last executing test programs:

5m6.120023601s ago: executing program 32 (id=602):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f00000001c0)='./file1\x00', 0x4040, &(0x7f0000000580)=ANY=[], 0x4, 0xfc0, &(0x7f0000002240)="$eJzs3UFsHNUZAOA3613bwSZeA4UAJaTQikDBDglS01sQqJdKiEvvoJDQCENRQysRAXF6QFRCFAn1VHEAcaFUSpGKRFWpQj21PbVqT+0F9UKlKpWCemiR4q1iv7F3n3ey6/Hu7Nr+Punf5zdvdv5/djfOzOz6bQD2rNrq7UOTsfvoy09lH11dduf6GodWb7PYa4YQGm39LNnep3HBlcsvnezWZuHo6m3eD49dWr/vTAhhORwKn4Rm+GBx6fP3337k8IevTt/8xrlnXhnCrndI9wMAAHaji39c+tu9//zD/fNfXDx4IkytL8+Pz5uxPxOP+4/EA+X8eLkWOvtZW7SbTNabiFFL1ptI1qsneeoF+RrJdhoF6032yDfRtqzbfgIAAMBOlJ/XNkNWW+jo12oLC2vn/Vd9OjeZLTx3Zun02REVCgAAAJT2n/OrH7rdwTE9BjWINPblL7Ct3e+Db2/9PtuKWsX56lXky6/ijcHroLIo93oTQgghhBhcOB4ROyBacxVdaAAAAACI0vnCNlke7Exd61tr9pf/0sO17veHAUhef5unnRjw6//a+ac3r1Bp/i6Gn78x4vzX3P/3LviNAwBAebv1aDLfr/w4Op/HIJ1HcKLjXjMTWz3/qCXbqW+xzqJ5BXfKfINFdU5UXEdZRfVv9XkclaL60/kwx1VR/ek8neOqqP6piusoq6j+Lld+wjj+sy6qf1/FdZRVVP91FddRVlH9MxXXUVZR/bMV11FWUf3XV1xHWUX176+4jrKK6t8pH6stqr9ZcR1lFdU/v9aM/WFEUf03VFxHWUX131hxHWUV1X9TxXWMyh2xzR+HgwXrzXQ5+Bu7g0EAAACgq//t+Pn/dmVkPdepj7zGPR+r77GPMP/EGDwGw46ZwW/z6dkx2C8xTnFh7T/DzuXTXZaJbUVtDGoYVuzr9hoSQgghxjLOj+7SAwAAADAm8r8LyP/qvRXl4xObxv/+7tXbfLzePj69sYF8vNFj+5M9xqd6jAMAAAAh/Oa107e+mW3Md5f+Tf9W58PL543aFz5aCSXmMUrnI9xq/u3Oe7bd/N0nHNkps7EBAACwW2Xf+mTlvkffeWH+i4sHT7Sd/a7E8918HtB6vDbwceznnwuYTfpZfg59ojNPrWC99PrA9UXbe3ybOwoAAAB7WH7+3gxZbaHtvLsZarWFhY3z8QOhkZ0+s3TqSOzn38/y+7nG1NXlD1ZcNwAAANC/jfP97uf/+ff4HgiT2cJzZ5ZOn13rz64vb9TarwvMbSzP2q8LNJPlRwuWH4v9+P2d4btz+1aXL5z83tJTg955AAAA2CPOvnjumSeXlk59f+/8UA8hbGs7YRz2wg9+GOoPo/7NBAAADNpnn73V+MGx2d/Or7QOnmib/24l/nAo9ptxbr8/xeX55wTyvwPY9Pf6T3TmmSta7/nO9ZrJehMxppK6p9u2E1bnG+y833xRvmbndiYL8s0k+WaTfOk8BfVk/azLXIKhy0yA+XpzyfJ0HsZ6kiNL8t/VJRcAAADkFl949vnFsy+ee+DMs08+ferpU88dO3r8m8ePH3nwGw8urn6uf7H90/0AAADATrTxod9RVwIAAAAAAAAAAAAAAAAAAAB7VxVfJzbqfQQAAIC97t/nQwjLQhRE/gWDo65jp0c2BjUML1pTo69hd0fw7zCNCY+HECH89Y3R1zAGUfP7QIj+YrTnfdPVHsu0Wq3WGDzmYxitVvpN8wAAAADDdeXySyfb202Ws4HmW99ac61ZiXnzdvaBv8xfjXy1Sw93Xi+5bqDVsNdV/fqXf1zzT3Udf+/CYPOvXohvbvR7//6rdW7gxOptPfb29Zv3nsWfH1jPH0K4rd5n/o79vxDC4/1m7HQ4yX9P6C9/653k8X+io1frN/+9Sf7QZ/5L6fP/fFGGdMud7ov5D8T+4bv7zd+5i1NJtn5fAF9P9v+p0G/+ZP+bfSZM3B/zA8BetP6/eev8aAsZsPwoIT+enon9fH/zA9b00w9bPf6vJdupb7vyzu3mx0G3xP76Ud1yZ97cVuvPH5fZ2F5fss7UTvlUSVH9g3oeh62o/kbFdZRVVP9kxXWUVVR/97P3MisNV1H91z57HB9F9fd9IWLEiurfKdeVi+qfqbiOsorqn624jrKK6t/q/+OjUlT//orrKKuo/rmK6yirqP6Sl9UqV1T/fMV1lFVU/w0V11FWUf03VlxHWUX131RxHaNye2yLzofz88+5OJb3m0l/qstj2febIQAAAMBQ/Wss5/9ru3Iw8lqEEEJUHQ2//0WJmBiDGoTYyfHf1ppR1yEGEK250dcgxjJW50Vkz8p20GfFARic4c5mwbjz/O9tnv+9zfPPteTvxGdJPzfRY7zeY7zRY3wyGc+SO04VjUc3Jttt5dc1o5t6jH8p7kHR+P7k/j9Mxm/psf0DPcZv7TF+W4/x23uMAwAAsDfcHFvnhwAAALB7vfyLj1//1T1PXJ7/4uLBE2Fy07zzR2J/Kr63/lrsp/Pe5xrxPf8fxf67sf1dbP+RrO/zJwAAADB8+ffEeP8fAAAAdq/8e0qd/wMAAMDuNR9b5/8AAACwe90QW+f/AAAAsItl090Xxza/LnBXbPud1w8AGH9fju0dsT0Y2ztj+5XY5scBd8f2qxXVBwAMzs++8+Pjb2Yb8/0fS8avxOV5u8ny2pWCrNY5k/++2F4X26/1WU/6fQD95s/t7zPPsPLPbTM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB71FZvH3roQBbCT3/91qM/mXz9z1eX3bm+xqHV2yz2miGExvr98tGN/i/jilcuv3SyvV2JbRaOhixk68vDY5fWM82EEJbDofBJaIYPFpc+f//tRw5/+Or0zW+ce+aVIT4EHfsHAAAAu9H/AwAA///f+hdH")
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

4m54.681304113s ago: executing program 33 (id=669):
r0 = syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x2000414, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2b8, &(0x7f0000000800)="$eJzs3NFLU38Yx/Hn5/y5OdEtiKCgeqibuhm6/oAaoRANCnNSXQTHPKux0ybnDGMRuZvotr9DuuwuqP4Bb6Kb7ruTIOjGi+gbnrPpmU6durml7xfIeXae74fzdZvybLCt3n/7rJj3UnmrIgMxlQGRmqyJJNeruv/qxwG/HpKwmlwd+fXt/L0HD29nstnJadWpzMy1tKqOXfz4/OW7S58rI7Pvxz5EZSX5aPVn+vvK0MrZ1T8zTwueFjwtlStq6Vy5XLHmHFvnC14xpXrXsS3P1kLJs92mft4pLyxU1SrNj8YXXNvz1CpVtWhXtVLWiltV64lVKGkqldLRuJxsg22syS1PT1uZHdsm0tEdoeuGW5103UytdTO3fAR7AgAAfWb3+T+Y9Xee/7OzwXE/8/+Zved/Eeb/Lqk13dpj/sex4LoZK17/+23G/A8AAAAAAAAAAAAAAAAAAAAAwL9gzZiEMSaxfqyf8m9HRSQmIqbe7/E20SXhx9+EfvZ4/K/3aLvosNAH92IizpvF3GIuOAb9TF4K4ogt45KQ3/7zoS6op25lJ8fVl5RPzlI9v7SYi0i0kW9ItspfODUR5LU5/7/Ew9dPS0JOt75+umV+SK5cDuVTkpAvj6Usjsz7z+vN/KsJ1Zt3slvyw/46AAAAAACOg5Ru2Pb63e/7C2KyvR/kQ+8PGGOWdnt/YMvr60E5185XVAIAAAAAgEPzqi+KluPY7gGKqIgcIt75whiR3m8jIv1xbzQXN0SkD7ZxVEVMRIIzepD4j414WynTxppBEen53bKPotf/mQAAAAB02ubQv4/Q19dd3BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdPu98H1li/rdVo7BIPXS5y5L8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ef+BgAA//+4IRyf")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105142, 0x2c)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000b, 0x2013, r1, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYRES8=r0], 0x32600)

4m37.108016976s ago: executing program 2 (id=734):
r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000001ac0)={0x1c, &(0x7f00000019c0)={0x0, 0x12, 0x3, "1a441a"}, 0x0, 0x0})

4m34.783656573s ago: executing program 2 (id=742):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f00000008c0)={&(0x7f00000005c0)={0xa, 0x4e21, 0x180000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c, 0x0, 0x0, &(0x7f00000007c0)=[@dontfrag={{0x14, 0x29, 0x3e, 0x83}}], 0x18}, 0x44)

4m34.547047996s ago: executing program 2 (id=744):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0xc8002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r0}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)

4m34.15852403s ago: executing program 2 (id=746):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
unlink(&(0x7f00000002c0)='./file1\x00')

4m33.733896154s ago: executing program 2 (id=749):
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f000004b680)=""/102400, 0x19000)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})

4m33.215328365s ago: executing program 2 (id=751):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x40810)

4m32.694635456s ago: executing program 34 (id=751):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x40810)

4m15.665792266s ago: executing program 4 (id=842):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x81, 0xb, 0x5})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0xfffffffffffffffc, 0x6, 0xff, @scatter={0x0, 0x1200, 0x0}, &(0x7f0000000100)="48cc75cbcaea", 0x0, 0x0, 0x0, 0x0, 0x0})

4m15.456364638s ago: executing program 4 (id=845):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0x20)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)

4m15.256126071s ago: executing program 4 (id=848):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fe8000000000000000000000000000bbfe8000000011000000000000000000bb00000033000000000a00603000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000007f00000000000000030000000000000002000000000000000000000000000000ffffffffffffffff0002000000000000fffffffffffffffe03000000000000000000000000000000000000000000000001000000000d0000060000000000000001"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x20008000)
r1 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)

4m15.024680004s ago: executing program 4 (id=850):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
unlink(&(0x7f00000002c0)='./file1\x00')

4m14.821660025s ago: executing program 4 (id=852):
r0 = syz_io_uring_setup(0xec6, &(0x7f00000008c0)={0x0, 0x0, 0x3000}, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000001c0))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x3, 0x10a5, 0x3, 0x0, 0x0)

4m14.258861829s ago: executing program 4 (id=857):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1800000002000000", 0x8)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'})
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000000)=ANY=[], 0x6)

4m13.808480316s ago: executing program 35 (id=857):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1800000002000000", 0x8)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'})
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000000)=ANY=[], 0x6)

3m45.548772196s ago: executing program 5 (id=990):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56)
listen(r0, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, 0x0)

3m45.321013989s ago: executing program 5 (id=994):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f00000020c0)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0xffff, @private1={0xfc, 0x1, '\x00', 0x1}, 0xa0}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000180)="c4", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000001c0), &(0x7f0000000200)=0x4)

3m44.991509589s ago: executing program 5 (id=997):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0xd)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)

3m44.646644109s ago: executing program 5 (id=1001):
syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2040d0, &(0x7f0000000c40), 0xff, 0x4b7, &(0x7f0000000640)="$eJzs3E1sG8UeAPD/OknzXr+S19f3oKVAoCAqPpI2LbQHJD4kJA6AkOBQjiZJq1K3QU2QSBXRgKpyQYJKiCsCcUFw5sCJEwJOSFw4wB1VqlAuLT0Zrb02jhN/1HXiNPn9JMcz9joz/90d78yOdwPYtEbSP0nE9oj4LSKGIiJXv8BI+en64vzEX4vzE0kUi6/8maQfi2uL8xOVRZPseVs5058+5S4m8fQK5c7MnT+dLxSmzmX5sdkzb47NzJ1/7NSZ/Mmpk1Nnx48dO3L40NEnxh/vSpz/Seu6953pfXuef+3yixPHL7/+49dJTaVr46hbAx0aiIWadVLvwS6UsJ7sqEkn/U0X7cbKpUsGI0oNdaDU/oei7+LO6ntD8dx7Pa0csKqKxWJxvPHbC0VgA0ui1zUAeqNyoL+2+MlEOgZeOg7e+K4+Ux4ApXFfzx7lQU9/daA6UDe+7ab5iDi+cOPT9BHLzkMAAHTfd2n/59Fyv2Np/y8X/69Zbmc2NzSczaXsioj/RsTuiPhfRGnZOyLizpssf6Quv7z/k7vSUWBtSvt/T2ZzW5VHVm5lkeG+LLejFP9AcuJUYepgtk4OxMBgmj+04n9PojQJFL982Kj8kZr+X/pIy6/0BbN6XOkfXPqZyfxs/pYDz1x9N2Jv/0rxZxN42RzWnojY22EZpx7+ct/SV/qqqdbxN9F8nqktxc8iHipv/4Woi78iaT4/OfavKEwdHKvsFcv99POllxuVf0vxd0G6/beuuP9X4x9OaudrZ5b9iy2tyrj0+/sNxzQjEU9FB/v/luTVJYW/nZ+dvVGM2JK8sOz1czUnuCv50vOhcvwH9q/c/nfFP2virohId+K7I+KeiLg323b3RcT9EbG/Sfw/PPvAG03i7+n2j6/K31Btbf/KdijvCNU9olWi7/T33zYqvr3vvyOl1IHslcn87ECrsNqtYIdrDQAAAG4ruYjYHklutJrO5UZHy7/h3x1bc4XpmdlHTky/dXayfI3AcAzkKme6hrJ8ZOc/h8v50uh7PMpD9AvZ+dLD2Xnjj/v+XcqPTkwXJnsdPGxy2xq0/9Qffb2uHbDq2p5H27669QDWXrP2//nRNawIsOY6/x1NF36BA/RUi1bshg2wgTmKw+a1Uvu/0IN6AGuv8fF/StcANrhqI/+ojYVrLveqv3gTuP04yMPm1br9v7Ra978Ceqf9q/jXSyJJlrwSX0Q0/1TS+zp3kPhgfVSjcSJyjd4avNkbRPQkkV8f1WiVqDTUufOn+9u+q8Vc8UK+UPj1m1spvbffSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3ydwAAAP//zlHgaA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x80)
getdents64(r0, &(0x7f0000000000)=""/39, 0x27)

3m43.861764555s ago: executing program 5 (id=1003):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x400000000000003, 0x2)
r1 = epoll_create(0xd62)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000002})
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})

3m41.341984383s ago: executing program 5 (id=1015):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
poll(&(0x7f0000000380)=[{r1}, {r1, 0x424}], 0x2, 0x20000080)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr}})

3m40.835127193s ago: executing program 36 (id=1015):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
poll(&(0x7f0000000380)=[{r1}, {r1, 0x424}], 0x2, 0x20000080)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr}})

2m7.933148002s ago: executing program 7 (id=1593):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
io_setup(0x1, &(0x7f0000000040)=<r1=>0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4810}, 0x8000)
io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x1, r0, &(0x7f0000000100)="653de841f0", 0x5, 0x8000}])

2m7.683546467s ago: executing program 7 (id=1594):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x40, r2, 0x1, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x76b60f1}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_FLAGS={0xc, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c0}, 0x0)

2m7.483064768s ago: executing program 7 (id=1597):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000000140)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r1, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x8000, 0x1c, 0xd, 0x8, 0x401, 0xa929, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000180)={0x0, 0x0, r1})

2m7.240703523s ago: executing program 7 (id=1599):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

2m7.028028556s ago: executing program 7 (id=1601):
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x2210008, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRESHEX], 0x7, 0xab, &(0x7f0000000340)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000740)='./file1\x00', 0x183042, 0x15)
syncfs(r0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c)

2m6.508092826s ago: executing program 7 (id=1604):
r0 = syz_open_procfs(0x0, &(0x7f0000001240)='smaps\x00')
preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4066, 0xfe2}], 0x1, 0x2c0, 0x0)
r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$apparmor_exec(r1, &(0x7f0000000700)=ANY=[@ANYBLOB='stack'], 0x564)

2m5.798962758s ago: executing program 37 (id=1604):
r0 = syz_open_procfs(0x0, &(0x7f0000001240)='smaps\x00')
preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4066, 0xfe2}], 0x1, 0x2c0, 0x0)
r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$apparmor_exec(r1, &(0x7f0000000700)=ANY=[@ANYBLOB='stack'], 0x564)

49.600384765s ago: executing program 6 (id=2033):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0)

49.189445949s ago: executing program 6 (id=2035):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)

49.00266571s ago: executing program 6 (id=2036):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}]}, 0x30}}, 0x0)

48.848021359s ago: executing program 6 (id=2037):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001c40)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '('}}, {@obj_user={'obj_user', 0x3d, 'uid>'}}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x588, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2Ts5Nzv3m3u/NOfcmTQAD62j6Ty7i1Yj4JokYWdeWj6zx6Opyy4+vT6W3JFZWPv09iTMbnivJ/h/OKq9ExC9fRZzIbe63trg0W6pUyvNZfaw+d2Wstrh08tJcaaY8U748MTl5+u3Jiffefadnsb55/s/vP7n34emvjy1/9/PDQ7eTOBsHs7Y0rh50cWN95Wjpn6xUiLMbFhzvQWe7SdLvFWBHhrI8L0R6DBiJoSzrgRfflxGxAgyoRP7DgGqOA5pz+x7Ng/83Hn2wOgHaHH9+9dxI7GvMjQ4sJ0/NjNL57mgP+k/7GH1w5/bdB3duR+fzEPu71AG25cbNiDiVz28+/iXZ8W/nTjVOHne2sY9Be/+BfrqXjn+SGxGb8j+3Nv6JFuOf4Ra5uxPd8z/3sAfdtJWO/95vOf5dO3SNDmW1lxpjvkJy8VKlfCoiXo6I41HYm9Y7Xc85vXx/pV1bGv/dbPyX3tL+m2PBbD0e5vc+/ZjpUr30LDGv9+hmxGstx7/J2vZPWmz/9PU4v8U+jpTvvN6urXv8z9fKTxFvtNz+T65oJZ2vT4419oex5l6x2R+3jvzarv9+x59u/wOd4x9N1l+vrW2/jx/3/VVu17bT/X9P8lmjvCe771qpXp8fj9iTfJwf3nj/xJPHNuvN5dP4jx9rnf+d9v908vX5FuO/dfhW20W7xv/3ukn6U25usffO0vint7X9t1+4/9EXP+w4/sb2f6tROp7ds5Xj31ZX8FleOwAAAAAAANhtchFxMJJcca2cyxWLhUbb4TiQq1Rr9RMXqwuXp6PxXdnRKOSaV7pH1n0eYjz7PGyzPrGhPhkRhyLi26H9jXpxqlqZ7nfwAAAAAAAAAAAAAAAAAAAAsEsMt/z+/2rbb0P9XjvguWv8sMHefq8F0A9df/K/F7/0BOxKXfMfeGFtP/+dGYAXhfd/GFzyHwaX/IfBtdX8L4w85xUB/nPe/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqfPnzqW3leXH16fS+vTVxYXZ6tWT0+XabHFuYao4VZ2/UpypVmcq5eJUda7b81Wq1SvjE7FwbaxertXHaotLF+aqC5frFy7NlWbKF8oFf2wYAAAAAAAAAAAAAAAAAAAANqktLs2WKpXyvELbwpno5RMmu++VP5Ot0o4ent8tUSj0tNDHgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBvAAAA///YBDOu")
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

48.078030815s ago: executing program 6 (id=2040):
r0 = gettid()
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8)
timer_create(0x2, &(0x7f0000000180)={0x0, 0x4, 0x4, @tid=r0}, &(0x7f0000000140)=<r1=>0x0)
timer_settime(r1, 0xe54aef35e9c2845d, &(0x7f000006b000)={{0x77359400}, {0x0, 0x9}}, 0x0)

48.001566769s ago: executing program 8 (id=2041):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9)

47.712105046s ago: executing program 6 (id=2042):
syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000780), 0xfe, 0x1102, &(0x7f0000007a00)="$eJzs2T9r1VAYB+DfSa5/BiGS7kHQwUFKy/ULdFC4q6tu4uTWOykOfhg/jnZyL911KLhHYpNekYhir3fp80A4b17O++ac8ZwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABovkS0n2qqSdclWSknTdyeosSTfl736sq5Q8e7VaPzlePl0nqX9ML8+TMlQNZWkP799ul+2yPWwf7x09+LR+8/b1nSTHY5uSLqfn299KGdfzl1MBAADg2uivrJlr+3533wcAAAD+ZKuXCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/oG82cTsFVZKSdN3J6ixJN1N3Y0frAwAAAK6upMqLZi5/cQ2w8Sifm3KZH8ZvZYgP8mGmHgAAAPit/tYY/Px/vdzcnMcfZnF5Lh9y97LI/v7F+zjk61FSJzn4pfnp+buX01P6+n/vBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4zg4cCwAAAAAI87dOo2MDAAAAAAAAAAAAAAAAAAAA9goAAP//emDVvg==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000079c0)='./file1\x00', 0x105042, 0x0)
truncate(&(0x7f0000000080)='./file1\x00', 0xc00)
read(r0, &(0x7f0000000400)=""/4096, 0x1000)

47.279377191s ago: executing program 38 (id=2042):
syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000780), 0xfe, 0x1102, &(0x7f0000007a00)="$eJzs2T9r1VAYB+DfSa5/BiGS7kHQwUFKy/ULdFC4q6tu4uTWOykOfhg/jnZyL911KLhHYpNekYhir3fp80A4b17O++ac8ZwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABovkS0n2qqSdclWSknTdyeosSTfl736sq5Q8e7VaPzlePl0nqX9ML8+TMlQNZWkP799ul+2yPWwf7x09+LR+8/b1nSTHY5uSLqfn299KGdfzl1MBAADg2uivrJlr+3533wcAAAD+ZKuXCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/oG82cTsFVZKSdN3J6ixJN1N3Y0frAwAAAK6upMqLZi5/cQ2w8Sifm3KZH8ZvZYgP8mGmHgAAAPit/tYY/Px/vdzcnMcfZnF5Lh9y97LI/v7F+zjk61FSJzn4pfnp+buX01P6+n/vBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4zg4cCwAAAAAI87dOo2MDAAAAAAAAAAAAAAAAAAAA9goAAP//emDVvg==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000079c0)='./file1\x00', 0x105042, 0x0)
truncate(&(0x7f0000000080)='./file1\x00', 0xc00)
read(r0, &(0x7f0000000400)=""/4096, 0x1000)

47.067116424s ago: executing program 8 (id=2046):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
io_setup(0xd6, &(0x7f0000000200)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x2020}])

46.676016967s ago: executing program 8 (id=2047):
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xcabd8245)

46.310807959s ago: executing program 8 (id=2049):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001c40)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '('}}, {@obj_user={'obj_user', 0x3d, 'uid>'}}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x588, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2Ts5Nzv3m3u/NOfcmTQAD62j6Ty7i1Yj4JokYWdeWj6zx6Opyy4+vT6W3JFZWPv09iTMbnivJ/h/OKq9ExC9fRZzIbe63trg0W6pUyvNZfaw+d2Wstrh08tJcaaY8U748MTl5+u3Jiffefadnsb55/s/vP7n34emvjy1/9/PDQ7eTOBsHs7Y0rh50cWN95Wjpn6xUiLMbFhzvQWe7SdLvFWBHhrI8L0R6DBiJoSzrgRfflxGxAgyoRP7DgGqOA5pz+x7Ng/83Hn2wOgHaHH9+9dxI7GvMjQ4sJ0/NjNL57mgP+k/7GH1w5/bdB3duR+fzEPu71AG25cbNiDiVz28+/iXZ8W/nTjVOHne2sY9Be/+BfrqXjn+SGxGb8j+3Nv6JFuOf4Ra5uxPd8z/3sAfdtJWO/95vOf5dO3SNDmW1lxpjvkJy8VKlfCoiXo6I41HYm9Y7Xc85vXx/pV1bGv/dbPyX3tL+m2PBbD0e5vc+/ZjpUr30LDGv9+hmxGstx7/J2vZPWmz/9PU4v8U+jpTvvN6urXv8z9fKTxFvtNz+T65oJZ2vT4419oex5l6x2R+3jvzarv9+x59u/wOd4x9N1l+vrW2/jx/3/VVu17bT/X9P8lmjvCe771qpXp8fj9iTfJwf3nj/xJPHNuvN5dP4jx9rnf+d9v908vX5FuO/dfhW20W7xv/3ukn6U25usffO0vint7X9t1+4/9EXP+w4/sb2f6tROp7ds5Xj31ZX8FleOwAAAAAAANhtchFxMJJcca2cyxWLhUbb4TiQq1Rr9RMXqwuXp6PxXdnRKOSaV7pH1n0eYjz7PGyzPrGhPhkRhyLi26H9jXpxqlqZ7nfwAAAAAAAAAAAAAAAAAAAAsEsMt/z+/2rbb0P9XjvguWv8sMHefq8F0A9df/K/F7/0BOxKXfMfeGFtP/+dGYAXhfd/GFzyHwaX/IfBtdX8L4w85xUB/nPe/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqfPnzqW3leXH16fS+vTVxYXZ6tWT0+XabHFuYao4VZ2/UpypVmcq5eJUda7b81Wq1SvjE7FwbaxertXHaotLF+aqC5frFy7NlWbKF8oFf2wYAAAAAAAAAAAAAAAAAAAANqktLs2WKpXyvELbwpno5RMmu++VP5Ot0o4ent8tUSj0tNDHgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBvAAAA///YBDOu")
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

45.301657588s ago: executing program 8 (id=2052):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc8910610700fa6fa26fa7088c60897d4a6148a1c1e43f00001bde605cbeac671e8e8fdecb035865e362ead91b1979a5ae30705b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd21142525815b91076ccb7b37b41215c184e731fb13d100323b77f613af02b6f3259d6f3ac85da4fe304ecfca2be5f4a8b3910a8f0a88d082ac161c4a3c1132831a88f199f67aca8f4698996d076250b2b75cdc7776b8cab72716149f70efb190007832c6077da0df4c63a226284cd6a2e5ec5bb28f18dd44821065b9758fd159c490421901361244c01bfa0cddbc726f2b4ceace9f9309f507e6a7135b33f418af0a63bfb480c2feced947dae1d7dc19c4f1807b17c559c27be4d18b2e0a3cf26832d7fc97cea307de1852f90317b501bf66473eb6dac986d7b5682abc3a5ea1dabde56b9e3a56ba20a65dc0df39edd5f34ed22a8f0c6594a894901e455d0369e407dae0f4fb4e181415153000000b6b384cb4bbfd4edfd70cd7324de228e1047a61292abe63fc71063a9040bd927779d56ef0f4725dfb3822ce1e24632f7d51a0e65bd5664fcd3e4a0b0388b842115b5689769438f9763a55956288e78b6cad0ff3f310722b4a5cc4f25a69753fcc8ece189808e6f2f71ca2337d0de3a9feaa3f4cd2a2c69d21daec3751aca69f0a6f5b0af65aace6d04dad91c67e57a0f7b8accb3f8d9b787e002e56a7149c2d10a268884e695256ddb9c17853e29689f41667522e6932294"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='&'], 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map=r1, 0x26, 0x0, 0x0, &(0x7f0000001440)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

44.528157803s ago: executing program 8 (id=2056):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
preadv(r0, &(0x7f0000000b00)=[{0x0}, {&(0x7f0000000800)=""/21, 0x15}], 0x2, 0x1001000, 0x8000003)

44.081945959s ago: executing program 39 (id=2056):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
preadv(r0, &(0x7f0000000b00)=[{0x0}, {&(0x7f0000000800)=""/21, 0x15}], 0x2, 0x1001000, 0x8000003)

3.317320525s ago: executing program 3 (id=2212):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x1010006, &(0x7f0000001180)=ANY=[@ANYBLOB='quota,noquota,nointegrity,errors=continue,iocharset=cp863,noquota,gid=', @ANYRESHEX=0x0, @ANYBLOB=',discard=0x0000000000000004,uid=', @ANYRESHEX=0xee01, @ANYBLOB="0000bbaa213ca1750a73593e8b6b51ec762e74cada46036fb2cd30b777e4a35afadbbd049c95b9880c70e694709bce9011b4c0460c95d9e0cc473d9f4f1841cdaff7b2a25ff3baddc86b3ab69e93b6beea217b6ff816e2f122cb63010bce65149c059d20b376f3696de010eb1b9ca12fc97b85d273e059e8c625da1575d7ac7d39571c4447ebadc4da39b8bcdf520b21994c5b02d448852f9765d56ffcedca0ad05a7fd150d8028a6997510bf1bf9871f25c4ab5966143ab5fbf218f99d125b00c5ebf68a5ad9dd56d7a"], 0x24, 0x61b6, &(0x7f00000075c0)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgixJIVD5AFW3Y8AJZsJFAWKIVq5pxxTaV7esb2dHW7fj9pXPX1qZo+5X9XX6aq+gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphhMRn4t+RC9iparXImJl7UR9nRdiuzmej4jhUkS1/vY/z0a8HhEfH4+4/+DOenXz+QP24/t//scffnLsR3//0/DMf/9yq//GpOVu3/7tf/5699G3FwAAALqoLMuySB/zT0bEIH22BwCefvn1v0zy7eq5qzfnrD9qtVqtXsC6rhzvbr2IiM36OtV7BofjAWDBbMYnbXeBFsm/0wYRcaztTgBzrWi7AxyJ+w/urBcp36L+erC2057PBdmT/2axe33HpOk0zXNMZvX42op+PDehPysz6sM8yfn3mvlf2WkfpeWOOv9ZmZT/aOfSp87J+feb+Tc8Pfn3xubfVTn/waHy78sfAAAAAADmWP77/4mWj/8uPf6mHMh+x3/XZtQHAAAAAAAAAHjSDjv+36Ax/t8u4/8BAADA3Ko+q1d+d/zhbZO+i626/XIR8UxjeaBj0sUyq233AwAAAAAAAAAAAAC6ZLBzDu/lImIYEc+srpZlWf3UNevDetz1F13Xtx+6rO0neQAA2PHx8ca1/EXEckRcTt/1N1xdXS3L5ZXVcrVcWcrvZ0dLy+VK7XNtnla3LY0O8IZ4MCqrX7ZcW69u2uflae3N31fd16jsH6Bjs9Fi4AAQETuvRvcnvSL9z+vVYirLZ6PlNzksiH32fxaU/Z+DaPtxCgAAABy9sizLIn2d98l0zL/XdqcAgJnIr//N4wJqtVqtVqufvrquHO9uvYiIzfo61XsGw/EDwILZjE/a7gItkn+nDSLihbY7Acy1ou0OcCTuP7izXqR8i/rrQRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJZ7/PzLPX8mbOsco0n5V9t5ooX+tC3n32/m33DU+/+sbEVvbP5dlfMfHCr/vvwBAAAAAGCO5b//n5ir47+jR92cqfY7/rs2do2j6wsAAAAAAAAAPCn3H9xZz9e95uP/XxiznOs/n045/0L+nZTz7zXy/2pjuX5t/t7bD/P/94M763+89a/P5+lB81/KM0V6ZBXpEVGkeyoGafo4W/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzu5Ztpf+Px62n9vTXvV0uN1e9nfaz+9pH+y25/Uv7GkfprOLypXcfjrW4+dxPd7Zbq/alqZs//KU9nJKe86/b//vpJz/oPZT5b+a2ovGtHLvo95n9vv6dNz9vHXti785e/SbM9VW9He3ra7avpda6M/2/8mxUfzy5saN07ev3rp141ykyZ5bz0eaPGE5/2H62X3+f3mnPT/v1/fXex+NDp3/vNiKwcT8X67NV9v7yoz71oac/yj95PzfSe3j9/9Fzn/y/v9qC/0BAAAAAAAAAAAAAACA/ZRluX2J6FsRcTFd/9PWtZkAwGzl1/8yybfPqu7P+P7U6gWviznrz0zrT8v56o9avYh1XTnem/UiIv5WX6d6z/Drcb8MAJhnn0bEP9vuBK2Rf4fl7/urpqfa7gwwUzc/+PCnV69f37hxs+2eAAAAAAAAAACPKo//uVYb//lUWZZ3G8vtGf/17Vh73PE/B3lmd4DRCQNV9w+/TfvZ6o36vdpw4y/GpPG/h7tz+43/PZhyf8Mp7aMp7UtT2pentI+90KMm5/9ibbzzUxFxsjH8ehfGf22Oed8FOf+Xao/nKv+vNJar51/+fpHz7+3J/8yt939x5uYHH7527f2r7228t/GzC+fOnb1w8eKlS5fOvHvt+sbZnX9b7PHRyvnnsa+dB9otOf+cufy7Jef/pVTLv1ty/l9Otfy7Jeef3+/Jv1ty/vmzj/y7Jef/Sqrl3y05/6+lWv7dkvN/NdXy75ac/9dTLf9uyfm/lmr5d0vO/3Sq5d8tOf8zqT5g/itH3S9mI+efj3DZ/7sl55/PbJB/t+T8z6da/t2S87+Qavl3S87/9VTLv1ty/t9Itfy7Jed/MdXy75ac/zdTLf9uyflfSrX8uyXn/61Uy79bcv7fTrX8uyXn/0aq5d8tOf/vpFr+3ZLz/26q5d8tOf/vpVr+3ZLzfzPV8u+Wh9//b8aMGTN5pu1nJgAAAAAAAAAAAACgaRanE7e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Jl989qBxEDI38nfwMYxISSb7NpO/EKbYsJrw1sJhEJfsF3v2iz4Da9dAo1k00CJhFFRRdtw0RYQanNTkQsuaAUoF6gVUiVoL+gNokLlIqoCCkiVaAXZas55nmdnZmdndu3x+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNWtr5//dCPLsuY/+b+2ZtkLmv+9eWprftlrrvUWAgAAAFfqV/m/n7shXXBwDTdqWeafX/7dry0tLS1l7xv98/HPLy2lK6aybHxTluXXRU/96P2N1mWCx7LJxkjL1yN9Vj/a5/qxPteP97l+os/1m/pcP9nn+hU7YIXNxe9j8jvbmf/n1mKXZjdm4/l1O7vc6rHGppGR+LucXCO/zdL4sWwhO5HNZ7NtyxfLNvLlv3Frc11vyeK6RlrWtb15hPzs0aNxGxphH+9sW9fyfUY/eV029fOfPXr0b889e3O32Xc3tN1fsZ137Ghu5yfDJcW2NrJNaZ/E7Rxp2c7tXZ6T0bbtbOS3a/5353Y+t8btHF3ezA3V+ZxPZiP5f38v309jrb/WS/tpe7jsF7dlWXZxebM7l1mxrmwk29J2ycjy8zNZHJHN+2geSi/OxtZ1nN66huO0Oed2th+nna+J+PzfGm43tso2tD5NP/nERMvz/sulyzlOo+ajXu210nkMDvq1UpZjMB4X38sf9ONdj8Gd4fE/evvqx2DXY6fLMZged8sxuKPfMTgyMZpvc3oSGvltlo/BXW3Lj+ZrauTzmdt7H4Mz506emVn82MfvXjh55Pj88flTe3btmt2zd+/+/ftnji2cmJ8t/n2Ze7v8tmQj6TWwI+y7+Bp4VceyrYfq0pcmVpx/L/d1ONnjdbi1Y9lBvw7HOh9cY2NekCuP6eK18Z7mTp+8NJKt8hrLn587r/x1mB53y+twrOV12PV7SpfX4dgaXofNZc7cubafWcZa/um2Dat/L7iyY3BryzHY+fNI5zE46J9HynIMTobj4gd3rv69YHvY3sen1/vzyOiKYzA93HDuaV6Sft6f3J+PbsflLc0rrpvIzi/On73nkSPnzp3dlYWxIV7Scqx0Hq9bWh5TtuJ4HVn38Xpw4eWP39Ll8q1hX03e3fzX5KrPVXOZe+/p/Vzl392678+2S3dnYQzYRu/Pbt/Nm/tzIsu+8O1PPPTNR7/w+lX3ZzNvfnLmyn8WT7m05fw7vsr5N+b+54v1pbt6bHR8rHj9jqa9M952Pm5/qsbyc1cjX/dzM2s7H4+Hfzb6fHxjj/Pxto5lB30+Hu98cPF83Oj3244r0/l8Tobj5MRs7/Nxc5ltu9d7TI71PB/fFmYj7P9Xh6SQclHLsbPacZvWNTY2Hh7XWFxD+3G6p2358ZDNmut6cnf4oTBt5dqO0ztuK5YfbbldtFHH6VTHsoM+TtPvvlY7Thv9fvt2eTqfz8lwXNy4p/dx2lzm6Xuv/Ny5Of5ny7lzot8xOD460dzm8XQQ5uf7bGlzPAbvyY5mp7MT2Vx+7UR+PDXydU3ft7Zz5UT4Z6PPldt6HIN3dCw76GMwfR9b7dhrjK188APQ+XxOhuPiift6H4PNZd6wb7A/u94RLknLtPzs2vn7tdV+53VLx266WsfKWNjOb+/r/bvZ5jIn9q83Z/beT3eFS67rsp86X7+rvabmso3ZT9vCdj67f/X91Nye5jKfP7DG4+lglmUXPvJA/vve8PeVC+e//7W2v7t0+5vOhY888NMXHvun9Ww/AMPv+WJsKb7Xtfxlai1//wcAAACGQsz9I2Em8j8AAABURsz98f8KT+R/AAAAqIyY+8fCTKqQ//+4/yLb3vDswvMXstTMXwri9Wk3PFgsFzuus+HrqaVlzcsf+Mr8f//jhbVt3kiWZb988I+6Lr/twbhdhamwnU+9sf3yFb5295rWffjhC2m9rf31L4b7j49nrYdBtwrubJZl37jhs/l6pt5/KZ9PP3g4nw9dfPyx5jLPHSi+jrd/5iXF8n8Vyr8Hjx1pu/0zYT/8OMzZt3bfH/F2X7306u373ru8vni7xo7r84f9xAeK+43vk/O5x4rl435ebfu/+Zknv9pc/pFXdt/+CyPdt//JcL9fCfN/XlYs3/ocNL+Ot/tU2P64vni7e778ra7b/9Sni+XPvKlY7nCYcf13hK93vunZhdb99UjjSNvjyt5cLBfXP/v9P82vj/cX779z+ycPXWrbH53Hx9P/VtzPTMfy8fK4nugfOtbfvJ/W4zOu/8k/Ody2n/ut/6mHnnlZ8347139Xx3JnPnJnvv7l+2t/x6a//tRnu64vbs/Bvz/T9ngOviu8jsP6n/hAOB7D9f/7VHF/ne+ucPhd7eefuPwXt15oezzRW35erP+p1x7P56bJzVuue8ELr7/4iua+y7LvbSrur9/6j//N6bbt/9JNxf6I18eOfuf6VxPXf/aj06dOL55fmEt79dEb8vfOeVuxPXF7bwjn1s6vD50+98H5s1OzU7NZNlXdt9C7bF8O86fFuNh76aUVZ9A7Hw7P5y1/+Y0tt//rZ+Ll//6e4vJLby2+b70qLPe5cPnW8Pytb/0rPXHrTfnru/F02MKlle8XfCW27/yv/WtaMDz+zp8L4vF+5qUfzPdD87r8+0Z8XV/h9v9wrrifr4f9uhTemXnHTcvra10+vjfCpXcXr/cr3n/hNBef178Lz/fbf1zcf9yu+Hh/GH6O+da29vNdPD6+fmGk8/7zd/G4GM4n2cXi+rhU3N+Xnrup6+bF9yHJLt6cf/1n6X5uXtfDXM3ixxZnTiycOv/IzLn5xXMzix/7+KGTp8+fOncofy/PQx/qd/vl89OW/Pw0N7/33iw/W50uxlV2rbf/zMNH5/bN3j43f+zI+WPnHj4zf/b40cXFo/Nzi7cfOXZs/qP9br8wd/+u3Qf27Ns9fXxh7v79Bw7sOTC9cOp0czOKjepj7+yHp0+dPZTfZPH+ew/suu++e2enT56em79/3+zs9Pl+t8+/N003b/2H02fnTxw5t3Byfnpx4ePz9+86sHfv7r7vBnjyzLHFqZmz50/NnF+cPztTPJapc/nFze99/W5PNS3+R/HzbKdG8UZ82Tvv2pven7XpK59Y9a6KRTreQPTZ8F4033nRmf1r+Trm/vEwkyrkfwAAACAXc/9EmIn8DwAAAJURc/+mMBP5HwAAACoj5v7JMNP/ElCT/F+5/v+2C2tav/6//n/r/tL/r1n//91l6/8X5wv9/8G40v69/n+g/6//r/+v/6//zwCUrf8fc//mLPP3fwAAAKiomPu3hJnI/wAAAFAZMfdfF2Yi/wMAAEBlxNz/gjCTmuR//X/9f/1//X/9/+7r1/8fTvr/ven/96H/P5PVq/9/cZDbfw36/5tbv9D/p4zK1v+Puf+FYSY1yf8AAABQBzH3Xx9mIv8DAABAZcTcf0OYifwPAAAAlRFz/9Ywk5rkf/3/K+r/p86V/n/79uv/t9P/D8eD/r/+/wbQ/+9N/78P/X+f/z9c/f82+v+UUdn6/zH3vyjMpCb5HwAAAOog5v4Xh5nI/wAAAFA+Y5d3s5j7XxJmsiL/X+YKAAAAgGsu5v4bs44ieE3+/q//7/P/9f/1//X/u69/7f3/0Uz/vzz0/3vT/+9D/1//X/9f/5+BKlv/P8/92WT20jCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7v9/YSbyPwAAAFRGzP3bwkxqkv/1/yvT//9F61On/6//32v9+v8+/7/K9P970//vQ/9f/1//X/+fgSpb/z/m/pvDTGqS/wEAAKAOYu6/JcxE/gcAAIDKiLn//4eZyP8AAABQGTH3bw8zqUn+1/8vef8/Nkd9/r/+v/5/Kfv/k/r/paP/35v+fx/6//r/+v/6/wxU2fr/Mfe/LMykJvkfAAAA6iDm/peHmcj/AAAAUBkx978izET+BwAAgMqIuX8qzKQm+X89/f/GRf3/1Vzlz/+fWMPn/7fR/9f/77V+/X+f/19l+v+96f/3of+v/6//r//PQJWt/x9z/61hJjXJ/wAAAFAHMffvCDOR/wEAAKAyYu6/LcxE/gcAAIDKiLl/Z5hJTfK/z/8fiv5/pv+v/6//r/+v/782+v+96f/3of+v/6//r//PQJWt/x9z/yvDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/VWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dfv/7/cNL/703/vw/9f/1//X/9fwaqbP3/mPtfHWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx90+HmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j77w4zqUn+BwAAgDqIuf+eMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJOa5H/9f/1//X/9/3X1/1+xfL/6/wX9/3LR/+9N/78P/X/9/2ve/x/X/6dSytb/j7l/V5hJTfI/AAAA1EHM/bvDTOR/AAAAqIyY+/eEmcj/AAAAUBkx998bZlKT/K//r/+v/6//7/P/u69f/3846f/3Nvj+f3yI+v/6//r/Pv9f/5+Vytb/j7n/vjCTmuR/AAAAqIOY+/eGmcj/AAAAUBkx9+8LM5H/AQAAoDJi7t8fZlKT/K//r/+v/6//r//fff36/8NJ/783n//fh/6//v8Q9/+bx5b+P2VTtv5/zP0Hwkxqkv8BAACgDmLuf02YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9/96mElN8r/+v/6//r/+f9n7/xP6//r/66D/35v+fx/6//r/Q9z/9/n/lFHZ+v8x998fZlKT/A8AAAB1EHP/b4SZyP8AAABQGTH3vzbMRP4HAACAyoi5/2CYSU3yv/7/BvX/44X6//r/+v8+/1///6rS/+9N/78P/X/9f/1//X8Gqmz9/5j7XxdmUpP8DwAAAHUQc/8DYSbyPwAAAFRGzP2vDzOR/wEAAKAyYu5/Q5hJTfK//r/P/7/2/f/xtm3X/1++nf5/Qf9f/3899P970//vQ/9f/1//X/+fgSpb/z/m/jeGmdQk/wMAAEAdxNz/pjAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMpCb5X/9f///a9/99/r/+f0H/X/9/EPT/e9P/70P/X/9f/1//n4EqW/8/5v7fDDOpSf4HAACAOoi5/8EwE/kfAAAAKiPm/reGmcj/AAAAUBkx978tzKQm+V//X/9f/1//X/+/+/r1/4eT/n9vQ9b//9X14XL9/4L+f7m3f739/7GOr69K//9Hq/X/lzZ13l7/n6uhbP3/mPvfHmZSk/wPAAAAdRBz/zvCTOR/AAAAqIyY+98ZZiL/AwAAQGXE3P9bYSY1yf/6/83tWG4v6//r/+cX6P/r/+v/Dy39/96GrP/v8/876P+Xe/t9/r/+PyuVrf8fc/+7wkxqkv8BAACgDmLufyjMRP4HAACAyoi5/91hJvI/AAAAVEbM/e8JM6lJ/tf/9/n/+v/6//r/3dev/z+c9P970//vQ/9f/79s/f//1P9nuJWt/x9z/8NhJjXJ/wAAAFAHMfe/N8xE/gcAAIDKiLn/t8NM5H8AAACojJj73xdmUpP8r/8/LP3/Kf3/dfb/J8Jl+v/6//r/9aL/35v+fx/6//r/Zev/+/x/hlzZ+v8x978/zGTt+X9yzUsCAAAA10TM/b8TZlKTv/8DAABAHcTc/7thJvI/AAAAVEbM/b8XZlKT/K//Pyz9f5//n/n8f/3/jsej/6//383G9f/jmUf/X/9f/z/S/9f/1/+nU9n6/zH3/36YSU3yPwAAANRBzP0fCDOR/wEAAGAodPt/sjvF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/seNffvDddxzepf+v/6//vy4b+vn/zRe/z//X/9f/T/T/9f/1/+lUtv5/zP1HwkyWg9/bfMA/AAAADLeY+/8gzKQmf/8HAACAOoi5/2iYifwPAAAAlRFz/1yYSU3yv/6//r/+f0n7/0P8+f9xfwxT/3960xD1/+NJV/+/qw3t/793uSeu/7/e/v9E10s7+/8N/f82+v/r3v7vZFmm/6//zzVUtv5/zP3zYSY1yf8AAABQByH3jxwr5vIV8j8AAABURsz9x8NM5H8AAACojJj7PxhmUpP8r/+v/6//r//v8/+7r7+0/X+f/9+T/n9v5en/d+fz//X/h3n79f/1/1mpbP3/mPsXwkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/4fDTOR/AAAAqIyY+0+EmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j7T4aZ1CT/AwAAQB3E3H8qzOT/2LuPJsvq847jt3FTzBQb77zwwt77JbAwa/sFeMHGC7vK5YWxjXNicI4454BtJRRQAAmhhHICJSSUhSSUc0AZSTUqmOd5Znr69LndM7e7z/0/n89CDzSMzkU1BfrRfDn2PwAAAAwjd//NcYv9DwAAAMPI3f/LcUuT/a//1/8P2///pP7/oOfr//X/I9P/z9P/r6H/1//r//X/bNTS+v/c/b8StzTZ/wAAANBB7v5fjVvsfwAAABhG7v5b4hb7HwAAAIaRu//X4pYm+/+y/n9n1bP/z4xX/z9S/+/9/wc+X/+v/x/Zyfb/tz3xZz79v/5f/x/0//p//T+XW1r/n7v/1+OWJvsfAAAAOsjd/xtxi/0PAAAAw8jd/5txi/0PAAAAw8jd/1txS5P97/3/3v+v/9f/6/+nn6//307e/z+vU/9/y8PX/9Jj9/7ofUd5vv5f/6//1/+zWUvr/3P3/3bc0mT/AwAAQAe5+38nbrH/AQAAYBi5+383brH/AQAAYAudnfxq7v7fi1ua7H/9v/5f/x/9/xn9v/5f/z8C/f+8Tv3/lTxf/6//1//r/9mspfX/uft/P25psv8BAACgg9z9fxC32P8AAACwXFP/IPaM3P23xi32PwAAAAwjd/+5uKXJ/tf/H3///339/3b0/97/r//X/w9B/z9P/7+G/l//r//X/7NRS+v/c/ffFrc02f8AAADQQe7+P4xb7H8AAAAYRu7+P4pb7H8AAAAYRu7+P45bmux//b/3/+v/9f/6/+nn6/+3k/5/nv5/Df3/1fbz1+r/9f/6fy51xP7/8Zk/bW+k/8/d/ydxS5P9DwAAAB3k7v/TuMX+BwAAgGHk7v+zuMX+BwAAgGHk7v/zuKXJ/tf/6//1//r/K+7/9//Ue5L+f5r+/2To/+ctpv/f2Z38sv5/6/t/7//X/+v/2WNp7//P3f8XcUuT/Q8AAAAd5O7/y7hlZv8f+W/mAwAAAKcqd/9fxS2+/w8AAABbL6uz3P1/Hbc02f/6f/2//l//7/3/08+f6//vu+Tz6f+XRf8/bzH9/wH0//r/bf78+n/9P/strf/P3f83cUuT/Q8AAAAd5O6/PW6x/wEAAGAYufv/Nm6x/wEAAGAYufv/Lm5psv+n+/+Lv13/fzj6/72fX/8//fNjU/1//jfq/2f7/xu9/78n/f88/f8a+n/9v/7/oP7/7Lofr/9nytL6/9z9fx+3NNn/AAAA0EHu/n+IW+x/AAAAGEbu/n+MW+x/AAAAGEbu/n+KW5rsf+//1//r/7ev//f+/wtO8/3/qxPv/3f1/4ek/5+n/19D/6//1//Pv/9/5t8CoP9nytL6/9z9/xy3NNn/AAAA0EHu/n+JW+x/AAAA2A6X/rMDl/8DpSF3/7/GLfY/AAAADCN3/7/FLePs/9l3der/9f/6f/2//n/6+cvq/73//7D0//P0/2vo/4+jn98drP+/46Afv4T+/9bj7v9n6P+Zsqf/v//i10+r/8/d/+9xyzj7HwAAANrL3f8fcYv9DwAAAMPI3f+fcYv9DwAAAMPI3f9fcUuT/X/s/f/Mv31A/6//1//r//X/+v9N0//P0/+vof/3/n/v/9f/s1F7+v9LnFb/n7v/v+OWJvsfAAAAOsjd/z9xi/0PAAAAw8jdf0fcYv8DAADAMHL3/2/c0mT/e/+//l//r//X/08/X/+/na6qv79G/1/0//p//b/+X//PBiyt/8/d/39xS5P9DwAAAB3k7v//uMX+BwAAgGHk7n9K3GL/AwAAwDBy9z81bmmy//X/x9v/59f1//r/lf5f/6//PxFt3/+/M/VXov0O6P8f/IVzP733K/p//b/+X/+v/+eQfnjmty2i/z9/8f9d5u5/WtzSZP8DAABAB7n7nx632P8AAAAwjNz9z4hb7H8AAAAYRu7+O+OWI+7/ueZhyfT/3v+v/9f/6/+nn6//305t+/9D8v7/NfT/+n/9v/6fjVpE/3/Jr+fuf2bc4vv/AAAAMIzc/c+KW+x/AAAAGEbu/mfHLfY/AAAADCN3/3Pilib7X/+v/9f/6//1/9PP1/9vJ/3/PP3/GtvU/995Ff3/7vSXT7ufv1qn/fn1//p/9lta/5+7/664pcn+BwAAgA5y9z83brH/AQAAYBi5+58Xt9j/AAAAMIzc/c+PW5rsf/2//l//r//X/08/X/+/nfT/8/T/q9Xq7pkPMNX/n79umf2/9/8v7vPr//X/7Le0/j93/wvilib7HwAAADrI3X933GL/AwAAwDBy998Tt9j/AAAAMIzc/S+MW5rsf/2//l//r//X/08/X/+/nfT/8/T/a2zT+//1/4v7/Pp//T/7La3/z93/orilyf4HAACADnL33xu32P8AAAAwjNz9L45b7H8AAAAYRu7+++KWJvtf/6//1//r//X/08/X/2+n4+v/V/p//b/+fw39v/5f/8/lltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa//l//r//X/+v/p5+v/99O3v8/T/+/hv5f/6//1/+zUdP9/62n1v/n7n9F3NJk/wMAAEAHufvvj1vsfwAAABhG7v5Xxi32PwAAAAwjd/+r4pYm+1//r//f2/+vVvp//b/+/4IT6P/PrPT/G6f/n6f/X0P/P2b/f81qoP7/7IE/Xv/PEi3t/f+5+18dtzTZ/wAAANBB7v7XxC32PwAAAAwjd/9r4xb7HwAAAIaRu/91cUuT/a//1/97/7/+X/8//Xzv/99O+v95+v819P9j9v/e/6//59Qsrf/P3f/6uKXJ/gcAAIAOcve/IW6x/wEAAGAYufvfGLfY/wAAADCM3P1vilua7H/9v/5f/6//1/9PP1//v530//P0/2vo//X/+n/9Pxu1tP4/d/+b45Ym+x8AAAA6yN3/QNxi/wMAAMAwcvc/GLfY/wAAADCM3P1viVua7H/9v/5f/7+d/f8Z/b/+X/8/aSn9/w03/NRD+n/9v/5f/6//1/93t7T+P3f/W+OWJvsfAAAAOsjd/7a4xf4HAACAYeTuf3vcYv8DAADAMHL3vyNuabL/9/f/164uFKoXTPX/0ajp/y+h/9/7+fX/0z8/vP9f/6//P35L6f+9///KPr/+X/+/zZ//SP3/j+//8fp/RrS0/j93/0NxS5P9DwAAAB3k7n9n3GL/AwAAwDBy978rbrH/AQAAYBi5+x+OW5rsf+//1//r//X/+v/p5+v/t5P+f57+fw39v/7f+/9v/rkf0v+zOUvr/3P3vztuabL/AQAAoIPc/e+JW+x/AAAAGEbu/vfGLfY/AAAADCN3//vilib7X/+v/9f/6//1/9PP1/9vJ/3/PP1/ufwP7YI+/f+ZqS+edj9/tU778w/T/3v/Pxu0tP4/d//745Ym+x8AAAA6yN3/gbjF/gcAAIBh5O7/YNxi/wMAAMAwcvd/KG5psv/1//r/8fv/n9X/X/Z8/b/+f2T6//wr+jT9/xp9+v9Jp93Pb/vn1//r/9lvaf1/7v5H4pYm+x8AAAA6yN3/4bjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1/736/51Vx/7f+//1//r/TvT/8/T/a+j/9f/6f/0/G7W0/j93/6M7uy33PwAAAGyrn/mJX3zksL/vo0/+55nVx+KWG1fnD/ltbAAAAGDhntj9O7ur1cef/DXf/wcAAIAR5e7/RNzSZP/r/3v1/z3f/6//1//r/zvR/8/T/6+h/9f/6//1/2zU0vr/3P2fjFsuGX67R/6jBAAAAJYkd/+n4pYm3/8HAACADnL3fzpu2bf//esAAQAAYFvl7v9M3NLk+//6/4X3/6tj6v/j99P/X6D/1/9PPV//v530//Ousv8/v6P/1//P0P/r//X/XG5p/X/u/s/GLU32PwAAAAxqz99RyN3/ubjF/gcAAIBh5O7/fNxi/wMAAMAwcvd/IW5psv/1/yfe/2eqfozv/z9bv+T9/837/9vPTD5f/6//H5n+f573/6+h/x+l/79O/6//ZxmW1v/n7v9i3NJk/wMAAEAHufu/FLfY/wAAADCM3P1fjlvsfwAAABhG7v6vxC1N9r/+f+Hv/7+i/v8Q7//X//fo/w94/jj9/49cf+6Bm37+nrv0/1x0kv1//lzQ/+v/9f8XLKj/9/5//T8Lsfn+f3fPF4/a/+fu/2rc0mT/AwAAQAe5+x+LW+x/AAAAGEbu/q/FLfY/AAAADCN3/9fjlib7X/+v/19K/5//W59C/3/uivv/s6vV6lT6/2yKu/f/3v+v/9/P+//n6f/X0P/r//X/+n82avP9/94vHrX/z93/jbilyf4HAACADnL3fzNuyf2/c+S/dQ8AAAAsTO7+b8Utvv8PAAAAw8jd/+24pcn+1//r/5fS/yfv/7/448Z6//9NFaf27P9/rH5J/3+89P/z9P9r6P/1//p//T8btbT+P3f/d+KWJvsfAAAAOsjd/3jcYv8DAADAMHL3fzdusf8BAABgGLn7vxe3NNn/+v9R+/8s4vX/+v+l9P/e/+/9/ydD/z9P/7+G/l//r//X/7NRS+v/c/f/IAAA//9GqnSo")
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
sendfile(r1, r0, 0x0, 0x7ffffffd)

3.087890809s ago: executing program 1 (id=2214):
syz_mount_image$vfat(&(0x7f0000000880), &(0x7f0000003200)='./file1\x00', 0x4604, &(0x7f0000003240)=ANY=[], 0x3, 0x335, &(0x7f0000000a40)="$eJzs3M9rG0cUwPEnWZYlGVs6lJYWiof20l4WW+25VBQbSgU1tlVqFwxre9UKbSWjFS4qpbZPvZbccwrkYHz0zZD4H/Alt+SSS266BHKICSEb9pf107asyJFjfz8QdjQzTzujGYW3i1f1X///s5i3tLxelXBMSUhE5EQkJWEJhPxj2C1HpdmOfD3+4vHni8srP2Wy2dkFpeYyS9+klVKTUw/++ifudzsck+PUav15+tnxx8ef1t8s/VGwVMFSpXJV6Wqt/LSqr5mG2ihYRU2pedPQLUMVSpZR8drLXnveLG9u1pRe2phIbFYMy1J6qaaKRk1Vy6paqSn9d71QUpqmqYmE4ALOgi7omT6j1wc8GlyRSiWjj4hIvKMltzeUAQEAgKFqz//DTkrfV/4vk27+73Ru5P/7XxxVx385mDx0Ylfrh9Fu+f+3T7z3asn/YyLST/5/Vy6R/3dmRLdLbm+h//wf18NUtKMq1PLKyf8T/vfXtfvb/rRbIP8HAAAAAAAAAAAAAAAAAAAAAOBDcGLbSdu2k8Ex+Nd4hMB/jRvprPUfE5GYs/o263+TLS6vSMx9cM9ZY/O/rdxWzjv6HY5ExBRDpiUpr9394HPKwZNHypGSh+a2G//KOY64LZm8FNz4GUlKqj3etud+zM7OKI8ff/qYUqI5Pi1J+ah7fLo13hn/9lYuKl992RSvSVIerUtZTNlw93Uj/t8ZpX74OdsWH/dOAgAAAADADaApFfIvn1Ot17/e9bumKdW93fuVkUzevU10xv0B7/p6uuv1eST5WWTYswcAAAAA4Hawan8XddM0KucU4nJxn/4Lkd46R9tqRs/rPNI0w17HE3VvZIi867zu9fipthSCP6RoaYr5lf2NJ5j/wNZrp7kmLD1ERdoHP+VUqEuefdefyGlNcNsoesbnLPOd7xM+ZyeMDmw/f3Ln/svBfUG+Owh2wMWdd/s9V6x917mF0av+fwcAAADA+9dI+oOa75ubQ0MZFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt8yV/KRfW2HYcwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACui7cBAAD//5Oa+gc=")
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0, 0x1000000d)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0xc32a4cddd557707a)
fallocate(r0, 0x0, 0xa000000, 0x9000f3)

2.778011187s ago: executing program 1 (id=2217):
mknod(&(0x7f0000000680)='./file0\x00', 0x8001420, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0xfa, 0x8, 0x7fffffff}]})
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x84, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2.447988716s ago: executing program 9 (id=2219):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)='a', 0x1}], 0x1}, 0x4000001)
setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000180), 0x4)
recvmsg$unix(r0, &(0x7f0000001ec0)={0x0, 0xffffffffffffff68, 0x0}, 0x40010102)

2.290438575s ago: executing program 9 (id=2220):
openat$dir(0xffffffffffffff9c, 0x0, 0x4400, 0x80)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xfffffffffffffffd}, 0x0)
setitimer(0x2, &(0x7f0000000040)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x204010, &(0x7f0000000000), 0x0, 0x65e, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDv7EqyJKuVbUqpTUsFPdhQLEuusdteKruHumCooT6U0oOFJbnC6x9IMtSuoXLpoYUWSuklBxN8yT+Qe9A9txBIcss54ISg/IAkaMPMztqr1a60lrW7tubzgbXfe/Pjve/OPs2b3X07ARTWRPpPKeJoxMbVJGI8IpJ82VjUFk7k661/+uBa+kiiWv39J8lMkpfV91Xf7mCeGY6Idy5EHClvrXf53v0bs5Vqzd8iTq3cvHNq+d79k4s3Z6/PX5+/NX3652fOTf1i+sx005YHdhXnwfz/i5d+98P//OPPZxferZxMYiauDP51Lpri2CsTMREbeYiN5QMRcS5NtHheXjX7IIRCK+evx8GI+H6MRznL1YzH4r/72jigq6rliCpQUIn+DwVVHwfUr+07uw6+0uVRSe88OV+7ANoa/0DtvZEYzq6NRteThiuj2nsbg3tQf1rHNw+OPUofaX59uF7/l0+PzsAe1NPO6sOI+EGr+JOsbYeySNP4y5uu9ZOImIqIobx9v36BNiQN6W68D7OdzuMvbToOpYiYyf9Pyy/sWFPSsnSiKd/r+AEoprXz+Yl8Nc09O/+lY4/6+CdajH/GWpy7dqPf57/247/6+X44G/eUmsZh6dn8cutdbhkWfvivi/+Lv7deuXH8lz7S+utjwV548jDiWFP8/0yDzcc/afxJi+OfrnJ1prM6fvPexxfbLet3/NXHEcdbXv88G6+lqW0+nzy1sFg5EhGLlfmplnW89faf3mhXf1P8r32+TfzDLx7uFunxH20Tf8PxLzVvlz4ndzqs483Lj2+2WZQM7Hj8Sx8NJbXrzaG85C+zKytL0xFDyaV8lYby09u3pb5OfR9p/Cd+0rr/b3r9P9y8n5H6n8wO3PnDjfV2y3bz+m/4MHmj2mEb2knjn6s/se2P/5b+n5b9t8M6vvjj3R+1W7Zd/CO7DQoAAAAAAAAKqpR9lyMpTT5Nl0qTk7X5st+L0VLl9vLKTxdu3701F3Ei+z7kYGkh/6R7vJZP0vx0ln6WP92U/1lEHI6I/w/XPimfvHa7Mtfv4AEAAAAAAAAAAAAAAAAAAOAlcTCf/1+/T/Vn5dr8f6AgunmDOeDlpv9DcWX9f8stnoAicP6H4tL/obj0fygu/R+KS/+H4uqo/yfdbwfQe87/UFz6PwAAAADsS4d/vPZBEhGrvxzJHqmhfJkZQbC/Dfa7AUDflHdcY9sPBw/sZVuA3nrauw32oXA6Gv9/FZH9OGD3mwP0QdO3+688ivrgIP9h0Hadf6225dnfbrsWAAAAAAAAAAAAALAHjh9tP//f3GDY30z7g+Laef5/NzYFXgZ++h+KyzU+sNPd/YbbLVhzX0AAAAAAAAAAAAAA6JWx7JGUJvO5wGNRKk1ORnwnIg7FYLKwWJmfiojvRsT75cEDaX66340GAAAAAAAAAAAAAAAAAACAfWb53v0bs5XK/FJj4ustJfs7Ub8Latfr2qj+Kp5zq0g2l6RN7fbTMpLW0e+D8vyJ/CW9usPKAw0lScRquk3/G58lYu92WK3Wno1d76dff5EAAAAAAAAAAAAAAAAAAKC4srm+o9nc49aOvd7jFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA72X3/69U5pdeJFHNtVpnbWm53zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK+mbwMAAP//7EQ/vA==")

1.928613926s ago: executing program 0 (id=2221):
r0 = syz_io_uring_setup(0x119e, &(0x7f0000000740)={0x0, 0x0, 0x1, 0x2, 0x124}, &(0x7f0000000840)=<r1=>0x0, &(0x7f0000000800)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x4000, &(0x7f00000001c0), 0x1, 0x40})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x2, 0x10a5, 0x3, 0x0, 0x0)

1.790978425s ago: executing program 3 (id=2222):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x0, @local}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000100)="fb", 0x1}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/4096, 0x1000}], 0x1}, 0x40010040)

1.655205372s ago: executing program 1 (id=2223):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a340000001f0a0703000000000000000002000009080003400000ea090900010073797a30000000000c0006"], 0x70}}, 0x0)

1.557259108s ago: executing program 9 (id=2224):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x2040600)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000e4ff0000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f798585fb5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c26211a2b975eb4a9d08501c000c00000000000097e50f118c4a3b05489d1d1245cb774879b0871dd61703eefe87ff070000000000008cca1a363b2b28add613658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741b0665bb33be6f0e742213d0bf5528a601b5934b867f39f7d776ac00a434949b4455b7c6c678de4d9740d8dff6169c664b55ce550fb4e686ae169d9f7abbeb08e02799374ae0081858bdf144d8c7fb67dcec5e43a0e8099e543116b1b7d144b5613845cca4388344d82de45f0c1b7d041db040fd777791232d5db32d14bc1c3d000000000000000000000016a1049b6f094e504c28d7daa2f61b2a7c14d2343b4308b36e6b141371c958406e212b3accb45f87aef8bd5e2181fd7826b9e5cb2f6a63f113491239dca17e4fb33e670daf1cd7a99015ae9e1ca32b4e64dc38b55d525bd10971b0898be9d6e6154dfc99b20622b604b87ba03524c2fed51056d672b1b966657de5c86ab09195fba55af17663fecf1b5c5a76cf07615c7ee54c361449e275371a8c4243b9060ecdeecfb1603b061a8a62159830049061800953f7d00c43c95068c62c2ca1ad7fea9de97216dbc9c8e36a5607608e77d1d7d72b78b4f1eab8e40000000000000000adc90eb850f42f44e4b48c9cc39412c0ce6c9f4b95936ec36efc8dfbc54eb44affe1cd0f14d124df0c29c51b5628646b8155a1859358aa08f71fd2d9b2c4288a0d8870e8767173c65476e1a4f000c580f61d73f5be35ca1aa1235cf309650cdf8c6cd950c477890089be400b26dedec1199479b1b5adfaf2b6e05b7f90c9098ed4accddabd802ac5dc1b436e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf8}, 0x48)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000f00)=@raw={'raw\x00', 0xc01, 0x3, 0x578, 0x0, 0x5002004a, 0x6, 0x0, 0x3, 0x4e0, 0x3c8, 0x3c8, 0x4e0, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast=0xfeffffff, 0x0, 0x0, 'sit0\x00', 'bridge0\x00'}, 0x0, 0x2a0, 0x2c8, 0x0, {0x0, 0x3fa}, [@common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r1}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xe, 0x100, 0x1}}}, {{@uncond, 0x0, 0x1b8, 0x218, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[0x4e20, 0x4e24], [0x4e24, 0x4e20], [0x10000, 0x7f, 0x0, 0x40, 0x9, 0xffff, 0x0, 0x4, 0xfffffffb, 0x3, 0x9, 0x1, 0x5, 0x5, 0x4, 0x1, 0x4, 0x1, 0x9, 0x200, 0x1, 0xa, 0x6, 0x0, 0x39ea, 0xffff, 0x2, 0x800, 0x2, 0x2, 0x5f, 0x778, 0x1, 0x0, 0xffff, 0xd35a, 0x1, 0x2, 0x1, 0x10000, 0xfffffff8, 0x2, 0x7, 0x80000000, 0x3, 0x401, 0x80, 0x2, 0x3, 0x8, 0x6, 0x8000, 0x8000, 0x5, 0xf, 0x1, 0x1, 0x401, 0x100, 0x81, 0x1, 0x5, 0x5, 0x3], 0x2, [{0x2, 0x6, 0x4}, {0x7, 0x9}, {0x8c, 0x50, 0xf7}, {0x4, 0xf9, 0x2}], 0x2, 0x4, 0x5}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local, 0x0, 0x0, [0x0, 0x0, 0x21, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe13], 0x0, 0x0, 0xfffffffffffffffc}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x5d8)

1.513278341s ago: executing program 3 (id=2225):
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000040)=[{{&(0x7f0000000500)={0x2, 0x4e21, @private=0xa010102}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)='B', 0x1}], 0x1}}], 0x1, 0x4000040)

1.471035294s ago: executing program 0 (id=2226):
io_setup(0x222, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x0, 0xc9, 0x81ad}}}, 0x8)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)

1.294090744s ago: executing program 1 (id=2227):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40101)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f"})
write$sndseq(r0, &(0x7f00000000c0)=[{0x5, 0x2, 0x80, 0x0, @time, {0x9}, {0x3, 0x9}, @result={0x1, 0x9}}], 0x1c)

1.163811231s ago: executing program 0 (id=2228):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = dup(r0)
bind$netlink(r1, 0x0, 0x0)

1.154902582s ago: executing program 9 (id=2229):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80, &(0x7f0000000200)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303030303031362c747970653d103683de2c6465636f6d706f73652c756d61736b3d30303030303030303030303030303030303030303030352c6e6f626172726965722c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',nls=cp866,\x00'], 0x44, 0x6ff, &(0x7f0000000500)="$eJzs3U1sHGf5APBn1uu1N5XcbZu0/f+FFKsRETSQ2F5KgoREqBDyoUKRuPS6JE5jee1GtoucCBEXKBzhhHLooQiZQ0+oB6QiDohyRkLiinKPxD3iwKKZnVnvh73ebfyRhN9Pmp13Zt6PZ57OvN6dbbQB/M9afDsmtyOJxQtvbaXbD3bqzQc79dWiHBFTEVGKKLdXkaxFJJ9FXI32Ev+X7sy7S/Yb542Hn354/v7H9fZWOV+y+qVh7Xa1hoywnS8xGxET+XpM5f36ux5vDvR3b6yuk07cacLOFYmDk9YasD1O8xHuW+BJdy9iYnKP/bWIUxExnb8PiHx2KB1zeIdurFkOAAAAnkwTB1V4/lE8iq2YOZ5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NmQtH8zMMmXUlGejaT4/f9Kvi9VqZxwvMN95YDjH9w8pkAAAAAAAAAA4Eh8kn9xf/ZRPIqtmCn2t5LsO//Xso3T2etz8V5sxFKsx8XYikZsxmasx3zE5ExXh5Wtxubm+vxgy19H2rLVat3LWy5ERG2g5cI+gZYO+cQBAAAAAAAA4Nn0k1iMmZMOAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuiURE+1VtpwuyrUolSNiOiIqab3tiD8V5afZn086AAAAADh61Xw9k/ynXWgl2Wf+l7PP/dPxXqzFZizHZjRjKW5kzwLan/pLf9+uNx/s1FfTZbDjb/9rrDiyHiNiIt7fZ+S5rMaZTovF+G58Py7EbFyL9ViOH0YjNmMpZqOankQ0Iolatf30olbEuXe8V3u2rvXHdrZv+9UskmrcjOUstotxvRLtxybZOaRjvto12h8qEX0jvp9mJ/lWbsQc3ej67/Wr/LlMrvX8iH0cjVp25pOdjMyluc+z8cLw3I95nfSPNB+lzjOo07ujpJv9IxU5/8E4OT/VXk2nLz/vzflhG/NRWn8mFqKUX30RL/fm/PYX77/Y2/jL//jLtVultZVbNzcuHOEpPY7ZgypMFoX+TNS7MvHK8Ksvz0QzzcT26JmY7N8xPWrLo1XJs5FNRSPOlt/JSo14resSfDduxFJcjrmYjysxF9+Ihah3rrB0OdOT13J9tTcn2b1WGpzfqkOCP/elrkq/OKDy8Urz8kJXXrtnulp2LN9z9Zcx13X1vTj86hv7r0A6/v/n5XSMn3b+4jwJejKRz81FdC8Nz8RvWunrRnNtZf1W4/aI453P1+lt+0Hv3Pzb0aPu/+t+GNLrJZ1xy9lWlpNqcb2kx17qRNubr0r+jUu7XWng2JnOsVrMxHJ8b987tZK/hxvsqX3sle5j/9ydOSv5+5viWM+7nHg3mtm7kD4HTtUAHLNTr5+qVB9W/1b9qPqz6q3qW9NvTl2Z+kIlJv9a/uPE70u/K30zeT0+ih/HzElHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4KNO3dXGs3m0nqnENP9ex63UNl3rOGFKB1YZ+e50TqMWsTwsZK8UDncc38aC9Xo21P8wtLj9vxJRAypU3ns4JOxr7GxC2keDqXDVqud1GxPa2KM5uWi1d51yrExHSuNpLzHHTe1exdEbaXR/Herp3k1um4Z4Bl3aXP19qWNO3e/urzaeGfpnaW1hSuXr1yuf33+a5duLjeX5tqvJx0lcBQ27tyd2GP3wC/dAgAAAAAAAAAAAE+O/P/+3/zc/5ihfECdyvrG3iOfPe5TBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5Si2/H5HYkMT93cS7dfrBTb6ZLUd6tWY6IUkQkP4pIPou4Gu0lal3dJfuN88bDTz88f//j+m5f5aJ+aVi70WznS8xGxES+PtjUHt0M9ne9q7/tzxVe0jnDNGHnisTBSftvAAAA//9u//cB")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB='osx.&-]:'], 0x0, 0x0, 0x0)
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)

1.137242894s ago: executing program 3 (id=2230):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

954.403894ms ago: executing program 1 (id=2231):
syz_open_dev$loop(&(0x7f0000000100), 0x9, 0x2901)
r0 = syz_io_uring_setup(0x22f, &(0x7f0000019140)={0x0, 0x8ffd, 0x10000, 0x1, 0x100002cf}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)

895.301317ms ago: executing program 0 (id=2232):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0b0600000000000000003000000008000200", @ANYRES32=r2, @ANYBLOB="0500350000000000050033"], 0x2c}}, 0x0)

724.115237ms ago: executing program 9 (id=2233):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
poll(&(0x7f00000020c0)=[{r0, 0x9012}], 0x1, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020)
poll(&(0x7f00000021c0)=[{r0, 0x1000}], 0x1, 0x6)

648.056152ms ago: executing program 1 (id=2234):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x20048a, &(0x7f00000001c0)={[{@grpjquota}, {@noinit_itable}, {@abort}, {@bsdgroups}]}, 0x12, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==")
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', &(0x7f0000002cc0)=ANY=[@ANYBLOB="02"], 0x4, 0x3)
lremovexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)=@known='system.posix_acl_access\x00')

645.224332ms ago: executing program 3 (id=2235):
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fadvise64(r0, 0xe0ffff, 0x19, 0x3)
execveat(r0, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x100)

597.160525ms ago: executing program 0 (id=2236):
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x20b02, 0x0)
r0 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0)

339.4879ms ago: executing program 0 (id=2237):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000009c0)=ANY=[@ANYBLOB="38010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r2, @ANYBLOB="0c009900000000003e000000140004006e69637666300000000000000000000008000500060000000c001780040005000400040014000400766c616e30000000000000000000000005005300000000000a00180003030303030300000a00e80008021100000000001c0017800400010004000300040002"], 0x138}}, 0x0)

236.159946ms ago: executing program 9 (id=2238):
syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')

0s ago: executing program 3 (id=2239):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0x480, &(0x7f0000000180), 0x2, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe")
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000740)={0x24, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="002208000000a2"], 0x0}, 0x0)

kernel console output (not intermixed with test programs):

) entered disabled state
[  358.328673][ T5780] Bluetooth: hci0: command tx timeout
[  358.338375][T11357] bridge_slave_1: entered allmulticast mode
[  358.358048][T11357] bridge_slave_1: entered promiscuous mode
[  358.422262][T11357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  358.473138][T11357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  358.643435][T11357] team0: Port device team_slave_0 added
[  358.653841][T11458] loop8: detected capacity change from 0 to 164
[  358.670198][T11357] team0: Port device team_slave_1 added
[  358.721789][T11458] rock: directory entry would overflow storage
[  358.738195][T11458] rock: sig=0x66, size=4, remaining=3
[  358.818027][T11458] rock: directory entry would overflow storage
[  358.836925][T11458] rock: sig=0x66, size=4, remaining=3
[  358.854749][T11357] batman_adv: batadv0: Adding interface: batadv_slave_0
[  358.885395][T11357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  358.976919][T11357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  359.037210][T11357] batman_adv: batadv0: Adding interface: batadv_slave_1
[  359.048003][T11357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.088812][T11357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  359.245502][T11472] loop8: detected capacity change from 0 to 65
[  359.316400][T11357] hsr_slave_0: entered promiscuous mode
[  359.337017][T11472] BFS-fs: bfs_fill_super(): NOTE: filesystem loop8 was created with 512 inodes, the real maximum is 511, mounting anyway
[  359.383510][T11357] hsr_slave_1: entered promiscuous mode
[  359.698531][ T8084] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  359.757773][T11483] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1642'.
[  359.845405][T11485] netdevsim netdevsim8 netdevsim0: entered promiscuous mode
[  359.899356][ T8084] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  359.917294][ T8084] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  359.976644][ T8084] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  360.004655][ T8084] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.046113][T11477] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  360.325503][T11357] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  360.352030][T11357] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  360.394293][T11357] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  360.407135][ T5780] Bluetooth: hci0: command tx timeout
[  360.452654][T11357] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  360.520184][T11497] pimreg: tun_chr_ioctl cmd 1074025677
[  360.526503][T11497] pimreg: linktype set to 65534
[  360.826540][T11357] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.888806][T11357] 8021q: adding VLAN 0 to HW filter on device team0
[  360.933558][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.940816][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.010825][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.018092][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.131188][ T8084] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  361.148587][ T8084] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input17
[  361.254088][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  361.292464][ T8084] usb 4-1: USB disconnect, device number 23
[  361.292542][    C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  361.502739][T11528] loop6: detected capacity change from 0 to 512
[  361.572657][T11528] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  361.651684][T11528] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.948886][ T8117] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.122506][T11357] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.541325][T11554] loop3: detected capacity change from 0 to 4096
[  362.559485][T11554] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  362.759238][   T28] audit: type=1326 audit(1769735880.460:42): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=11564 comm="syz.6.1662" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faf9839aeb9 code=0x0
[  362.796451][T11554] ntfs3: loop3: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record
[  362.912399][ T1318] ntfs3: loop3: ino=1e, failed to parse mft record
[  363.213649][T11357] veth0_vlan: entered promiscuous mode
[  363.266087][T11357] veth1_vlan: entered promiscuous mode
[  363.380204][T11357] veth0_macvtap: entered promiscuous mode
[  363.413396][T11357] veth1_macvtap: entered promiscuous mode
[  363.480070][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.521750][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.597527][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.628061][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.659300][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.697095][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.738597][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.764866][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.818853][T11357] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.851859][T11590] loop6: detected capacity change from 0 to 1024
[  363.871117][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.914492][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.957713][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.977306][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.011418][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.047063][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.087179][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.117225][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.158883][T11357] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.203623][T11357] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.257076][T11357] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.282912][T11357] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.314385][T11357] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.430062][T11596] loop8: detected capacity change from 0 to 4096
[  364.536787][T11596] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.692351][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.729070][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.825227][ T9198] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.859353][ T3495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.887071][ T3495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.018158][T11609] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1675'.
[  365.201731][T11615] loop8: detected capacity change from 0 to 256
[  365.343586][T11615] FAT-fs (loop8): Directory bread(block 64) failed
[  365.367341][T11615] FAT-fs (loop8): Directory bread(block 65) failed
[  365.402940][T11615] FAT-fs (loop8): Directory bread(block 66) failed
[  365.440597][T11615] FAT-fs (loop8): Directory bread(block 67) failed
[  365.448320][T11615] FAT-fs (loop8): Directory bread(block 68) failed
[  365.467409][T11615] FAT-fs (loop8): Directory bread(block 69) failed
[  365.490614][T11615] FAT-fs (loop8): Directory bread(block 70) failed
[  365.497649][T11615] FAT-fs (loop8): Directory bread(block 71) failed
[  365.557779][T11615] FAT-fs (loop8): Directory bread(block 72) failed
[  365.564394][T11615] FAT-fs (loop8): Directory bread(block 73) failed
[  366.161410][T11642] netlink: 68 bytes leftover after parsing attributes in process `syz.8.1683'.
[  366.240094][T11640] loop3: detected capacity change from 0 to 4096
[  366.277365][T11640] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  366.421117][T11640] ntfs: (device loop3): ntfs_read_locked_inode(): Corrupt standard information attribute in inode.
[  366.453064][T11640] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  366.497204][T11640] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  366.616266][T11640] ntfs: volume version 3.1.
[  366.747089][ T5840] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  366.937314][ T5840] usb 9-1: Using ep0 maxpacket: 32
[  366.953770][ T5840] usb 9-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7
[  366.973820][ T5840] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.002120][ T5840] usb 9-1: Product: syz
[  367.025348][ T5840] usb 9-1: Manufacturer: syz
[  367.050959][ T5840] usb 9-1: SerialNumber: syz
[  367.073953][ T5840] usb 9-1: config 0 descriptor??
[  367.156217][ T3495] ntfs: (device loop3): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry.
[  367.184838][ T5774] ntfs: (device loop3): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  367.331325][ T5840] usb 9-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II
[  367.654227][T11670] loop6: detected capacity change from 0 to 1024
[  367.738684][T11670] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=802c098, mo2=0002]
[  367.790433][T11670] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  367.847607][ T5840] usb 9-1: reset high-speed USB device number 8 using dummy_hcd
[  368.048747][ T8117] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.276146][ T5840] usb 9-1: [UEAGLE-ATM] interface 1 not found
[  368.317584][ T5840] ueagle-atm 9-1:0.0: usbatm_usb_probe: bind failed: -19!
[  368.491731][T11679] loop9: detected capacity change from 0 to 32768
[  368.524702][T11679] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  368.533016][T11679] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  368.569496][T11679] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  368.589958][  T965] usb 9-1: USB disconnect, device number 8
[  368.603559][ T5841] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  368.635305][ T5841] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  368.868665][ T5841] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 233ms
[  368.890234][ T5841] gfs2: fsid=syz:syz.0: jid=0: Done
[  368.897424][T11679] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  369.002070][    T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  369.187013][    T9] usb 7-1: Using ep0 maxpacket: 32
[  369.197800][    T9] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  369.205862][    T9] usb 7-1: config 0 has no interface number 0
[  369.230187][    T9] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  369.261604][    T9] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.306828][    T9] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  369.340694][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.370593][T11679] gfs2: fsid=syz:syz.0: found 1 quota changes
[  369.406077][    T9] usb 7-1: config 0 descriptor??
[  369.516338][T11679] gfs2: fsid=syz:syz.0: inum=2340 error=-28, nblocks=1, full=1 fail_pt=0
[  369.525570][T11679] gfs2: fsid=syz:syz.0: rgrp 18 has an error, marking it readonly until umount
[  369.535872][T11679] gfs2: fsid=syz:syz.0: umount on all nodes and run fsck.gfs2 to fix the error
[  369.545015][T11679] gfs2: fsid=syz:syz.0:  R: n:18 f:80000000 b:4294967295/4294967295 i:4294967295 q:0 r:19 e:0
[  369.557237][T11679] gfs2: fsid=syz:syz.0:   L: f:00 b:4294967295 i:4294967295
[  369.700909][T11700] loop8: detected capacity change from 0 to 4096
[  369.729727][T11700] ntfs3: loop8: Different NTFS sector size (2048) and media sector size (512).
[  369.776402][T11357] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129
[  369.834200][T11357] CPU: 0 PID: 11357 Comm: syz-executor Not tainted syzkaller #0
[  369.841928][T11357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  369.852058][T11357] Call Trace:
[  369.855391][T11357]  <TASK>
[  369.858384][T11357]  dump_stack_lvl+0x18c/0x250
[  369.863129][T11357]  ? show_regs_print_info+0x20/0x20
[  369.868380][T11357]  ? load_image+0x400/0x400
[  369.872953][T11357]  ? do_raw_spin_unlock+0x121/0x230
[  369.878214][T11357]  gfs2_assert_warn_i+0x193/0x2c0
[  369.883317][T11357]  gfs2_qd_dispose+0x4aa/0x5b0
[  369.888143][T11357]  gfs2_quota_cleanup+0x410/0x720
[  369.893218][T11357]  ? spin_lock_bucket+0x150/0x150
[  369.898294][T11357]  ? __might_sleep+0xe0/0xe0
[  369.902946][T11357]  ? gfs2_ail_empty_tr+0x2f0/0x2f0
[  369.908119][T11357]  ? gfs2_quota_sync+0x591/0x5a0
[  369.913108][T11357]  gfs2_make_fs_ro+0x2aa/0x320
[  369.917945][T11357]  ? gfs2_dinode_out+0xb10/0xb10
[  369.922945][T11357]  ? __lock_acquire+0x7d40/0x7d40
[  369.928022][T11357]  ? __rwlock_init+0x150/0x150
[  369.932859][T11357]  ? do_raw_spin_unlock+0x121/0x230
[  369.938125][T11357]  gfs2_put_super+0x224/0x930
[  369.942863][T11357]  ? gfs2_evict_inode+0x1350/0x1350
[  369.948113][T11357]  generic_shutdown_super+0x134/0x2b0
[  369.953547][T11357]  kill_block_super+0x44/0x90
[  369.958275][T11357]  deactivate_locked_super+0x97/0x100
[  369.963700][T11357]  cleanup_mnt+0x43b/0x4d0
[  369.968171][T11357]  task_work_run+0x1d4/0x260
[  369.972830][T11357]  ? task_work_cancel+0x220/0x220
[  369.977910][T11357]  ? exit_to_user_mode_loop+0x3b/0x110
[  369.983434][T11357]  exit_to_user_mode_loop+0xe6/0x110
[  369.988782][T11357]  exit_to_user_mode_prepare+0xee/0x180
[  369.994384][T11357]  syscall_exit_to_user_mode+0x1a/0x50
[  369.999983][T11357]  do_syscall_64+0x61/0xa0
[  370.004482][T11357]  ? clear_bhb_loop+0x40/0x90
[  370.009221][T11357]  ? clear_bhb_loop+0x40/0x90
[  370.013956][T11357]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  370.019938][T11357] RIP: 0033:0x7f8fe179c117
[  370.024408][T11357] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  370.045749][T11357] RSP: 002b:00007ffc8d278198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  370.054229][T11357] RAX: 0000000000000000 RBX: 00007f8fe180471f RCX: 00007f8fe179c117
[  370.062260][T11357] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc8d278250
[  370.070294][T11357] RBP: 00007ffc8d278250 R08: 00007ffc8d279250 R09: 00000000ffffffff
[  370.078318][T11357] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc8d2792e0
[  370.086284][T11700] ntfs3: loop8: Failed to initialize $Extend/$ObjId.
[  370.093003][T11357] R13: 00007f8fe180471f R14: 000000000005a38e R15: 00007ffc8d279320
[  370.093068][T11357]  </TASK>
[  370.360248][    T9] input: HID 28bd:0094 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/0003:28BD:0094.000E/input/input18
[  370.501602][    T9] uclogic 0003:28BD:0094.000E: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.6-1/input1
[  370.589881][    T9] usb 7-1: USB disconnect, device number 13
[  370.870662][T11715] fido_id[11715]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  371.138162][T11728] veth1_vlan: left allmulticast mode
[  371.167002][T11728] macvlan0: entered promiscuous mode
[  371.172396][T11728] macvlan0: left allmulticast mode
[  371.224878][T11728] netlink: 'syz.3.1705': attribute type 1 has an invalid length.
[  371.259329][T11728] netlink: 'syz.3.1705': attribute type 2 has an invalid length.
[  371.550269][T11738] loop8: detected capacity change from 0 to 1024
[  371.564330][T11740] loop3: detected capacity change from 0 to 512
[  371.577377][T11738] EXT4-fs: Ignoring removed orlov option
[  371.682168][T11740] EXT4-fs error (device loop3): ext4_iget_extra_inode:4732: inode #15: comm syz.3.1709: corrupted in-inode xattr: invalid ea_ino
[  371.714410][T11738] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  371.770905][T11740] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.1709: couldn't read orphan inode 15 (err -117)
[  371.812126][T11740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  371.932901][ T9198] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.052964][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.180285][T11756] netlink: 'syz.8.1714': attribute type 1 has an invalid length.
[  372.409421][T11760] syz.3.1715[11760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  372.409689][T11760] syz.3.1715[11760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  373.113989][T11720] kernel write not supported for file /sequencer2 (pid: 11720 comm: kworker/1:7)
[  373.374784][T11758] loop9: detected capacity change from 0 to 131072
[  373.383842][T11758] F2FS-fs (loop9): Wrong CP boundary, start(512) end(1536) blocks(0)
[  373.392136][T11758] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  373.415917][T11758] F2FS-fs (loop9): invalid crc value
[  373.446145][T11758] F2FS-fs (loop9): Found nat_bits in checkpoint
[  373.534217][T11758] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  373.542351][T11758] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e4
[  373.667293][T11787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1722'.
[  373.682872][ T8084] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  373.897118][ T8084] usb 9-1: Using ep0 maxpacket: 32
[  373.912588][ T8084] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  373.931715][ T8084] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  373.955813][ T8084] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  373.989545][ T8084] usb 9-1: config 1 has no interface number 0
[  374.006915][ T8084] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  374.042896][ T8084] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  374.072378][ T8084] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  374.096785][ T8084] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.134040][ T8084] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  374.348193][T11795] loop3: detected capacity change from 0 to 4096
[  374.355111][ T8084] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now attached
[  374.392898][T11795] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  374.504073][T11795] ntfs3: loop3: Failed to initialize $Extend/$ObjId.
[  374.860962][ T8084] usb 9-1: USB disconnect, device number 9
[  374.887193][ T8084] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  374.980866][T11801] loop3: detected capacity change from 0 to 1024
[  375.207785][ T4530] hfsplus: b-tree write err: -5, ino 4
[  375.378607][T11810] random: crng reseeded on system resumption
[  375.876234][T11823] loop8: detected capacity change from 0 to 512
[  375.924768][T11823] EXT4-fs: Ignoring removed i_version option
[  375.966475][T11823] EXT4-fs: Ignoring removed bh option
[  376.023238][T11821] loop3: detected capacity change from 0 to 8192
[  376.053550][T11821] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  376.067647][T11821] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  376.129555][T11823] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.139626][T11821] REISERFS (device loop3): using ordered data mode
[  376.172228][T11821] reiserfs: using flush barriers
[  376.193663][T11823] ext4 filesystem being mounted at /174/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  376.219521][T11821] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  376.274640][T11821] REISERFS (device loop3): checking transaction log (loop3)
[  376.541948][ T9198] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.583453][T11821] REISERFS (device loop3): Using tea hash to sort names
[  376.614366][T11821] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  376.626805][T11815] loop9: detected capacity change from 0 to 32768
[  376.784608][T11815] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  376.958421][T11811] loop6: detected capacity change from 0 to 32768
[  377.046428][T11811] XFS (loop6): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent.
[  377.139471][T11815] XFS (loop9): Ending clean mount
[  377.178571][T11815] XFS (loop9): Quotacheck needed: Please wait.
[  377.378012][ T8117] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  377.405964][T11815] XFS (loop9): Quotacheck: Done.
[  377.690189][T11357] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  378.012783][T11878] loop8: detected capacity change from 0 to 256
[  378.124040][T11878] exFAT-fs (loop8): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  378.279729][   T28] audit: type=1800 audit(1769735895.970:43): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1745" name="file1" dev="loop8" ino=1048650 res=0 errno=0
[  378.370327][   T28] audit: type=1800 audit(1769735896.020:44): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1745" name="file1" dev="loop8" ino=1048650 res=0 errno=0
[  378.565878][T11890] netlink: 'syz.9.1744': attribute type 1 has an invalid length.
[  378.582821][T11892] loop3: detected capacity change from 0 to 512
[  378.610720][T11892] EXT4-fs: Ignoring removed bh option
[  378.617469][ T5841] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  378.641468][T11892] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  378.819594][T11892] EXT4-fs (loop3): 1 truncate cleaned up
[  378.827137][ T5841] usb 7-1: Using ep0 maxpacket: 8
[  378.834906][ T5841] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  378.843934][ T5841] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  378.864607][ T5841] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  378.875944][ T5841] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  378.886630][ T5841] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  378.903344][T11892] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.916238][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  378.953193][ T5841] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  378.997233][ T5841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.136067][T11902] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  379.291346][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.343863][ T5841] usb 7-1: GET_CAPABILITIES returned 0
[  379.364114][ T5841] usbtmc 7-1:16.0: can't read capabilities
[  379.574437][T11914] loop3: detected capacity change from 0 to 128
[  379.575273][T11720] usb 7-1: USB disconnect, device number 14
[  379.594219][T11914] EXT4-fs: Ignoring removed nobh option
[  379.648366][T11914] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  379.671032][T11914] ext4 filesystem being mounted at /475/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  379.730766][ T5774] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  379.978173][ T5825] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  380.114326][T11923] loop8: detected capacity change from 0 to 22
[  380.128354][T11923] MTD: Attempt to mount non-MTD device "/dev/loop8"
[  380.169620][T11923] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  380.177614][ T5825] usb 10-1: Using ep0 maxpacket: 16
[  380.199061][ T5825] usb 10-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  380.229673][ T5825] usb 10-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  380.277973][ T5825] usb 10-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  380.317891][ T5825] usb 10-1: config 1 interface 0 has no altsetting 0
[  380.359980][ T5825] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  380.376068][ T5825] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.414158][ T5825] usb 10-1: Product: syz
[  380.427326][ T5825] usb 10-1: Manufacturer: syz
[  380.432089][ T5825] usb 10-1: SerialNumber: syz
[  380.689591][ T5825] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  380.746551][T11930] loop6: detected capacity change from 0 to 4096
[  380.788691][T11930] ntfs3: loop6: Different NTFS sector size (1024) and media sector size (512).
[  380.911190][ T5825] usb 10-1: USB disconnect, device number 2
[  380.943515][ T5825] usblp0: removed
[  380.972127][ T5783] Bluetooth: hci3: command 0x0406 tx timeout
[  381.370876][T11942] bond0: entered promiscuous mode
[  381.384348][T11942] bond_slave_0: entered promiscuous mode
[  381.394671][T11942] bond_slave_1: entered promiscuous mode
[  381.412785][T11942] batadv_slave_0: entered promiscuous mode
[  381.652901][T11948] loop9: detected capacity change from 0 to 512
[  381.724441][T11948] EXT4-fs error (device loop9): ext4_orphan_get:1398: inode #15: comm syz.9.1773: iget: bad i_size value: 38620345925642
[  381.868772][T11948] EXT4-fs error (device loop9): ext4_orphan_get:1403: comm syz.9.1773: couldn't read orphan inode 15 (err -117)
[  381.918349][T11948] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.023795][T11940] loop8: detected capacity change from 0 to 32768
[  382.060323][T11940] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 scanned by syz.8.1769 (11940)
[  382.081780][T11948] EXT4-fs error (device loop9): ext4_validate_block_bitmap:430: comm syz.9.1773: bg 0: block 5: invalid block bitmap
[  382.127831][T11940] BTRFS info (device loop8): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  382.181381][T11940] BTRFS info (device loop8): using blake2b (blake2b-256-generic) checksum algorithm
[  382.217247][T11940] BTRFS info (device loop8): using free space tree
[  382.292130][T11357] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.385841][T11940] BTRFS info (device loop8): enabling ssd optimizations
[  382.403172][T11940] BTRFS info (device loop8): auto enabling async discard
[  382.647569][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1777'.
[  382.716367][T11946] loop3: detected capacity change from 0 to 32768
[  382.803433][T11946] 
[  382.803433][T11946]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  382.803433][T11946] 
[  382.924850][T11946] ERROR: (device loop3): diWrite: ixpxd invalid
[  382.924850][T11946] 
[  382.976223][ T9198] BTRFS info (device loop8): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  382.991387][T11946] ERROR: (device loop3): txCommit: 
[  382.991387][T11946] 
[  383.023073][T11956] loop6: detected capacity change from 0 to 32768
[  383.072924][T11956] (syz.6.1776,11956,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  383.167375][ T5774] 
[  383.167375][ T5774]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  383.167375][ T5774] 
[  383.178031][T11956] (syz.6.1776,11956,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  383.216314][ T5774] 
[  383.216314][ T5774]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  383.216314][ T5774] 
[  383.359974][T11956] JBD2: Ignoring recovery information on journal
[  383.555928][T11956] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  384.426682][T11956] syz.6.1776 (11956) used greatest stack depth: 18864 bytes left
[  384.544589][ T8117] ocfs2: Unmounting device (7,6) on (node local)
[  385.233571][T12000] loop8: detected capacity change from 0 to 40427
[  385.265015][T12000] F2FS-fs (loop8): invalid crc value
[  385.300915][T12000] F2FS-fs (loop8): Found nat_bits in checkpoint
[  385.331581][T12008] loop9: detected capacity change from 0 to 32768
[  385.373454][T12008] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.1783 (12008)
[  385.449940][T12008] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  385.484033][T12008] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm
[  385.544783][T12008] BTRFS info (device loop9): using free space tree
[  385.564649][T12000] F2FS-fs (loop8): Start checkpoint disabled!
[  385.598142][T12000] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  385.777680][T12008] BTRFS info (device loop9): enabling ssd optimizations
[  385.784805][T12008] BTRFS info (device loop9): auto enabling async discard
[  386.057428][T11357] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  386.091389][ T4530] kworker/u4:10: attempt to access beyond end of device
[  386.091389][ T4530] loop8: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  386.129398][ T9412] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  386.147060][ T4530] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  386.154010][ T4530] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  386.387537][ T9412] usb 7-1: Using ep0 maxpacket: 32
[  386.405905][ T9412] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  386.431125][ T9412] usb 7-1: config 0 has no interface number 0
[  386.440703][T12059] loop9: detected capacity change from 0 to 128
[  386.455070][ T9412] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  386.501127][ T9412] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.517581][T12059] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  386.531593][ T9412] usb 7-1: Product: syz
[  386.535820][ T9412] usb 7-1: Manufacturer: syz
[  386.578034][ T9412] usb 7-1: SerialNumber: syz
[  386.594012][T12059] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  386.605884][ T9412] usb 7-1: config 0 descriptor??
[  386.674900][ T9412] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  386.728016][ T9412] usb 7-1: selecting invalid altsetting 1
[  386.733826][ T9412] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  386.805974][ T9412] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  386.847333][ T9412] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  386.878547][ T9412] usb 7-1: media controller created
[  387.022555][ T9412] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  387.228412][T12048] loop3: detected capacity change from 0 to 32768
[  388.097612][T12053] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  388.157962][ T9412] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  388.189842][ T9412] zl10353_read_register: readreg error (reg=127, ret==-71)
[  388.207198][T11720] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[  388.209108][ T9412] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  388.362549][ T9412] usb 7-1: USB disconnect, device number 15
[  388.421623][T11720] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.442639][T11720] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  388.477137][T11720] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  388.509707][T11720] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  388.549708][T11720] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  388.565432][T11720] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  388.590176][T11720] usb 9-1: Manufacturer: syz
[  388.612823][T11720] usb 9-1: config 0 descriptor??
[  388.653162][T12073] loop9: detected capacity change from 0 to 40427
[  388.681381][T12073] F2FS-fs (loop9): Insane cp_payload (553648128 >= 504)
[  388.726484][T12073] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  388.760056][T12073] F2FS-fs (loop9): invalid crc value
[  388.781830][T12073] F2FS-fs (loop9): Found nat_bits in checkpoint
[  388.999080][T12073] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  389.013421][T12073] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  389.047533][T11720] rc_core: IR keymap rc-hauppauge not found
[  389.053837][T11720] Registered IR keymap rc-empty
[  389.063882][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.137255][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.195029][T11720] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  389.273305][T11720] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input19
[  389.302391][T11357] syz-executor: attempt to access beyond end of device
[  389.302391][T11357] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  389.331156][T11357] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  389.352035][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.399611][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.448503][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.537148][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.577279][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.637309][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.684595][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.732817][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.777065][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.837067][T11720] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  389.884510][T11720] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  389.903920][T11720] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  389.922731][T12091] loop3: detected capacity change from 0 to 40427
[  389.952602][T11720] usb 9-1: USB disconnect, device number 10
[  389.977643][T12091] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  389.984067][T12091] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  390.041056][T12091] F2FS-fs (loop3): invalid crc value
[  390.395180][T12091] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  390.427509][T12091] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  390.630166][T12091] syz.3.1797: attempt to access beyond end of device
[  390.630166][T12091] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  390.698347][T12115] f2fs_ckpt-7:3: attempt to access beyond end of device
[  390.698347][T12115] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  390.774162][T12115] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  390.816549][T12110] loop6: detected capacity change from 0 to 32768
[  390.875434][T12110] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  391.179796][T12110] XFS (loop6): Ending clean mount
[  391.242747][T12110] XFS (loop6): Quotacheck needed: Please wait.
[  391.428626][T12110] XFS (loop6): Quotacheck: Done.
[  391.787375][ T8117] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  391.927581][T12167] loop8: detected capacity change from 0 to 4096
[  392.007789][T12169] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  392.120291][   T28] audit: type=1800 audit(1769735909.810:45): pid=12167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1811" name="file2" dev="loop8" ino=16 res=0 errno=0
[  392.296559][ T1318] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  392.974482][T12184] loop6: detected capacity change from 0 to 1764
[  393.343752][T12193] loop6: detected capacity change from 0 to 512
[  393.391000][T12193] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  393.452686][T12193] EXT4-fs (loop6): 1 truncate cleaned up
[  393.528276][T12193] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.778875][T12204] netem: incorrect ge model size
[  393.792093][T12204] netem: change failed
[  393.853819][ T8117] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.232839][T12190] loop3: detected capacity change from 0 to 32768
[  394.262286][T12190] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1816 (12190)
[  394.287150][ T5825] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  394.317397][T11720] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  394.365210][T12190] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  394.397603][T12190] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  394.424052][T12190] BTRFS info (device loop3): metadata ratio 2
[  394.447506][T12190] BTRFS info (device loop3): allowing degraded mounts
[  394.474919][T12190] BTRFS info (device loop3): force zlib compression, level 3
[  394.487864][ T5825] usb 10-1: too many configurations: 9, using maximum allowed: 8
[  394.506131][T12190] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  394.528159][T11720] usb 7-1: config 7 has an invalid interface number: 101 but max is 0
[  394.547418][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  394.556999][T11720] usb 7-1: config 7 has no interface number 0
[  394.563309][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  394.588360][T12190] BTRFS info (device loop3): use zstd compression, level 3
[  394.595654][T12190] BTRFS info (device loop3): force clearing of disk cache
[  394.608398][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  394.616805][T11720] usb 7-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  394.636497][T11720] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.657075][T12190] BTRFS info (device loop3): turning on flush-on-commit
[  394.667509][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  394.675572][T12190] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  394.685949][T11720] usb 7-1: Product: syz
[  394.697057][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  394.709157][T11720] usb 7-1: Manufacturer: syz
[  394.713822][T11720] usb 7-1: SerialNumber: syz
[  394.737036][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  394.748906][T12190] BTRFS info (device loop3): trying to use backup root at mount time
[  394.769047][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  394.797145][T12190] BTRFS info (device loop3): using free space tree
[  394.804728][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  394.847241][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  394.866095][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  394.886200][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  394.922585][T12196] loop8: detected capacity change from 0 to 32768
[  394.927695][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  394.994335][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  395.025503][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  395.047359][T12196] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  395.065796][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  395.087505][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  395.096776][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  395.112327][T12190] BTRFS info (device loop3): enabling ssd optimizations
[  395.127149][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  395.148817][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  395.158214][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  395.180842][T12190] BTRFS info (device loop3): rebuilding free space tree
[  395.187420][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  395.196492][ T5825] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  395.227246][ T5825] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  395.275292][ T5825] usb 10-1: config 0 interface 0 has no altsetting 0
[  395.303149][ T5825] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  395.329174][ T5825] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  395.377233][ T5825] usb 10-1: Product: syz
[  395.381697][ T5825] usb 10-1: Manufacturer: syz
[  395.386487][ T5825] usb 10-1: SerialNumber: syz
[  395.455347][ T5825] usb 10-1: config 0 descriptor??
[  395.517473][ T5825] yurex 10-1:0.0: USB YUREX device now attached to Yurex #0
[  395.619660][T11720] as10x_usb: device has been detected
[  395.626087][T11720] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  395.652088][T12196] XFS (loop8): Ending clean mount
[  395.693480][T12196] XFS (loop8): Quotacheck needed: Please wait.
[  395.806392][T11720] usb 7-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  395.849356][T12196] XFS (loop8): Quotacheck: Done.
[  396.066087][    C1] usb 10-1: yurex_control_callback - control failed: -71
[  396.117424][ T5825] usb 10-1: USB disconnect, device number 3
[  396.148270][ T5825] yurex 10-1:0.0: USB YUREX #0 now disconnected
[  396.310274][T11720] as10x_usb: error during firmware upload part1
[  396.347393][ T5774] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  396.349701][T11720] Registered device Elgato EyeTV DTT Deluxe
[  396.378744][T11720] usb 7-1: USB disconnect, device number 16
[  396.521888][ T9198] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  396.607845][T11720] Unregistered device Elgato EyeTV DTT Deluxe
[  396.613251][T11720] as10x_usb: device has been disconnected
[  397.040102][T12266] loop3: detected capacity change from 0 to 128
[  397.100661][T12266] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  397.165955][T12266] hpfs: filesystem error: improperly stopped
[  397.183356][T12266] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  397.237060][T12266] hpfs: You really don't want any checks? You are crazy...
[  397.290639][T12266] hpfs: hpfs_map_sector(): read error
[  397.317014][T12266] hpfs: code page support is disabled
[  397.324061][T12266] hpfs: hpfs_map_4sectors(): unaligned read
[  397.381254][T12266] hpfs: hpfs_map_4sectors(): unaligned read
[  397.427259][T12266] hpfs: filesystem error: unable to find root dir
[  397.693422][T12286] loop6: detected capacity change from 0 to 8
[  397.848675][T12286] SQUASHFS error: Failed to read block 0x636: -5
[  397.855089][T12286] SQUASHFS error: Unable to read metadata cache entry [634]
[  397.937244][T12286] SQUASHFS error: Unable to read metadata cache entry [634]
[  397.944626][T12286] SQUASHFS error: Unable to read directory block [634:0]
[  398.503293][T12305] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  398.537402][T12305] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.544893][T12305] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.547168][T11720] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  399.583183][T12317] loop6: detected capacity change from 0 to 32768
[  399.637784][   T28] audit: type=1800 audit(1769735917.340:46): pid=12317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1844" name="file1" dev="loop6" ino=4 res=0 errno=0
[  399.767113][T11720] usb 4-1: Using ep0 maxpacket: 32
[  399.789108][T11720] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  399.799262][T12327] loop8: detected capacity change from 0 to 32768
[  399.810771][T11720] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.823514][T12327] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 scanned by syz.8.1848 (12327)
[  399.848922][T11720] usb 4-1: config 0 descriptor??
[  399.883683][T12327] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  399.926744][T12327] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm
[  399.941513][T12327] BTRFS info (device loop8): metadata ratio 2
[  399.950411][T12327] BTRFS info (device loop8): allowing degraded mounts
[  399.987319][T12327] BTRFS info (device loop8): force zlib compression, level 3
[  399.994819][T12327] BTRFS info (device loop8): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  400.027113][T12327] BTRFS info (device loop8): use zstd compression, level 3
[  400.034431][T12327] BTRFS info (device loop8): force clearing of disk cache
[  400.067124][T12327] BTRFS info (device loop8): turning on flush-on-commit
[  400.074177][T12327] BTRFS warning (device loop8): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  400.097871][T11720] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  400.119488][T12327] BTRFS info (device loop8): trying to use backup root at mount time
[  400.130570][T11720] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  400.165448][T12327] BTRFS info (device loop8): using free space tree
[  400.174493][T11720] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  400.206246][T11720] usb 4-1: media controller created
[  400.339577][T11720] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  400.413270][T12327] BTRFS info (device loop8): enabling ssd optimizations
[  400.454570][T11720] az6027: usb out operation failed. (-71)
[  400.461756][T12327] BTRFS info (device loop8): rebuilding free space tree
[  400.528071][T11720] az6027: usb out operation failed. (-71)
[  400.534231][T11720] stb0899_attach: Driver disabled by Kconfig
[  400.569306][T11720] az6027: no front-end attached
[  400.569306][T11720] 
[  400.602479][T11720] az6027: usb out operation failed. (-71)
[  400.619054][T11720] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  400.663200][T11720] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20
[  400.722111][T11720] dvb-usb: schedule remote query interval to 400 msecs.
[  400.760865][T11720] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  400.804935][T11720] usb 4-1: USB disconnect, device number 24
[  400.852018][ T9198] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  400.978182][T11720] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  401.570423][T12366] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1860'.
[  401.800449][T12369] loop9: detected capacity change from 0 to 8192
[  401.840641][T12369] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  401.859144][T12375] 9pnet_fd: Insufficient options for proto=fd
[  402.291647][T12386] tap0: tun_chr_ioctl cmd 1074025677
[  402.326704][T12386] tap0: linktype set to 6
[  402.720819][T12398] loop3: detected capacity change from 0 to 1024
[  402.846030][T12400] hfsplus: request for non-existent node 211 in B*Tree
[  402.859910][T12400] hfsplus: request for non-existent node 211 in B*Tree
[  402.964689][   T11] hfsplus: b-tree write err: -5, ino 8
[  402.983361][T12377] loop8: detected capacity change from 0 to 40427
[  403.018595][T12377] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  403.042927][T12377] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  403.080557][T12377] F2FS-fs (loop8): invalid crc value
[  403.100330][T12377] F2FS-fs (loop8): Found nat_bits in checkpoint
[  403.263996][T12377] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  403.298861][T12377] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  403.500673][ T9198] syz-executor: attempt to access beyond end of device
[  403.500673][ T9198] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  403.573960][ T9198] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  403.582240][T12417] loop3: detected capacity change from 0 to 64
[  403.637626][T12417] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
[  404.087461][T12428] loop3: detected capacity change from 0 to 2048
[  404.135283][T12428] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  404.218792][T12428] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  404.278229][T12433] loop6: detected capacity change from 0 to 16
[  404.323087][T12433] erofs: (device loop6): mounted with root inode @ nid 36.
[  405.183787][T12431] loop9: detected capacity change from 0 to 32768
[  405.254528][T12431] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  405.294309][T12458] loop6: detected capacity change from 0 to 1024
[  405.317979][T12458] EXT4-fs: Ignoring removed mblk_io_submit option
[  405.325763][T12458] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  405.379942][T12458] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  405.614703][T12431] XFS (loop9): Ending clean mount
[  405.635791][T12431] XFS (loop9): Quotacheck needed: Please wait.
[  405.720713][ T8117] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.765404][T12431] XFS (loop9): Quotacheck: Done.
[  406.009434][T11357] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  406.708006][T12480] loop3: detected capacity change from 0 to 764
[  406.781402][T12480] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  406.904802][T12473] loop6: detected capacity change from 0 to 32768
[  407.012117][T12473] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  407.144273][T12473] XFS (loop6): Ending clean mount
[  407.208371][T12473] XFS (loop6): Quotacheck needed: Please wait.
[  407.334711][T12473] XFS (loop6): Quotacheck: Done.
[  407.745516][T12512] loop3: detected capacity change from 0 to 2048
[  407.753116][ T8117] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  407.765471][T12512] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  407.927310][ T5827] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  408.137047][ T5827] usb 9-1: Using ep0 maxpacket: 8
[  408.154565][ T5827] usb 9-1: unable to get BOS descriptor or descriptor too short
[  408.166862][ T5827] usb 9-1: config 4 interface 0 has no altsetting 0
[  408.191099][ T5827] usb 9-1: string descriptor 0 read error: -22
[  408.206136][ T5827] usb 9-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  408.222240][ T5827] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.240751][T12527] program syz.9.1922 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  408.248668][ T5827] usb 9-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  408.285618][ T5827] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  408.314204][ T5827] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  408.334454][ T5827] usb 9-1: media controller created
[  408.404144][ T5827] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  408.761771][T12531] loop3: detected capacity change from 0 to 32768
[  408.785313][T12531] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1924 (12531)
[  408.853428][T12531] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  408.923255][T12531] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  408.946220][T12531] BTRFS info (device loop3): enabling auto defrag
[  408.965914][T12531] BTRFS info (device loop3): use no compression
[  408.977272][T12531] BTRFS info (device loop3): max_inline at 0
[  409.007174][T12531] BTRFS info (device loop3): using free space tree
[  409.363223][T12531] BTRFS info (device loop3): enabling ssd optimizations
[  409.382501][T12531] BTRFS info (device loop3): auto enabling async discard
[  409.450310][    C0] raw-gadget.0 gadget.8: ignoring, device is not running
[  409.459878][ T5827] zl10353_read_register: readreg error (reg=127, ret==0)
[  409.603242][ T5827] usb 9-1: USB disconnect, device number 11
[  409.685751][T12558] loop9: detected capacity change from 0 to 1024
[  409.713124][T12558] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  409.744591][T12558] EXT4-fs (loop9): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  409.776347][T12558] EXT4-fs (loop9): revision level too high, forcing read-only mode
[  409.796693][T12558] EXT4-fs (loop9): orphan cleanup on readonly fs
[  409.835468][T12558] EXT4-fs error (device loop9): ext4_read_inode_bitmap:168: comm syz.9.1928: Inode bitmap for bg 0 marked uninitialized
[  409.853338][T12558] EXT4-fs (loop9): Remounting filesystem read-only
[  409.861683][T12558] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  409.927533][T11357] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.095234][T12565] syz.6.1930: attempt to access beyond end of device
[  410.095234][T12565] loop13: rw=4096, sector=2, nr_sectors = 2 limit=0
[  410.132854][T12565] EXT4-fs (loop13): unable to read superblock
[  410.241043][ T5774] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  410.656424][T12576] loop8: detected capacity change from 0 to 4096
[  410.715906][T12576] ntfs: (device loop8): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  410.758853][T12576] ntfs: (device loop8): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  410.780208][T12576] ntfs: (device loop8): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  410.791861][T12576] ntfs: (device loop8): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  410.848015][T12576] ntfs: (device loop8): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  410.900417][T12576] ntfs: volume version 3.1.
[  410.934992][T12576] ntfs: (device loop8): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  410.971507][T12576] ntfs: (device loop8): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  411.032888][T12576] ntfs: (device loop8): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  411.094306][T12576] ntfs: (device loop8): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt.
[  411.110604][T12576] ntfs: (device loop8): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2.
[  411.312513][T12589] loop9: detected capacity change from 0 to 128
[  411.367972][T12589] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  411.443461][T12589] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  411.837242][ T5781] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  411.987028][    T9] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  412.027144][ T5781] usb 4-1: Using ep0 maxpacket: 8
[  412.035661][ T5781] usb 4-1: unable to get BOS descriptor or descriptor too short
[  412.044528][T12592] loop8: detected capacity change from 0 to 32768
[  412.060497][ T5781] usb 4-1: config 4 interface 0 has no altsetting 0
[  412.076265][T12592] (syz.8.1941,12592,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  412.082737][ T5781] usb 4-1: string descriptor 0 read error: -22
[  412.115874][T12592] (syz.8.1941,12592,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  412.127660][ T5781] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  412.148781][ T5781] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.174180][ T5781] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  412.197193][    T9] usb 10-1: Using ep0 maxpacket: 32
[  412.204482][ T5781] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  412.210685][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  412.232594][ T5781] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  412.243476][ T5781] usb 4-1: media controller created
[  412.268252][T12592] JBD2: Ignoring recovery information on journal
[  412.285650][ T5781] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  412.296360][    T9] usb 10-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  412.333665][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.370365][    T9] usb 10-1: Product: syz
[  412.374729][    T9] usb 10-1: Manufacturer: syz
[  412.404841][    T9] usb 10-1: SerialNumber: syz
[  412.423605][    T9] usb 10-1: config 0 descriptor??
[  412.441946][T12592] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  412.893156][    T9] gs_usb 10-1:0.0: Configuring for 156 interfaces
[  412.950967][ T9198] ocfs2: Unmounting device (7,8) on (node local)
[  413.308904][    T9] gs_usb 10-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  413.326355][    T9] gs_usb 10-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  413.338476][    T9] gs_usb: probe of 10-1:0.0 failed with error -71
[  413.354168][    T9] usb 10-1: USB disconnect, device number 4
[  413.382745][ T5781] zl10353_read_register: readreg error (reg=127, ret==0)
[  413.497747][ T5781] usb 4-1: USB disconnect, device number 25
[  414.278812][T12627] loop3: detected capacity change from 0 to 4096
[  414.352972][T12627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  414.528951][T12627] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  414.684263][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.717618][T12639] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1959'.
[  415.192029][T12634] loop9: detected capacity change from 0 to 32768
[  415.264801][T12634] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  415.541136][T11357] ocfs2: Unmounting device (7,9) on (node local)
[  416.701453][    T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  416.914505][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  416.937081][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  416.956464][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  416.968116][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  416.982526][    T9] usb 4-1: SerialNumber: syz
[  417.212997][    T9] usb 4-1: 0:2 : does not exist
[  417.242816][    T9] usb 4-1: 0:0: failed to get current value for ch 0 (-22)
[  417.307543][    T9] usb 4-1: USB disconnect, device number 26
[  417.375275][ T6417] udevd[6417]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  417.832921][T12697] loop9: detected capacity change from 0 to 32768
[  417.935306][T12697] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  418.016177][T12697] XFS (loop9): Ending clean mount
[  418.577905][T11357] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  419.242094][T12719] loop3: detected capacity change from 0 to 32768
[  419.268233][T12719] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.1991 (12719)
[  419.350392][T12719] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  419.364458][T12722] loop9: detected capacity change from 0 to 4096
[  419.369366][T12719] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  419.411406][T12719] BTRFS info (device loop3): enabling disk space caching
[  419.439147][T12725] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  419.471179][T12719] BTRFS info (device loop3): force clearing of disk cache
[  419.508155][T12719] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  419.536503][T12719] BTRFS info (device loop3): use zstd compression, level 3
[  419.567790][T12719] BTRFS info (device loop3): disk space caching is enabled
[  419.586365][T12722] NILFS error (device loop9): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  419.727320][T12722] Remounting filesystem read-only
[  419.777709][T12719] BTRFS info (device loop3): enabling ssd optimizations
[  419.784743][T12719] BTRFS info (device loop3): auto enabling async discard
[  419.850955][T12719] BTRFS info (device loop3): rebuilding free space tree
[  419.971516][T12719] BTRFS info (device loop3): disabling free space tree
[  419.999720][T12719] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  420.048381][T12719] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  420.113737][T11357] NILFS (loop9): discard dirty page: offset=8192, ino=6
[  420.148199][T11357] NILFS (loop9): discard dirty block: blocknr=25, size=4096
[  420.163824][T12717] loop6: detected capacity change from 0 to 65536
[  420.255934][T12717] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  420.306373][ T5774] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  420.463420][T12717] XFS (loop6): Ending clean mount
[  420.499523][T12724] loop8: detected capacity change from 0 to 32768
[  420.540298][T12717] XFS (loop6): Quotacheck needed: Please wait.
[  420.547557][T12724] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop8 scanned by syz.8.1993 (12724)
[  420.712355][T12724] BTRFS info (device loop8): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  420.724755][ T6417] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 12 /dev/loop3 scanned by udevd (6417)
[  420.762574][T12724] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm
[  420.813165][T12724] BTRFS info (device loop8): using free space tree
[  420.840964][T12717] XFS (loop6): Quotacheck: Done.
[  421.027783][T12724] BTRFS info (device loop8): enabling ssd optimizations
[  421.035344][T12756] loop9: detected capacity change from 0 to 8192
[  421.060531][T12724] BTRFS info (device loop8): auto enabling async discard
[  421.145796][ T8117] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  421.474094][ T9198] BTRFS info (device loop8): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  421.627496][T12778] loop3: detected capacity change from 0 to 512
[  421.711058][T12778] EXT4-fs (loop3): filesystem is read-only
[  421.736122][T12778] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  421.801605][T12778] EXT4-fs (loop3): filesystem is read-only
[  421.835642][T12778] EXT4-fs (loop3): orphan cleanup on readonly fs
[  421.849930][T12778] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #16: comm syz.3.1999: iget: bad i_size value: -504403158265486552
[  421.869442][T12778] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.1999: couldn't read orphan inode 16 (err -117)
[  421.993871][T12778] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  422.069685][T10891] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 10 /dev/loop8 scanned by udevd (10891)
[  422.243585][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.688187][    T9] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  422.907737][    T9] usb 9-1: Using ep0 maxpacket: 16
[  422.931884][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  422.952294][    T9] usb 9-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  422.987073][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.018531][    T9] usb 9-1: config 0 descriptor??
[  423.378494][T12804] loop3: detected capacity change from 0 to 8192
[  423.441424][T12804] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  423.467109][T12804] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  423.469088][    T9] wacom 0003:056A:0084.000F: unknown main item tag 0x0
[  423.476521][T12804] REISERFS (device loop3): using ordered data mode
[  423.483400][    T9] wacom 0003:056A:0084.000F: unknown main item tag 0x0
[  423.507778][    T9] wacom 0003:056A:0084.000F: hidraw0: USB HID v0.05 Device [HID 056a:0084] on usb-dummy_hcd.8-1/input0
[  423.514953][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  423.605807][T12804] reiserfs: using flush barriers
[  423.647502][T12804] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  423.672071][T12804] REISERFS (device loop3): checking transaction log (loop3)
[  423.681531][T12804] REISERFS (device loop3): Using r5 hash to sort names
[  423.692370][T12804] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  423.707416][    T9] usb 9-1: USB disconnect, device number 12
[  423.739651][   T28] kauditd_printk_skb: 4 callbacks suppressed
[  423.739666][   T28] audit: type=1800 audit(1769735941.440:47): pid=12804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2006" name="file1" dev="loop3" ino=2 res=0 errno=0
[  423.944072][T12812] fido_id[12812]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  424.212827][T12814] loop3: detected capacity change from 0 to 1024
[  424.447156][   T34] hfsplus: b-tree write err: -5, ino 4
[  424.526127][T12809] loop9: detected capacity change from 0 to 32768
[  424.534943][T12820] loop6: detected capacity change from 0 to 16
[  424.560140][T12820] erofs: (device loop6): mounted with root inode @ nid 36.
[  424.614246][T12809] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  424.922290][   T28] audit: type=1400 audit(1769735942.610:48): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A202020202030206B420A4C617A79467265653A202020202020202020202020202030206B420A416E6F6E4875676550616765733A20202020202020202030206B420A53686D656D506D644D61707065643A202020202020202030206B420A46696C65506D644D61707065643A20202020202020202030206B420A5368617265645F48756765746C623A202020202020202030206B420A50 pid=12835 comm="syz.3.2017"
[  425.007849][T12809] XFS (loop9): Ending clean mount
[  425.043609][T12834] loop8: detected capacity change from 0 to 4096
[  425.083026][T12809] XFS (loop9): Quotacheck needed: Please wait.
[  425.201809][T12809] XFS (loop9): Quotacheck: Done.
[  425.672457][T11357] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  426.260243][T12858] netlink: 188 bytes leftover after parsing attributes in process `syz.6.2026'.
[  426.935639][T12875] netlink: 'syz.6.2033': attribute type 39 has an invalid length.
[  427.664700][T12871] loop3: detected capacity change from 0 to 32768
[  427.687692][T12883] loop6: detected capacity change from 0 to 1024
[  427.743856][T12883] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  427.774406][T12871] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  427.796807][T12883] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  428.097337][T12871] XFS (loop3): Ending clean mount
[  428.107956][T12883] EXT4-fs error (device loop6): ext4_xattr_inode_iget:441: inode #11: comm syz.6.2037: missing EA_INODE flag
[  428.138434][T12883] EXT4-fs (loop6): Remounting filesystem read-only
[  428.154855][T12871] XFS (loop3): Quotacheck needed: Please wait.
[  428.347264][T12871] XFS (loop3): Quotacheck: Done.
[  428.615043][ T8117] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.630266][ T5774] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  428.796376][   T12] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.979582][   T12] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.144863][   T12] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.280994][   T12] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.466814][T12907] loop9: detected capacity change from 0 to 4096
[  430.194427][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  430.206844][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  430.217407][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  430.256328][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  430.268232][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  430.279105][ T5783] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  430.323343][T12922] loop8: detected capacity change from 0 to 1024
[  430.427612][T12922] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  430.612035][T12922] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  430.671299][T12929] program syz.3.2043 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  430.742531][T12931] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2050'.
[  430.958423][T12922] EXT4-fs error (device loop8): ext4_xattr_inode_iget:441: inode #11: comm syz.8.2049: missing EA_INODE flag
[  431.044361][T12922] EXT4-fs (loop8): Remounting filesystem read-only
[  431.249250][T12938] loop3: detected capacity change from 0 to 8192
[  431.759137][T11818] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  432.395439][T12918] chnl_net:caif_netlink_parms(): no params data found
[  432.418959][ T5783] Bluetooth: hci1: command tx timeout
[  432.984835][   T12] bond0: left promiscuous mode
[  432.996965][   T12] bond_slave_0: left promiscuous mode
[  433.008235][   T12] bond_slave_1: left promiscuous mode
[  433.067689][   T12] batadv_slave_0: left promiscuous mode
[  433.150382][   T12] hsr_slave_0: left promiscuous mode
[  433.167616][   T12] hsr_slave_1: left promiscuous mode
[  433.180631][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  433.204464][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  433.223280][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.241115][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  433.259805][   T12] bridge_slave_1: left allmulticast mode
[  433.270602][   T12] bridge_slave_1: left promiscuous mode
[  433.283297][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.343916][   T12] bridge_slave_0: left allmulticast mode
[  433.368282][   T12] bridge_slave_0: left promiscuous mode
[  433.374126][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.443640][ T5780] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  433.456458][ T5780] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  433.465587][ T5780] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  433.475309][ T5780] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  433.490938][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  433.498426][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  433.612316][   T12] veth1_macvtap: left promiscuous mode
[  433.622607][   T12] veth0_macvtap: left promiscuous mode
[  433.632362][   T12] veth1_vlan: left promiscuous mode
[  433.642577][   T12] veth0_vlan: left promiscuous mode
[  433.679486][T12965] loop9: detected capacity change from 0 to 32768
[  433.707595][T12965] BTRFS error: device /dev/loop9 already registered with a higher generation, found 8 expect 10
[  433.885370][ T6417] BTRFS error: device /dev/loop9 already registered with a higher generation, found 8 expect 10
[  434.487479][ T5783] Bluetooth: hci1: command tx timeout
[  434.553073][T12986] loop9: detected capacity change from 0 to 32768
[  434.563370][T12986] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.2064 (12986)
[  434.591323][T12986] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  434.611495][T12986] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm
[  434.620800][T12986] BTRFS info (device loop9): enabling auto defrag
[  434.627621][T12986] BTRFS info (device loop9): use no compression
[  434.634070][T12986] BTRFS info (device loop9): max_inline at 0
[  434.643191][T12986] BTRFS info (device loop9): using free space tree
[  434.778350][T12986] BTRFS info (device loop9): enabling ssd optimizations
[  434.788595][T12986] BTRFS info (device loop9): auto enabling async discard
[  435.105412][T11357] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  435.616647][ T5783] Bluetooth: hci3: command tx timeout
[  435.828607][   T12] team0 (unregistering): Port device team_slave_1 removed
[  435.963699][   T12] team0 (unregistering): Port device team_slave_0 removed
[  436.080768][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  436.168326][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  436.257130][T13009] loop9: detected capacity change from 0 to 32768
[  436.302884][T13009] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  436.392337][T13009] XFS (loop9): Ending clean mount
[  436.593080][ T5783] Bluetooth: hci1: command tx timeout
[  436.629426][T11357] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  437.140199][T13019] loop9: detected capacity change from 0 to 4096
[  437.155217][T13019] ntfs: (device loop9): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  437.166659][T13019] ntfs: (device loop9): ntfs_read_locked_inode(): $DATA attribute is missing.
[  437.176100][T13019] ntfs: (device loop9): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  437.189669][T13019] ntfs: (device loop9): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  437.213916][   T12] bond0 (unregistering): Released all slaves
[  437.283757][T13019] ntfs: volume version 3.1.
[  437.300816][T13019] ntfs: (device loop9): load_and_init_quota(): Failed to find inode number for $Quota.
[  437.319621][T13019] ntfs: (device loop9): load_system_files(): Failed to load $Quota.  Will not be able to remount read-write.  Run chkdsk.
[  437.371559][T13019] ntfs: (device loop9): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-2.  You might want to try to use the mount option nls=utf8.
[  437.394352][T13019] ntfs: (device loop9): ntfs_filldir(): Skipping unrepresentable inode 0x4.
[  437.545474][T12918] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.564918][T12918] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.587487][T12918] bridge_slave_0: entered allmulticast mode
[  437.594975][T12918] bridge_slave_0: entered promiscuous mode
[  437.630709][T12918] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.653532][T12918] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.666859][T12918] bridge_slave_1: entered allmulticast mode
[  437.685427][T12918] bridge_slave_1: entered promiscuous mode
[  437.701406][ T5783] Bluetooth: hci3: command tx timeout
[  437.721804][T13022] loop3: detected capacity change from 0 to 2048
[  437.806958][T13022] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  437.824760][T13022] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  437.846200][T13022] UDF-fs: Scanning with blocksize 512 failed
[  437.893850][T13022] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  437.911080][T12918] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  437.920613][T13022] UDF-fs: Scanning with blocksize 1024 failed
[  437.959118][T12918] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  437.972562][T13022] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  437.982774][T13022] UDF-fs: Scanning with blocksize 2048 failed
[  438.014326][T13022] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=385, location=385
[  438.034202][T13022] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  438.060764][T13022] UDF-fs: Scanning with blocksize 4096 failed
[  438.077213][T13022] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  438.189379][T12918] team0: Port device team_slave_0 added
[  438.213026][T13022] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2070'.
[  438.231417][T12918] team0: Port device team_slave_1 added
[  438.273900][T12918] batman_adv: batadv0: Adding interface: batadv_slave_0
[  438.281341][T12918] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.317490][T12918] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  438.370469][T12918] batman_adv: batadv0: Adding interface: batadv_slave_1
[  438.396967][T12918] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.505808][T12918] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  438.647176][ T5783] Bluetooth: hci1: command tx timeout
[  438.690264][   T12] IPVS: stop unused estimator thread 0...
[  438.804680][T12918] hsr_slave_0: entered promiscuous mode
[  438.844845][T12918] hsr_slave_1: entered promiscuous mode
[  438.866160][T12918] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  438.885314][T12918] Cannot create hsr debugfs directory
[  438.899896][T13023] loop9: detected capacity change from 0 to 32768
[  438.965710][T13023] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  439.112041][T12977] chnl_net:caif_netlink_parms(): no params data found
[  439.128034][T13023] XFS (loop9): Ending clean mount
[  439.145385][T13023] XFS (loop9): Quotacheck needed: Please wait.
[  439.214977][T13023] XFS (loop9): Quotacheck: Done.
[  439.233998][T13052] loop3: detected capacity change from 0 to 2048
[  439.297344][T13052] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  439.377636][T13054] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  439.473246][T11357] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  439.695978][   T12] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.767854][ T5783] Bluetooth: hci3: command tx timeout
[  440.040151][T13064] loop9: detected capacity change from 0 to 128
[  440.110437][   T12] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.145037][T13064] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  440.165041][T13064] ext4 filesystem being mounted at /99/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  440.282130][T11357] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  440.337966][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  440.652625][   T12] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.687462][T12977] bridge0: port 1(bridge_slave_0) entered blocking state
[  440.702874][T12977] bridge0: port 1(bridge_slave_0) entered disabled state
[  440.723507][T12977] bridge_slave_0: entered allmulticast mode
[  440.733359][T12977] bridge_slave_0: entered promiscuous mode
[  440.959553][   T12] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.014680][T12977] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.037572][T12977] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.044927][T12977] bridge_slave_1: entered allmulticast mode
[  441.053754][T12977] bridge_slave_1: entered promiscuous mode
[  441.111412][ T5841] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  441.177986][T13082] loop3: detected capacity change from 0 to 4096
[  441.308810][ T5841] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  441.326974][ T5841] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  441.343718][ T5841] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  441.374384][ T5841] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.415425][T13080] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  441.444449][ T5841] usb 10-1: Quirk or no altest; falling back to MIDI 1.0
[  441.592247][T12977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  441.731984][T12977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  441.783150][    T9] usb 10-1: USB disconnect, device number 5
[  441.848877][ T5783] Bluetooth: hci3: command tx timeout
[  442.003169][T12977] team0: Port device team_slave_0 added
[  442.068593][T12977] team0: Port device team_slave_1 added
[  442.305551][T12977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  442.313214][T12977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.340878][T12977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  442.516677][T12977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  442.537026][T12977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.597018][T12977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  442.934930][T12918] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  443.005179][T12977] hsr_slave_0: entered promiscuous mode
[  443.052896][T12977] hsr_slave_1: entered promiscuous mode
[  443.064574][T12977] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  443.077155][T12977] Cannot create hsr debugfs directory
[  443.087242][T12918] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  443.265746][T12918] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  443.291541][T12918] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  443.510060][T13106] loop9: detected capacity change from 0 to 32768
[  443.611983][T13106] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  443.925848][T13106] XFS (loop9): Ending clean mount
[  443.941063][T13106] XFS (loop9): Quotacheck needed: Please wait.
[  444.073721][T13106] XFS (loop9): Quotacheck: Done.
[  444.205830][T13112] loop3: detected capacity change from 0 to 32768
[  444.318252][T11357] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  444.356226][T13112] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  444.606556][T13112] XFS (loop3): Ending clean mount
[  444.654098][T13112] XFS (loop3): Quotacheck needed: Please wait.
[  444.784734][T13112] XFS (loop3): Quotacheck: Done.
[  444.867712][ T5774] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  445.163533][   T12] hsr_slave_0: left promiscuous mode
[  445.181731][   T12] hsr_slave_1: left promiscuous mode
[  445.202466][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  445.219877][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  445.233954][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  445.245492][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  445.254476][   T12] bridge_slave_1: left allmulticast mode
[  445.260841][   T12] bridge_slave_1: left promiscuous mode
[  445.266635][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.283012][   T12] bridge_slave_0: left allmulticast mode
[  445.290927][   T12] bridge_slave_0: left promiscuous mode
[  445.296760][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.368653][   T12] veth1_macvtap: left promiscuous mode
[  445.374289][   T12] veth0_macvtap: left promiscuous mode
[  445.380913][   T12] veth1_vlan: left promiscuous mode
[  445.383699][T13154] loop9: detected capacity change from 0 to 512
[  445.386554][   T12] veth0_vlan: left promiscuous mode
[  445.450601][T13154] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  445.531269][T13154] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  445.596483][T13154] EXT4-fs error (device loop9): ext4_get_inode_usage:888: inode #12: comm syz.9.2094: corrupted xattr block 6: invalid header
[  445.621408][T13154] EXT4-fs (loop9): Remounting filesystem read-only
[  445.661432][ T4530] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  445.688341][ T4530] Quota error (device loop9): write_blk: dquota write failed
[  445.695795][ T4530] Quota error (device loop9): free_dqentry: Can't write quota data block 5
[  445.713585][T11357] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.725998][ T4530] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  445.747582][ T4530] Quota error (device loop9): write_blk: dquota write failed
[  445.755029][ T4530] Quota error (device loop9): free_dqentry: Can't write quota data block 5
[  446.297828][T13163] loop3: detected capacity change from 0 to 256
[  446.327686][T13163] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  446.357819][T13163] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  446.400204][T13163] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  446.601820][T13165] loop3: detected capacity change from 0 to 16
[  446.622171][T13165] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  447.073924][T13161] loop9: detected capacity change from 0 to 32768
[  447.109515][T13161] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.2096 (13161)
[  447.149748][T13161] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  447.161452][T13161] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm
[  447.186067][T13161] BTRFS info (device loop9): enabling auto defrag
[  447.199132][T13161] BTRFS info (device loop9): turning on sync discard
[  447.207240][T13161] BTRFS info (device loop9): force clearing of disk cache
[  447.214431][T13161] BTRFS info (device loop9): using default commit interval 30s
[  447.249657][T13161] BTRFS info (device loop9): max_inline at 0
[  447.255757][T13161] BTRFS info (device loop9): disabling free space tree
[  447.557047][T13161] BTRFS info (device loop9): enabling ssd optimizations
[  447.584865][T13161] BTRFS info (device loop9): rebuilding free space tree
[  447.696427][T13161] BTRFS info (device loop9): disabling free space tree
[  447.704257][T13161] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  447.722553][T13161] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  448.035107][   T12] team0 (unregistering): Port device team_slave_1 removed
[  448.146124][T11357] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  448.205882][   T12] team0 (unregistering): Port device team_slave_0 removed
[  448.400920][T13193] Falling back ldisc for ttyS3.
[  448.429725][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  448.646739][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  448.892520][T13200] loop9: detected capacity change from 0 to 4096
[  449.358526][ T5827] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  449.559616][ T5827] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  449.568512][ T5827] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  449.579349][ T5827] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  449.588831][ T5827] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  449.627323][ T5827] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  449.670848][ T5827] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  449.691503][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  449.699952][ T5827] usb 4-1: Product: syz
[  449.704280][ T5827] usb 4-1: Manufacturer: syz
[  449.718990][ T5827] cdc_wdm 4-1:1.0: skipping garbage
[  449.724346][ T5827] cdc_wdm 4-1:1.0: skipping garbage
[  449.748409][ T5827] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  449.754400][ T5827] cdc_wdm 4-1:1.0: Unknown control protocol
[  449.795865][   T12] bond0 (unregistering): Released all slaves
[  449.969078][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  449.969129][ T1187] usb 4-1: USB disconnect, device number 27
[  449.976634][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  449.987811][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  450.509073][T12918] 8021q: adding VLAN 0 to HW filter on device bond0
[  450.596608][T12918] 8021q: adding VLAN 0 to HW filter on device team0
[  450.663045][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  450.670304][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  450.746772][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  450.754059][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.035042][T12918] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  451.112961][T12977] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  451.148234][T12977] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  451.185104][T12977] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  451.278263][T12977] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  451.638191][T12977] 8021q: adding VLAN 0 to HW filter on device bond0
[  451.682421][T12977] 8021q: adding VLAN 0 to HW filter on device team0
[  451.729117][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.736322][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  451.793578][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.800877][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.893662][T12918] 8021q: adding VLAN 0 to HW filter on device batadv0
[  451.970554][T13245] loop9: detected capacity change from 0 to 64
[  452.161929][T12918] veth0_vlan: entered promiscuous mode
[  452.185264][T13221] loop3: detected capacity change from 0 to 32768
[  452.205134][T12918] veth1_vlan: entered promiscuous mode
[  452.285034][T13221] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  452.440370][T12918] veth0_macvtap: entered promiscuous mode
[  452.532384][T12918] veth1_macvtap: entered promiscuous mode
[  452.607547][T13221] XFS (loop3): Ending clean mount
[  452.683614][T13221] XFS (loop3): Quotacheck needed: Please wait.
[  452.775165][T13221] XFS (loop3): Quotacheck: Done.
[  452.812448][T12977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  452.868461][T12918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  452.886393][T12918] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  452.927206][T12918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  452.951361][T12918] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  452.962617][T12918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  452.975002][T12918] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  452.995710][T12918] batman_adv: batadv0: Interface activated: batadv_slave_0
[  453.017170][ T5774] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  453.052170][T12918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.079568][T12918] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.095363][T12918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.107368][T12918] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.120951][T12918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.139330][T12918] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.231986][T12918] batman_adv: batadv0: Interface activated: batadv_slave_1
[  453.286143][T12918] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.336772][T12918] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.346071][T12918] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  453.361973][T12918] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  453.427021][ T5825] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[  453.482636][T12977] veth0_vlan: entered promiscuous mode
[  453.595582][T12977] veth1_vlan: entered promiscuous mode
[  453.611228][ T5825] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  453.643333][ T5825] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  453.720595][ T5825] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64
[  453.759206][ T5825] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  453.781192][ T5825] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  453.791022][ T5825] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  453.800651][ T5825] usb 10-1: Manufacturer: syz
[  453.828552][ T5825] usb 10-1: config 0 descriptor??
[  453.890771][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  453.926449][T12977] veth0_macvtap: entered promiscuous mode
[  453.947010][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.000161][T12977] veth1_macvtap: entered promiscuous mode
[  454.125096][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.134360][T13270] loop9: detected capacity change from 0 to 2048
[  454.160001][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.175619][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.192909][T13270] NILFS (loop9): broken superblock, retrying with spare superblock (blocksize = 1024)
[  454.200445][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.240132][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.277042][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.290955][T13270] syz.9.2117: attempt to access beyond end of device
[  454.290955][T13270] loop9: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  454.312541][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.316197][T13286] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  454.357330][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.386367][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.437756][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.469005][T12977] batman_adv: batadv0: Interface activated: batadv_slave_0
[  454.547177][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.577931][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.597005][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.621582][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.658966][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.670612][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.687174][ T5825] rc_core: IR keymap rc-hauppauge not found
[  454.693139][ T5825] Registered IR keymap rc-empty
[  454.703072][T12977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.714863][T12977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.724859][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  454.748004][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  454.758748][T12977] batman_adv: batadv0: Interface activated: batadv_slave_1
[  454.777987][ T5825] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/rc/rc0
[  454.812845][T12977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  454.842396][T12977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  454.854396][ T5825] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/rc/rc0/input24
[  454.883324][T12977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  454.910394][T12977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  454.920055][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  454.939106][T13291] loop3: detected capacity change from 0 to 1024
[  454.960990][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.007328][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.039223][T13291] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  455.058100][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.075480][T13291] ext4 filesystem being mounted at /581/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  455.107286][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.138254][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.177231][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.215473][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.266788][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.317719][ T5825] mceusb 10-1:0.0: Error: mce write urb status = -71
[  455.337698][T13300] loop1: detected capacity change from 0 to 512
[  455.356824][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.373775][T13300] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  455.377084][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  455.393026][ T5825] mceusb 10-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  455.425795][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  455.441574][ T5825] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  455.457600][T13300] EXT4-fs (loop1): 1 truncate cleaned up
[  455.522598][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.531327][ T5825] usb 10-1: USB disconnect, device number 6
[  455.539623][T13300] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  455.599561][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  455.704553][T13300] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.1.2121: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  455.793034][T13300] EXT4-fs (loop1): Remounting filesystem read-only
[  455.981471][T12918] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.066216][T13311] loop3: detected capacity change from 0 to 256
[  456.515709][T13317] loop9: detected capacity change from 0 to 4096
[  456.572217][T13317] NILFS (loop9): broken superblock, retrying with spare superblock (blocksize = 1024)
[  456.640939][T13317] NILFS (loop9): broken superblock, retrying with spare superblock (blocksize = 4096)
[  456.801891][T13325] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  457.219069][T13331] syzkaller1: tun_chr_ioctl cmd 1074025694
[  457.414463][T13309] loop0: detected capacity change from 0 to 32768
[  458.447079][T11720] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  458.486283][T13352] loop3: detected capacity change from 0 to 4096
[  458.529952][T13352] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  458.657372][T11720] usb 2-1: Using ep0 maxpacket: 16
[  458.695849][   T28] audit: type=1800 audit(1769736232.389:49): pid=13352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2135" name="file2" dev="loop3" ino=33 res=0 errno=0
[  458.717078][T11720] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  458.725149][T11720] usb 2-1: config 0 has no interface number 0
[  458.768699][T11720] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  458.819352][T11720] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  458.875088][T11720] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  458.936585][T11720] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  458.951868][T13359] netlink: 178584 bytes leftover after parsing attributes in process `syz.3.2136'.
[  458.962303][T13359] netlink: zone id is out of range
[  458.985190][T13359] netlink: zone id is out of range
[  459.001715][T11720] usb 2-1: Product: syz
[  459.003588][T13359] netlink: zone id is out of range
[  459.006014][T11720] usb 2-1: SerialNumber: syz
[  459.024749][T13359] netlink: zone id is out of range
[  459.047051][T13359] netlink: zone id is out of range
[  459.067797][T13359] netlink: zone id is out of range
[  459.077159][T11720] usb 2-1: config 0 descriptor??
[  459.097589][T13359] netlink: zone id is out of range
[  459.122463][T13359] netlink: zone id is out of range
[  459.135356][T11720] cm109 2-1:0.8: invalid payload size 0, expected 4
[  459.138143][T13359] netlink: zone id is out of range
[  459.168216][T11720] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input25
[  459.180713][T13359] netlink: zone id is out of range
[  459.495551][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.504678][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.511983][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.519990][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.527357][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.534932][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.542382][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.549659][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.558415][ T5781] usb 2-1: USB disconnect, device number 6
[  459.565576][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  459.572674][    C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  459.600675][ T5781] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  459.750112][T13368] loop9: detected capacity change from 0 to 4096
[  459.798467][T13368] ntfs3: loop9: Different NTFS sector size (4096) and media sector size (512).
[  459.886667][T13368] ntfs3: loop9: Mark volume as dirty due to NTFS errors
[  460.205160][T13379] loop3: detected capacity change from 0 to 1024
[  460.310032][T13379] hfsplus: bad catalog entry type
[  460.427928][   T59] hfsplus: b-tree write err: -5, ino 4
[  460.652717][T13392] sp0: Synchronizing with TNC
[  460.957795][T13400] smc: net device bond0 applied user defined pnetid SYZ0
[  460.997128][T13400] smc: net device bond0 erased user defined pnetid SYZ0
[  461.037147][T11720] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  461.215276][T13406] loop0: detected capacity change from 0 to 16
[  461.238632][T11720] usb 10-1: Using ep0 maxpacket: 16
[  461.252092][T13406] erofs: (device loop0): mounted with root inode @ nid 36.
[  461.279549][T11720] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  461.290087][T11720] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  461.333285][T11720] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  461.373783][T11720] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  461.404248][T11720] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  461.440332][T11720] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  461.456735][T11720] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  461.485777][T11720] usb 10-1: Manufacturer: syz
[  461.514647][T11720] usb 10-1: config 0 descriptor??
[  461.627059][  T965] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  461.637666][T13415] loop3: detected capacity change from 0 to 1024
[  461.705328][T13415] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  461.829938][T11720] rc_core: IR keymap rc-hauppauge not found
[  461.835939][T11720] Registered IR keymap rc-empty
[  461.842696][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  461.860004][  T965] usb 1-1: config 1 has an invalid descriptor of length 211, skipping remainder of the config
[  461.884149][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  461.898554][  T965] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  461.928840][T11720] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/rc/rc0
[  461.946093][  T965] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  461.959331][  T965] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  461.970638][  T965] usb 1-1: SerialNumber: syz
[  462.000504][T11720] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/rc/rc0/input26
[  462.066309][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.117631][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.145963][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  462.157060][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.207066][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.250948][  T965] usb 1-1: 0:2 : does not exist
[  462.255954][  T965] usb 1-1: usbmixer: too many channels (61) in unit 5
[  462.277722][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.347273][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.363817][T13384] loop1: detected capacity change from 0 to 65536
[  462.368787][  T965] usb 1-1: USB disconnect, device number 4
[  462.397175][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.427055][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.454745][T13428] loop3: detected capacity change from 0 to 4096
[  462.461624][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.479006][T13428] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  462.496526][T13384] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  462.505880][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.529388][T13384] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  462.538725][T11720] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  462.560495][T13428] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  462.603047][T11720] mceusb 10-1:0.0: Registered  with mce emulator interface version 90
[  462.630101][T10891] udevd[10891]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  462.684206][T13384] XFS (loop1): Ending clean mount
[  462.706678][T11720] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  462.788821][T11720] usb 10-1: USB disconnect, device number 7
[  462.939400][T12918] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  463.032610][T13442] loop3: detected capacity change from 0 to 2048
[  463.143890][T13442] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  464.130667][T13469] loop9: detected capacity change from 0 to 512
[  464.184225][T13469] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  464.411327][   T28] audit: type=1800 audit(1769736238.109:50): pid=13469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2162" name="file1" dev="loop9" ino=1048658 res=0 errno=0
[  464.458849][T13469] FAT-fs (loop9): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  464.545605][T13469] FAT-fs (loop9): error, fat_free: invalid cluster chain (i_pos 548)
[  464.820123][T13479] loop1: detected capacity change from 0 to 64
[  465.427824][ T5781] kernel read not supported for file /input/event1 (pid: 5781 comm: kworker/1:3)
[  465.845502][T13503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2177'.
[  466.770464][T13501] loop1: detected capacity change from 0 to 32768
[  466.815808][T13501] (syz.1.2176,13501,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  466.876961][T13501] (syz.1.2176,13501,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  467.027955][T13512] loop3: detected capacity change from 0 to 32768
[  467.037774][T13512] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.2180 (13512)
[  467.037798][T13501] JBD2: Ignoring recovery information on journal
[  467.163607][T13512] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  467.175306][T13501] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  467.240292][T13512] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  467.316509][T13512] BTRFS info (device loop3): enabling auto defrag
[  467.347695][T13512] BTRFS info (device loop3): turning on sync discard
[  467.354455][T13512] BTRFS info (device loop3): force clearing of disk cache
[  467.387041][T13512] BTRFS info (device loop3): using default commit interval 30s
[  467.427330][T13512] BTRFS info (device loop3): max_inline at 0
[  467.433401][T13512] BTRFS info (device loop3): disabling free space tree
[  467.778435][T13512] BTRFS info (device loop3): enabling ssd optimizations
[  467.846480][T13512] BTRFS info (device loop3): rebuilding free space tree
[  467.960258][T12918] ocfs2: Unmounting device (7,1) on (node local)
[  468.027272][T13512] BTRFS info (device loop3): disabling free space tree
[  468.034264][T13512] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  468.096109][T13512] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  468.147024][ T5781] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  468.353343][ T5781] usb 1-1: Using ep0 maxpacket: 16
[  468.372921][ T5781] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.407116][ T5781] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.441949][ T5781] usb 1-1: config 0 interface 0 has no altsetting 0
[  468.462629][ T5781] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  468.492251][ T5781] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.517880][ T5774] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  468.545536][ T5781] usb 1-1: config 0 descriptor??
[  468.733883][T13561] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  468.742900][T13561] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  468.752537][T13561] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  468.761693][T13561] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  468.829245][T13550] loop0: detected capacity change from 0 to 16
[  468.857403][T13550] erofs: (device loop0): erofs_read_superblock: blkszbits 4 isn't supported
[  469.121827][ T5781] hid (null): unknown global tag 0xd
[  469.149279][ T5781] hid (null): usage index exceeded
[  469.155129][ T5781] hid (null): unknown global tag 0xc
[  469.183843][T13553] loop9: detected capacity change from 0 to 32768
[  469.294308][T13569] loop1: detected capacity change from 0 to 512
[  469.306202][T13553] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop9 scanned by syz.9.2186 (13553)
[  469.381359][T13553] BTRFS info (device loop9): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  469.443717][T13553] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm
[  469.470751][ T5781] usb 1-1: USB disconnect, device number 5
[  469.524308][T13553] BTRFS info (device loop9): enabling disk space caching
[  469.587580][T13569] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  469.608184][T13553] BTRFS info (device loop9): force clearing of disk cache
[  469.615350][T13553] BTRFS info (device loop9): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  469.657236][T13569] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  469.718057][T13553] BTRFS info (device loop9): use zstd compression, level 3
[  469.725351][T13553] BTRFS info (device loop9): disk space caching is enabled
[  469.792859][T13569] ext4 filesystem being mounted at /19/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  470.009296][T13569] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  470.037093][T13553] BTRFS info (device loop9): enabling ssd optimizations
[  470.044123][T13553] BTRFS info (device loop9): auto enabling async discard
[  470.110696][T13553] BTRFS info (device loop9): rebuilding free space tree
[  470.181279][T13553] BTRFS info (device loop9): disabling free space tree
[  470.197198][T13553] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  470.223457][T12918] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  470.244383][T13553] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  470.321510][T13601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2192'.
[  470.350099][T13598] loop3: detected capacity change from 0 to 4096
[  470.440366][T13598] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  470.492639][T13598] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing.
[  470.539839][T13598] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  470.617108][T13598] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  470.742188][T13598] ntfs: volume version 3.1.
[  470.955464][T13598] ntfs: (device loop3): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-4.  You might want to try to use the mount option nls=utf8.
[  470.978329][T11357] BTRFS info (device loop9): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  471.015898][T13598] ntfs: (device loop3): ntfs_filldir(): Skipping unrepresentable inode 0x4.
[  471.110973][T13613] net_ratelimit: 52 callbacks suppressed
[  471.110992][T13613] Set syz1 is full, maxelem 14 reached
[  471.469564][T13616] program syz.3.2197 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  472.001871][T13632] loop9: detected capacity change from 0 to 1024
[  472.094161][   T28] audit: type=1800 audit(1769736245.779:51): pid=13632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2201" name="file1" dev="loop9" ino=20 res=0 errno=0
[  472.163976][T13636] loop1: detected capacity change from 0 to 1024
[  472.218421][T13636] EXT4-fs: Ignoring removed bh option
[  472.246506][T13636] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  472.385423][T13636] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  472.442572][T13636] EXT4-fs error (device loop1): ext4_read_inline_dir:1583: inode #12: block 7: comm syz.1.2202: path /21/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  472.549537][T13636] EXT4-fs (loop1): Remounting filesystem read-only
[  472.726597][T12918] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  473.124501][T13654] loop9: detected capacity change from 0 to 4096
[  473.305625][T13654] ntfs: volume version 3.1.
[  473.500657][T13673] loop1: detected capacity change from 0 to 128
[  473.556180][T13673] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  473.914013][T13683] loop0: detected capacity change from 0 to 256
[  474.014424][T13683] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 256)
[  474.372988][T13691] loop9: detected capacity change from 0 to 1024
[  474.394894][T13668] loop3: detected capacity change from 0 to 32768
[  474.408517][T13691] EXT4-fs (loop9): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  474.448031][T13691] EXT4-fs error (device loop9): ext4_ext_check_inode:520: inode #3: comm syz.9.2220: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 3(4), depth 0(0)
[  474.477336][T13691] EXT4-fs error (device loop9): ext4_quota_enable:7143: comm syz.9.2220: Bad quota inode: 3, type: 0
[  474.542001][T13691] EXT4-fs warning (device loop9): ext4_enable_quotas:7184: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  474.665538][T13691] EXT4-fs (loop9): mount failed
[  474.989216][T13706] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2223'.
[  475.109924][T13709] x_tables: ip_tables: sctp match: only valid for protocol 132
[  475.492787][T13723] loop9: detected capacity change from 0 to 1024
[  475.733288][   T34] hfsplus: b-tree write err: -5, ino 4
[  475.951637][T13734] loop1: detected capacity change from 0 to 512
[  475.960554][T13737] loop3: detected capacity change from 0 to 16
[  475.966012][T13737] erofs: (device loop3): mounted with root inode @ nid 36.
[  476.003147][T13734] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  476.066367][T13737] syz.3.2235: attempt to access beyond end of device
[  476.066367][T13737] loop3: rw=524288, sector=16, nr_sectors = 32 limit=16
[  476.121612][T13734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  476.129200][T13737] syz.3.2235: attempt to access beyond end of device
[  476.129200][T13737] loop3: rw=524288, sector=8, nr_sectors = 32 limit=16
[  476.177475][T13734] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  476.242333][T13744] syz.3.2235: attempt to access beyond end of device
[  476.242333][T13744] loop3: rw=0, sector=8, nr_sectors = 32 limit=16
[  476.335704][T13749] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2237'.
[  476.362358][T13734] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  476.367428][T13749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2237'.
[  476.417937][T13734] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  476.467338][T13734] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.2234: Failed to acquire dquot type 0
[  476.471767][ T5774] BUG: Bad page state in process syz-executor  pfn:57766
[  476.486722][ T5774] page:ffffea00015dd980 refcount:0 mapcount:0 mapping:ffff8880203a8d20 index:0x2 pfn:0x57766
[  476.497057][ T5774] aops:z_erofs_cache_aops ino:0
[  476.501964][ T5774] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  476.509814][ T5774] page_type: 0xffffffff()
[  476.514206][ T5774] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880203a8d20
[  476.522955][ T5774] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  476.531857][ T5774] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  476.539280][ T5774] page_owner tracks the page as allocated
[  476.547032][ T5774] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13737, tgid 13733 (syz.3.2235), ts 476065795516, free_ts 475720343915
[  476.570535][ T5774]  post_alloc_hook+0x1c1/0x200
[  476.575407][ T5774]  get_page_from_freelist+0x1951/0x19e0
[  476.581515][ T5774]  __alloc_pages+0x1f0/0x460
[  476.586187][ T5774]  z_erofs_do_read_page+0x2181/0x36b0
[  476.591766][ T5774]  z_erofs_readahead+0x88b/0xda0
[  476.596783][ T5774]  read_pages+0x189/0x850
[  476.601219][ T5774]  page_cache_ra_unbounded+0x68a/0x770
[  476.606774][ T5774]  force_page_cache_ra+0x2c1/0x320
[  476.612027][ T5774]  generic_fadvise+0x47e/0x780
[  476.616863][ T5774]  __x64_sys_fadvise64+0x140/0x180
[  476.622072][ T5774]  do_syscall_64+0x55/0xa0
[  476.626571][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  476.632696][ T5774] page last free stack trace:
[  476.637501][ T5774]  free_unref_page_prepare+0x7b2/0x8c0
[  476.643035][ T5774]  free_unref_page_list+0xbe/0x860
[  476.648644][ T5774]  release_pages+0x1f7a/0x2200
[  476.653486][ T5774]  tlb_flush_mmu+0x377/0x510
[  476.659099][ T5774]  tlb_finish_mmu+0xc3/0x1d0
[  476.663919][ T5774]  exit_mmap+0x428/0xb90
[  476.668337][ T5774]  __mmput+0x118/0x3c0
[  476.672466][ T5774]  exit_mm+0x1f2/0x2c0
[  476.676602][ T5774]  do_exit+0x8dd/0x2460
[  476.680890][ T5774]  do_group_exit+0x21b/0x2d0
[  476.685551][ T5774]  __x64_sys_exit_group+0x3f/0x40
[  476.690747][ T5774]  do_syscall_64+0x55/0xa0
[  476.695231][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  476.701295][ T5774] Modules linked in:
[  476.705609][ T5774] CPU: 1 PID: 5774 Comm: syz-executor Not tainted syzkaller #0
[  476.713207][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  476.723325][ T5774] Call Trace:
[  476.726681][ T5774]  <TASK>
[  476.729666][ T5774]  dump_stack_lvl+0x18c/0x250
[  476.734520][ T5774]  ? show_regs_print_info+0x20/0x20
[  476.739788][ T5774]  ? swiotlb_print_info+0x70/0x70
[  476.744899][ T5774]  bad_page+0x14b/0x170
[  476.749120][ T5774]  free_unref_page_prepare+0x85f/0x8c0
[  476.754667][ T5774]  free_unref_page+0x32/0x2e0
[  476.759407][ T5774]  ? __folio_put+0xef/0x210
[  476.763968][ T5774]  erofs_try_to_free_all_cached_pages+0x295/0x5f0
[  476.770455][ T5774]  erofs_shrink_workstation+0x11f/0x290
[  476.776075][ T5774]  ? erofs_shrinker_unregister+0x170/0x170
[  476.781935][ T5774]  ? io_schedule+0xd0/0xd0
[  476.786404][ T5774]  ? kobject_put+0x428/0x460
[  476.791054][ T5774]  erofs_shrinker_unregister+0x5d/0x170
[  476.796666][ T5774]  erofs_put_super+0x4e/0x150
[  476.801422][ T5774]  ? erofs_free_inode+0xb0/0xb0
[  476.801657][T13750] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  476.806311][ T5774]  generic_shutdown_super+0x134/0x2b0
[  476.806341][ T5774]  kill_block_super+0x44/0x90
[  476.827194][ T5774]  erofs_kill_sb+0x4c/0x140
[  476.831771][ T5774]  deactivate_locked_super+0x97/0x100
[  476.837200][ T5774]  cleanup_mnt+0x43b/0x4d0
[  476.841665][ T5774]  task_work_run+0x1d4/0x260
[  476.846291][ T5774]  ? task_work_cancel+0x220/0x220
[  476.851352][ T5774]  ? exit_to_user_mode_loop+0x3b/0x110
[  476.856851][ T5774]  exit_to_user_mode_loop+0xe6/0x110
[  476.862179][ T5774]  exit_to_user_mode_prepare+0xee/0x180
[  476.867778][ T5774]  syscall_exit_to_user_mode+0x1a/0x50
[  476.873294][ T5774]  do_syscall_64+0x61/0xa0
[  476.877844][ T5774]  ? clear_bhb_loop+0x40/0x90
[  476.882577][ T5774]  ? clear_bhb_loop+0x40/0x90
[  476.887285][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  476.893215][ T5774] RIP: 0033:0x7f59ad19c117
[  476.897657][ T5774] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  476.917315][ T5774] RSP: 002b:00007fffaf8c46f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  476.925755][ T5774] RAX: 0000000000000000 RBX: 00007f59ad20471f RCX: 00007f59ad19c117
[  476.933749][ T5774] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffaf8c47b0
[  476.941744][ T5774] RBP: 00007fffaf8c47b0 R08: 00007fffaf8c57b0 R09: 00000000ffffffff
[  476.949735][ T5774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaf8c5840
[  476.957725][ T5774] R13: 00007f59ad20471f R14: 0000000000074476 R15: 00007fffaf8c5880
[  476.965747][ T5774]  </TASK>
[  476.970182][ T5774] Disabling lock debugging due to kernel taint
[  476.976405][ T5774] BUG: Bad page state in process syz-executor  pfn:607bb
[  476.983600][ T5774] page:ffffea000181eec0 refcount:0 mapcount:0 mapping:ffff8880203a8d20 index:0x3 pfn:0x607bb
[  476.993854][ T5774] aops:z_erofs_cache_aops ino:0
[  476.998774][ T5774] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  477.006528][ T5774] page_type: 0xffffffff()
[  477.010968][ T5774] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880203a8d20
[  477.019746][ T5774] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000
[  477.028497][ T5774] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  477.035801][ T5774] page_owner tracks the page as allocated
[  477.041550][ T5774] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13737, tgid 13733 (syz.3.2235), ts 476065814210, free_ts 475720330385
[  477.064016][ T5774]  post_alloc_hook+0x1c1/0x200
[  477.069522][ T5774]  get_page_from_freelist+0x1951/0x19e0
[  477.075084][ T5774]  __alloc_pages+0x1f0/0x460
[  477.079780][ T5774]  z_erofs_do_read_page+0x2181/0x36b0
[  477.085201][ T5774]  z_erofs_readahead+0x88b/0xda0
[  477.090174][ T5774]  read_pages+0x189/0x850
[  477.094510][ T5774]  page_cache_ra_unbounded+0x68a/0x770
[  477.100008][ T5774]  force_page_cache_ra+0x2c1/0x320
[  477.105125][ T5774]  generic_fadvise+0x47e/0x780
[  477.109939][ T5774]  __x64_sys_fadvise64+0x140/0x180
[  477.115093][ T5774]  do_syscall_64+0x55/0xa0
[  477.119597][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  477.125546][ T5774] page last free stack trace:
[  477.130486][ T5774]  free_unref_page_prepare+0x7b2/0x8c0
[  477.136007][ T5774]  free_unref_page_list+0xbe/0x860
[  477.141219][ T5774]  release_pages+0x1f7a/0x2200
[  477.146025][ T5774]  tlb_flush_mmu+0x377/0x510
[  477.150735][ T5774]  tlb_finish_mmu+0xc3/0x1d0
[  477.155366][ T5774]  exit_mmap+0x428/0xb90
[  477.159671][ T5774]  __mmput+0x118/0x3c0
[  477.163750][ T5774]  exit_mm+0x1f2/0x2c0
[  477.167884][ T5774]  do_exit+0x8dd/0x2460
[  477.172865][ T5774]  do_group_exit+0x21b/0x2d0
[  477.177734][ T5774]  __x64_sys_exit_group+0x3f/0x40
[  477.182817][ T5774]  do_syscall_64+0x55/0xa0
[  477.187340][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  477.193318][ T5774] Modules linked in:
[  477.197319][ T5774] CPU: 1 PID: 5774 Comm: syz-executor Tainted: G    B              syzkaller #0
[  477.206381][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  477.211230][T13748] loop9: detected capacity change from 0 to 8192
[  477.216457][ T5774] Call Trace:
[  477.216466][ T5774]  <TASK>
[  477.216473][ T5774]  dump_stack_lvl+0x18c/0x250
[  477.233763][ T5774]  ? show_regs_print_info+0x20/0x20
[  477.237435][T13750] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  477.238973][ T5774]  ? swiotlb_print_info+0x70/0x70
[  477.253936][ T5774]  bad_page+0x14b/0x170
[  477.258136][ T5774]  free_unref_page_prepare+0x85f/0x8c0
[  477.263657][ T5774]  free_unref_page+0x32/0x2e0
[  477.268394][ T5774]  ? __folio_put+0xef/0x210
[  477.272944][ T5774]  erofs_try_to_free_all_cached_pages+0x295/0x5f0
[  477.277498][T13750] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.2234: Failed to acquire dquot type 0
[  477.279392][ T5774]  erofs_shrink_workstation+0x11f/0x290
[  477.296180][ T5774]  ? erofs_shrinker_unregister+0x170/0x170
[  477.302028][ T5774]  ? io_schedule+0xd0/0xd0
[  477.306488][ T5774]  ? kobject_put+0x428/0x460
[  477.311119][ T5774]  erofs_shrinker_unregister+0x5d/0x170
[  477.316701][ T5774]  erofs_put_super+0x4e/0x150
[  477.321418][ T5774]  ? erofs_free_inode+0xb0/0xb0
[  477.326305][ T5774]  generic_shutdown_super+0x134/0x2b0
[  477.331789][ T5774]  kill_block_super+0x44/0x90
[  477.336490][ T5774]  erofs_kill_sb+0x4c/0x140
[  477.341112][ T5774]  deactivate_locked_super+0x97/0x100
[  477.346519][ T5774]  cleanup_mnt+0x43b/0x4d0
[  477.350970][ T5774]  task_work_run+0x1d4/0x260
[  477.355599][ T5774]  ? task_work_cancel+0x220/0x220
[  477.360655][ T5774]  ? exit_to_user_mode_loop+0x3b/0x110
[  477.366142][ T5774]  exit_to_user_mode_loop+0xe6/0x110
[  477.371549][ T5774]  exit_to_user_mode_prepare+0xee/0x180
[  477.377128][ T5774]  syscall_exit_to_user_mode+0x1a/0x50
[  477.382608][ T5774]  do_syscall_64+0x61/0xa0
[  477.387049][ T5774]  ? clear_bhb_loop+0x40/0x90
[  477.391750][ T5774]  ? clear_bhb_loop+0x40/0x90
[  477.396464][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  477.402382][ T5774] RIP: 0033:0x7f59ad19c117
[  477.406819][ T5774] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  477.426449][ T5774] RSP: 002b:00007fffaf8c46f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  477.434887][ T5774] RAX: 0000000000000000 RBX: 00007f59ad20471f RCX: 00007f59ad19c117
[  477.442880][ T5774] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffaf8c47b0
[  477.450874][ T5774] RBP: 00007fffaf8c47b0 R08: 00007fffaf8c57b0 R09: 00000000ffffffff
[  477.458865][ T5774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaf8c5840
[  477.466855][ T5774] R13: 00007f59ad20471f R14: 0000000000074476 R15: 00007fffaf8c5880
[  477.474854][ T5774]  </TASK>
[  477.478988][T13748] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  477.479317][ T5774] BUG: Bad page state in process syz-executor  pfn:5fe06
[  477.492117][T13748] REISERFS (device loop9): found reiserfs format "3.6" with non-standard journal
[  477.492390][T13748] REISERFS (device loop9): using ordered data mode
[  477.499247][ T5774] page:ffffea00017f8180 refcount:0 mapcount:0 mapping:ffff8880203a8d20 index:0x4 pfn:0x5fe06
[  477.499275][ T5774] aops:z_erofs_cache_aops ino:0
[  477.530212][ T5774] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  477.538038][ T5774] page_type: 0xffffffff()
[  477.542410][ T5774] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880203a8d20
[  477.551093][ T5774] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  477.559861][ T5774] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  477.567227][ T5774] page_owner tracks the page as allocated
[  477.572987][ T5774] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13737, tgid 13733 (syz.3.2235), ts 476065832551, free_ts 475720316211
[  477.596033][ T5774]  post_alloc_hook+0x1c1/0x200
[  477.600999][ T5774]  get_page_from_freelist+0x1951/0x19e0
[  477.606590][ T5774]  __alloc_pages+0x1f0/0x460
[  477.611348][ T5774]  z_erofs_do_read_page+0x2181/0x36b0
[  477.616788][ T5774]  z_erofs_readahead+0x88b/0xda0
[  477.621841][ T5774]  read_pages+0x189/0x850
[  477.626224][ T5774]  page_cache_ra_unbounded+0x68a/0x770
[  477.631794][ T5774]  force_page_cache_ra+0x2c1/0x320
[  477.636609][T13748] reiserfs: using flush barriers
[  477.636954][ T5774]  generic_fadvise+0x47e/0x780
[  477.636986][ T5774]  __x64_sys_fadvise64+0x140/0x180
[  477.637011][ T5774]  do_syscall_64+0x55/0xa0
[  477.637036][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  477.637055][ T5774] page last free stack trace:
[  477.637061][ T5774]  free_unref_page_prepare+0x7b2/0x8c0
[  477.672672][ T5774]  free_unref_page_list+0xbe/0x860
[  477.677894][ T5774]  release_pages+0x1f7a/0x2200
[  477.682988][T13748] REISERFS (device loop9): journal params: device loop9, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  477.683510][T13748] REISERFS (device loop9): checking transaction log (loop9)
[  477.699711][ T5774]  tlb_flush_mmu+0x377/0x510
[  477.699752][ T5774]  tlb_finish_mmu+0xc3/0x1d0
[  477.699778][ T5774]  exit_mmap+0x428/0xb90
[  477.720657][ T5774]  __mmput+0x118/0x3c0
[  477.724847][ T5774]  exit_mm+0x1f2/0x2c0
[  477.729036][ T5774]  do_exit+0x8dd/0x2460
[  477.733250][ T5774]  do_group_exit+0x21b/0x2d0
[  477.737934][ T5774]  __x64_sys_exit_group+0x3f/0x40
[  477.743018][ T5774]  do_syscall_64+0x55/0xa0
[  477.747531][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  477.753464][ T5774] Modules linked in:
[  477.757540][ T5774] CPU: 1 PID: 5774 Comm: syz-executor Tainted: G    B              syzkaller #0
[  477.766588][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  477.776695][ T5774] Call Trace:
[  477.780002][ T5774]  <TASK>
[  477.782962][ T5774]  dump_stack_lvl+0x18c/0x250
[  477.787676][ T5774]  ? show_regs_print_info+0x20/0x20
[  477.792905][ T5774]  ? swiotlb_print_info+0x70/0x70
[  477.797960][ T5774]  bad_page+0x14b/0x170
[  477.802161][ T5774]  free_unref_page_prepare+0x85f/0x8c0
[  477.807649][ T5774]  free_unref_page+0x32/0x2e0
[  477.812358][ T5774]  ? __folio_put+0xef/0x210
[  477.816891][ T5774]  erofs_try_to_free_all_cached_pages+0x295/0x5f0
[  477.823338][ T5774]  erofs_shrink_workstation+0x11f/0x290
[  477.828904][ T5774]  ? erofs_shrinker_unregister+0x170/0x170
[  477.834729][ T5774]  ? io_schedule+0xd0/0xd0
[  477.839182][ T5774]  ? kobject_put+0x428/0x460
[  477.843804][ T5774]  erofs_shrinker_unregister+0x5d/0x170
[  477.849375][ T5774]  erofs_put_super+0x4e/0x150
[  477.854088][ T5774]  ? erofs_free_inode+0xb0/0xb0
[  477.858961][ T5774]  generic_shutdown_super+0x134/0x2b0
[  477.864361][ T5774]  kill_block_super+0x44/0x90
[  477.869065][ T5774]  erofs_kill_sb+0x4c/0x140
[  477.873597][ T5774]  deactivate_locked_super+0x97/0x100
[  477.878991][ T5774]  cleanup_mnt+0x43b/0x4d0
[  477.883435][ T5774]  task_work_run+0x1d4/0x260
[  477.888072][ T5774]  ? task_work_cancel+0x220/0x220
[  477.893222][ T5774]  ? exit_to_user_mode_loop+0x3b/0x110
[  477.898711][ T5774]  exit_to_user_mode_loop+0xe6/0x110
[  477.904029][ T5774]  exit_to_user_mode_prepare+0xee/0x180
[  477.909605][ T5774]  syscall_exit_to_user_mode+0x1a/0x50
[  477.915093][ T5774]  do_syscall_64+0x61/0xa0
[  477.919553][ T5774]  ? clear_bhb_loop+0x40/0x90
[  477.924256][ T5774]  ? clear_bhb_loop+0x40/0x90
[  477.928977][ T5774]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  477.934899][ T5774] RIP: 0033:0x7f59ad19c117
[  477.939332][ T5774] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  477.959217][ T5774] RSP: 002b:00007fffaf8c46f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  477.967657][ T5774] RAX: 0000000000000000 RBX: 00007f59ad20471f RCX: 00007f59ad19c117
[  477.975645][ T5774] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffaf8c47b0
[  477.983641][ T5774] RBP: 00007fffaf8c47b0 R08: 00007fffaf8c57b0 R09: 00000000ffffffff
[  477.991633][ T5774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaf8c5840
[  477.999642][ T5774] R13: 00007f59ad20471f R14: 0000000000074476 R15: 00007fffaf8c5880
[  478.007690][ T5774]  </TASK>
[  478.076138][T12918] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  478.214436][T13748] REISERFS (device loop9): Using tea hash to sort names
[  478.221989][T13748] REISERFS (device loop9): Created .reiserfs_priv - reserved for xattr storage.
[  478.247834][ T5780] Bluetooth: hci0: command 0x0406 tx timeout