49.015675][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[   49.015874][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[   49.016066][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[   49.016345][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[   49.016545][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[   49.016763][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[   49.017130][ T6673] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[   49.130697][ T6716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   49.139473][ T6716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   49.168913][ T6673] BTRFS error (device loop3): open_ctree failed: -12
[   49.424537][ T6721] netlink: 28 bytes leftover after parsing attributes in process `syz.0.16'.
[   49.614026][ T6721] loop0: detected capacity change from 0 to 2048
[   49.847135][ T6721] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   49.851818][ T6721] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   50.235729][ T6733] loop1: detected capacity change from 0 to 8
[   50.237022][ T6733] MTD: Attempt to mount non-MTD device "/dev/loop1"
[   50.348868][ T6518] udevd[6518]: incorrect cramfs checksum on /dev/loop1
[   50.366599][ T6738] process 'syz.1.22' launched './file2' with NULL argv: empty string added
[   50.369777][ T6738] cramfs: Error -5 while decompressing!
[   50.371838][ T6738] cramfs: 0000000048ac8ba0(26)->000000005293f364(4096)
[   50.373851][ T6738] cramfs: Error -3 while decompressing!
[   50.382316][ T6738] cramfs: 0000000029890f2f(26)->000000003c7ef33b(4096)
[   50.384394][ T6738] cramfs: Error -3 while decompressing!
[   50.386206][ T6738] cramfs: 00000000c886298f(16)->00000000b750def1(4096)
[   50.388278][ T6738] cramfs: Error -5 while decompressing!
[   50.390037][ T6738] cramfs: 0000000048ac8ba0(26)->000000005293f364(4096)
[   50.556520][ T6518] udevd[6518]: incorrect cramfs checksum on /dev/loop1
[   50.603724][ T6718] loop4: detected capacity change from 0 to 32768
[   50.652876][ T6718] 
[   50.652876][ T6718]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   50.652876][ T6718] 
[   50.731191][ T6737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20'.
[   51.515370][ T6662] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   53.284317][ T6662] usb 1-1: Using ep0 maxpacket: 16
[   53.291863][ T6662] usb 1-1: device descriptor read/all, error -71
[   53.316121][ T6718] ERROR: (device loop4): diWrite: ixpxd invalid
[   53.316121][ T6718] 
[   53.325664][ T6718] ERROR: (device loop4): txAbort: 
[   53.325664][ T6718] 
[   53.352710][ T6752] 
[   53.352710][ T6752]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   53.352710][ T6752] 
[   53.352962][ T6752] 
[   53.352962][ T6752]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   53.352962][ T6752] 
[   53.353017][ T6752] 
[   53.353017][ T6752]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   53.353017][ T6752] 
[   53.354996][   T99] 
[   53.354996][   T99]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   53.354996][   T99] 
[   53.441665][ T6525] 
[   53.441665][ T6525]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   53.441665][ T6525] 
[   53.472742][ T6525] 
[   53.472742][ T6525]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   53.472742][ T6525] 
[   53.515411][ T6737] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   54.517818][ T6767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.29'.
[   54.793857][ T6769] netlink: 12 bytes leftover after parsing attributes in process `syz.0.30'.
[   55.209726][ T6776] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   55.258253][ T6756] loop3: detected capacity change from 0 to 40427
[   55.411391][ T6586] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   55.835639][ T6778] loop4: detected capacity change from 0 to 1024
[   55.839295][ T6778] =======================================================
[   55.839295][ T6778] WARNING: The mand mount option has been deprecated and
[   55.839295][ T6778]          and is ignored by this kernel. Remove the mand
[   55.839295][ T6778]          option from the mount to silence this warning.
[   55.839295][ T6778] =======================================================
[   55.886390][ T6586] usb 1-1: Using ep0 maxpacket: 16
[   55.955267][ T6586] usb 1-1: config 5 has an invalid interface number: 168 but max is 0
[   55.955425][ T6586] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[   55.955475][ T6586] usb 1-1: config 5 has no interface number 0
[   55.955518][ T6586] usb 1-1: config 5 interface 168 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   55.955553][ T6586] usb 1-1: config 5 interface 168 has no altsetting 0
[   55.985953][ T6756] F2FS-fs (loop3): heap/no_heap options were deprecated
[   55.986074][ T6756] F2FS-fs (loop3): build fault injection rate: 19
[   55.986125][ T6756] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[   55.988837][ T6756] F2FS-fs (loop3): invalid crc value
[   55.997210][ T6586] usb 1-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[   55.997268][ T6586] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.997299][ T6586] usb 1-1: Product: syz
[   55.997325][ T6586] usb 1-1: Manufacturer: syz
[   55.997361][ T6586] usb 1-1: SerialNumber: syz
[   56.012519][ T6778] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.043427][ T6756] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x4e8/0x7ac
[   56.064922][ T6782] loop2: detected capacity change from 0 to 4096
[   56.092433][ T6756] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x1b0/0x3b0
[   56.096912][ T6790] Zero length message leads to an empty skb
[   56.111469][ T6782] NILFS (loop2): invalid segment: Checksum error in segment payload
[   56.111571][ T6782] NILFS (loop2): trying rollback from an earlier position
[   56.112092][ T6782] NILFS (loop2): invalid segment: Checksum error in segment payload
[   56.112116][ T6782] NILFS (loop2): error -22 while searching super root
[   56.120219][ T6525] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.170957][ T6756] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   56.181147][ T6756] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x19c/0x9ac
[   56.222577][ T6756] F2FS-fs (loop3): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x1e7c/0x32e0
[   56.222978][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.3.27 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[   56.223004][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   56.223012][ T6756] Call trace:
[   56.223016][ T6756]  show_stack+0x2c/0x3c (C)
[   56.223032][ T6756]  __dump_stack+0x30/0x40
[   56.223048][ T6756]  dump_stack_lvl+0xd8/0x12c
[   56.223063][ T6756]  dump_stack+0x1c/0x28
[   56.223077][ T6756]  f2fs_handle_critical_error+0x34c/0x4b8
[   56.223090][ T6756]  f2fs_stop_checkpoint+0x5c/0x70
[   56.223104][ T6756]  f2fs_balance_fs+0x278/0x670
[   56.223119][ T6756]  f2fs_map_blocks+0x1e7c/0x32e0
[   56.223131][ T6756]  f2fs_expand_inode_data+0x2c8/0x958
[   56.223146][ T6756]  f2fs_fallocate+0x378/0x8ec
[   56.223159][ T6756]  vfs_fallocate+0x5cc/0x73c
[   56.223173][ T6756]  __arm64_sys_fallocate+0xbc/0x10c
[   56.223185][ T6756]  invoke_syscall+0x98/0x2b8
[   56.223196][ T6756]  el0_svc_common+0x130/0x23c
[   56.223206][ T6756]  do_el0_svc+0x48/0x58
[   56.223216][ T6756]  el0_svc+0x58/0x180
[   56.223229][ T6756]  el0t_64_sync_handler+0x84/0x12c
[   56.223240][ T6756]  el0t_64_sync+0x198/0x19c
[   56.240678][ T6586] pn533_usb 1-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint
[   56.244444][ T6586] usb 1-1: USB disconnect, device number 4
[   56.256459][ T6756] F2FS-fs (loop3): Stopped filesystem due to reason: 1
[   57.508665][ T6820] loop4: detected capacity change from 0 to 512
[   57.509650][ T6820] EXT4-fs: Ignoring removed bh option
[   57.632805][ T6821] loop1: detected capacity change from 0 to 512
[   57.714252][ T6820] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   58.604243][ T6821] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   58.685424][ T6820] EXT4-fs (loop4): 1 truncate cleaned up
[   58.686394][ T6820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.874086][ T6524] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   60.074503][ T6831] loop3: detected capacity change from 0 to 8
[   60.086104][ T6831] MTD: Attempt to mount non-MTD device "/dev/loop3"
[   60.123598][ T6518] udevd[6518]: incorrect cramfs checksum on /dev/loop3
[   61.249532][ T6834] cramfs: Error -5 while decompressing!
[   61.249613][ T6834] cramfs: 000000000f97945d(26)->000000001ea979fd(4096)
[   61.249673][ T6834] cramfs: Error -3 while decompressing!
[   61.249698][ T6834] cramfs: 000000003c7f706c(26)->00000000af343ffa(4096)
[   61.249732][ T6834] cramfs: Error -3 while decompressing!
[   61.249756][ T6834] cramfs: 00000000ab59e69d(16)->00000000c039176e(4096)
[   61.249826][ T6834] cramfs: Error -5 while decompressing!
[   61.249851][ T6834] cramfs: 000000000f97945d(26)->000000001ea979fd(4096)
[   61.579577][ T6518] udevd[6518]: incorrect cramfs checksum on /dev/loop3
[   61.725364][ T6518] udevd[6518]: incorrect cramfs checksum on /dev/loop3
[   61.819072][ T6518] udevd[6518]: incorrect cramfs checksum on /dev/loop3
[   61.929427][ T6846] loop1: detected capacity change from 0 to 256
[   61.930893][ T6846] exfat: Deprecated parameter 'utf8'
[   61.930945][ T6846] exfat: Deprecated parameter 'namecase'
[   62.004859][ T6846] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[   62.016892][ T6846] loop1: Can't mount, would change RO state
[   62.057933][ T6525] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.112216][ T6863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   62.112517][ T6863] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   62.125109][ T6857] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input2
[   62.168633][ T6868] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   63.222474][ T6875] loop1: detected capacity change from 0 to 128
[   63.227760][ T6875] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   63.228268][ T6875] hpfs: hpfs_map_sector(): read error
[   63.242458][ T6882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   63.242816][ T6882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   63.658872][   T26] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   64.197089][   T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.197155][   T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   64.205196][   T26] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[   64.205242][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.366506][ T6888] loop3: detected capacity change from 0 to 32768
[   64.399326][ T6899] loop2: detected capacity change from 0 to 40427
[   64.401265][   T26] usb 1-1: config 0 descriptor??
[   64.465420][ T6899] F2FS-fs (loop2): invalid crc value
[   64.483539][ T6899] F2FS-fs (loop2): Start checkpoint disabled!
[   64.488484][ T6888] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.60 (6888)
[   64.496674][ T6899] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   64.529186][ T6888] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   64.529312][ T6888] BTRFS info (device loop3): using sha256 (sha256-arm64) checksum algorithm
[   64.529372][ T6888] BTRFS info (device loop3): using free-space-tree
[   64.877266][ T2404] ieee802154 phy0 wpan0: encryption failed: -22
[   64.877413][ T2404] ieee802154 phy1 wpan1: encryption failed: -22
[   64.998609][   T26] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0
[   64.998735][   T26] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0
[   66.236812][   T26] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0
[   66.397590][ T6888] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[   66.397996][ T6888] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[   66.398170][ T6888] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[   66.398337][ T6888] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[   66.398516][ T6888] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[   67.872854][ T6888] BTRFS error (device loop3): open_ctree failed: -12
[   68.032713][   T26] usb 1-1: USB disconnect, device number 5
[   68.169190][    T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   68.173546][ T6941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.173883][ T6941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.181336][ T4589] kworker/u8:9: attempt to access beyond end of device
[   68.181336][ T4589] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   68.181977][ T4589] CPU: 1 UID: 0 PID: 4589 Comm: kworker/u8:9 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[   68.181996][ T4589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   68.182003][ T4589] Workqueue: writeback wb_workfn (flush-7:2)
[   68.182025][ T4589] Call trace:
[   68.182029][ T4589]  show_stack+0x2c/0x3c (C)
[   68.182043][ T4589]  __dump_stack+0x30/0x40
[   68.182057][ T4589]  dump_stack_lvl+0xd8/0x12c
[   68.182070][ T4589]  dump_stack+0x1c/0x28
[   68.182083][ T4589]  f2fs_handle_critical_error+0x34c/0x4b8
[   68.182095][ T4589]  f2fs_stop_checkpoint+0x5c/0x70
[   68.182108][ T4589]  f2fs_write_end_io+0x58c/0x818
[   68.182120][ T4589]  bio_endio+0x804/0x840
[   68.182132][ T4589]  submit_bio_noacct+0x158/0x176c
[   68.182145][ T4589]  submit_bio+0x354/0x4d4
[   68.182157][ T4589]  f2fs_submit_write_bio+0x13c/0x324
[   68.182168][ T4589]  __submit_merged_bio+0x254/0x704
[   68.182179][ T4589]  __submit_merged_write_cond+0x23c/0x4ac
[   68.182190][ T4589]  f2fs_write_data_pages+0x1d28/0x2634
[   68.182202][ T4589]  do_writepages+0x270/0x468
[   68.182216][ T4589]  __writeback_single_inode+0x15c/0x13e8
[   68.182229][ T4589]  writeback_sb_inodes+0x558/0xe38
[   68.182242][ T4589]  wb_writeback+0x3cc/0xd70
[   68.182254][ T4589]  wb_workfn+0x338/0xdc0
[   68.182266][ T4589]  process_one_work+0x7e8/0x155c
[   68.182279][ T4589]  worker_thread+0x958/0xed8
[   68.182292][ T4589]  kthread+0x5fc/0x75c
[   68.182304][ T4589]  ret_from_fork+0x10/0x20
[   68.182317][ T4589] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   68.236533][    T9] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   68.413753][ T6946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.71'.
[   68.634590][ T6947] fido_id[6947]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   69.439305][ T6962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.452447][ T6962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.513140][ T6965] syz.4.77 uses obsolete (PF_INET,SOCK_PACKET)
[   69.592359][ T6967] loop3: detected capacity change from 0 to 512
[   69.621176][ T6967] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   69.665132][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   69.673754][ T6527] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   69.737808][ T6972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.738156][ T6972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.800940][ T6974] loop4: detected capacity change from 0 to 1024
[   69.817025][ T6974] EXT4-fs: Ignoring removed bh option
[   69.832947][ T6963] loop1: detected capacity change from 0 to 32768
[   69.835194][    T9] usb 1-1: Using ep0 maxpacket: 16
[   69.838204][    T9] usb 1-1: config 5 has an invalid interface number: 168 but max is 0
[   69.838264][    T9] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[   69.838305][    T9] usb 1-1: config 5 has no interface number 0
[   69.838338][    T9] usb 1-1: config 5 interface 168 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[   69.838370][    T9] usb 1-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   69.838415][    T9] usb 1-1: config 5 interface 168 has no altsetting 0
[   69.856298][ T6974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.864258][    T9] usb 1-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[   69.864320][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.864361][    T9] usb 1-1: Product: syz
[   69.864398][    T9] usb 1-1: Manufacturer: syz
[   69.864426][    T9] usb 1-1: SerialNumber: syz
[   69.902431][ T6963] btrfs: Unknown parameter 'permit_directio'
[   69.914405][ T6525] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.006142][ T2277] cfg80211: failed to load regulatory.db
[   70.096990][    T9] pn533_usb 1-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint
[   70.105328][    T9] usb 1-1: USB disconnect, device number 6
[   71.107956][ T6978] loop2: detected capacity change from 0 to 32768
[   71.124135][ T6978] XFS: attr2 mount option is deprecated.
[   71.154148][ T6978] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[   71.167927][ T6978] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   71.924066][ T6978] XFS (loop2): Ending clean mount
[   71.946435][ T6978] XFS (loop2): Quotacheck needed: Please wait.
[   72.055494][ T7020] loop4: detected capacity change from 0 to 512
[   72.058395][ T7020] EXT4-fs: Ignoring removed orlov option
[   72.060176][ T6978] XFS (loop2): Quotacheck: Done.
[   72.067432][ T7018] loop0: detected capacity change from 0 to 1024
[   72.130442][ T7020] EXT4-fs (loop4): VFS: Can't find ext4 filesystem
[   72.345497][ T6526] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   73.925305][ T7034] netlink: del zone limit has 4 unknown bytes
[   74.609372][ T7041] netlink: 56 bytes leftover after parsing attributes in process `syz.4.96'.
[   74.612956][ T7041] netlink: 24 bytes leftover after parsing attributes in process `syz.4.96'.
[   74.696259][ T7043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   74.701834][ T7043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.597311][ T7049] loop1: detected capacity change from 0 to 128
[   76.656802][ T7049] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   76.656924][ T7049] FAT-fs (loop1): bogus number of directory entries (203)
[   76.656970][ T7049] FAT-fs (loop1): Can't find a valid FAT filesystem
[   76.736043][ T7055] loop2: detected capacity change from 0 to 2048
[   76.742172][ T7055] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   76.903415][ T7056] netlink: 40 bytes leftover after parsing attributes in process `syz.2.103'.
[   76.953766][ T7058] loop4: detected capacity change from 0 to 128
[   76.975158][ T7058] EXT4-fs warning (device loop4): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck.
[   76.975223][ T7058] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[   77.873055][   T31] audit: type=1326 audit(76.890:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873125][   T31] audit: type=1326 audit(76.890:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=179 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873173][   T31] audit: type=1326 audit(76.890:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873209][   T31] audit: type=1326 audit(76.890:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873244][   T31] audit: type=1326 audit(76.890:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873278][   T31] audit: type=1326 audit(76.890:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873314][   T31] audit: type=1326 audit(76.890:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873348][   T31] audit: type=1326 audit(76.900:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=7 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873383][   T31] audit: type=1326 audit(76.900:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   77.873418][   T31] audit: type=1326 audit(76.900:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7057 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=159 compat=0 ip=0xffffb915cc28 code=0x7ffc0000
[   78.561499][ T7069] dvmrp8: entered allmulticast mode
[   78.580203][ T7069] 9pnet_fd: Insufficient options for proto=fd
[   79.151378][ T7072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   79.151466][ T7072] batman_adv: batadv0: Removing interface: batadv_slave_0
[   79.202518][ T7072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   79.202613][ T7072] batman_adv: batadv0: Removing interface: batadv_slave_1
[   79.237874][ T7076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.240516][ T7076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.239791][ T7087] loop1: detected capacity change from 0 to 8
[   80.240403][ T7087] MTD: Attempt to mount non-MTD device "/dev/loop1"
[   80.298148][ T7090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.330024][ T7090] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.335528][ T7077] loop4: detected capacity change from 0 to 32768
[   80.338401][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop1
[   80.342318][ T7077] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.110 (7077)
[   80.352099][ T7077] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   80.352200][ T7077] BTRFS info (device loop4): using sha256 (sha256-arm64) checksum algorithm
[   80.352239][ T7077] BTRFS info (device loop4): using free-space-tree
[   80.367040][ T7094] loop0: detected capacity change from 0 to 736
[   80.419442][ T7077] BTRFS info (device loop4): rebuilding free space tree
[   80.606500][ T7117] loop1: detected capacity change from 0 to 64
[   80.638875][ T7117] hfs: request for non-existent node 1280 in B*Tree
[   80.638986][ T7117] hfs: request for non-existent node 1280 in B*Tree
[   80.775301][ T6525] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   80.810657][ T7121] loop1: detected capacity change from 0 to 1024
[   80.859591][ T7121] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.047054][ T7130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.047377][ T7130] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.313365][ T7131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.318703][ T7131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   83.071693][ T6537] Bluetooth: hci0: command 0x0406 tx timeout
[   83.098532][ T7124] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   83.122882][ T7119] loop0: detected capacity change from 0 to 32768
[   84.341220][ T7119] workqueue: Failed to create a rescuer kthread for wq "bcachefs_btree_read_complete": -EINTR
[   84.341327][ T7119] bcachefs (loop0): shutdown complete
[   84.510452][ T7119] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc
[   84.520494][ T7141] loop2: detected capacity change from 0 to 512
[   84.523062][ T7141] EXT4-fs: Ignoring removed bh option
[   84.527599][ T7141] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   85.047328][ T7141] EXT4-fs (loop2): 1 truncate cleaned up
[   85.160925][ T7141] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.227793][ T7147] loop3: detected capacity change from 0 to 8
[   85.228469][ T7147] MTD: Attempt to mount non-MTD device "/dev/loop3"
[   85.461923][ T6871] udevd[6871]: incorrect cramfs checksum on /dev/loop3
[   85.478135][ T6526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.552911][ T6524] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.569360][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop3
[   85.736656][ T7149] loop0: detected capacity change from 0 to 256
[   85.800230][ T7149] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0xb81e6d3a, utbl_chksum : 0xe619d30d)
[   85.822837][ T7149] exFAT-fs (loop0): valid_size(150994954) is greater than size(0)
[   86.077627][ T7170] syz_tun: entered allmulticast mode
[   86.614374][ T7160] syz_tun: left allmulticast mode
[   86.895198][   T31] kauditd_printk_skb: 20 callbacks suppressed
[   86.895260][   T31] audit: type=1326 audit(86.440:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7174 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15cc28 code=0x7fc00000
[   87.463986][ T7185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   87.464289][ T7185] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.658705][   T31] audit: type=1326 audit(87.250:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7174 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffaa15cc28 code=0x7fc00000
[   87.658907][   T31] audit: type=1326 audit(87.250:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7174 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15cc28 code=0x7fc00000
[   87.659364][   T31] audit: type=1326 audit(87.250:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7174 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15cc28 code=0x7fc00000
[   88.247464][ T7198] loop3: detected capacity change from 0 to 8
[   88.249910][ T7198] MTD: Attempt to mount non-MTD device "/dev/loop3"
[   88.262225][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop3
[   88.296490][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop3
[   88.312113][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop3
[   88.561896][ T7215] capability: warning: `syz.4.151' uses deprecated v2 capabilities in a way that may be insecure
[   88.589318][ T7217] netlink: 76 bytes leftover after parsing attributes in process `syz.0.152'.
[   88.604901][ T7210] loop2: detected capacity change from 0 to 4096
[   88.628223][ T7210] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.847154][ T7210] EXT4-fs (loop2): Test dummy encryption mode enabled
[   89.051111][ T7230] loop0: detected capacity change from 0 to 64
[   89.670882][ T7232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.146'.
[   89.670922][ T7232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.146'.
[   90.212703][ T7210] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.381009][ T7212] loop3: detected capacity change from 0 to 32768
[   90.389353][ T7231] loop1: detected capacity change from 0 to 40427
[   90.419006][ T6526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.425142][ T7231] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[   90.425197][ T7231] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   90.431494][ T7231] F2FS-fs (loop1): Invalid segment/section count (31, 0 x 1)
[   90.431557][ T7231] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   90.807391][ T6662] Process accounting resumed
[   91.103112][ T7248] loop4: detected capacity change from 0 to 1024
[   91.182921][ T7253] loop1: detected capacity change from 0 to 8
[   91.191014][ T7253] MTD: Attempt to mount non-MTD device "/dev/loop1"
[   91.201282][   T42] hfsplus: b-tree write err: -5, ino 4
[   91.908814][ T7258] loop2: detected capacity change from 0 to 8
[   91.915243][ T7258] Filesystem uses "unknown" compression. This is not supported
[   92.067769][ T7260] loop0: detected capacity change from 0 to 32768
[   92.074208][ T7260] (syz.0.165,7260,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   92.075832][ T7260] (syz.0.165,7260,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   92.106481][ T7260] JBD2: Ignoring recovery information on journal
[   92.120209][ T7039] udevd[7039]: incorrect cramfs checksum on /dev/loop1
[   92.166359][ T7268] loop3: detected capacity change from 0 to 512
[   92.167043][ T7268] EXT4-fs: Ignoring removed nobh option
[   92.204626][ T7260] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   92.222243][ T7268] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[   92.296938][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop1
[   92.317306][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop1
[   92.369881][ T7268] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.166: attempt to clear invalid blocks 1 len 1
[   92.382376][ T7268] EXT4-fs (loop3): Remounting filesystem read-only
[   92.382899][ T7268] EXT4-fs (loop3): 1 truncate cleaned up
[   92.387786][ T7268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.954313][ T6527] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.974559][ T7280] loop1: detected capacity change from 0 to 512
[   92.977224][ T7280] EXT4-fs (loop1): Invalid log cluster size: 65536
[   93.121510][ T7283] geneve0: entered promiscuous mode
[   93.160319][ T6538] ocfs2: Unmounting device (7,0) on (node local)
[   93.430175][ T7281] geneve0: left promiscuous mode
[   94.391481][ T7305] netlink: 52 bytes leftover after parsing attributes in process `syz.2.178'.
[   94.484656][ T7308] loop1: detected capacity change from 0 to 8
[   94.488749][ T7308] MTD: Attempt to mount non-MTD device "/dev/loop1"
[   94.501476][ T6531] udevd[6531]: incorrect cramfs checksum on /dev/loop1
[   94.670813][ T7297] loop3: detected capacity change from 0 to 32768
[   94.747682][ T7297] jfs_strtoUCS: char2uni returned -22.
[   94.750916][ T7297] charset = cp949, char = 0xd4
[   94.899032][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   94.960511][ T7318] 9pnet_fd: Insufficient options for proto=fd
[   94.982764][ T7318] netlink: 12 bytes leftover after parsing attributes in process `syz.2.182'.
[   95.455325][ T7321] netlink: 28 bytes leftover after parsing attributes in process `syz.1.183'.
[   95.922141][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.922219][   T24] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   95.922274][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.063955][   T24] usb 1-1: config 0 descriptor??
[   96.169863][ T7332] loop3: detected capacity change from 0 to 256
[   96.172627][ T7332] exfat: Unknown parameter 'iocharseUõP9­EJit'
[   97.083879][   T24] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor
[   97.091628][   T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0003/input/input3
[   97.740420][ T7312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.743541][ T7312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.863530][ T7332] loop3: detected capacity change from 0 to 32768
[   97.870316][ T7332] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.188 (7332)
[   97.912130][ T7332] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   97.912235][ T7332] BTRFS info (device loop3): using sha256 (sha256-arm64) checksum algorithm
[   97.912275][ T7332] BTRFS info (device loop3): using free-space-tree
[   98.418715][   T24] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[   98.685338][   T24] usb 1-1: USB disconnect, device number 7
[   99.930950][ T7381] loop2: detected capacity change from 0 to 128
[   99.961754][ T6527] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  100.311110][ T7398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  100.311421][ T7398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  100.312943][ T7392] loop2: detected capacity change from 0 to 8192
[  100.320547][ T7392] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  101.454078][ T7396] fido_id[7396]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  101.522376][ T7402] syzkaller0: entered promiscuous mode
[  101.524022][ T7402] syzkaller0: entered allmulticast mode
[  101.560563][ T7420] loop4: detected capacity change from 0 to 64
[  101.703897][ T7422] block device autoloading is deprecated and will be removed.
[  102.238764][ T7424] loop4: detected capacity change from 0 to 65536
[  102.264500][ T7424] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  102.294733][ T7424] XFS (loop4): Ending clean mount
[  102.299504][ T7424] XFS (loop4): Quotacheck needed: Please wait.
[  102.328146][ T7424] XFS (loop4): Quotacheck: Done.
[  102.350773][ T6525] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  102.518571][ T7435] loop4: detected capacity change from 0 to 2048
[  102.521844][ T7435] EXT4-fs (loop4): bad s_min_extra_isize: 1568
[  104.584885][ T7462] loop4: detected capacity change from 0 to 2048
[  104.598476][ T7462] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  104.790792][ T7468] loop4: detected capacity change from 0 to 64
[  106.721521][ T7487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.724972][ T7487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.293046][ T7491] loop4: detected capacity change from 0 to 1764
[  107.456196][ T7495] loop4: detected capacity change from 0 to 8
[  107.511170][ T7497] loop4: detected capacity change from 0 to 512
[  107.513738][ T7497] EXT4-fs: Ignoring removed bh option
[  107.524081][ T7497] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  107.535857][ T7497] EXT4-fs (loop4): 1 truncate cleaned up
[  107.536746][ T7497] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.362017][ T6525] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.861789][ T7509] loop4: detected capacity change from 0 to 32768
[  110.921104][ T7511] netlink: 44 bytes leftover after parsing attributes in process `syz.4.241'.
[  114.891321][ T7530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.891636][ T7530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.911669][ T7529] loop4: detected capacity change from 0 to 256
[  114.917510][ T7529] exFAT-fs (loop4): invalid fs_name
[  114.917561][ T7529] exFAT-fs (loop4): failed to read boot sector
[  114.917605][ T7529] exFAT-fs (loop4): failed to recognize exfat type
[  114.929077][ T7532] loop1: detected capacity change from 0 to 8
[  114.931703][ T7532] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  115.662413][ T7541] loop4: detected capacity change from 0 to 8
[  115.663072][ T7541] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  115.702804][ T7524] udevd[7524]: incorrect cramfs checksum on /dev/loop4
[  115.739435][ T7523] udevd[7523]: incorrect cramfs checksum on /dev/loop1
[  115.790022][ T7524] udevd[7524]: incorrect cramfs checksum on /dev/loop4
[  115.800062][ T7523] udevd[7523]: incorrect cramfs checksum on /dev/loop1
[  115.811737][ T7523] udevd[7523]: incorrect cramfs checksum on /dev/loop1
[  115.829189][ T7524] udevd[7524]: incorrect cramfs checksum on /dev/loop4
[  115.873602][ T7524] udevd[7524]: incorrect cramfs checksum on /dev/loop4
[  115.959041][ T7552] loop3: detected capacity change from 0 to 764
[  116.013920][ T7524] udevd[7524]: incorrect cramfs checksum on /dev/loop4
[  116.082292][ T7552] iso9660: Corrupted directory entry in block 0 of inode 1792
[  117.423817][ T7539] loop0: detected capacity change from 0 to 65536
[  117.427056][ T7575] loop1: detected capacity change from 0 to 8
[  117.427714][ T7575] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  117.482862][ T7523] udevd[7523]: incorrect cramfs checksum on /dev/loop1
[  117.485659][ T7579] loop3: detected capacity change from 0 to 8
[  117.486362][ T7579] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  117.497289][ T7539] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  117.544176][ T7539] XFS (loop0): Ending clean mount
[  117.552628][ T7539] XFS (loop0): Quotacheck needed: Please wait.
[  117.566403][ T7523] udevd[7523]: incorrect cramfs checksum on /dev/loop3
[  117.601906][ T7539] XFS (loop0): Quotacheck: Done.
[  117.640354][ T7569] loop4: detected capacity change from 0 to 32768
[  117.673261][ T6538] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  119.329715][ T7628] loop1: detected capacity change from 0 to 8
[  119.330381][ T7628] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  119.390898][ T7630] loop4: detected capacity change from 0 to 8
[  119.392733][ T7630] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  120.136761][ T7651] syz.3.285: attempt to access beyond end of device
[  120.136761][ T7651] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  120.136854][ T7651] hpfs: hpfs_map_sector(): read error
[  120.933269][ T7655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[  126.317730][ T2404] ieee802154 phy0 wpan0: encryption failed: -22
[  126.317809][ T2404] ieee802154 phy1 wpan1: encryption failed: -22
[  130.796352][ T7685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.799502][ T7685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.398483][ T7687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.299'.
[  132.468394][ T7703] loop2: detected capacity change from 0 to 8
[  132.471190][ T7703] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  132.639378][ T7707] loop3: detected capacity change from 0 to 8
[  132.644027][ T7707] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  132.671331][ T7656] udevd[7656]: incorrect cramfs checksum on /dev/loop2
[  132.887641][ T7656] udevd[7656]: incorrect cramfs checksum on /dev/loop3
[  133.061089][ T7656] udevd[7656]: incorrect cramfs checksum on /dev/loop3
[  133.140538][ T7656] udevd[7656]: incorrect cramfs checksum on /dev/loop3
[  133.478375][ T7726] loop0: detected capacity change from 0 to 32768
[  133.512657][ T7734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.518707][ T7734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.532441][ T7726] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  133.608377][ T7726] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  133.657681][ T7726] 
[  133.658358][ T7726] ======================================================
[  133.660310][ T7726] WARNING: possible circular locking dependency detected
[  133.662212][ T7726] 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 Not tainted
[  133.663981][ T7726] ------------------------------------------------------
[  133.665901][ T7726] syz.0.306/7726 is trying to acquire lock:
[  133.667655][ T7726] ffff0000f3753ff8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_get+0xe8/0x220
[  133.670303][ T7726] 
[  133.670303][ T7726] but task is already holding lock:
[  133.672394][ T7726] ffff0000d8d2e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe4c/0x10dc
[  133.675006][ T7726] 
[  133.675006][ T7726] which lock already depends on the new lock.
[  133.675006][ T7726] 
[  133.677975][ T7726] 
[  133.677975][ T7726] the existing dependency chain (in reverse order) is:
[  133.680525][ T7726] 
[  133.680525][ T7726] -> #4 (jbd2_handle){++++}-{0:0}:
[  133.682644][ T7726]        start_this_handle+0xe74/0x10dc
[  133.684278][ T7726]        jbd2__journal_start+0x288/0x51c
[  133.685872][ T7726]        jbd2_journal_start+0x3c/0x4c
[  133.687417][ T7726]        ocfs2_start_trans+0x368/0x6b0
[  133.689054][ T7726]        ocfs2_modify_bh+0xe4/0x43c
[  133.690495][ T7726]        ocfs2_local_read_info+0x104c/0x1364
[  133.692191][ T7726]        dquot_load_quota_sb+0x6bc/0xa90
[  133.693861][ T7726]        dquot_load_quota_inode+0x274/0x4e4
[  133.695642][ T7726]        ocfs2_enable_quotas+0x17c/0x3b4
[  133.697277][ T7726]        ocfs2_fill_super+0x4018/0x5340
[  133.698846][ T7726]        get_tree_bdev_flags+0x360/0x414
[  133.700393][ T7726]        get_tree_bdev+0x2c/0x3c
[  133.701809][ T7726]        ocfs2_get_tree+0x28/0x38
[  133.703294][ T7726]        vfs_get_tree+0x90/0x28c
[  133.704705][ T7726]        do_new_mount+0x228/0x814
[  133.706169][ T7726]        path_mount+0x5b4/0xde0
[  133.707551][ T7726]        __arm64_sys_mount+0x3e8/0x468
[  133.709082][ T7726]        invoke_syscall+0x98/0x2b8
[  133.710557][ T7726]        el0_svc_common+0x130/0x23c
[  133.712020][ T7726]        do_el0_svc+0x48/0x58
[  133.713353][ T7726]        el0_svc+0x58/0x180
[  133.714675][ T7726]        el0t_64_sync_handler+0x84/0x12c
[  133.716311][ T7726]        el0t_64_sync+0x198/0x19c
[  133.717745][ T7726] 
[  133.717745][ T7726] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  133.720191][ T7726]        down_read+0x58/0x2f8
[  133.721509][ T7726]        ocfs2_start_trans+0x35c/0x6b0
[  133.723133][ T7726]        ocfs2_modify_bh+0xe4/0x43c
[  133.724573][ T7726]        ocfs2_local_read_info+0x104c/0x1364
[  133.726322][ T7726]        dquot_load_quota_sb+0x6bc/0xa90
[  133.727962][ T7726]        dquot_load_quota_inode+0x274/0x4e4
[  133.729610][ T7726]        ocfs2_enable_quotas+0x17c/0x3b4
[  133.731233][ T7726]        ocfs2_fill_super+0x4018/0x5340
[  133.732815][ T7726]        get_tree_bdev_flags+0x360/0x414
[  133.734421][ T7726]        get_tree_bdev+0x2c/0x3c
[  133.735825][ T7726]        ocfs2_get_tree+0x28/0x38
[  133.737238][ T7726]        vfs_get_tree+0x90/0x28c
[  133.738605][ T7726]        do_new_mount+0x228/0x814
[  133.740111][ T7726]        path_mount+0x5b4/0xde0
[  133.741494][ T7726]        __arm64_sys_mount+0x3e8/0x468
[  133.743018][ T7726]        invoke_syscall+0x98/0x2b8
[  133.744529][ T7726]        el0_svc_common+0x130/0x23c
[  133.745998][ T7726]        do_el0_svc+0x48/0x58
[  133.747428][ T7726]        el0_svc+0x58/0x180
[  133.748727][ T7726]        el0t_64_sync_handler+0x84/0x12c
[  133.750370][ T7726]        el0t_64_sync+0x198/0x19c
[  133.751812][ T7726] 
[  133.751812][ T7726] -> #2 (sb_internal#4){.+.+}-{0:0}:
[  133.754016][ T7726]        ocfs2_start_trans+0x1f4/0x6b0
[  133.755647][ T7726]        ocfs2_xattr_set+0xac4/0xe9c
[  133.757147][ T7726]        ocfs2_set_acl+0x574/0x628
[  133.758678][ T7726]        ocfs2_iop_set_acl+0x190/0x25c
[  133.760217][ T7726]        vfs_set_acl+0x70c/0x974
[  133.761634][ T7726]        do_set_acl+0xe0/0x1a8
[  133.763048][ T7726]        filename_setxattr+0x268/0x4f8
[  133.764723][ T7726]        path_setxattrat+0x2e8/0x320
[  133.766316][ T7726]        __arm64_sys_setxattr+0xc0/0xdc
[  133.767939][ T7726]        invoke_syscall+0x98/0x2b8
[  133.769462][ T7726]        el0_svc_common+0x130/0x23c
[  133.771007][ T7726]        do_el0_svc+0x48/0x58
[  133.772417][ T7726]        el0_svc+0x58/0x180
[  133.773757][ T7726]        el0t_64_sync_handler+0x84/0x12c
[  133.775374][ T7726]        el0t_64_sync+0x198/0x19c
[  133.776824][ T7726] 
[  133.776824][ T7726] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}:
[  133.779875][ T7726]        down_write+0x50/0xc0
[  133.781257][ T7726]        ocfs2_reserve_suballoc_bits+0x12c/0x3b9c
[  133.783089][ T7726]        ocfs2_reserve_new_metadata_blocks+0x368/0x810
[  133.785089][ T7726]        ocfs2_init_xattr_set_ctxt+0x318/0x774
[  133.786817][ T7726]        ocfs2_xattr_set+0x920/0xe9c
[  133.788345][ T7726]        ocfs2_set_acl+0x574/0x628
[  133.789805][ T7726]        ocfs2_iop_set_acl+0x190/0x25c
[  133.791433][ T7726]        vfs_set_acl+0x70c/0x974
[  133.792847][ T7726]        do_set_acl+0xe0/0x1a8
[  133.794219][ T7726]        filename_setxattr+0x268/0x4f8
[  133.795819][ T7726]        path_setxattrat+0x2e8/0x320
[  133.797328][ T7726]        __arm64_sys_setxattr+0xc0/0xdc
[  133.798954][ T7726]        invoke_syscall+0x98/0x2b8
[  133.800392][ T7726]        el0_svc_common+0x130/0x23c
[  133.801887][ T7726]        do_el0_svc+0x48/0x58
[  133.803229][ T7726]        el0_svc+0x58/0x180
[  133.804465][ T7726]        el0t_64_sync_handler+0x84/0x12c
[  133.806107][ T7726]        el0t_64_sync+0x198/0x19c
[  133.807616][ T7726] 
[  133.807616][ T7726] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  133.809874][ T7726]        __lock_acquire+0x1774/0x30a4
[  133.811427][ T7726]        lock_acquire+0x14c/0x2e0
[  133.812893][ T7726]        down_read+0x58/0x2f8
[  133.814268][ T7726]        ocfs2_xattr_get+0xe8/0x220
[  133.815771][ T7726]        ocfs2_xattr_security_get+0x40/0x54
[  133.817394][ T7726]        __vfs_getxattr+0x394/0x3c0
[  133.818920][ T7726]        smk_fetch+0xc4/0x150
[  133.820290][ T7726]        smack_d_instantiate+0x53c/0x7a4
[  133.822015][ T7726]        security_d_instantiate+0x100/0x204
[  133.823675][ T7726]        d_instantiate+0x5c/0x9c
[  133.825102][ T7726]        ocfs2_mknod+0x151c/0x1cf0
[  133.826565][ T7726]        ocfs2_create+0x190/0x474
[  133.828000][ T7726]        path_openat+0x12d8/0x2c40
[  133.829476][ T7726]        do_filp_open+0x18c/0x36c
[  133.830988][ T7726]        do_sys_openat2+0x11c/0x1b4
[  133.832508][ T7726]        __arm64_sys_openat+0x120/0x158
[  133.834156][ T7726]        invoke_syscall+0x98/0x2b8
[  133.835605][ T7726]        el0_svc_common+0x130/0x23c
[  133.837128][ T7726]        do_el0_svc+0x48/0x58
[  133.838416][ T7726]        el0_svc+0x58/0x180
[  133.839730][ T7726]        el0t_64_sync_handler+0x84/0x12c
[  133.841365][ T7726]        el0t_64_sync+0x198/0x19c
[  133.842798][ T7726] 
[  133.842798][ T7726] other info that might help us debug this:
[  133.842798][ T7726] 
[  133.845826][ T7726] Chain exists of:
[  133.845826][ T7726]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[  133.845826][ T7726] 
[  133.849808][ T7726]  Possible unsafe locking scenario:
[  133.849808][ T7726] 
[  133.851878][ T7726]        CPU0                    CPU1
[  133.853500][ T7726]        ----                    ----
[  133.855059][ T7726]   rlock(jbd2_handle);
[  133.856214][ T7726]                                lock(&journal->j_trans_barrier);
[  133.858489][ T7726]                                lock(jbd2_handle);
[  133.860358][ T7726]   rlock(&oi->ip_xattr_sem);
[  133.861710][ T7726] 
[  133.861710][ T7726]  *** DEADLOCK ***
[  133.861710][ T7726] 
[  133.864060][ T7726] 8 locks held by syz.0.306/7726:
[  133.865468][ T7726]  #0: ffff0000d4f46428 (sb_writers#21){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c
[  133.868185][ T7726]  #1: ffff0000f3753480 (&type->i_mutex_dir_key#15){+.+.}-{4:4}, at: path_openat+0x638/0x2c40
[  133.871181][ T7726]  #2: ffff0000f35a42c0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x12c/0x3b9c
[  133.875131][ T7726]  #3: ffff0000f35a3480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x12c/0x3b9c
[  133.879057][ T7726]  #4: ffff0000f35a5f40 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a0
[  133.883040][ T7726]  #5: ffff0000d4f46618 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_mknod+0xc50/0x1cf0
[  133.885859][ T7726]  #6: ffff0000cdfe1ce8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x35c/0x6b0
[  133.888992][ T7726]  #7: ffff0000d8d2e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe4c/0x10dc
[  133.891724][ T7726] 
[  133.891724][ T7726] stack backtrace:
[  133.893403][ T7726] CPU: 0 UID: 0 PID: 7726 Comm: syz.0.306 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[  133.896468][ T7726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.899479][ T7726] Call trace:
[  133.900394][ T7726]  show_stack+0x2c/0x3c (C)
[  133.901706][ T7726]  __dump_stack+0x30/0x40
[  133.902910][ T7726]  dump_stack_lvl+0xd8/0x12c
[  133.904211][ T7726]  dump_stack+0x1c/0x28
[  133.905446][ T7726]  print_circular_bug+0x324/0x32c
[  133.906873][ T7726]  check_noncircular+0x154/0x174
[  133.908273][ T7726]  __lock_acquire+0x1774/0x30a4
[  133.909681][ T7726]  lock_acquire+0x14c/0x2e0
[  133.910995][ T7726]  down_read+0x58/0x2f8
[  133.912161][ T7726]  ocfs2_xattr_get+0xe8/0x220
[  133.913509][ T7726]  ocfs2_xattr_security_get+0x40/0x54
[  133.915110][ T7726]  __vfs_getxattr+0x394/0x3c0
[  133.916436][ T7726]  smk_fetch+0xc4/0x150
[  133.917658][ T7726]  smack_d_instantiate+0x53c/0x7a4
[  133.919171][ T7726]  security_d_instantiate+0x100/0x204
[  133.920756][ T7726]  d_instantiate+0x5c/0x9c
[  133.922068][ T7726]  ocfs2_mknod+0x151c/0x1cf0
[  133.923369][ T7726]  ocfs2_create+0x190/0x474
[  133.924753][ T7726]  path_openat+0x12d8/0x2c40
[  133.926013][ T7726]  do_filp_open+0x18c/0x36c
[  133.927362][ T7726]  do_sys_openat2+0x11c/0x1b4
[  133.928720][ T7726]  __arm64_sys_openat+0x120/0x158
[  133.930206][ T7726]  invoke_syscall+0x98/0x2b8
[  133.931565][ T7726]  el0_svc_common+0x130/0x23c
[  133.932927][ T7726]  do_el0_svc+0x48/0x58
[  133.934110][ T7726]  el0_svc+0x58/0x180
[  133.935240][ T7726]  el0t_64_sync_handler+0x84/0x12c
[  133.936714][ T7726]  el0t_64_sync+0x198/0x19c
[  133.960248][ T7745] loop1: detected capacity change from 0 to 40427
[  133.979150][ T7745] F2FS-fs (loop1): invalid crc value
[  134.090851][ T7745] F2FS-fs (loop1): Start checkpoint disabled!
[  134.105984][ T7745] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  134.615637][ T6538] ocfs2: Unmounting device (7,0) on (node local)