last executing test programs:

3m4.476227973s ago: executing program 4 (id=232):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000100)="cfedfea593382f5e95e9657787163b2654f134e9d9f3a113885a8b86875f1c8c768c7cd3a8d5e668", 0x28}, {&(0x7f0000000140)="dadef9fb4602debe8364b94dd5b201d0171dd5d130f987b3842076d03a7fcbc1c4b0817806ad977cee95d87025d447795fca71f0c434fac2591bff559908ed171e995aa9e056036df361fb02e4478fa2d6cdd6676ed60529416bae068a385c9a4b02fc48ef81d0be6beb90a9c9416816a258c916c18a76e2ca9c9935f216bd3db21816a4e4b5b38cd2e663842ebddacd0b4143daae36d1519db049bf", 0x9c}], 0x2)

3m2.678645442s ago: executing program 4 (id=244):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8)
write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff", @ANYRES32=0x0, @ANYBLOB="89f9efd627d22bf0b3"], 0xc8)
dup3(r1, r0, 0x0)

3m2.316868808s ago: executing program 4 (id=247):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x2, 0x0, 0x0, 0xf}]}}, 0x0, 0x26}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

3m1.921040346s ago: executing program 4 (id=251):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file2\x00', 0x10, &(0x7f000000df00)={[{@nodiscard}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@fault_type={'fault_type', 0x3d, 0x7fff}}, {@grpjquota}, {@noflush_merge}, {@nocheckpoint_merge}, {@acl}, {@gc_merge}, {@compress_cache}, {@alloc_mode_def}, {@noinline_xattr}, {@background_gc_off}, {@checkpoint_diasble}]}, 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

2m59.22410218s ago: executing program 4 (id=271):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), r1)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000380)={0x28, r2, 0x1, 0x0, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}]}, 0x28}}, 0x0)

2m56.949412279s ago: executing program 4 (id=284):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x5, 0xa}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56543, 0x70b926, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0x1, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfd, 0x67e}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8021}, 0x4048800)

2m56.251383329s ago: executing program 32 (id=284):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x5, 0xa}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56543, 0x70b926, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0x1, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfd, 0x67e}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8021}, 0x4048800)

5.311110881s ago: executing program 5 (id=1648):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x410, &(0x7f0000000140)=ANY=[], 0x1, 0x68b, &(0x7f0000000a40)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXL7F3ndhri88nmp3nmedlnuc3Mzu7s4oc4H/WtXNpPE4t1869uVzkVx7NdFYezdzpp5NMJKknjd4qtbtJ7aPkanpLPlNsrLqrPW0/HyzMvv3xpyuf9HKNainr17drt8mV+hYbH1ZLziQ5Uq2fwbr+rm/orzVyd7XVGRYBO9sPHIxbM0l3ne+eWivZ0fDXLXBg1Xr3zU0X9FRyNMlk9Tmgd1fs3bMPtYfjHgAAAADsgxd+WX6FPzbucQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBhUv39/1q11PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3j20dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5T20ci+fwff/edW527tydu3jt3cKY0gomBJ2gbIzEzEImXh43ErcMaiUHTZSROruav5Rv5ds7lTN7KYhbyvcxlKfM5k69nLkcyV53PxevU9pG6ui731k4jaZXHpVm9iw4/pqXM5dWy7bEs5Ft5Nzcynyvlv0u5mNdzOZczO3CETw5x1ddHe6c9+4WBh8m/SNIert0+KAZ2fPXuNHjWT5fXwfF1W9ai9OLzvx81Plslin38pFofDBsjcXEgEi9tH4nflG8r9zp3by/emntvyP29Vq2L6+hnB+ouUZwvLxYHq8ytPzuKspc2lk324tWqfnHpla2/4xZlJ1fLdrpSW9VnuM09XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94VOK9jDRTtLfkuzUqpmd6+xNopWkTDT6idH6mRiqcmvt6Lzx+2cZc3PUVslzCVSjOsnuP7j9z263u++HaYtEc5tzfi3RrWwq6g7VfGyJf3WfX4djfmMC9tyFpTvvXbh3/8GXFu7MvTP/zvzd2cuXZ6dnL1/524WbC5356d7ruEcJ7IW1m/64RwIAAAAAAAAAAAAMaz/+W8JTdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9rT9vPBwuzbH3+68kkv16iWsn59XbvmbmbxsFpyJsmRaj1o8hn6u16tdzWyUm11hkXAzvYDB+P23wAAAP//+B8RmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000080)=0x6)

5.309814495s ago: executing program 6 (id=1649):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

4.782050624s ago: executing program 0 (id=1652):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f00000004c0)='./file1\x00', 0x80, &(0x7f0000000d80)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303031373737373737373737372c6e6c733d63703934392c63726561746f723d7af940e22c63726561746f723d0aee18b02c666f7263652c6769643db66cd9e35c541a790920ffbbf654ef70717f119e74cd421aa750ca1d9c30c72dc8824097e89b440e2c1e5349394d611b38242fc70b942623479161ba0ca062f830e29613ad05f08e34b7cd785a952d45bd04684174f0f296c1caf3e90ca015263f025d4dd2518adc6ade870054f764e521f0", @ANYRES64=0x0, @ANYBLOB="2c63726561746f723d1362a84f2c001ff9431eef5603a24fd03ed91e53947f1c1b0db87d311ac2332606851a5634c431970f558844dd9de7c5411a6a043cd24b8dac907e9e8575657ddeae1a3b6113873ccbc19593f645cac58983c2694a9c166df86f5cc5fdb0a4f7285667940bab9d107a53ca4f3f986662f9c2050388a55392282348754d", @ANYBLOB="db4a73fcb8a4d416216ec33969598c4118f6860b3900a977b42f9b00c0241a391e7e8c68824663624ce18d2137d755c7fd53bbe2d7f727f14630de64c271d9ae549f78042328140f93a2f5ad876b647506e1953d7552", @ANYRESHEX=0x0, @ANYRES8=0x0], 0x1, 0x6f4, &(0x7f0000000680)="$eJzs3U1sHGcZAOB3dtdrbyq52zZpC0KK1YgIGkhsLyVBQiIghHyoUCQuvZrEaays3ch2kBMhsgUKRzihHHooQubQE+oBqYgDopyRkLii3CNxjziwaGZn1rtre72b+CcJzyON55uZ7+ed1zOfd2cTbQD/txbeiYlWOWLh3Nub6faDrUbzwVZjpShHxGRElCIqnVUkqxHJZxGXo7PE59KdeXfJXuO89fDTD8/e/7jR2arkS1a/NKzdtvaQEVr5EjMRUc7XY6rs1d/VXfq7N1bXSTfuNGFnisTBcWvv0Bqn+Qj3LfC0uxdRnthlfz3iRERM5a8DIp8dSkcc3oEba5YDAACAp1N5vwovPopHsRnTRxMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB+SzncGJvlSKsozkRTf/1/N96Wq1WOOd7iv7HP8g+tHFAgAAAAAAAAAHIpP8g/uTz+KR7EZ08X+dpJ95v9GtnEy+/lC3I71WIq1OB+bsRgbsRFrMRcxMd3TYXVzcWNjbW5ny99E2rLdbt/LW85HRH1Hy/kjOGkAAAAAAAAAeH79NBZi+riDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXklEubPKlpNFuR6lSkRMRUQ1rdeK+HNRfpb95bgDAAAAgMNXy9fTyX87hXaSved/NXvfPxW3YzU2Yjk2ohlLcS17FtB511/6R6vRfLDVWEmXnR1/+99jxZH1GBHleH+PkWezGqe6LRbie/GDOBczcSXWYjl+FIuxEUsxE7X0JGIxkqjXOk8v6kWcu8d7uW/rymBspwe2X88iqcX1WM5iOx9Xq9F5bJKdQzrm6z2j/bEaMTDi+2l2km/lRszRtZ7f16/z5zK59osj9nE46tmZT3QzMpvmPs/GS8NzP+Z1MjjSXJS6z6BObo+Sbg6OVOT8h+Pk/ES+TnP9i/6cH7QxH6UNZmI+SvnVF/Fqf85vffH+y/2Nv/zPv165UVq9eeP6+rlDPKVDNVEUBjPR6MnEa8OvvjwTzTQTrdEzMTG4Y+oJzuMAVfNsZFPRiLPld7PSYrzRcwm+F9diKS7GbMzFpZiNb8R8NPqusFN9ea00Vvpzkt1rpZ3zW21I8Ge+1FPpl/tU3jY7Uq0nk+blpZ689s509exYvufyr2K2J0svD7/6xv4rkI7/+bycjvGz7l+cp0FfJvK5uYjule0sTO0yN/+2nf5cb67eXLuxeGvE8c7m6/S2/aB/bv7dQZzP40uvl3TGrWRbWU5qxfWSHnulG21/vqr5Jy6ddqUdx051j9VjOpbj+3veqdX8NdzOnjrHXus99q/tmbOav74pjvW9yon3opm9ChkwczRZBWBkJ948Ua09rP299lHt57UbtbenvjN5afIL1Zj4W+VP5T+Ufl/6ZvJmfBQ/ienjjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4H63fu3lxsNpfWuoWYGtzzpIXqnmMNL0Rp3zpbL4zWYdQjho+V5IXqwZ77s1ioxSH1/ElEDKlTfeIhkrGvsbEL6YV8IB0WX5yW7WmXx2heKVrtXqcS61N7/QYnt++CqN9cbP6n3VenFj23DPCcu7CxcuvC+p27X11eWXx36d2l1flLFy9dbHx97msXri83l2Y7P487SuAwrN+5Wz7uGAAAAAAAAAAAAIDx5P/6f+Ox/zNDZZ861bX13Uc+fdSnCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyjFt6JiVYkMTd7fjbdfrDVaKZLUd6uWYmIUkQkP45IPou4HJ0l6j3dJXuN89bDTz88e//jxnZflaJ+aVi70VQjopUWZiKinK/3Nzmw3eotdPu72tNfq7f67dKI4SXdM0wTdqZIHBy3/wUAAP//AZj3og==")
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f00000000c0)={[0x6]}, 0x0, 0x0, 0x8)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

3.72422618s ago: executing program 2 (id=1655):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001300000008000300", @ANYRES32=r2, @ANYBLOB="06001200000000000600b50085017daa0a000600ffffffffffff0000040013000c0043"], 0x48}}, 0x0)

3.671696376s ago: executing program 3 (id=1656):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x1, 0x2002)

3.638669076s ago: executing program 5 (id=1657):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

3.636160647s ago: executing program 0 (id=1658):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000100)="cfedfea593382f5e95e9657787163b2654f134e9d9f3a113885a8b86875f1c8c768c7cd3a8d5e668", 0x28}, {&(0x7f0000000140)="dadef9fb4602debe8364b94dd5b201d0171dd5d130f987b3842076d03a7fcbc1c4b0817806ad977cee95d87025d447795fca71f0c434fac2591bff559908ed171e995aa9e056036df361fb02e4478fa2d6cdd6676ed60529416bae068a385c9a4b02fc48ef81d0be6beb90a9c9416816a258c916c18a76e2ca9c9935f216bd3db21816a4e4b5b38cd2e663842ebddacd0b4143daae36d1519db049bf", 0x9c}], 0x2)

3.322664876s ago: executing program 6 (id=1662):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0x4}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="580000001400add427323b472545b45602117fffffff81004e230e227f00c307c9cfd3ca6f7d7b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

3.158461196s ago: executing program 6 (id=1663):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3000046, &(0x7f0000000bc0)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@errors_remount}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@nombcache}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000000)='./file1\x00', 0x143142, 0x80)
ftruncate(r0, 0x2007ffb)
sendfile(r0, r0, 0x0, 0x1000000201005)
ftruncate(r0, 0x6)

3.156934322s ago: executing program 3 (id=1675):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001300000008000300", @ANYRES32=r2, @ANYBLOB="06001200000000000600b50085017daa0a000600ffffffffffff0000040013000c0043"], 0x48}}, 0x0)

3.156184895s ago: executing program 2 (id=1664):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000080), 0x4a)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000000c0)=0x9, 0x4)
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r1)

2.79686553s ago: executing program 3 (id=1665):
r0 = io_uring_setup(0x7986, &(0x7f0000000480)={0x0, 0x8678, 0x8, 0x5, 0x9c})
r1 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x90)
close_range(r0, 0xffffffffffffffff, 0x0)

2.459650747s ago: executing program 1 (id=1666):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmsg$kcm(r1, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0)

2.459465463s ago: executing program 6 (id=1667):
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @local, 0x2}, 0x1c)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000200)={0x0, 0x4, 0x5, 0x400, r2}, 0x10)

2.459321935s ago: executing program 5 (id=1668):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001200), 0xc, &(0x7f0000001400)={0x0, 0x124}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000001340)=[{0x0, 0x0, 0x0}], 0x7, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

2.453699022s ago: executing program 2 (id=1679):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000000c0)={[{@delalloc}, {@errors_remount}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4005b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r0, 0x0, 0x800003d, 0x7ff)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x0, 0x0, 0x8, 0x2, 0xb, 0x0, 0x0, 0x901dd18286361c4a, 0x3}}, 0x50)
lseek(r0, 0xcbb, 0x3)

2.412972506s ago: executing program 3 (id=1669):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0xef4f}]}}}]}]}], {0x14}}, 0x78}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0)

2.220038039s ago: executing program 6 (id=1670):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x20, 0x6, 0x2, "22e1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.201170905s ago: executing program 5 (id=1671):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21)
syz_emit_ethernet(0x2e, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

2.131531261s ago: executing program 3 (id=1672):
syz_mount_image$erofs(&(0x7f0000000280), &(0x7f0000000000)='./file0\x00', 0x810410, &(0x7f0000000040)=ANY=[], 0x0, 0x22b, &(0x7f0000000ac0)="$eJzsmT1s00AUx/9np3ZaEBELAwsDQRRBHdsB1KUSRUJiRCqfGxE1CDAEpUZKKyERscDABgMSKwMrA0MnBjY2VhgKEhthYwAhHTr7nXNxEmggnfp+g/W/9+7ufZzyloBhmG3L50/fNx6fnD97BMBOVOGSvWzssQz98dndw08XTj1/9eHF29u77q0X75tOv/c3HV/tf7NoI1HqSSm3/5BSCgDVdCVKKosq+c7BwiHSF4TAAdKXYeE86QgCl0jfMHRzmkQceVea8fLV63Hkq09FHQqVqpv5qYy6HYFl6omkvDQrq2s3G3EctYpiSuo4A65xRaFl1kB+ixYWaK3yUxsuPnzQUWuP7H7WvxPKF8BCQPY6BJZIz8OF53l5SwKj/r2l3v22fmZV/8ZLaf9HbYZ4dBoY4rIz8TO3uNhsZ3fPjZOGNSR6ZfQD/5Owi5ZvVIy26L5OMmgctXZM+sItF+XeKzsTTl4ULcJs+J7u+rvBU1/GjCVoBBou8beRsVVCD/NGrH7Ohuv9zJ+P619av6ucWxzyDxx3Vax8PqnpfdCYTyX05nwtuXWntrK6NuegcS2SLhDWj/tHff9YWEsHUfZFkV/5/Cun82nGuH/KmE8mjnDQbiRJK2gDSSvI12Hb6q8ES6+bX/Nh2+1YmN2fbVCPmJbtDouQ+QWdE6matbXPHn6EYRiGYRiGYRiGYRiGYRhmFE7/ch8EZEXqP6rkCMIz6e7fAQAA//9z90NE")
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x125)
syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0)
preadv(r0, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)

2.061237932s ago: executing program 1 (id=1673):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000080)=r0)
close(r1)

2.030070262s ago: executing program 0 (id=1674):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x68b, &(0x7f0000000a40)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXL7F3ndhri88nmp3nmedlnuc3Mzu7s4oc4H/WtXNpPE4t1869uVzkVx7NdFYezdzpp5NMJKknjd4qtbtJ7aPkanpLPlNsrLqrPW0/HyzMvv3xpyuf9HKNainr17drt8mV+hYbH1ZLziQ5Uq2fwbr+rm/orzVyd7XVGRYBO9sPHIxbM0l3ne+eWivZ0fDXLXBg1Xr3zU0X9FRyNMlk9Tmgd1fs3bMPtYfjHgAAAADsgxd+WX6FPzbucQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBhUv39/1q11PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3j20dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5T20ci+fwff/edW527tydu3jt3cKY0gomBJ2gbIzEzEImXh43ErcMaiUHTZSROruav5Rv5ds7lTN7KYhbyvcxlKfM5k69nLkcyV53PxevU9pG6ui731k4jaZXHpVm9iw4/pqXM5dWy7bEs5Ft5Nzcynyvlv0u5mNdzOZczO3CETw5x1ddHe6c9+4WBh8m/SNIert0+KAZ2fPXuNHjWT5fXwfF1W9ai9OLzvx81Plslin38pFofDBsjcXEgEi9tH4nflG8r9zp3by/emntvyP29Vq2L6+hnB+ouUZwvLxYHq8ytPzuKspc2lk324tWqfnHpla2/4xZlJ1fLdrpSW9VnuM09XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94VOK9jDRTtLfkuzUqpmd6+xNopWkTDT6idH6mRiqcmvt6Lzx+2cZc3PUVslzCVSjOsnuP7j9z263u++HaYtEc5tzfi3RrWwq6g7VfGyJf3WfX4djfmMC9tyFpTvvXbh3/8GXFu7MvTP/zvzd2cuXZ6dnL1/524WbC5356d7ruEcJ7IW1m/64RwIAAAAAAAAAAAAMaz/+W8JTdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9rT9vPBwuzbH3+68kkv16iWsn59XbvmbmbxsFpyJsmRaj1o8hn6u16tdzWyUm11hkXAzvYDB+P23wAAAP//+B8RmQ==")
truncate(&(0x7f0000000080)='./file1\x00', 0x200000080000000)
r0 = open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x88)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xe7c)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7)

1.996007164s ago: executing program 2 (id=1676):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x1, 0x2002)

1.80238374s ago: executing program 1 (id=1677):
r0 = syz_io_uring_setup(0x107, &(0x7f0000000140)={0x0, 0x747f, 0x0, 0x4, 0xae}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r3, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0, 0x10008004})
io_uring_enter(r0, 0x3518, 0xaddf, 0x2, 0x0, 0x0)

1.15146264s ago: executing program 5 (id=1678):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
set_mempolicy_home_node(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x0)

1.143880604s ago: executing program 1 (id=1691):
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x120008c, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2cc, &(0x7f0000000480)="$eJzs3U9rHGUYAPBnks3sqIfNwZMIHbAHT8X0Jl4SJIXinix7UA8abAuSXYQWAv7BtSc/gYIHP4Eg+EF68RsIXgVvVii8MrMznUlc113pVmx/v0uePPM+8z7v7rCZEObNBy/PTm+Wcfve5z9HUWSxcxiH8SCL/djZj8aXcc43AQD8rz1IKX5LC5vUZRFRbK8tAGCL1vv5P+jCH59IWwDAFt145923jsbj47eLKOLa7KuzSfWbffV1cfzodnwU07gVr8UoHkbUNwp7Ud8tVOG1lNJ8UFb24/JsfjapKmfv32/Of/RrRF1/EKNY/EXh0d1Gqqa6Pj4+KBd69fOqj+eb+Q+r+qsxihcfFXfzXx8fX11SH5M8Xn2l1/+VGMVPH8bHMY2bdRNd/RcHZflm+vr3z96r2qvqs/nZZFiP66TdJ/zWAAAAAAAAAAAAAAAAAAAAAADwFLvS7J0zjPJSXJ5VqWb/nd2HkVfflq39rqo6voiyNtXfHyilNE/xXW9LwTI1A7v9fQbx0qC/sSAAAAAAAAAAAAAAAAAAAAA8u+5+8unpyXR6685jCdrdAAYR8ceNiH97nsNe5lKsHjxs5jyZTnea8NyY+3k/E7vtmCxiZRvVIh7Ty/JPwXMXe26D73+oFrjJCYte5vXlC9zb/rraq+v0JFs+1zDaTNFcJN/mEd2YPNacK/+7Qyk2ufzypYdG/Ux74aw+zwt1MF8xJrJVjb3xy2KWJpNdXEVev6pLy/eaoFd+4dpY632PYlH+18+KrN6tY7idDyIAAAAAAAAAAAAAAAAAAKD3/P+5dKqf8r23snQneRQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKdE9///NwjmTfEag/O4c/c/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgD8DAAD//8ytUEM=")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x441, 0x104)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)

1.134069323s ago: executing program 2 (id=1692):
r0 = socket$rds(0x15, 0x5, 0x0)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

1.131072508s ago: executing program 3 (id=1693):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8108c4, &(0x7f0000000300)={[{@resv_level={'resv_level', 0x3d, 0x400}}, {@heartbeat_none}, {@inode64}, {@coherency_full}, {@err_ro}, {@localalloc={'localalloc', 0x3d, 0x1}}, {@intr}, {@localalloc}]}, 0x1, 0x442f, &(0x7f000000e480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZP3sIlNNGoI9KTSREppKbRYU21jvGwX2LbowjawNSb2gLcmnkw8GA+NJt44NfwD9ejRi8d6bqIHLyYmjZjdnQVm2A0rYUHq53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/uoXLo3XwzxHmna/6G965/2dOI62e9r75/s6vmL79w4E8J3sz8+XVtbWwtV3aGpoU2///br/ZnNx4Y4U6fabvPWdsv7IYSTW8ZV1RVCeC+EEIUQziVpo8mxN4RwLMm7cf+zm7ldGs2jJ8Wz+WdTD1aHT0+uPFxt/bdHIXxV+t+rt+d/fqFr+KeXd6l7AAAAAAAAAAAAAAAAAAAOuPFrV6+/PTgUHkeheyXa+r7ueHJs9X7s2q75vvN/LAAAAAAAAAAAAAAAAAAAAPxNbbz/n4tONHn/fyw5jrSov/Zm58dI50y8dXXswuBQsv97tCX/tSTpl3Ndob/Jvu/Z/d/PZeo33/99az871Rhfo9++EMUDqfM4HhgI4Ztk4/dT0ZG4VF6qvHKr3BVmd20YB1Y6/vXd+1PRSTb0bzf+o5n2O7///3+3XE3V85u7d4k919Lx72pZ7ttPo7bifz5Tby/iz86l499dS+vdXGCkPgFU4/959/bxH8u036n4Hw8h5KLqWHOpGaC6hqmmt1qvkJaO/6FaWmrqTD7IVvf/75n4X8i0v1/z/3L2i6jmk84O5QBKx/9ftbSeVImN+78/3v7+v5hpfz/iXx3/su//tqTjf7ie2J0qUvsk253/xzPtdyr+1+NknMej1BWwEtXTW/2/OtLS8e/Zkr/x/Be3tf67lKm/V89/jX4bz3+N6f+lqP78R3Pp+Pe2LNfu/T+Rqdfp+X+ktv5jp9LxP1JLS6+d+2o/243/ZKb9TsW/tirpacR/Yz7543A9/eum6z+y0vH/dz0x3lxiufaztv6Ltl//X860vx/rv+r4l+PO9vq8SMf/aMty1fj/0Mb3/5VMvc7HP4RBa/0dS8f/WMtytfu/Z/v4T2XqdTr+L3aycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIADYDQ59oUoHkidx/HAQAjnk/NT4Ug0XZjNT5fKMx8uhTCWpOfCieh2qTxdKOXnFsqzxXyhVCrPhHAhyT8ZeqKlUrmSny/cvbjeVm90p1hYrEwXC5UQwniS/v9wrNHW9FxlvnA3hHBpPe8/cXnx7p3CQn52bvGNwcHBwTCxPob+qPhxpbhQqfdezw1hcr1uX7RpcLXsy+tjORp9UL63uFAo1dKvbKpTKs8USpvqTCV5X4T+qLJ4b2GmUCnmS+Xbjf7200hyHJu49u61K0Nb8m9G9ePo3g4LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/o8fDrX4YQuutncQhhpPFL1Kz8oyfFs/lnUw9Wh09PrjxcfdqqHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzJDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbpGKWBIAoD8JuxUDuPYbXsdrYrimjhiuAJ9BgeRo/iJbxDihRpU4RAMgthswvbJNX3NQ/mZ+Y9mAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM8/TefbzVTUSKq81lxN/X/+Iwfyn15378/sUZZuR0nl+7h8e6Kf+ejvK7crRs8y5dr74/Y6T2fgd7Mtynvb7P9eRcU/s2NV/f9yZSriKiLfltyrmq5r0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGUHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXwEAAP//zQceng==")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

707.12104ms ago: executing program 1 (id=1680):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3000046, &(0x7f0000000bc0)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@errors_remount}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@nombcache}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000000)='./file1\x00', 0x143142, 0x80)
ftruncate(r0, 0x2007ffb)
sendfile(r0, r0, 0x0, 0x1000000201005)
ftruncate(r0, 0x6)

590.934358ms ago: executing program 0 (id=1681):
unshare(0x2000400)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0)
r2 = dup(r0)
inotify_rm_watch(r2, r1)

365.593635ms ago: executing program 5 (id=1682):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
write$FUSE_NOTIFY_RESEND(r0, &(0x7f0000000040)={0x14}, 0x14)

275.031746ms ago: executing program 0 (id=1683):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000280)=ANY=[@ANYBLOB='b *:4\tr'], 0xa)
write$cgroup_devices(r1, &(0x7f0000000240)={'b', ' *:* ', 'm\x00'}, 0x8)

180.760115ms ago: executing program 6 (id=1684):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r0, &(0x7f0000000740)={&(0x7f0000000300)={0xa, 0x4e23, 0x1, @local, 0x9}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000000340)="01", 0x1}], 0x1}, 0x4001)
sendmmsg$inet6(r0, &(0x7f00000024c0)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x2, @private0}, 0x1c, &(0x7f0000000d00)=[{&(0x7f00000002c0)='\n', 0x1}], 0x1}}], 0x1, 0x40088d4)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

125.351785ms ago: executing program 2 (id=1685):
r0 = io_uring_setup(0x560d, &(0x7f0000000680)={0x0, 0xb586, 0x8, 0xfffffffe, 0x3bd})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000010000100000000000060ff000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close_range(r0, 0xffffffffffffffff, 0x0)

114.142799ms ago: executing program 1 (id=1686):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r1, 0x3517, 0xc2de, 0x9, 0x0, 0x0)

0s ago: executing program 0 (id=1687):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_PEC(r1, 0x708, 0x7)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x1, 0xd9, 0x3, &(0x7f00000000c0)={0x8, "810556c721393f4084cc9efc7ddbe76f2fb91f7abe35df2a1f63ef8df4077d040b"}})

kernel console output (not intermixed with test programs):

0
[  265.735026][ T5842]  ? find_held_lock+0x2b/0x80
[  265.735084][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.735130][ T5842]  ? do_raw_spin_unlock+0x172/0x230
[  265.735180][ T5842]  kobject_add_internal+0x2c4/0x9b0
[  265.735250][ T5842]  kobject_add+0x16e/0x240
[  265.735306][ T5842]  ? __pfx_kobject_add+0x10/0x10
[  265.735371][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.735417][ T5842]  ? do_raw_spin_unlock+0x172/0x230
[  265.735463][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.735508][ T5842]  ? kobject_put+0xab/0x5a0
[  265.735566][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.735622][ T5842]  device_add+0x288/0x1aa0
[  265.735686][ T5842]  ? __pfx_dev_set_name+0x10/0x10
[  265.735725][ T5842]  ? __pfx_device_add+0x10/0x10
[  265.735788][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.735836][ T5842]  ? mgmt_send_event_skb+0x2fb/0x460
[  265.735903][ T5842]  hci_conn_add_sysfs+0x17e/0x230
[  265.735963][ T5842]  le_conn_complete_evt+0x1260/0x2150
[  265.736027][ T5842]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  265.736072][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.736135][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.736197][ T5842]  hci_le_conn_complete_evt+0x23c/0x370
[  265.736255][ T5842]  hci_le_meta_evt+0x357/0x5e0
[  265.736305][ T5842]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  265.736359][ T5842]  hci_event_packet+0x685/0x11c0
[  265.736404][ T5842]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  265.736455][ T5842]  ? __pfx_hci_event_packet+0x10/0x10
[  265.736499][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.736549][ T5842]  ? kcov_remote_start+0x3c9/0x6d0
[  265.736600][ T5842]  ? lockdep_hardirqs_on+0x7c/0x110
[  265.736649][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.736707][ T5842]  hci_rx_work+0x2c5/0x16b0
[  265.736759][ T5842]  ? rcu_is_watching+0x12/0xc0
[  265.736818][ T5842]  process_one_work+0x9cf/0x1b70
[  265.736895][ T5842]  ? __pfx_process_one_work+0x10/0x10
[  265.736940][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.736999][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.737046][ T5842]  ? assign_work+0x1a0/0x250
[  265.737090][ T5842]  worker_thread+0x6c8/0xf10
[  265.737143][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.737193][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.737240][ T5842]  ? __kthread_parkme+0x19e/0x250
[  265.737296][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.737345][ T5842]  ? __pfx_worker_thread+0x10/0x10
[  265.737390][ T5842]  kthread+0x3c5/0x780
[  265.737430][ T5842]  ? __pfx_kthread+0x10/0x10
[  265.737472][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.737519][ T5842]  ? rcu_is_watching+0x12/0xc0
[  265.737573][ T5842]  ? __pfx_kthread+0x10/0x10
[  265.737615][ T5842]  ret_from_fork+0x675/0x7d0
[  265.737649][ T5842]  ? __pfx_kthread+0x10/0x10
[  265.737690][ T5842]  ret_from_fork_asm+0x1a/0x30
[  265.737772][ T5842]  </TASK>
[  265.737813][ T5842] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  266.080183][ T5842] Bluetooth: hci1: failed to register connection device
[  266.152457][ T9170] loop2: detected capacity change from 0 to 40427
[  266.166038][ T9165] loop5: detected capacity change from 0 to 32768
[  266.170981][ T9170] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  266.201580][ T9170] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  266.226463][ T9165] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  266.253793][ T9170] F2FS-fs (loop2): invalid crc value
[  266.315665][   T30] audit: type=1800 audit(1763547348.108:37): pid=9165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1096" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  266.476744][ T9170] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  266.513287][ T9170] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  266.524041][ T9170] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  266.589851][ T9170] syz.2.1110: attempt to access beyond end of device
[  266.589851][ T9170] loop2: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  266.771615][ T9198] loop1: detected capacity change from 0 to 2048
[  266.807281][ T9184] loop0: detected capacity change from 0 to 32768
[  266.817469][ T9198] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  266.856312][ T9184] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1100 (9184)
[  266.880090][ T6814] kworker/u8:8: attempt to access beyond end of device
[  266.880090][ T6814] loop2: rw=1, sector=77824, nr_sectors = 136 limit=40427
[  266.916561][ T9184] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  266.950779][ T5848] ocfs2: Unmounting device (7,5) on (node local)
[  266.957698][ T9184] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  267.206910][ T9184] BTRFS info (device loop0): enabling ssd optimizations
[  267.226103][ T9184] BTRFS info (device loop0): turning on async discard
[  267.251272][ T9184] BTRFS info (device loop0): enabling free space tree
[  267.251553][ T9222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1111'.
[  267.267442][ T9184] BTRFS info (device loop0): use lzo compression, level 1
[  267.300785][ T9222] netlink: 'syz.1.1111': attribute type 30 has an invalid length.
[  267.368868][   T36] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  267.377653][ T9222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1111'.
[  267.416345][   T36] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  267.435490][ T9222] netlink: 'syz.1.1111': attribute type 30 has an invalid length.
[  267.447803][   T36] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  267.491145][   T36] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  267.593199][ T5830] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  267.633311][ T9224] tipc: Failed to obtain node identity
[  267.651415][ T9224] tipc: Enabling of bearer <ib:ip6gre0> rejected, failed to enable media
[  268.430640][   T24] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  268.588164][ T5842] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  268.601316][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) 
[  268.601372][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  268.601400][ T5842] Workqueue: hci2 hci_rx_work
[  268.601452][ T5842] Call Trace:
[  268.601465][ T5842]  <TASK>
[  268.601480][ T5842]  dump_stack_lvl+0x16c/0x1f0
[  268.601534][ T5842]  sysfs_warn_dup+0x7f/0xa0
[  268.601585][ T5842]  sysfs_create_dir_ns+0x24b/0x2b0
[  268.601632][ T5842]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  268.601676][ T5842]  ? find_held_lock+0x2b/0x80
[  268.601738][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.601787][ T5842]  ? do_raw_spin_unlock+0x172/0x230
[  268.601837][ T5842]  kobject_add_internal+0x2c4/0x9b0
[  268.601906][ T5842]  kobject_add+0x16e/0x240
[  268.601964][ T5842]  ? __pfx_kobject_add+0x10/0x10
[  268.602025][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.602073][ T5842]  ? do_raw_spin_unlock+0x172/0x230
[  268.602120][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.602173][ T5842]  ? kobject_put+0xab/0x5a0
[  268.602230][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.602290][ T5842]  device_add+0x288/0x1aa0
[  268.602356][ T5842]  ? __pfx_dev_set_name+0x10/0x10
[  268.602398][ T5842]  ? __pfx_device_add+0x10/0x10
[  268.602463][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.602510][ T5842]  ? mgmt_send_event_skb+0x2fb/0x460
[  268.602571][ T5842]  hci_conn_add_sysfs+0x17e/0x230
[  268.602627][ T5842]  le_conn_complete_evt+0x1260/0x2150
[  268.602686][ T5842]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  268.602729][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.602786][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.602842][ T5842]  hci_le_conn_complete_evt+0x23c/0x370
[  268.602900][ T5842]  hci_le_meta_evt+0x357/0x5e0
[  268.602948][ T5842]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  268.603002][ T5842]  hci_event_packet+0x685/0x11c0
[  268.603047][ T5842]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  268.603100][ T5842]  ? __pfx_hci_event_packet+0x10/0x10
[  268.603151][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.603202][ T5842]  ? kcov_remote_start+0x3c9/0x6d0
[  268.603255][ T5842]  ? lockdep_hardirqs_on+0x7c/0x110
[  268.603306][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.603366][ T5842]  hci_rx_work+0x2c5/0x16b0
[  268.603419][ T5842]  ? rcu_is_watching+0x12/0xc0
[  268.603481][ T5842]  process_one_work+0x9cf/0x1b70
[  268.603559][ T5842]  ? __pfx_process_one_work+0x10/0x10
[  268.603604][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.603665][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.603713][ T5842]  ? assign_work+0x1a0/0x250
[  268.603758][ T5842]  worker_thread+0x6c8/0xf10
[  268.603813][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.603863][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.603911][ T5842]  ? __kthread_parkme+0x19e/0x250
[  268.603969][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.604021][ T5842]  ? __pfx_worker_thread+0x10/0x10
[  268.604067][ T5842]  kthread+0x3c5/0x780
[  268.604109][ T5842]  ? __pfx_kthread+0x10/0x10
[  268.604160][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.604209][ T5842]  ? rcu_is_watching+0x12/0xc0
[  268.604264][ T5842]  ? __pfx_kthread+0x10/0x10
[  268.604307][ T5842]  ret_from_fork+0x675/0x7d0
[  268.604343][ T5842]  ? __pfx_kthread+0x10/0x10
[  268.604384][ T5842]  ret_from_fork_asm+0x1a/0x30
[  268.604471][ T5842]  </TASK>
[  268.604728][ T5842] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  268.831399][ T9247] netlink: 'syz.3.1120': attribute type 1 has an invalid length.
[  268.839109][ T5842] Bluetooth: hci2: failed to register connection device
[  268.972679][   T24] usb 2-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  268.985237][   T24] usb 2-1: config 1 interface 0 altsetting 93 endpoint 0x82 has invalid maxpacket 96, setting to 64
[  268.996328][   T24] usb 2-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  269.009495][   T24] usb 2-1: config 1 interface 0 has no altsetting 0
[  269.021789][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  269.040814][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  269.048906][   T24] usb 2-1: SerialNumber: syz
[  269.058045][ T9232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  269.318792][ T9232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  269.453669][ T9247] bond1: entered promiscuous mode
[  269.459454][ T9247] 8021q: adding VLAN 0 to HW filter on device bond1
[  269.788538][  T979] IPVS: starting estimator thread 0...
[  269.818687][   T24] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  269.891944][ T9262] IPVS: using max 22 ests per chain, 52800 per kthread
[  270.021174][   T24] usb 2-1: USB disconnect, device number 9
[  270.050885][   T24] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  270.318436][ T9272] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  270.537565][ T9274] loop6: detected capacity change from 0 to 128
[  270.583934][ T9274] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  270.597383][ T9274] ext4 filesystem being mounted at /142/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  270.671387][ T9274] EXT4-fs error (device loop6): ext4_check_dx_root:2202: inode #2: comm syz.6.1132: Corrupt dir, invalid name for '.', running e2fsck is recommended
[  270.860397][ T6799] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  271.051074][ T9285] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  271.323103][ T9266] loop0: detected capacity change from 0 to 32768
[  271.350342][ T9266] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1127 (9266)
[  271.384114][ T9266] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  271.396895][ T9299] netlink: 'syz.5.1141': attribute type 1 has an invalid length.
[  271.405168][ T9266] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  271.457987][ T9299] bond1: entered promiscuous mode
[  271.491965][ T9299] 8021q: adding VLAN 0 to HW filter on device bond1
[  271.753095][ T9311] bond1: (slave veth3): making interface the new active one
[  271.760631][ T9311] veth3: entered promiscuous mode
[  271.767954][ T9311] bond1: (slave veth3): Enslaving as an active interface with an up link
[  271.786834][ T9266] BTRFS info (device loop0): enabling ssd optimizations
[  271.817301][ T9266] BTRFS info (device loop0): turning on async discard
[  271.858052][ T9266] BTRFS info (device loop0): enabling free space tree
[  271.910935][ T9266] BTRFS info (device loop0): use lzo compression, level 1
[  272.180809][ T5840] Bluetooth: hci1: command 0x0406 tx timeout
[  272.311063][ T9328] tipc: Failed to obtain node identity
[  272.348059][ T9328] tipc: Enabling of bearer <ib:ip6gre0> rejected, failed to enable media
[  272.434831][ T5830] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  272.460606][ T5928] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  272.612285][ T5928] usb 6-1: Using ep0 maxpacket: 16
[  272.653070][ T5928] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.707595][ T5928] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  273.020607][ T5928] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.074397][ T5928] usb 6-1: config 0 descriptor??
[  273.202339][ T9341] loop0: detected capacity change from 0 to 2048
[  273.330385][ T9341] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  273.540249][ T5928] mcp2221 0003:04D8:00DD.0010: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  273.750930][ T5928] usb 6-1: USB disconnect, device number 8
[  274.250873][ T9355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1155'.
[  274.290655][ T9355] netlink: 'syz.6.1155': attribute type 30 has an invalid length.
[  274.351718][ T6814] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  274.360366][ T6814] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  274.368906][ T9355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1155'.
[  274.393491][ T9355] netlink: 'syz.6.1155': attribute type 30 has an invalid length.
[  274.410865][ T6814] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  274.440589][ T6814] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  274.702793][ T9357] loop1: detected capacity change from 0 to 8192
[  275.063826][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  275.140886][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  275.334120][   T24] usb 7-1: Using ep0 maxpacket: 32
[  275.401578][   T24] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  275.476223][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.556716][   T24] usb 7-1: config 0 descriptor??
[  275.836991][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  275.903961][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  275.971548][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  275.980726][ T9361] loop3: detected capacity change from 0 to 131072
[  275.999166][   T24] usb 7-1: media controller created
[  276.041500][ T9361] F2FS-fs (loop3): Test dummy encryption mode enabled
[  276.051318][ T9361] F2FS-fs (loop3): invalid crc value
[  276.097604][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  276.157470][ T9361] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  276.169640][ T9361] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  276.190799][   T24] az6027: usb out operation failed. (-71)
[  276.237502][   T24] az6027: usb out operation failed. (-71)
[  276.253668][   T24] stb0899_attach: Driver disabled by Kconfig
[  276.259916][   T24] az6027: no front-end attached
[  276.259916][   T24] 
[  276.295576][   T24] az6027: usb out operation failed. (-71)
[  276.310613][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  276.330848][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input21
[  276.370931][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  276.377960][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  276.421502][   T24] usb 7-1: USB disconnect, device number 6
[  276.555120][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  276.759192][ T9380] can0: slcan on pty20.
[  276.835262][ T9364] loop2: detected capacity change from 0 to 32768
[  276.863952][ T9378] can0 (unregistered): slcan off pty20.
[  276.920022][ T9364] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  277.061169][ T9364] XFS (loop2): Ending clean mount
[  277.075417][ T9364] XFS (loop2): Quotacheck needed: Please wait.
[  277.187949][ T9398] loop5: detected capacity change from 0 to 1024
[  277.197199][ T9364] XFS (loop2): Quotacheck: Done.
[  277.293904][   T30] audit: type=1804 audit(1763547359.088:38): pid=9364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1160" name="/newroot/198/file1/file1" dev="loop2" ino=6150 res=1 errno=0
[  277.315961][    C0] vkms_vblank_simulate: vblank timer overrun
[  277.375738][ T9398] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  277.407070][ T5832] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  277.848145][ T5848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.410900][   T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  278.580923][   T24] usb 3-1: Using ep0 maxpacket: 16
[  278.592808][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.604437][   T24] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  278.620612][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.651966][   T24] usb 3-1: config 0 descriptor??
[  278.790438][ T9410] loop0: detected capacity change from 0 to 32768
[  279.087212][   T24] mcp2221 0003:04D8:00DD.0011: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  279.358340][ T5928] usb 3-1: USB disconnect, device number 11
[  279.743125][ T9436] misc userio: Invalid payload size
[  280.599445][ T9457] loop3: detected capacity change from 0 to 128
[  280.663880][ T9457] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  280.721523][ T9457] ext4 filesystem being mounted at /196/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  280.810379][   T24] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  280.852998][   T24] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  280.968338][ T9440] loop2: detected capacity change from 0 to 32768
[  281.101153][ T9440] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  281.491379][ T5832] ocfs2: Unmounting device (7,2) on (node local)
[  281.551042][ T9471] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1194'.
[  281.617069][ T5829] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  281.862934][ T9476] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.763383][ T9492] loop5: detected capacity change from 0 to 4096
[  282.857930][ T9481] loop0: detected capacity change from 0 to 32768
[  282.902111][ T9481] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1202 (9481)
[  282.967094][ T9481] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  282.985533][ T9481] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  283.070074][ T5840] Bluetooth: hci4: unexpected event for opcode 0x2039
[  283.211301][ T9481] BTRFS info (device loop0): enabling ssd optimizations
[  283.218474][ T9481] BTRFS info (device loop0): turning on async discard
[  283.234944][ T9481] BTRFS info (device loop0): enabling free space tree
[  283.261076][ T5928] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  283.416567][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.424456][ T5830] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  283.439812][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.463381][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  283.465117][ T9528] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1216'.
[  283.505589][ T5928] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  283.540589][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.552968][   T24] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  283.585035][ T5928] usb 4-1: config 0 descriptor??
[  283.725273][   T24] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  283.734816][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.751019][   T24] usb 6-1: Product: syz
[  283.755226][   T24] usb 6-1: Manufacturer: syz
[  283.759836][   T24] usb 6-1: SerialNumber: syz
[  283.760893][ T9532] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1219'.
[  283.781698][   T24] usb 6-1: config 0 descriptor??
[  284.010124][ T5928] plantronics 0003:047F:FFFF.0013: reserved main item tag 0xd
[  284.014416][   T24] cx82310_eth 6-1:0.0: probe with driver cx82310_eth failed with error -22
[  284.042033][   T24] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[  284.064115][ T5928] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  284.077098][   T24] usb 6-1: USB disconnect, device number 9
[  284.273656][ T5928] usb 4-1: USB disconnect, device number 12
[  284.475433][ T9556] loop0: detected capacity change from 0 to 256
[  284.570669][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  284.754959][   T24] usb 7-1: Using ep0 maxpacket: 8
[  284.767815][   T24] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  284.776485][   T24] usb 7-1: config 0 has no interface number 0
[  284.790922][   T24] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  284.811442][   T24] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  284.841329][   T24] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  284.853010][   T24] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  284.880662][   T24] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  284.900888][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.924204][   T24] usb 7-1: config 0 descriptor??
[  284.942019][   T24] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  284.970429][ T9571] loop5: detected capacity change from 0 to 1024
[  284.988042][ T9570] input: syz1 as /devices/virtual/input/input24
[  285.025213][   T30] audit: type=1800 audit(1763547366.818:39): pid=9571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1235" name="file1" dev="loop5" ino=20 res=0 errno=0
[  285.165329][ T5928] usb 7-1: USB disconnect, device number 7
[  285.196726][ T5928] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  285.629255][ T9591] loop1: detected capacity change from 0 to 16
[  285.667211][ T9591] erofs (device loop1): mounted with root inode @ nid 36.
[  285.828127][ T9595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1248'.
[  285.888735][ T9599] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  285.965029][ T5828] syz-executor: attempt to access beyond end of device
[  285.965029][ T5828] loop1: rw=524288, sector=527032, nr_sectors = 8 limit=16
[  285.993908][ T9595] hsr_slave_0 (unregistering): left promiscuous mode
[  286.048481][ T5828] syz-executor: attempt to access beyond end of device
[  286.048481][ T5828] loop1: rw=524288, sector=296, nr_sectors = 8 limit=16
[  286.150964][ T5828] syz-executor: attempt to access beyond end of device
[  286.150964][ T5828] loop1: rw=524288, sector=1049344, nr_sectors = 8 limit=16
[  286.198592][ T5828] syz-executor: attempt to access beyond end of device
[  286.198592][ T5828] loop1: rw=524288, sector=688, nr_sectors = 8 limit=16
[  286.247612][ T5828] syz-executor: attempt to access beyond end of device
[  286.247612][ T5828] loop1: rw=524288, sector=525096, nr_sectors = 8 limit=16
[  286.262135][ T5828] syz-executor: attempt to access beyond end of device
[  286.262135][ T5828] loop1: rw=524288, sector=712, nr_sectors = 8 limit=16
[  286.282727][ T5828] syz-executor: attempt to access beyond end of device
[  286.282727][ T5828] loop1: rw=0, sector=527032, nr_sectors = 8 limit=16
[  286.390747][ T5828] erofs (device loop1): failed to readdir of logical block 0 of nid 36
[  286.679894][ T9613] loop2: detected capacity change from 0 to 32768
[  286.687753][ T9613] xfs: Deprecated parameter 'ikeep'
[  286.693191][ T9613] XFS: ikeep mount option is deprecated.
[  286.699810][ T5928] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  286.725656][ T9613] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  286.801570][ T9613] XFS (loop2): Ending clean mount
[  286.870126][ T5928] usb 7-1: Using ep0 maxpacket: 8
[  286.877304][ T5832] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  286.877635][ T5928] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  286.887166][   T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  286.897567][ T5928] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  286.914393][  T979] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  286.922921][ T5928] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  286.940423][ T5928] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  286.983020][ T5928] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  287.001013][ T5928] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.062610][  T979] usb 2-1: Using ep0 maxpacket: 8
[  287.092740][   T24] usb 4-1: Using ep0 maxpacket: 32
[  287.103400][  T979] usb 2-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  287.122725][   T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  287.140740][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.149202][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.169568][  T979] usb 2-1: Product: syz
[  287.176530][  T979] usb 2-1: Manufacturer: syz
[  287.182593][   T24] usb 4-1: config 0 descriptor??
[  287.191848][  T979] usb 2-1: SerialNumber: syz
[  287.212180][  T979] usb 2-1: config 0 descriptor??
[  287.231082][  T979] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  287.248835][ T5928] usb 7-1: GET_CAPABILITIES returned 0
[  287.258169][ T5928] usbtmc 7-1:16.0: can't read capabilities
[  287.464169][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  287.518967][ T9645] loop2: detected capacity change from 0 to 512
[  287.571977][ T9645] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.591727][ T5928] usb 7-1: USB disconnect, device number 8
[  287.631684][    T9] usb 6-1: Using ep0 maxpacket: 16
[  287.641006][    T9] usb 6-1: config 0 has an invalid interface number: 251 but max is 0
[  287.649210][    T9] usb 6-1: config 0 has no interface number 0
[  287.662390][ T9641] loop0: detected capacity change from 0 to 32768
[  287.666201][ T9645] EXT4-fs error (device loop2): ext4_validate_block_bitmap:423: comm syz.2.1266: bg 0: bad block bitmap checksum
[  287.671051][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  287.684199][    T9] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  287.704266][    T9] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  287.708539][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  287.716746][ T9645] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Filesystem failed CRC
[  287.741139][    T9] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  287.751684][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.752201][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  287.759785][    T9] usb 6-1: Product: syz
[  287.759815][    T9] usb 6-1: Manufacturer: syz
[  287.759844][    T9] usb 6-1: SerialNumber: syz
[  287.786781][    T9] usb 6-1: config 0 descriptor??
[  287.792057][   T24] usb 4-1: media controller created
[  287.812165][ T9639] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  287.829997][ T9639] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  287.852793][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  287.866881][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.916330][   T24] az6027: usb out operation failed. (-71)
[  287.931170][   T24] az6027: usb out operation failed. (-71)
[  287.937001][   T24] stb0899_attach: Driver disabled by Kconfig
[  287.961930][   T24] az6027: no front-end attached
[  287.961930][   T24] 
[  287.977713][   T24] az6027: usb out operation failed. (-71)
[  287.987314][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  288.002609][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input25
[  288.021466][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  288.036088][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  288.054511][ T9639] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  288.072322][ T9639] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  288.081226][   T24] usb 4-1: USB disconnect, device number 13
[  288.218411][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  288.304541][  T979] gspca_sonixj: reg_w err -71
[  288.309463][  T979] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  288.341789][  T979] usb 2-1: USB disconnect, device number 10
[  288.618316][ T9665] loop3: detected capacity change from 0 to 1024
[  288.658985][ T9665] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  288.671674][ T9665] ext4 filesystem being mounted at /211/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  288.694736][    T9] asix 6-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0xc2
[  288.711623][ T9665] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm syz.3.1274: lblock 0 mapped to illegal pblock 0 (length 6)
[  288.735336][ T9665] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.1274: lblock 3 mapped to illegal pblock 3 (length 3)
[  288.755565][ T9665] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  288.768291][ T9665] EXT4-fs (loop3): This should not happen!! Data will be lost
[  288.768291][ T9665] 
[  288.837299][   T36] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:2: lblock 8 mapped to illegal pblock 8 (length 8)
[  288.873836][   T36] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  288.904851][    T9] usb 6-1: USB disconnect, device number 10
[  288.939178][   T36] EXT4-fs (loop3): This should not happen!! Data will be lost
[  288.939178][   T36] 
[  288.974558][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  289.033579][ T9661] loop6: detected capacity change from 0 to 32768
[  289.047373][ T9661] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  289.142070][ T9661] XFS (loop6): Ending clean mount
[  289.142148][ T9686] loop3: detected capacity change from 0 to 4096
[  289.164311][ T9661] XFS (loop6): Quotacheck needed: Please wait.
[  289.181039][  T979] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  289.244118][ T9661] XFS (loop6): Quotacheck: Done.
[  289.271411][ T9686] ntfs3(loop3): ino=5, "/" mi_enum_attr
[  289.279442][ T9686] ntfs3(loop3): ino=5, "/" ntfs_readdir
[  289.326300][ T6799] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  289.339638][  T979] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  289.351574][  T979] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  289.364917][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.400879][  T979] usb 3-1: config 0 descriptor??
[  289.424092][  T979] pwc: Askey VC010 type 2 USB webcam detected.
[  289.605339][ T9690] loop3: detected capacity change from 0 to 128
[  289.827153][  T979] pwc: recv_control_msg error -32 req 02 val 2b00
[  289.835567][  T979] pwc: recv_control_msg error -32 req 02 val 2700
[  290.045239][  T979] pwc: recv_control_msg error -71 req 04 val 1000
[  290.070931][  T979] pwc: recv_control_msg error -71 req 04 val 1300
[  290.103224][  T979] pwc: recv_control_msg error -71 req 04 val 1400
[  290.141138][  T979] pwc: recv_control_msg error -71 req 02 val 2000
[  290.170770][  T979] pwc: recv_control_msg error -71 req 02 val 2100
[  290.198062][  T979] pwc: recv_control_msg error -71 req 04 val 1500
[  290.221462][  T979] pwc: recv_control_msg error -71 req 02 val 2500
[  290.234612][ T9699] loop3: detected capacity change from 0 to 32768
[  290.250435][  T979] pwc: recv_control_msg error -71 req 02 val 2400
[  290.258409][  T979] pwc: recv_control_msg error -71 req 02 val 2600
[  290.272726][ T9705] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  290.276115][  T979] pwc: recv_control_msg error -71 req 02 val 2900
[  290.286891][  T979] pwc: recv_control_msg error -71 req 02 val 2800
[  290.302771][ T9699] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  290.307764][  T979] pwc: recv_control_msg error -71 req 04 val 1100
[  290.339128][  T979] pwc: recv_control_msg error -71 req 04 val 1200
[  290.352975][ T9699] XFS (loop3): Ending clean mount
[  290.359439][  T979] pwc: Registered as video103.
[  290.363289][ T9699] XFS (loop3): Quotacheck needed: Please wait.
[  290.366973][  T979] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input26
[  290.393797][  T979] usb 3-1: USB disconnect, device number 12
[  290.402135][ T9713] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1288'.
[  290.447648][ T9699] XFS (loop3): Quotacheck: Done.
[  290.516546][ T5829] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  290.530754][ T9692] netlink: 'syz.5.1283': attribute type 6 has an invalid length.
[  291.050423][ T9726] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  291.272247][ T9730] kernel profiling enabled (shift: 63)
[  291.292070][ T9730] profiling shift: 63 too large
[  291.828128][ T9719] loop1: detected capacity change from 0 to 32768
[  291.937856][ T9719] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  291.970938][ T9750] loop5: detected capacity change from 0 to 128
[  291.997845][ T9719] XFS (loop1): Ending clean mount
[  292.014969][ T9719] XFS (loop1): Quotacheck needed: Please wait.
[  292.028057][ T9750] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  292.056746][ T9750] ext4 filesystem being mounted at /198/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  292.106163][ T9719] XFS (loop1): Quotacheck: Done.
[  292.156279][ T5848] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  292.227352][ T5828] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  292.293416][ T9737] loop6: detected capacity change from 0 to 32768
[  292.363784][ T9737] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  292.458634][ T9737] XFS (loop6): Ending clean mount
[  292.514604][   T30] audit: type=1800 audit(1763547630.306:40): pid=9737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1297" name="file1" dev="loop6" ino=9286 res=0 errno=0
[  292.522527][ T9766] loop5: detected capacity change from 0 to 256
[  292.578984][   T30] audit: type=1800 audit(1763547630.356:41): pid=9737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1297" name="file1" dev="loop6" ino=9286 res=0 errno=0
[  292.647965][ T9766] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  292.693809][ T6799] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  293.282266][ T9777] loop5: detected capacity change from 0 to 2048
[  293.337021][ T9777] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  294.076674][ T9805] loop1: detected capacity change from 0 to 1024
[  294.098360][ T9805] hfsplus: Bad value for 'gid'
[  294.266950][ T1149] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 1
[  294.296631][ T1149] Bluetooth: hci6: Frame reassembly failed (-84)
[  294.501649][ T9804] loop5: detected capacity change from 0 to 32768
[  294.517501][ T9804] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  294.535264][ T9804] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  294.915183][ T5848] ocfs2: Unmounting device (7,5) on (node local)
[  295.744473][ T9856] syzkaller1: entered promiscuous mode
[  295.750295][ T9856] syzkaller1: entered allmulticast mode
[  296.290833][ T5928] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  296.340803][ T5842] Bluetooth: hci6: command 0x1003 tx timeout
[  296.350287][ T5840] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  296.455565][ T5928] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  296.472883][ T5928] usb 3-1: config 0 has no interface number 0
[  296.487964][ T5928] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  296.511903][ T5928] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  296.548918][ T5928] usb 3-1: config 0 interface 255 has no altsetting 0
[  296.556008][ T5928] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  296.565221][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.582153][ T5928] usb 3-1: config 0 descriptor??
[  296.599727][ T5928] cp210x 3-1:0.255: cp210x converter detected
[  296.728547][ T9886] netlink: 'syz.3.1357': attribute type 3 has an invalid length.
[  296.997105][ T5928] cp210x 3-1:0.255: failed to get vendor val 0x000e size 3: -32
[  297.212545][ T5928] cp210x 3-1:0.255: GPIO initialisation failed: -19
[  297.228961][ T5928] usb 3-1: cp210x converter now attached to ttyUSB0
[  297.310988][ T9884] loop6: detected capacity change from 0 to 32768
[  297.323368][ T9902] loop3: detected capacity change from 0 to 1024
[  297.334019][ T9884] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  297.366237][   T12] hfsplus: b-tree write err: -5, ino 4
[  297.378810][ T9902] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  leaving read-only.
[  297.428182][ T5928] usb 3-1: USB disconnect, device number 13
[  297.439461][ T5928] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  297.449645][ T5928] cp210x 3-1:0.255: device disconnected
[  297.476110][ T9906] Bluetooth: MGMT ver 1.23
[  297.527110][ T6799] ocfs2: Unmounting device (7,6) on (node local)
[  297.743387][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  297.925937][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  297.963576][    T9] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  297.983109][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.013621][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  298.031491][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.045679][    T9] usb 1-1: Product: syz
[  298.061482][    T9] usb 1-1: Manufacturer: syz
[  298.070081][    T9] usb 1-1: SerialNumber: syz
[  298.084510][    T9] hub 1-1:1.0: bad descriptor, ignoring hub
[  298.091946][    T9] hub 1-1:1.0: probe with driver hub failed with error -5
[  298.201328][   T24] psmouse serio6: Failed to reset mouse on : -5
[  298.299637][    T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  298.311396][ T9933] Bluetooth: MGMT ver 1.23
[  298.371514][ T9935] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  298.611042][    T9] usb 1-1: USB disconnect, device number 10
[  298.611356][ T9942] loop1: detected capacity change from 0 to 8192
[  298.620955][    T9] usblp0: removed
[  298.663553][ T9942]  loop1: p1 p2
[  298.667428][ T9942] loop1: partition table partially beyond EOD, truncated
[  298.674919][ T9942] loop1: p1 start 16777216 is beyond EOD, truncated
[  298.682316][ T9942] loop1: p2 size 515840 extends beyond EOD, truncated
[  298.940707][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  299.102868][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  299.121467][    T9] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  299.143603][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  299.174585][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  299.190695][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.209586][    T9] usb 1-1: Product: syz
[  299.216222][    T9] usb 1-1: Manufacturer: syz
[  299.226898][    T9] usb 1-1: SerialNumber: syz
[  299.248956][    T9] hub 1-1:1.0: bad descriptor, ignoring hub
[  299.256871][    T9] hub 1-1:1.0: probe with driver hub failed with error -5
[  299.471244][    T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  299.551637][    T9] usb 1-1: USB disconnect, device number 11
[  299.589202][    T9] usblp0: removed
[  299.688041][ T9958] loop5: detected capacity change from 0 to 512
[  299.748929][ T9958] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  299.784297][ T9958] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.861497][ T5842] Bluetooth: hci3: command 0x0405 tx timeout
[  300.042929][ T5848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  300.208079][ T9953] loop1: detected capacity change from 0 to 131072
[  300.240835][ T9953] F2FS-fs (loop1): Test dummy encryption mode enabled
[  300.260322][ T9953] F2FS-fs (loop1): invalid crc value
[  300.367075][ T9953] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  300.379401][ T9953] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  300.702667][ T9980] loop3: detected capacity change from 0 to 1024
[  300.756864][ T9986] loop0: detected capacity change from 0 to 1024
[  300.758683][ T9980] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.810268][ T9986] hfsplus: request for non-existent node 16777216 in B*Tree
[  300.840637][ T9986] hfsplus: request for non-existent node 16777216 in B*Tree
[  300.860472][ T9986] hfsplus: request for non-existent node 16777216 in B*Tree
[  300.921166][ T9986] hfsplus: request for non-existent node 16777216 in B*Tree
[  300.944270][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  300.971121][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  300.975456][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.003563][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.043639][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.068269][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.110722][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.131272][ T9986] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.171136][ T9986] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.191827][T10001] loop2: detected capacity change from 0 to 512
[  301.210854][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.212952][T10001] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  301.218357][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.249743][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.291557][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.298990][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.314613][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.332364][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.358378][T10001] EXT4-fs (loop2): 1 truncate cleaned up
[  301.366752][T10001] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  301.367756][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.389860][T10001] syz.2.1405 (pid 10001) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  301.415731][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.436700][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.451902][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.473293][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.482668][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.490084][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.509980][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.539084][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.574715][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.582574][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.589991][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.614386][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.634635][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.655380][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.680273][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.700743][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.708178][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.732209][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.739555][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.766838][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.780608][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.798244][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.806830][T10015] loop2: detected capacity change from 0 to 1024
[  301.813298][ T9993] hfsplus: request for non-existent node 16777216 in B*Tree
[  301.822214][T10015] EXT4-fs: Ignoring removed nomblk_io_submit option
[  301.828963][T10015] EXT4-fs: Ignoring removed nobh option
[  301.835925][   T30] audit: type=1800 audit(1763547639.636:42): pid=9993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1399" name="file1" dev="loop0" ino=20 res=0 errno=0
[  301.903392][T10015] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.953842][T10019] loop3: detected capacity change from 0 to 1024
[  301.972972][T10019] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  302.019149][T10019] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  302.031995][T10019] EXT4-fs (loop3): orphan cleanup on readonly fs
[  302.043455][   T24] misc userio: Buffer overflowed, userio client isn't keeping up
[  302.044555][T10019] EXT4-fs error (device loop3): __ext4_get_inode_loc:4831: comm syz.3.1411: Invalid inode table block 0 in block_group 0
[  302.071548][T10019] EXT4-fs (loop3): Remounting filesystem read-only
[  302.078694][T10019] Quota error (device loop3): write_blk: dquota write failed
[  302.086535][T10019] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  302.097544][T10019] EXT4-fs (loop3): 1 truncate cleaned up
[  302.110131][T10019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  302.185351][T10019] EXT4-fs (loop3): shut down requested (1)
[  302.186994][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.333052][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.610869][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  302.746516][T10044] loop2: detected capacity change from 0 to 256
[  302.753197][  T979] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  302.784267][    T9] usb 1-1: config 0 has an invalid interface number: 255 but max is 0
[  302.793237][    T9] usb 1-1: config 0 has no interface number 0
[  302.809632][    T9] usb 1-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid maxpacket 13042, setting to 1024
[  302.826413][    T9] usb 1-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  302.835150][T10046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1422'.
[  302.840297][    T9] usb 1-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[  302.855897][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.864382][    T9] usb 1-1: Product: syz
[  302.869047][    T9] usb 1-1: Manufacturer: syz
[  302.874033][T10046] geneve2: entered promiscuous mode
[  302.874053][    T9] usb 1-1: SerialNumber: syz
[  302.877449][    T9] usb 1-1: config 0 descriptor??
[  302.891941][T10026] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  302.918750][    T9] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8061 (VM140)'.
[  302.922917][  T979] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  302.940320][  T979] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  302.965566][  T979] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  302.987816][  T979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  303.000958][  T979] usb 6-1: SerialNumber: syz
[  303.068641][T10048] loop2: detected capacity change from 0 to 4096
[  303.110466][    T9] usb 1-1: USB disconnect, device number 12
[  303.158991][   T24] input: PS/2 Generic Mouse as /devices/serio6/input/input27
[  303.235018][  T979] usb 6-1: 0:2 : does not exist
[  303.267902][  T979] usb 6-1: USB disconnect, device number 11
[  303.400693][   T24] psmouse serio6: Failed to enable mouse on 
[  303.626015][T10061] overlayfs: invalid origin (0000)
[  303.809092][T10064] loop1: detected capacity change from 0 to 1024
[  303.820963][T10064] EXT4-fs: Ignoring removed oldalloc option
[  303.827137][T10064] EXT4-fs: Ignoring removed bh option
[  303.850920][    T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  303.876234][T10064] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.891946][T10050] loop3: detected capacity change from 0 to 40427
[  303.901626][T10050] F2FS-fs (loop3): build fault injection rate: 14
[  303.908286][T10050] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  303.926294][T10050] F2FS-fs (loop3): invalid crc value
[  303.935607][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  303.966714][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  303.994376][T10064] EXT4-fs error (device loop1): mb_free_blocks:2014: group 0, inode 19: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  304.030821][    T9] usb 3-1: Using ep0 maxpacket: 8
[  304.050868][ T5928] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  304.074936][    T9] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  304.083469][    T9] usb 3-1: config 179 has no interface number 0
[  304.089854][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  304.101567][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  304.113368][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  304.125649][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  304.143623][    T9] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  304.150770][T10050] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  304.157336][    T9] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  304.167504][T10050] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_recover_fsync_data+0x49d/0x98b0
[  304.176413][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.210350][T10050] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  304.218721][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.232689][T10059] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  304.258207][ T5928] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  304.269902][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.290382][ T5928] usb 1-1: config 0 descriptor??
[  304.309523][T10050] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  304.325824][ T5928] cp210x 1-1:0.0: cp210x converter detected
[  304.349757][T10050] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_xattr_generic_get+0x138/0x170
[  304.390168][T10050] F2FS-fs (loop3): inject inconsistent footer in sanity_check_node_footer of f2fs_get_inode_folio+0x171/0x1b0
[  304.417397][T10050] F2FS-fs (loop3): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  304.545963][ T5829] syz-executor: attempt to access beyond end of device
[  304.545963][ T5829] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  304.569822][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  304.569877][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  304.569900][ T5829] Call Trace:
[  304.569912][ T5829]  <TASK>
[  304.569926][ T5829]  dump_stack_lvl+0x16c/0x1f0
[  304.569981][ T5829]  f2fs_handle_critical_error+0x624/0x9f0
[  304.570026][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.570074][ T5829]  ? f2fs_build_fault_attr+0x53/0x1f0
[  304.570156][ T5829]  f2fs_write_end_io+0x958/0xcf0
[  304.570206][ T5829]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  304.570261][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.570320][ T5829]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  304.570363][ T5829]  bio_endio+0x713/0x860
[  304.570422][ T5829]  submit_bio_noacct+0x306/0x1f60
[  304.570479][ T5829]  __submit_merged_bio+0x33c/0x770
[  304.570536][ T5829]  __submit_merged_write_cond+0x319/0x3f0
[  304.570596][ T5829]  f2fs_write_cache_pages+0x2067/0x2570
[  304.570687][ T5829]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  304.570739][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.570799][ T5829]  ? __lock_acquire+0xb8a/0x1c90
[  304.570894][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.571026][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.571072][ T5829]  ? free_unref_folios+0x109a/0x1610
[  304.571142][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.571200][ T5829]  f2fs_write_data_pages+0x4ad/0xd90
[  304.571266][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  304.571319][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.571379][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.571432][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  304.571492][ T5829]  do_writepages+0x27a/0x600
[  304.571541][ T5829]  ? __pfx_do_writepages+0x10/0x10
[  304.571577][ T5829]  ? do_raw_spin_unlock+0x172/0x230
[  304.571617][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.571657][ T5829]  ? _raw_spin_unlock+0x28/0x50
[  304.571703][ T5829]  filemap_fdatawrite_wbc+0x104/0x160
[  304.571746][ T5829]  __filemap_fdatawrite_range+0xb9/0x100
[  304.571797][ T5829]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  304.571914][ T5829]  ? find_held_lock+0x2b/0x80
[  304.571967][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.572016][ T5829]  ? do_raw_spin_unlock+0x172/0x230
[  304.572059][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.572119][ T5829]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  304.572203][ T5829]  block_operations+0x2b0/0xfe0
[  304.572272][ T5829]  ? __pfx_block_operations+0x10/0x10
[  304.572396][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.572447][ T5829]  ? ktime_get+0x200/0x310
[  304.572503][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.572549][ T5829]  ? lockdep_hardirqs_on+0x7c/0x110
[  304.572602][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.572648][ T5829]  ? rcu_is_watching+0x12/0xc0
[  304.572707][ T5829]  f2fs_write_checkpoint+0x32b/0x5300
[  304.572779][ T5829]  ? kfree+0x2b8/0x6d0
[  304.572823][ T5829]  ? f2fs_stop_gc_thread+0x79/0xd0
[  304.572888][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.572933][ T5829]  ? rcu_is_watching+0x12/0xc0
[  304.572984][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.573030][ T5829]  ? kthread_stop+0x272/0x630
[  304.573071][ T5829]  kill_f2fs_super+0x3d6/0x490
[  304.573143][ T5829]  ? __pfx_kill_f2fs_super+0x10/0x10
[  304.573223][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.573288][ T5829]  deactivate_locked_super+0xc1/0x1a0
[  304.573345][ T5829]  deactivate_super+0xde/0x100
[  304.573405][ T5829]  cleanup_mnt+0x225/0x450
[  304.573465][ T5829]  task_work_run+0x150/0x240
[  304.573510][ T5829]  ? __pfx_task_work_run+0x10/0x10
[  304.573551][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  304.573603][ T5829]  ? __pfx___x64_sys_umount+0x10/0x10
[  304.573678][ T5829]  exit_to_user_mode_loop+0xec/0x130
[  304.573724][ T5829]  do_syscall_64+0x426/0xfa0
[  304.573782][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.573824][ T5829] RIP: 0033:0x7fbbc05909f7
[  304.573855][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  304.573893][ T5829] RSP: 002b:00007ffcb89c4cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  304.573930][ T5829] RAX: 0000000000000000 RBX: 00007fbbc0611d7d RCX: 00007fbbc05909f7
[  304.573957][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb89c4d80
[  304.573982][ T5829] RBP: 00007ffcb89c4d80 R08: 0000000000000000 R09: 0000000000000000
[  304.574008][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb89c5e10
[  304.574034][ T5829] R13: 00007fbbc0611d7d R14: 000000000004a533 R15: 00007ffcb89c5e50
[  304.574094][ T5829]  </TASK>
[  304.575949][    T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input28
[  304.600898][ T5829] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  304.781291][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  305.071031][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  305.087133][ T6035] usb 3-1: USB disconnect, device number 14
[  305.112641][ T5928] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  305.319231][T10087] loop5: detected capacity change from 0 to 4096
[  305.332783][T10087] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  305.349560][ T5928] usb 1-1: cp210x converter now attached to ttyUSB0
[  305.431209][   T30] audit: type=1800 audit(1763547643.216:43): pid=10087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1439" name="file1" dev="loop5" ino=34 res=0 errno=0
[  305.556639][  T979] usb 1-1: USB disconnect, device number 13
[  305.581986][  T979] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  305.709605][  T979] cp210x 1-1:0.0: device disconnected
[  305.984835][T10104] netlink: 'syz.5.1447': attribute type 3 has an invalid length.
[  306.330250][T10114] loop2: detected capacity change from 0 to 512
[  306.386667][T10114] FAT-fs (loop2): Invalid FSINFO signature: 0x00000001, 0x61417272 (sector = 1)
[  306.584073][  T153] FAT-fs (loop2): Invalid FSINFO signature: 0x00000001, 0x61417272 (sector = 1)
[  307.336753][T10133] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1460'.
[  307.840753][ T6035] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  307.946922][T10146] loop6: detected capacity change from 0 to 512
[  307.973081][T10146] EXT4-fs: Ignoring removed oldalloc option
[  308.000979][ T6035] usb 4-1: Using ep0 maxpacket: 32
[  308.007812][T10124] loop5: detected capacity change from 0 to 131072
[  308.012750][ T6035] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  308.030322][T10124] F2FS-fs (loop5): invalid crc value
[  308.034211][T10146] EXT4-fs (loop6): 1 truncate cleaned up
[  308.041685][ T6035] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.053350][T10146] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.070376][ T6035] usb 4-1: config 0 descriptor??
[  308.158876][T10124] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  308.171044][T10124] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  308.287602][ T6035] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  308.308915][ T6035] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  308.325139][ T6035] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  308.342070][T10156] netlink: 428 bytes leftover after parsing attributes in process `syz.0.1468'.
[  308.355751][ T6035] usb 4-1: media controller created
[  308.361745][T10156] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1468'.
[  308.384256][T10158] veth0: entered promiscuous mode
[  308.402444][T10157] veth0: left promiscuous mode
[  308.433150][ T6799] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.434592][ T6035] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  308.514098][ T6035] az6027: usb out operation failed. (-71)
[  308.520722][ T6035] az6027: usb out operation failed. (-71)
[  308.538820][ T6035] stb0899_attach: Driver disabled by Kconfig
[  308.560991][ T6035] az6027: no front-end attached
[  308.560991][ T6035] 
[  308.578784][ T6035] az6027: usb out operation failed. (-71)
[  308.588594][ T6035] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  308.609188][ T6035] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input29
[  308.779862][T10165] loop1: detected capacity change from 0 to 1024
[  308.948418][T10162] loop6: detected capacity change from 0 to 32768
[  308.958395][ T6035] dvb-usb: schedule remote query interval to 400 msecs.
[  308.965567][T10162] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1471 (10162)
[  308.981896][ T6035] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  308.993534][T10162] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  309.003850][T10162] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  309.017885][ T6035] usb 4-1: USB disconnect, device number 14
[  309.172102][ T6035] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  309.191374][T10186] netlink: 67 bytes leftover after parsing attributes in process `syz.2.1477'.
[  309.234333][T10162] BTRFS info (device loop6): enabling ssd optimizations
[  309.241506][T10162] BTRFS info (device loop6): turning on async discard
[  309.248386][T10162] BTRFS info (device loop6): enabling free space tree
[  309.307898][ T6799] BTRFS info (device loop6): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  309.421476][T10192] netlink: 'syz.3.1479': attribute type 12 has an invalid length.
[  310.162922][T10212] loop2: detected capacity change from 0 to 64
[  311.134814][T10234] loop6: detected capacity change from 0 to 4096
[  311.380748][ T6035] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  311.409271][T10242] loop2: detected capacity change from 0 to 1024
[  311.512105][T10242] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  311.570976][T10242] ext4 filesystem being mounted at /268/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  311.572806][ T6035] usb 2-1: config 0 has an invalid interface number: 255 but max is 0
[  311.591172][ T6035] usb 2-1: config 0 has no interface number 0
[  311.601317][ T6035] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  311.620776][ T6035] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  311.635079][ T6035] usb 2-1: config 0 interface 255 has no altsetting 0
[  311.654982][ T6035] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  311.668849][ T6035] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.690247][ T6035] usb 2-1: config 0 descriptor??
[  311.714929][ T6035] cp210x 2-1:0.255: cp210x converter detected
[  311.772204][T10232] loop5: detected capacity change from 0 to 32768
[  311.822957][T10232] 
[  311.822957][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  311.822957][T10232] 
[  311.873161][ T6814] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: comm kworker/u8:8: lblock 0 mapped to illegal pblock 0 (length 1)
[  311.916967][ T6814] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  311.967018][T10232] 
[  311.967018][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  311.967018][T10232] 
[  311.992651][ T6814] EXT4-fs (loop2): This should not happen!! Data will be lost
[  311.992651][ T6814] 
[  312.012984][T10232] 
[  312.012984][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.012984][T10232] 
[  312.044643][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  312.063048][T10232] 
[  312.063048][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.063048][T10232] 
[  312.101905][T10232] 
[  312.101905][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.101905][T10232] 
[  312.135006][T10232] 
[  312.135006][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.135006][T10232] 
[  312.254554][  T112] 
[  312.254554][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.254554][  T112] 
[  312.293293][T10232] 
[  312.293293][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.293293][T10232] 
[  312.316832][T10256] loop0: detected capacity change from 0 to 256
[  312.329107][T10232] 
[  312.329107][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.329107][T10232] 
[  312.376404][T10232] 
[  312.376404][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.376404][T10232] 
[  312.417045][T10251] loop6: detected capacity change from 0 to 65536
[  312.426413][T10232] 
[  312.426413][T10232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.426413][T10232] 
[  312.438368][ T6035] cp210x 2-1:0.255: failed to get vendor val 0x000e size 3: -32
[  312.449819][  T112] 
[  312.449819][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.449819][  T112] 
[  312.492685][T10251] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  312.506436][T10257] 
[  312.506436][T10257]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.506436][T10257] 
[  312.541497][T10257] 
[  312.541497][T10257]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.541497][T10257] 
[  312.563127][T10251] XFS (loop6): Ending clean mount
[  312.579223][T10257] 
[  312.579223][T10257]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.579223][T10257] 
[  312.593915][T10257] 
[  312.593915][T10257]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.593915][T10257] 
[  312.622852][  T112] 
[  312.622852][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.622852][  T112] 
[  312.673697][ T6035] cp210x 2-1:0.255: GPIO initialisation failed: -19
[  312.693312][ T6035] usb 2-1: cp210x converter now attached to ttyUSB0
[  312.697116][ T6799] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  312.745635][ T5848] 
[  312.745635][ T5848]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.745635][ T5848] 
[  312.797340][ T5848] 
[  312.797340][ T5848]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  312.797340][ T5848] 
[  312.904147][  T979] usb 2-1: USB disconnect, device number 11
[  312.961431][  T979] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  312.962130][T10272] loop0: detected capacity change from 0 to 1024
[  313.007637][  T979] cp210x 2-1:0.255: device disconnected
[  313.275653][  T153] hfsplus: b-tree write err: -5, ino 4
[  313.720823][  T979] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  313.729276][T10289] loop0: detected capacity change from 0 to 256
[  313.739167][T10288] loop1: detected capacity change from 0 to 128
[  313.758313][   T30] audit: type=1800 audit(1763548163.549:44): pid=10289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1513" name="file1" dev="loop0" ino=1048646 res=0 errno=0
[  313.803348][T10288] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  313.892863][  T979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.931209][  T979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.970730][  T979] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  313.979879][  T979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.028358][T10295] loop0: detected capacity change from 0 to 1024
[  314.051884][T10295] EXT4-fs: Ignoring removed nomblk_io_submit option
[  314.075044][  T979] usb 6-1: config 0 descriptor??
[  314.077008][T10295] EXT4-fs: Ignoring removed nobh option
[  314.133679][T10295] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.487727][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.739615][T10309] loop6: detected capacity change from 0 to 512
[  314.794895][T10309] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.1523: inode has both inline data and extents flags
[  314.830259][T10309] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.1523: couldn't read orphan inode 15 (err -117)
[  314.914758][T10309] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.917850][  T979] hid-led 0003:27B8:01ED.0014: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.5-1/input0
[  315.017820][  T979] hid-led 0003:27B8:01ED.0014: ThingM blink(1) initialized
[  315.301059][  T979] usb 6-1: USB disconnect, device number 12
[  315.388655][T10324] loop3: detected capacity change from 0 to 4096
[  315.400797][T10324] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  315.445348][ T6799] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.262199][T10317] loop2: detected capacity change from 0 to 131072
[  316.272178][T10317] F2FS-fs (loop2): Test dummy encryption mode enabled
[  316.287741][T10317] F2FS-fs (loop2): invalid crc value
[  316.402311][T10317] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  316.416716][T10317] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  316.557351][  T979] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  316.728406][  T979] usb 2-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  316.756278][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.784404][  T979] usb 2-1: Product: syz
[  316.821231][  T979] usb 2-1: Manufacturer: syz
[  316.825909][  T979] usb 2-1: SerialNumber: syz
[  316.833430][   T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  316.855060][  T979] usb 2-1: config 0 descriptor??
[  316.888186][  T979] usb 2-1: Waiting for MOTU Microbook II to boot up...
[  316.895514][  T979] usb 2-1: failed setting the sample rate for Motu MicroBook II: -22
[  316.903922][  T979] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  317.022834][   T24] usb 1-1: Using ep0 maxpacket: 16
[  317.031006][   T24] usb 1-1: unable to get BOS descriptor or descriptor too short
[  317.042178][   T24] usb 1-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  317.055174][   T24] usb 1-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024
[  317.073877][   T24] usb 1-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  317.105967][  T979] usb 2-1: USB disconnect, device number 12
[  317.125595][   T24] usb 1-1: config 1 interface 0 has no altsetting 0
[  317.143401][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  317.159944][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.168233][   T24] usb 1-1: Product: syz
[  317.173026][   T24] usb 1-1: Manufacturer: syz
[  317.177678][   T24] usb 1-1: SerialNumber: syz
[  317.196695][T10347] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  317.422938][   T24] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input30
[  317.791008][T10369] input: syz0 as /devices/virtual/input/input31
[  318.049604][ T5928] usb 1-1: USB disconnect, device number 14
[  318.049654][    C1] bcm5974 1-1:1.0: trackpad urb failed: -19
[  318.071291][ T5928] bcm5974 1-1:1.0: could not read from device
[  318.280954][ T6035] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  318.444410][ T6035] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.477526][ T6035] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  318.497109][ T6035] usb 7-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  318.520578][ T6035] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.553063][ T6035] usb 7-1: config 0 descriptor??
[  319.451320][ T6035] hid-led 0003:27B8:01ED.0015: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.6-1/input0
[  319.514217][ T6035] hid-led 0003:27B8:01ED.0015: ThingM blink(1) initialized
[  319.654800][ T6035] usb 7-1: USB disconnect, device number 9
[  319.745678][T10383] loop5: detected capacity change from 0 to 40427
[  319.827075][T10383] F2FS-fs (loop5): build fault injection rate: 14
[  319.840630][T10383] F2FS-fs (loop5): build fault injection type: 0x3bfe8c
[  319.881984][T10383] F2FS-fs (loop5): invalid crc value
[  320.199396][T10387] loop0: detected capacity change from 0 to 131072
[  320.201875][T10396] loop2: detected capacity change from 0 to 1024
[  320.213937][T10387] F2FS-fs (loop0): Test dummy encryption mode enabled
[  320.214017][    C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  320.261074][    C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  320.284788][T10387] F2FS-fs (loop0): invalid crc value
[  320.422098][T10387] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  320.446671][T10387] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  320.606813][T10383] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  320.670302][T10383] F2FS-fs (loop5): inject page alloc in f2fs_grab_cache_folio of f2fs_recover_fsync_data+0x49d/0x98b0
[  320.702898][T10383] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  320.797361][T10383] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  320.844021][T10383] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_xattr_generic_get+0x138/0x170
[  320.867640][T10383] F2FS-fs (loop5): inject inconsistent footer in sanity_check_node_footer of f2fs_get_inode_folio+0x171/0x1b0
[  320.899993][T10383] F2FS-fs (loop5): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  321.010054][ T5848] syz-executor: attempt to access beyond end of device
[  321.010054][ T5848] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  321.041094][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  321.041146][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  321.041168][ T5848] Call Trace:
[  321.041179][ T5848]  <TASK>
[  321.041194][ T5848]  dump_stack_lvl+0x16c/0x1f0
[  321.041250][ T5848]  f2fs_handle_critical_error+0x624/0x9f0
[  321.041296][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.041343][ T5848]  ? f2fs_build_fault_attr+0x53/0x1f0
[  321.041416][ T5848]  f2fs_write_end_io+0x958/0xcf0
[  321.041466][ T5848]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  321.041518][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.041574][ T5848]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  321.041619][ T5848]  bio_endio+0x713/0x860
[  321.041677][ T5848]  submit_bio_noacct+0x306/0x1f60
[  321.041730][ T5848]  __submit_merged_bio+0x33c/0x770
[  321.041781][ T5848]  __submit_merged_write_cond+0x319/0x3f0
[  321.041840][ T5848]  f2fs_write_cache_pages+0x2067/0x2570
[  321.041931][ T5848]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  321.041989][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042051][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042096][ T5848]  ? __lock_acquire+0x622/0x1c90
[  321.042246][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042300][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042359][ T5848]  f2fs_write_data_pages+0x4ad/0xd90
[  321.042421][ T5848]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.042472][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042529][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042579][ T5848]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.042636][ T5848]  do_writepages+0x27a/0x600
[  321.042681][ T5848]  ? __pfx_do_writepages+0x10/0x10
[  321.042721][ T5848]  ? do_raw_spin_unlock+0x172/0x230
[  321.042765][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.042811][ T5848]  ? _raw_spin_unlock+0x28/0x50
[  321.042866][ T5848]  filemap_fdatawrite_wbc+0x104/0x160
[  321.042912][ T5848]  __filemap_fdatawrite_range+0xb9/0x100
[  321.042967][ T5848]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  321.043074][ T5848]  ? find_held_lock+0x2b/0x80
[  321.043120][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.043166][ T5848]  ? do_raw_spin_unlock+0x172/0x230
[  321.043211][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.043262][ T5848]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  321.043343][ T5848]  block_operations+0x2b0/0xfe0
[  321.043410][ T5848]  ? __pfx_block_operations+0x10/0x10
[  321.043520][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.043570][ T5848]  ? ktime_get+0x200/0x310
[  321.043626][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.043670][ T5848]  ? lockdep_hardirqs_on+0x7c/0x110
[  321.043719][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.043764][ T5848]  ? rcu_is_watching+0x12/0xc0
[  321.043821][ T5848]  f2fs_write_checkpoint+0x32b/0x5300
[  321.043893][ T5848]  ? kfree+0x2b8/0x6d0
[  321.043936][ T5848]  ? f2fs_stop_gc_thread+0x79/0xd0
[  321.044000][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.044045][ T5848]  ? rcu_is_watching+0x12/0xc0
[  321.044094][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.044138][ T5848]  ? kthread_stop+0x272/0x630
[  321.044178][ T5848]  kill_f2fs_super+0x3d6/0x490
[  321.044237][ T5848]  ? __pfx_kill_f2fs_super+0x10/0x10
[  321.044310][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.044372][ T5848]  deactivate_locked_super+0xc1/0x1a0
[  321.044433][ T5848]  deactivate_super+0xde/0x100
[  321.044489][ T5848]  cleanup_mnt+0x225/0x450
[  321.044550][ T5848]  task_work_run+0x150/0x240
[  321.044594][ T5848]  ? __pfx_task_work_run+0x10/0x10
[  321.044633][ T5848]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.044681][ T5848]  ? __pfx___x64_sys_umount+0x10/0x10
[  321.044753][ T5848]  exit_to_user_mode_loop+0xec/0x130
[  321.044797][ T5848]  do_syscall_64+0x426/0xfa0
[  321.044850][ T5848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.044894][ T5848] RIP: 0033:0x7f94ad3909f7
[  321.044924][ T5848] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  321.044962][ T5848] RSP: 002b:00007fffe26f48d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  321.044998][ T5848] RAX: 0000000000000000 RBX: 00007f94ad411d7d RCX: 00007f94ad3909f7
[  321.045023][ T5848] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe26f4990
[  321.045046][ T5848] RBP: 00007fffe26f4990 R08: 0000000000000000 R09: 0000000000000000
[  321.045070][ T5848] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffe26f5a20
[  321.045095][ T5848] R13: 00007f94ad411d7d R14: 000000000004e58d R15: 00007fffe26f5a60
[  321.045233][ T5848]  </TASK>
[  321.045260][ T5848] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  321.420388][T10394] loop1: detected capacity change from 0 to 40427
[  321.521980][T10394] F2FS-fs: heap/no_heap options were deprecated
[  321.530959][T10394] F2FS-fs (loop1): Image doesn't support compression
[  321.565877][T10411] loop3: detected capacity change from 0 to 2048
[  321.574502][T10394] F2FS-fs (loop1): build fault injection rate: 690
[  321.614844][T10411] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  321.633429][   T24] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0
[  321.671294][T10394] F2FS-fs (loop1): invalid crc value
[  321.700907][   T24] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  322.027676][T10394] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  322.061875][T10394] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  322.114382][T10418] geneve2: entered allmulticast mode
[  322.146237][ T6814] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  322.171632][ T6814] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  322.205324][T10418] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  322.291330][ T6814] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  322.351624][ T5828] syz-executor: attempt to access beyond end of device
[  322.351624][ T5828] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  322.389321][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  322.389371][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  322.389393][ T5828] Call Trace:
[  322.389405][ T5828]  <TASK>
[  322.389419][ T5828]  dump_stack_lvl+0x16c/0x1f0
[  322.389475][ T5828]  f2fs_handle_critical_error+0x624/0x9f0
[  322.389521][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.389567][ T5828]  ? f2fs_build_fault_attr+0x53/0x1f0
[  322.389642][ T5828]  f2fs_write_end_io+0x958/0xcf0
[  322.389693][ T5828]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  322.389746][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.389803][ T5828]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  322.389847][ T5828]  bio_endio+0x713/0x860
[  322.389913][ T5828]  submit_bio_noacct+0x306/0x1f60
[  322.389969][ T5828]  __submit_merged_bio+0x33c/0x770
[  322.390022][ T5828]  __submit_merged_write_cond+0x319/0x3f0
[  322.390082][ T5828]  f2fs_write_cache_pages+0x2067/0x2570
[  322.390169][ T5828]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  322.390228][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.390295][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.390339][ T5828]  ? __lock_acquire+0x622/0x1c90
[  322.390499][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.390542][ T5828]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  322.390601][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.390655][ T5828]  f2fs_write_data_pages+0x4ad/0xd90
[  322.390718][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  322.390768][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.390827][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.390879][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  322.390953][ T5828]  do_writepages+0x27a/0x600
[  322.391000][ T5828]  ? __pfx_do_writepages+0x10/0x10
[  322.391036][ T5828]  ? do_raw_spin_unlock+0x172/0x230
[  322.391080][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.391124][ T5828]  ? _raw_spin_unlock+0x28/0x50
[  322.391173][ T5828]  filemap_fdatawrite_wbc+0x104/0x160
[  322.391218][ T5828]  __filemap_fdatawrite_range+0xb9/0x100
[  322.391271][ T5828]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  322.391389][ T5828]  ? find_held_lock+0x2b/0x80
[  322.391442][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.391488][ T5828]  ? do_raw_spin_unlock+0x172/0x230
[  322.391532][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.391584][ T5828]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  322.391663][ T5828]  block_operations+0x2b0/0xfe0
[  322.391715][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.391775][ T5828]  ? __pfx_block_operations+0x10/0x10
[  322.391826][ T5828]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  322.391864][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.391983][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.392032][ T5828]  ? ktime_get+0x200/0x310
[  322.392088][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.392133][ T5828]  ? lockdep_hardirqs_on+0x7c/0x110
[  322.392182][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.392226][ T5828]  ? rcu_is_watching+0x12/0xc0
[  322.392283][ T5828]  f2fs_write_checkpoint+0x32b/0x5300
[  322.392351][ T5828]  ? kfree+0x2b8/0x6d0
[  322.392393][ T5828]  ? f2fs_stop_gc_thread+0x79/0xd0
[  322.392455][ T5828]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  322.392515][ T5828]  kill_f2fs_super+0x3d6/0x490
[  322.392572][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  322.392648][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.392712][ T5828]  deactivate_locked_super+0xc1/0x1a0
[  322.392769][ T5828]  deactivate_super+0xde/0x100
[  322.392825][ T5828]  cleanup_mnt+0x225/0x450
[  322.392886][ T5828]  task_work_run+0x150/0x240
[  322.392939][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  322.392978][ T5828]  ? srso_alias_return_thunk+0x5/0xfbef5
[  322.393028][ T5828]  ? __pfx___x64_sys_umount+0x10/0x10
[  322.393100][ T5828]  exit_to_user_mode_loop+0xec/0x130
[  322.393145][ T5828]  do_syscall_64+0x426/0xfa0
[  322.393198][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.393235][ T5828] RIP: 0033:0x7f43ead909f7
[  322.393265][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  322.393305][ T5828] RSP: 002b:00007ffe69d1e8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  322.393344][ T5828] RAX: 0000000000000000 RBX: 00007f43eae11d7d RCX: 00007f43ead909f7
[  322.393368][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe69d1e960
[  322.393392][ T5828] RBP: 00007ffe69d1e960 R08: 0000000000000000 R09: 0000000000000000
[  322.393415][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe69d1f9f0
[  322.393438][ T5828] R13: 00007f43eae11d7d R14: 000000000004ea8e R15: 00007ffe69d1fa30
[  322.393497][ T5828]  </TASK>
[  322.881324][ T5828] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  322.928485][T10424] loop6: detected capacity change from 0 to 2048
[  323.032769][T10424] EXT4-fs: Ignoring removed mblk_io_submit option
[  323.082457][T10424] EXT4-fs: Ignoring removed i_version option
[  323.149923][T10428] loop5: detected capacity change from 0 to 1024
[  323.178173][T10424] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  323.266481][T10428] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  323.336477][ T6799] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  323.635205][T10418] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  323.656915][T10418] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  323.677083][T10443] loop0: detected capacity change from 0 to 1024
[  323.721061][T10443] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  323.770698][T10443] ext4 filesystem being mounted at /259/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  323.793597][T10418] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  323.850678][T10418] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  323.911354][T10443] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 8: comm syz.0.1567: lblock 8 mapped to illegal pblock 8 (length 8)
[  323.961947][T10418] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  323.990654][T10418] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  324.007415][T10443] EXT4-fs error (device loop0): ext4_ext_remove_space:2955: inode #15: comm syz.0.1567: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  324.146110][T10453] loop6: detected capacity change from 0 to 8
[  324.211306][  T153] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm kworker/u8:5: lblock 0 mapped to illegal pblock 0 (length 1)
[  324.234084][   T36] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  324.241071][  T153] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  324.242712][   T36] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  324.263904][ T6814] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  324.278809][  T153] EXT4-fs (loop0): This should not happen!! Data will be lost
[  324.278809][  T153] 
[  324.280460][ T6814] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  324.314219][  T153] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  324.326267][T10455] loop1: detected capacity change from 0 to 1024
[  324.330834][  T153] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  324.335382][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  324.352888][ T6814] EXT4-fs (loop5): This should not happen!! Data will be lost
[  324.352888][ T6814] 
[  324.379377][ T6814] EXT4-fs (loop5): Total free blocks count 0
[  324.386304][ T6814] EXT4-fs (loop5): Free/Dirty block details
[  324.393420][ T6814] EXT4-fs (loop5): free_blocks=68451041280
[  324.399277][ T6814] EXT4-fs (loop5): dirty_blocks=4784
[  324.404796][ T6814] EXT4-fs (loop5): Block reservation details
[  324.416525][ T6814] EXT4-fs (loop5): i_reserved_data_blocks=299
[  324.434514][T10455] hfsplus: inconsistency in B*Tree (1,0,1,0,1)
[  324.443167][ T6814] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 2048 with error 28
[  324.457149][T10455] hfsplus: inconsistency in B*Tree (1,0,1,0,1)
[  324.467436][  T153] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  324.495082][T10457] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1575'.
[  324.505735][  T153] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  324.530692][  T153] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  324.565664][  T153] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  324.697448][ T6814] hfsplus: b-tree write err: -5, ino 4
[  324.956412][ T5840] Bluetooth: hci1: unexpected event for opcode 0x2039
[  325.827231][T10470] loop2: detected capacity change from 0 to 32768
[  325.851218][T10470] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1580 (10470)
[  325.905702][T10470] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  325.933418][T10470] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  325.980936][   T43] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  326.018790][T10470] BTRFS info (device loop2): enabling ssd optimizations
[  326.026542][T10470] BTRFS info (device loop2): turning on async discard
[  326.033668][T10470] BTRFS info (device loop2): enabling free space tree
[  326.053780][   T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  326.141617][   T43] usb 2-1: Using ep0 maxpacket: 16
[  326.159883][   T43] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  326.167668][T10520] loop6: detected capacity change from 0 to 1024
[  326.190680][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.198740][   T43] usb 2-1: Product: syz
[  326.220014][T10520] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.240769][   T43] usb 2-1: Manufacturer: syz
[  326.251101][   T43] usb 2-1: SerialNumber: syz
[  326.257936][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.259149][T10520] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.281781][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.299332][T10520] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.299963][   T43] usb 2-1: config 0 descriptor??
[  326.313337][   T24] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  326.329386][T10520] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.348425][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.356183][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.366501][ T5832] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  326.382879][   T24] usb 1-1: config 0 descriptor??
[  326.393100][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.422133][T10520] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.431085][T10520] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.439505][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.460787][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.512831][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.520322][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.583225][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.618374][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.636883][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.650670][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.671818][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.699580][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.708527][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.729728][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.753543][   T43] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  326.767177][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.781540][   T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  326.800474][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.812508][   T43] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  326.821610][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.829228][   T43] usb 2-1: media controller created
[  326.835638][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.861785][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.879681][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.897209][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  326.906851][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.940893][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  326.992970][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  326.999344][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  327.013815][   T43] zl10353_read_register: readreg error (reg=127, ret==0)
[  327.050468][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.058200][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.065727][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.075207][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.082709][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.090107][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.097561][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.105602][T10522] hfsplus: request for non-existent node 16777216 in B*Tree
[  327.111062][   T43] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  327.127842][   T30] audit: type=1800 audit(1763548176.909:45): pid=10522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1593" name="file1" dev="loop6" ino=20 res=0 errno=0
[  327.140561][   T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  327.191158][   T43] usb 2-1: USB disconnect, device number 13
[  327.281523][   T24] hid-led 0003:27B8:01ED.0017: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0
[  327.367270][   T24] hid-led 0003:27B8:01ED.0017: ThingM blink(1) initialized
[  327.382391][   T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  327.535831][   T24] usb 1-1: USB disconnect, device number 15
[  327.797253][T10540] loop5: detected capacity change from 0 to 1024
[  327.825838][T10544] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1603'.
[  327.836439][T10542] loop2: detected capacity change from 0 to 1024
[  327.844756][T10540] EXT4-fs: inline encryption not supported
[  327.880270][T10540] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  327.945288][   T30] audit: type=1800 audit(1763548177.739:46): pid=10542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1601" name="file1" dev="loop2" ino=20 res=0 errno=0
[  327.972073][T10549] netlink: 83 bytes leftover after parsing attributes in process `syz.6.1604'.
[  328.430791][ T5848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.599769][T10555] loop6: detected capacity change from 0 to 32768
[  328.771705][T10538] loop3: detected capacity change from 0 to 40427
[  328.779108][T10538] F2FS-fs: heap/no_heap options were deprecated
[  328.804946][T10538] F2FS-fs (loop3): build fault injection rate: 19
[  328.826946][T10538] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  328.846750][T10538] F2FS-fs (loop3): invalid crc value
[  328.879921][T10538] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __f2fs_build_free_nids+0x207/0xfe0
[  328.900676][   T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  329.120603][   T24] usb 1-1: Using ep0 maxpacket: 32
[  329.149227][   T24] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  329.159124][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.204818][   T24] usb 1-1: config 0 descriptor??
[  329.221289][T10538] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  329.306116][T10538] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  329.366822][T10538] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  329.441019][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  329.476735][T10577] loop6: detected capacity change from 0 to 256
[  329.513208][T10538] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  329.556076][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  329.571251][T10538] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x930/0x2e70
[  329.584823][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  329.592341][   T24] usb 1-1: media controller created
[  329.645680][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  329.722999][   T24] az6027: usb out operation failed. (-71)
[  329.731866][ T5829] syz-executor: attempt to access beyond end of device
[  329.731866][ T5829] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  329.764427][   T24] az6027: usb out operation failed. (-71)
[  329.780952][   T24] stb0899_attach: Driver disabled by Kconfig
[  329.787000][   T24] az6027: no front-end attached
[  329.787000][   T24] 
[  329.800725][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  329.800776][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  329.800798][ T5829] Call Trace:
[  329.800811][ T5829]  <TASK>
[  329.800825][ T5829]  dump_stack_lvl+0x16c/0x1f0
[  329.800881][ T5829]  f2fs_handle_critical_error+0x624/0x9f0
[  329.800934][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.800980][ T5829]  ? f2fs_build_fault_attr+0x53/0x1f0
[  329.801053][ T5829]  f2fs_write_end_io+0x958/0xcf0
[  329.801103][ T5829]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  329.801153][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.801209][ T5829]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  329.801253][ T5829]  bio_endio+0x713/0x860
[  329.801309][ T5829]  submit_bio_noacct+0x306/0x1f60
[  329.801362][ T5829]  __submit_merged_bio+0x33c/0x770
[  329.801413][ T5829]  __submit_merged_write_cond+0x319/0x3f0
[  329.801471][ T5829]  f2fs_write_cache_pages+0x2067/0x2570
[  329.801553][ T5829]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  329.801611][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.801672][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.801716][ T5829]  ? __lock_acquire+0x622/0x1c90
[  329.801864][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.801922][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.801975][ T5829]  f2fs_write_data_pages+0x4ad/0xd90
[  329.802035][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  329.802082][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.802140][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.802190][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  329.802246][ T5829]  do_writepages+0x27a/0x600
[  329.802292][ T5829]  ? __pfx_do_writepages+0x10/0x10
[  329.802325][ T5829]  ? do_raw_spin_unlock+0x172/0x230
[  329.802369][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.802414][ T5829]  ? _raw_spin_unlock+0x28/0x50
[  329.802462][ T5829]  filemap_fdatawrite_wbc+0x104/0x160
[  329.802506][ T5829]  __filemap_fdatawrite_range+0xb9/0x100
[  329.802559][ T5829]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  329.802671][ T5829]  ? find_held_lock+0x2b/0x80
[  329.802721][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.802767][ T5829]  ? do_raw_spin_unlock+0x172/0x230
[  329.802811][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.802863][ T5829]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  329.802944][ T5829]  block_operations+0x2b0/0xfe0
[  329.803012][ T5829]  ? __pfx_block_operations+0x10/0x10
[  329.803124][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.803171][ T5829]  ? ktime_get+0x200/0x310
[  329.803226][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.803271][ T5829]  ? lockdep_hardirqs_on+0x7c/0x110
[  329.803320][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.803364][ T5829]  ? rcu_is_watching+0x12/0xc0
[  329.803420][ T5829]  f2fs_write_checkpoint+0x32b/0x5300
[  329.803487][ T5829]  ? kfree+0x2b8/0x6d0
[  329.803529][ T5829]  ? f2fs_stop_gc_thread+0x79/0xd0
[  329.803592][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.803636][ T5829]  ? rcu_is_watching+0x12/0xc0
[  329.803685][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.803730][ T5829]  ? kthread_stop+0x272/0x630
[  329.803770][ T5829]  kill_f2fs_super+0x3d6/0x490
[  329.803827][ T5829]  ? __pfx_kill_f2fs_super+0x10/0x10
[  329.803905][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.803966][ T5829]  deactivate_locked_super+0xc1/0x1a0
[  329.804023][ T5829]  deactivate_super+0xde/0x100
[  329.804079][ T5829]  cleanup_mnt+0x225/0x450
[  329.804138][ T5829]  task_work_run+0x150/0x240
[  329.804180][ T5829]  ? __pfx_task_work_run+0x10/0x10
[  329.804216][ T5829]  ? srso_alias_return_thunk+0x5/0xfbef5
[  329.804261][ T5829]  ? __pfx___x64_sys_umount+0x10/0x10
[  329.804329][ T5829]  exit_to_user_mode_loop+0xec/0x130
[  329.804372][ T5829]  do_syscall_64+0x426/0xfa0
[  329.804422][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.804457][ T5829] RIP: 0033:0x7fbbc05909f7
[  329.804486][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  329.804521][ T5829] RSP: 002b:00007ffcb89c4cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  329.804553][ T5829] RAX: 0000000000000000 RBX: 00007fbbc0611d7d RCX: 00007fbbc05909f7
[  329.804576][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb89c4d80
[  329.804597][ T5829] RBP: 00007ffcb89c4d80 R08: 0000000000000000 R09: 0000000000000000
[  329.804619][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb89c5e10
[  329.804641][ T5829] R13: 00007fbbc0611d7d R14: 0000000000050776 R15: 00007ffcb89c5e50
[  329.804692][ T5829]  </TASK>
[  329.804705][ T5829] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  330.200697][ T6035] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  330.212014][   T24] az6027: usb out operation failed. (-71)
[  330.286501][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  330.296331][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input32
[  330.309584][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  330.317055][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  330.332364][   T24] usb 1-1: USB disconnect, device number 16
[  330.403412][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  330.452981][ T6035] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  330.482855][ T6035] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  330.511113][ T6035] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  330.532137][ T6035] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.549483][ T6035] usb 6-1: config 0 descriptor??
[  330.567372][ T6035] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  330.578655][ T6035] dvb-usb: bulk message failed: -22 (3/0)
[  330.596806][ T6035] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  330.606273][ T6035] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  330.617427][ T6035] usb 6-1: media controller created
[  330.632650][ T6035] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  330.663182][ T6035] dvb-usb: bulk message failed: -22 (6/0)
[  330.671888][ T6035] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  330.693504][ T6035] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input33
[  330.719015][ T6035] dvb-usb: schedule remote query interval to 150 msecs.
[  330.733211][ T6035] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  330.797444][T10581] dibusb: i2c wr: len=180 is too big!
[  330.797444][T10581] 
[  330.832925][   T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  330.883459][ T6035] usb 6-1: USB disconnect, device number 13
[  330.910973][ T6035] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  330.993798][   T24] usb 1-1: Using ep0 maxpacket: 32
[  331.011753][   T24] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  331.040772][   T24] usb 1-1: config 0 has no interface number 0
[  331.047834][T10597] loop6: detected capacity change from 0 to 1024
[  331.051187][   T24] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  331.080724][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.099184][   T24] usb 1-1: Product: syz
[  331.109418][   T24] usb 1-1: Manufacturer: syz
[  331.116913][T10597] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  331.119505][   T24] usb 1-1: SerialNumber: syz
[  331.129384][T10597] ext4 filesystem being mounted at /226/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.172184][T10599] team0: Port device team_slave_0 removed
[  331.200690][   T24] usb 1-1: config 0 descriptor??
[  331.226364][   T24] smsc95xx v2.0.0
[  331.362495][   T36] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: comm kworker/u8:2: lblock 0 mapped to illegal pblock 0 (length 1)
[  331.390331][   T36] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  331.450943][   T36] EXT4-fs (loop6): This should not happen!! Data will be lost
[  331.450943][   T36] 
[  331.531522][ T6799] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  331.722949][T10613] loop6: detected capacity change from 0 to 1024
[  331.756601][   T30] audit: type=1800 audit(1763548181.549:47): pid=10613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1625" name="file1" dev="loop6" ino=20 res=0 errno=0
[  331.950018][T10596] netlink: 'syz.1.1622': attribute type 6 has an invalid length.
[  331.994571][T10622] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  332.254894][   T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  332.281267][   T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  332.311839][   T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  332.364396][   T24] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  332.403644][   T24] usb 1-1: USB disconnect, device number 17
[  333.096084][T10632] loop2: detected capacity change from 0 to 4096
[  333.190760][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  333.392837][   T24] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  333.410554][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.449068][   T24] usb 2-1: Product: syz
[  333.455032][   T24] usb 2-1: Manufacturer: syz
[  333.469833][   T24] usb 2-1: SerialNumber: syz
[  333.510927][   T24] usb 2-1: config 0 descriptor??
[  333.520909][T10645] loop6: detected capacity change from 0 to 16
[  333.567323][T10645] erofs (device loop6): mounted with root inode @ nid 36.
[  333.802621][   T24] cx82310_eth 2-1:0.0: probe with driver cx82310_eth failed with error -22
[  333.827207][T10650] loop5: detected capacity change from 0 to 4096
[  333.862062][   T24] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19!
[  333.910962][   T24] usb 2-1: USB disconnect, device number 14
[  333.910962][ T6035] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  334.046954][T10650] ntfs3(loop5): ino=5, "/" mi_enum_attr
[  334.065427][ T6035] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  334.066760][T10650] ntfs3(loop5): ino=5, "/" ntfs_readdir
[  334.093982][ T6035] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  334.130747][ T6035] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  334.143259][ T6799] syz-executor: attempt to access beyond end of device
[  334.143259][ T6799] loop6: rw=524288, sector=527032, nr_sectors = 8 limit=16
[  334.190604][ T6035] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  334.199801][ T6035] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.201221][ T6799] syz-executor: attempt to access beyond end of device
[  334.201221][ T6799] loop6: rw=524288, sector=296, nr_sectors = 8 limit=16
[  334.232421][ T6035] usb 3-1: config 0 descriptor??
[  334.243180][ T6799] syz-executor: attempt to access beyond end of device
[  334.243180][ T6799] loop6: rw=524288, sector=1049344, nr_sectors = 8 limit=16
[  334.265954][ T6799] syz-executor: attempt to access beyond end of device
[  334.265954][ T6799] loop6: rw=524288, sector=688, nr_sectors = 8 limit=16
[  334.295010][T10656] loop3: detected capacity change from 0 to 1024
[  334.304201][ T6799] syz-executor: attempt to access beyond end of device
[  334.304201][ T6799] loop6: rw=524288, sector=525096, nr_sectors = 8 limit=16
[  334.319233][ T6799] syz-executor: attempt to access beyond end of device
[  334.319233][ T6799] loop6: rw=524288, sector=712, nr_sectors = 8 limit=16
[  334.335598][T10656] EXT4-fs: inline encryption not supported
[  334.352062][ T6799] syz-executor: attempt to access beyond end of device
[  334.352062][ T6799] loop6: rw=0, sector=527032, nr_sectors = 8 limit=16
[  334.370852][ T6799] erofs (device loop6): failed to readdir of logical block 0 of nid 36
[  334.398615][T10656] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  334.528637][T10662] loop5: detected capacity change from 0 to 256
[  334.664447][ T6035] plantronics 0003:047F:FFFF.0018: reserved main item tag 0xd
[  334.706582][ T6035] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  334.756747][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.993559][ T6035] usb 3-1: USB disconnect, device number 15
[  335.038849][T10675] loop5: detected capacity change from 0 to 1024
[  335.134479][T10675] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.163924][T10675] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.216798][T10675] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.249937][T10675] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.292802][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.322577][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.330003][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.368218][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.393395][T10675] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.422242][T10675] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.444448][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.473129][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.526618][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.546803][T10686] loop0: detected capacity change from 0 to 1024
[  335.562223][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.581394][T10686] hfsplus: Bad value for 'gid'
[  335.603742][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.620913][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.638867][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.649035][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.667238][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.701425][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.729572][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.757425][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.779845][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.840490][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.848050][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.905741][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.938839][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.970677][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.999392][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.017593][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.030065][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.048099][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.057224][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.154097][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.194104][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.216015][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.226816][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.235753][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.261017][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.280805][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.309395][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.323810][T10681] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.390595][   T30] audit: type=1800 audit(1763548186.179:48): pid=10681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1648" name="file1" dev="loop5" ino=20 res=0 errno=0
[  336.647426][T10696] loop2: detected capacity change from 0 to 2048
[  336.663668][   T24] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  336.703285][T10696] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  336.712921][   T24] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  337.132853][T10716] loop6: detected capacity change from 0 to 1024
[  337.146258][T10715] loop3: detected capacity change from 0 to 2048
[  337.162278][T10716] EXT4-fs: inline encryption not supported
[  337.175952][T10715] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  337.216743][T10716] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.603386][ T6799] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.841638][T10731] loop2: detected capacity change from 0 to 1024
[  337.871753][T10731] EXT4-fs: Ignoring removed nobh option
[  337.890890][T10731] EXT4-fs: Ignoring removed bh option
[  337.933774][T10731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  338.147947][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.152331][T10745] loop3: detected capacity change from 0 to 16
[  338.198555][T10745] erofs (device loop3): mounted with root inode @ nid 36.
[  338.296071][T10748] loop0: detected capacity change from 0 to 1024
[  338.360615][ T6035] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  338.374806][   T30] audit: type=1800 audit(1763548188.169:49): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1674" name="file1" dev="loop0" ino=20 res=0 errno=0
[  338.522887][ T6035] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  338.541904][ T6035] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  338.560726][ T6035] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.577820][ T6035] usb 7-1: config 0 descriptor??
[  338.589425][ T6035] pwc: Askey VC010 type 2 USB webcam detected.
[  338.596071][ T5829] syz-executor: attempt to access beyond end of device
[  338.596071][ T5829] loop3: rw=524288, sector=527032, nr_sectors = 8 limit=16
[  338.613060][ T5829] syz-executor: attempt to access beyond end of device
[  338.613060][ T5829] loop3: rw=524288, sector=296, nr_sectors = 8 limit=16
[  338.675667][ T5829] syz-executor: attempt to access beyond end of device
[  338.675667][ T5829] loop3: rw=524288, sector=1049344, nr_sectors = 8 limit=16
[  338.702784][ T5829] syz-executor: attempt to access beyond end of device
[  338.702784][ T5829] loop3: rw=524288, sector=688, nr_sectors = 8 limit=16
[  338.727967][ T5829] syz-executor: attempt to access beyond end of device
[  338.727967][ T5829] loop3: rw=524288, sector=525096, nr_sectors = 8 limit=16
[  338.754364][ T5829] syz-executor: attempt to access beyond end of device
[  338.754364][ T5829] loop3: rw=524288, sector=712, nr_sectors = 8 limit=16
[  338.770037][ T5829] syz-executor: attempt to access beyond end of device
[  338.770037][ T5829] loop3: rw=0, sector=527032, nr_sectors = 8 limit=16
[  338.787020][ T5829] erofs (device loop3): failed to readdir of logical block 0 of nid 36
[  339.007511][ T6035] pwc: recv_control_msg error -32 req 02 val 2b00
[  339.017824][ T6035] pwc: recv_control_msg error -32 req 02 val 2700
[  339.076335][T10759] loop1: detected capacity change from 0 to 256
[  339.161128][   T30] audit: type=1800 audit(1763548188.949:50): pid=10759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1691" name="file1" dev="loop1" ino=1048651 res=0 errno=0
[  339.247883][ T6035] pwc: recv_control_msg error -71 req 04 val 1000
[  339.274400][ T6035] pwc: recv_control_msg error -71 req 04 val 1300
[  339.306490][ T6035] pwc: recv_control_msg error -71 req 04 val 1400
[  339.351601][ T6035] pwc: recv_control_msg error -71 req 02 val 2000
[  339.376063][ T6035] pwc: recv_control_msg error -71 req 02 val 2100
[  339.402562][ T6035] pwc: recv_control_msg error -71 req 04 val 1500
[  339.430414][ T6035] pwc: recv_control_msg error -71 req 02 val 2500
[  339.445425][ T6035] pwc: recv_control_msg error -71 req 02 val 2400
[  339.468037][ T6035] pwc: recv_control_msg error -71 req 02 val 2600
[  339.485493][ T6035] pwc: recv_control_msg error -71 req 02 val 2900
[  339.501912][ T6035] pwc: recv_control_msg error -71 req 02 val 2800
[  339.514690][ T6035] pwc: recv_control_msg error -71 req 04 val 1100
[  339.532568][ T6035] pwc: recv_control_msg error -71 req 04 val 1200
[  339.561641][ T6035] pwc: Registered as video103.
[  339.568672][ T6035] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input35
[  339.592186][T10768] loop1: detected capacity change from 0 to 1024
[  339.610475][T10768] EXT4-fs: inline encryption not supported
[  339.619744][ T6035] usb 7-1: USB disconnect, device number 10
[  339.659368][T10768] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  339.865963][T10764] loop3: detected capacity change from 0 to 32768
[  339.901426][T10764] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  339.965226][T10764] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  340.055636][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.117021][T10764] overlayfs: upper fs does not support tmpfile.
[  340.204337][T10764] 
[  340.206720][T10764] ======================================================
[  340.213827][T10764] WARNING: possible circular locking dependency detected
[  340.221057][T10764] syzkaller #0 Not tainted
[  340.225557][T10764] ------------------------------------------------------
[  340.232569][T10764] syz.3.1693/10764 is trying to acquire lock:
[  340.238723][T10764] ffff888041903480 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_remove_inode+0x15b/0x8a0
[  340.251212][T10764] 
[  340.251212][T10764] but task is already holding lock:
[  340.258572][T10764] ffff888041901800 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_wipe_inode+0x2d5/0x1210
[  340.270896][T10764] 
[  340.270896][T10764] which lock already depends on the new lock.
[  340.270896][T10764] 
[  340.281306][T10764] 
[  340.281306][T10764] the existing dependency chain (in reverse order) is:
[  340.290588][T10764] 
[  340.290588][T10764] -> #3 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}:
[  340.301143][T10764]        down_write+0x92/0x200
[  340.305956][T10764]        ocfs2_del_inode_from_orphan+0x112/0x700
[  340.312304][T10764]        ocfs2_dio_end_io_write+0x2cb/0xf30
[  340.318217][T10764]        ocfs2_dio_end_io+0x136/0x2c0
[  340.323600][T10764]        dio_complete+0x224/0x970
[  340.328656][T10764]        __blockdev_direct_IO+0x3027/0x3c40
[  340.334597][T10764]        ocfs2_direct_IO+0x263/0x360
[  340.339977][T10764]        generic_file_direct_write+0x19a/0x410
[  340.346338][T10764]        __generic_file_write_iter+0x11b/0x240
[  340.352532][T10764]        ocfs2_file_write_iter+0xbc4/0x21b0
[  340.358451][T10764]        iter_file_splice_write+0xa24/0x12e0
[  340.364636][T10764]        direct_splice_actor+0x192/0x6c0
[  340.370293][T10764]        splice_direct_to_actor+0x345/0xa30
[  340.376216][T10764]        do_splice_direct+0x174/0x240
[  340.381623][T10764]        do_sendfile+0xb06/0xe50
[  340.386626][T10764]        __x64_sys_sendfile64+0x1d8/0x220
[  340.392447][T10764]        do_syscall_64+0xcd/0xfa0
[  340.397507][T10764]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.403938][T10764] 
[  340.403938][T10764] -> #2 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
[  340.412832][T10764]        down_write+0x92/0x200
[  340.417643][T10764]        ocfs2_create_local_dquot+0x157/0xb30
[  340.423931][T10764]        ocfs2_acquire_dquot+0x626/0xb00
[  340.429581][T10764]        dqget+0x693/0x1180
[  340.434096][T10764]        __dquot_initialize+0x586/0xd50
[  340.439654][T10764]        ocfs2_get_init_inode+0xe7/0x1b0
[  340.445291][T10764]        ocfs2_mknod+0x974/0x2540
[  340.450331][T10764]        ocfs2_create+0x17c/0x460
[  340.455450][T10764]        lookup_open.isra.0+0x11d3/0x1580
[  340.461197][T10764]        path_openat+0x893/0x2cb0
[  340.466248][T10764]        do_filp_open+0x20b/0x470
[  340.471294][T10764]        do_sys_openat2+0x11b/0x1d0
[  340.476510][T10764]        __x64_sys_openat+0x174/0x210
[  340.481895][T10764]        do_syscall_64+0xcd/0xfa0
[  340.486941][T10764]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.493376][T10764] 
[  340.493376][T10764] -> #1 (&dquot->dq_lock){+.+.}-{4:4}:
[  340.501045][T10764]        __mutex_lock+0x193/0x1060
[  340.506181][T10764]        dqget+0x5f1/0x1180
[  340.510693][T10764]        __dquot_initialize+0x586/0xd50
[  340.516253][T10764]        ocfs2_get_init_inode+0xe7/0x1b0
[  340.521892][T10764]        ocfs2_mknod+0x974/0x2540
[  340.526922][T10764]        ocfs2_create+0x17c/0x460
[  340.531955][T10764]        lookup_open.isra.0+0x11d3/0x1580
[  340.537704][T10764]        path_openat+0x893/0x2cb0
[  340.542847][T10764]        do_filp_open+0x20b/0x470
[  340.548094][T10764]        do_sys_openat2+0x11b/0x1d0
[  340.553336][T10764]        __x64_sys_openat+0x174/0x210
[  340.558818][T10764]        do_syscall_64+0xcd/0xfa0
[  340.563866][T10764]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.570297][T10764] 
[  340.570297][T10764] -> #0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  340.580925][T10764]        __lock_acquire+0x126f/0x1c90
[  340.586350][T10764]        lock_acquire+0x179/0x350
[  340.591489][T10764]        down_write+0x92/0x200
[  340.596377][T10764]        ocfs2_remove_inode+0x15b/0x8a0
[  340.602026][T10764]        ocfs2_wipe_inode+0x446/0x1210
[  340.607586][T10764]        ocfs2_evict_inode+0x6e0/0x1680
[  340.613351][T10764]        evict+0x3e6/0x920
[  340.617783][T10764]        iput.part.0+0x6a9/0xb00
[  340.622730][T10764]        iput+0x35/0x40
[  340.626978][T10764]        ocfs2_dentry_iput+0x139/0x330
[  340.632452][T10764]        dentry_unlink_inode+0x282/0x480
[  340.638129][T10764]        __dentry_kill+0x1d0/0x600
[  340.643276][T10764]        dput.part.0+0x4b1/0x9b0
[  340.648225][T10764]        dput+0x1f/0x30
[  340.652390][T10764]        ovl_fill_super+0x13ea/0x7130
[  340.657781][T10764]        get_tree_nodev+0xdd/0x190
[  340.663003][T10764]        vfs_get_tree+0x8e/0x340
[  340.667956][T10764]        path_mount+0x7b9/0x23a0
[  340.672982][T10764]        __x64_sys_mount+0x293/0x310
[  340.678363][T10764]        do_syscall_64+0xcd/0xfa0
[  340.683412][T10764]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.689831][T10764] 
[  340.689831][T10764] other info that might help us debug this:
[  340.689831][T10764] 
[  340.700051][T10764] Chain exists of:
[  340.700051][T10764]   &ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key --> &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]
[  340.700051][T10764] 
[  340.720261][T10764]  Possible unsafe locking scenario:
[  340.720261][T10764] 
[  340.727773][T10764]        CPU0                    CPU1
[  340.733132][T10764]        ----                    ----
[  340.738492][T10764]   lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  340.745803][T10764]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  340.754061][T10764]                                lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  340.763887][T10764]   lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]);
[  340.771584][T10764] 
[  340.771584][T10764]  *** DEADLOCK ***
[  340.771584][T10764] 
[  340.779818][T10764] 4 locks held by syz.3.1693/10764:
[  340.785107][T10764]  #0: ffff8880523c40e0 (&type->s_umount_key#56/1){+.+.}-{4:4}, at: alloc_super+0x1e3/0xb60
[  340.795486][T10764]  #1: ffff88807775a420 (sb_writers#27){.+.+}-{0:0}, at: ovl_fill_super+0xeee/0x7130
[  340.805065][T10764]  #2: ffff8880593f8bd0 (&osb->nfs_sync_rwlock){.+.+}-{4:4}, at: ocfs2_nfs_sync_lock+0xe4/0x2e0
[  340.815587][T10764]  #3: ffff888041901800 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_wipe_inode+0x2d5/0x1210
[  340.828439][T10764] 
[  340.828439][T10764] stack backtrace:
[  340.834330][T10764] CPU: 0 UID: 0 PID: 10764 Comm: syz.3.1693 Not tainted syzkaller #0 PREEMPT(full) 
[  340.834373][T10764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  340.834394][T10764] Call Trace:
[  340.834407][T10764]  <TASK>
[  340.834419][T10764]  dump_stack_lvl+0x116/0x1f0
[  340.834468][T10764]  print_circular_bug+0x275/0x350
[  340.834528][T10764]  check_noncircular+0x14c/0x170
[  340.834590][T10764]  __lock_acquire+0x126f/0x1c90
[  340.834655][T10764]  lock_acquire+0x179/0x350
[  340.834686][T10764]  ? ocfs2_remove_inode+0x15b/0x8a0
[  340.834725][T10764]  ? __pfx___might_resched+0x10/0x10
[  340.834777][T10764]  down_write+0x92/0x200
[  340.834826][T10764]  ? ocfs2_remove_inode+0x15b/0x8a0
[  340.834862][T10764]  ? __pfx_down_write+0x10/0x10
[  340.834920][T10764]  ? ocfs2_xattr_remove+0x159/0xd10
[  340.834956][T10764]  ? do_raw_spin_unlock+0x172/0x230
[  340.834999][T10764]  ocfs2_remove_inode+0x15b/0x8a0
[  340.835038][T10764]  ? __pfx_ocfs2_remove_inode+0x10/0x10
[  340.835075][T10764]  ? down_write+0x14d/0x200
[  340.835125][T10764]  ? __pfx_down_write+0x10/0x10
[  340.835181][T10764]  ocfs2_wipe_inode+0x446/0x1210
[  340.835225][T10764]  ? __pfx_ocfs2_wipe_inode+0x10/0x10
[  340.835267][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835310][T10764]  ? do_raw_spin_unlock+0x172/0x230
[  340.835350][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835396][T10764]  ocfs2_evict_inode+0x6e0/0x1680
[  340.835440][T10764]  ? __pfx_ocfs2_evict_inode+0x10/0x10
[  340.835479][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835523][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835565][T10764]  ? find_held_lock+0x2b/0x80
[  340.835609][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835655][T10764]  ? __pfx_ocfs2_evict_inode+0x10/0x10
[  340.835697][T10764]  evict+0x3e6/0x920
[  340.835733][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835777][T10764]  ? __pfx_evict+0x10/0x10
[  340.835817][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.835865][T10764]  iput.part.0+0x6a9/0xb00
[  340.835906][T10764]  ? __pfx_ocfs2_drop_inode+0x10/0x10
[  340.835949][T10764]  iput+0x35/0x40
[  340.835984][T10764]  ocfs2_dentry_iput+0x139/0x330
[  340.836030][T10764]  ? __pfx_ocfs2_dentry_iput+0x10/0x10
[  340.836077][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.836123][T10764]  ? __pfx_ocfs2_dentry_iput+0x10/0x10
[  340.836174][T10764]  dentry_unlink_inode+0x282/0x480
[  340.836212][T10764]  __dentry_kill+0x1d0/0x600
[  340.836252][T10764]  dput.part.0+0x4b1/0x9b0
[  340.836292][T10764]  dput+0x1f/0x30
[  340.836329][T10764]  ovl_fill_super+0x13ea/0x7130
[  340.836395][T10764]  ? __pfx_ovl_fill_super+0x10/0x10
[  340.836447][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.836489][T10764]  ? lockdep_init_map_type+0x5c/0x280
[  340.836522][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.836564][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.836606][T10764]  ? lockdep_init_map_type+0x5c/0x280
[  340.836639][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.836681][T10764]  ? __init_swait_queue_head+0xca/0x150
[  340.836728][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.836769][T10764]  ? sget_fc+0x808/0xc20
[  340.836820][T10764]  ? __pfx_ovl_fill_super+0x10/0x10
[  340.836869][T10764]  ? get_tree_nodev+0xdd/0x190
[  340.836925][T10764]  ? __pfx_ovl_fill_super+0x10/0x10
[  340.836973][T10764]  get_tree_nodev+0xdd/0x190
[  340.837025][T10764]  vfs_get_tree+0x8e/0x340
[  340.837069][T10764]  path_mount+0x7b9/0x23a0
[  340.837107][T10764]  ? __pfx_path_mount+0x10/0x10
[  340.837142][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.837185][T10764]  ? kmem_cache_free+0x2d4/0x6c0
[  340.837235][T10764]  ? putname+0x154/0x1a0
[  340.837273][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.837315][T10764]  ? putname+0x154/0x1a0
[  340.837353][T10764]  ? __x64_sys_mount+0x293/0x310
[  340.837386][T10764]  __x64_sys_mount+0x293/0x310
[  340.837421][T10764]  ? __pfx___x64_sys_mount+0x10/0x10
[  340.837458][T10764]  ? srso_alias_return_thunk+0x5/0xfbef5
[  340.837506][T10764]  do_syscall_64+0xcd/0xfa0
[  340.837552][T10764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.837588][T10764] RIP: 0033:0x7fbbc058f6c9
[  340.837614][T10764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.837649][T10764] RSP: 002b:00007fbbc140e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  340.837682][T10764] RAX: ffffffffffffffda RBX: 00007fbbc07e5fa0 RCX: 00007fbbc058f6c9
[  340.837706][T10764] RDX: 00002000000003c0 RSI: 00002000000000c0 RDI: 0000000000000000
[  340.837728][T10764] RBP: 00007fbbc0611f91 R08: 00002000000004c0 R09: 0000000000000000
[  340.837751][T10764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  340.837772][T10764] R13: 00007fbbc07e6038 R14: 00007fbbc07e5fa0 R15: 00007ffcb89c5a38
[  340.837807][T10764]  </TASK>
[  341.306491][T10764] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  341.313705][T10764] overlayfs: failed to set xattr on upper
[  341.319436][T10764] overlayfs: ...falling back to redirect_dir=nofollow.
[  341.335083][T10764] overlayfs: ...falling back to index=off.
[  341.341422][T10764] overlayfs: ...falling back to uuid=null.
[  341.347259][T10764] overlayfs: upper fs missing required features.
[  341.383681][ T5829] ocfs2: Unmounting device (7,3) on (node local)
[  341.600624][ T6035] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  341.750827][ T6035] usb 1-1: Using ep0 maxpacket: 32
[  341.757917][ T6035] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  341.767170][ T6035] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.776530][ T6035] usb 1-1: config 0 descriptor??
[  341.988334][ T6035] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  341.996416][ T6035] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  342.006305][ T6035] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  342.013577][ T6035] usb 1-1: media controller created
[  342.028825][ T6035] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  342.192826][ T6035] az6027: usb out operation failed. (-71)
[  342.199006][ T6035] az6027: usb out operation failed. (-71)
[  342.205156][ T6035] stb0899_attach: Driver disabled by Kconfig
[  342.211272][ T6035] az6027: no front-end attached
[  342.211272][ T6035] 
[  342.218803][ T6035] az6027: usb out operation failed. (-71)
[  342.224659][ T6035] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  342.232884][ T6035] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input36
[  342.245060][ T6035] dvb-usb: schedule remote query interval to 400 msecs.
[  342.252088][ T6035] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  342.262051][ T6035] usb 1-1: USB disconnect, device number 18
[  342.281423][ T6035] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.