last executing test programs:

2m2.320828676s ago: executing program 0 (id=527):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x4, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x184}}, 0x0)

2m2.200890978s ago: executing program 0 (id=529):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800084000000008140005"], 0x5c}}, 0x0)

2m2.120359745s ago: executing program 0 (id=530):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x89}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0xa, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)

2m2.120132423s ago: executing program 0 (id=531):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x11)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000240)='./file0/../file0\x00')
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00')

2m2.060368131s ago: executing program 0 (id=532):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
setpriority(0x1, 0x800000, 0xffffffffffffffcd)

2m1.721376284s ago: executing program 0 (id=533):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62043c009e0101000001ad2f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e23", 0x48}], 0x1}, 0x0)

2m1.554144976s ago: executing program 32 (id=533):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62043c009e0101000001ad2f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e23", 0x48}], 0x1}, 0x0)

11.025119099s ago: executing program 3 (id=2000):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
close(r0)
getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000000000)=""/38, &(0x7f00000000c0)=0x26)

11.024818518s ago: executing program 3 (id=2002):
connect$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x10, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10)
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40106e80, &(0x7f0000000280)=0x1)

10.866332761s ago: executing program 3 (id=2005):
setgroups(0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {}, [], {0x4, 0x1}, [{0x8, 0x6}], {0x10, 0x3}, {0x20, 0x7}}, 0x2c, 0x1)
setreuid(0xffffffffffffffff, 0xee01)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', 0x0, 0x0, 0x0)

10.735658939s ago: executing program 3 (id=2008):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0xcc04, &(0x7f0000000200)=ANY=[@ANYBLOB='dots,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6e6f646f74732c646f74732c74696d655f6f66667365743d3078303030303030303030303030303264382c646f74732c646f74732c6e6f646f74732c6e6f646f74732c646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d72656c617865642c666c7573682c64656275672c646f74732c73686f77657865632c6e6f646f74732c6572726f72733d636f6e74696e75652c646f74732c71756965742c003fa5bfd3e968f92d300444698c6f8d94d8b46ce3ce652bc8f6"], 0x1, 0x220, &(0x7f0000000680)="$eJzs3c1uElEUAOAzLS1gXHRnYmIyxoWuGvUJakxNjCQmNSx010RWnVXZQDftY/gKvoxP4QOYrrrQjKkzAy1QpA0/Qb9vw2HOPZd7mTDMhkMehe8PvkSjkcTGXuzFRRI7sRGVsxhVGzsCAKyPizyPH3nh9tXuAwBgHc3w/f9ryUsCABbsw8dP7161WvsHadqIOD/rtXvt4rHIv3nb2n+e/rEzrDrv9dqbg/yLdPTe4TK/FffK/MuiPh2ktyOivR3PnhT5y9zr9630en09Pk9Zd3NO+wcAAAAAAAAAAAAAAAAAAAAAgFV4FGllYn+f3d3RfLPMF8+u9Aca6d9Ti4dVe+Bhe6D8dBmbAgAAAAAAAAAAAAAAAAAAgDXT7Z8cHWZZ53gY1CNicGQn69QmjLk5SMqJZxo8U5DMaZ6JwUbcrbxZbjPLOt9+3q48Kd+iRWxnGDQnn9xZgqgtcmHLCNJ5TVivTvN4qhnJlPI8vwyufwqiDKq2GDeWb0fE9IU9Pbjrvi7yPM++Pj7u9iOfOnh4jagv7WoEAAAAAAAAAAAAAAAAAAD/tyu/+h7T2FzFigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg+br9k+pf/k+ODrOsc9ztzxycRsT9+Ovg6rW2orG6jQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBP+x0AAP//JtMcXQ==")
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f00000003c0)=ANY=[@ANYBLOB='nr_inodes=E'])

10.592761522s ago: executing program 3 (id=2010):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x10, 0x1409, 0x262543c4cee33fe7, 0x70bd2b, 0x1000}, 0x4e}}, 0x20008000)

10.329464608s ago: executing program 3 (id=2013):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)

10.230831851s ago: executing program 33 (id=2013):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)

3.021984874s ago: executing program 4 (id=2080):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000140)=0x5ffaffa, 0x4)

2.949109548s ago: executing program 4 (id=2081):
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x8, 0x0)
r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x100, 0x3, 0x41}, &(0x7f00000003c0), &(0x7f0000000300))
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000100)={0xffffff24, 0x7, '\x00', 0x1000000}, 0x1)

2.948915104s ago: executing program 4 (id=2082):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000fc0)=0xc, 0x6, 0x2)

2.65531615s ago: executing program 4 (id=2083):
syz_mount_image$cramfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x2200409, &(0x7f0000000400)=ANY=[], 0xfe, 0x15e, &(0x7f0000000200)="$eJzs0E2LUmEYxvH/c87jUUixyECCUmhjSeALtYvwRJKQHSjatBLs9AKKkVDuUqJdC6Gti162EfQJdHQxzKCbmS8xG3cDs3Q4z3FmmJePcP92XvdzXzeexw8WOcWJR532h49+t+u/zj736tUXe+NxJcgd6P0/NQ/fTyrwDs1Ew3IAQTxLwJv3Ld9qdlrB72UFooB7yeQRIHl0z01pBhqKhPu5WzC9Zt5ZnM/8MhGzd12DmwyzArD65RAL+q6EWdC3D9iglLM+dsPmWy2fuaqgN8r/+7v9bL5Vu3vnof+9VB3ejqft/Bf4jatim7O3u/Z6azGvP/Xq3qIcLd0vF4oW93ZMYX+IfhL/BK8U6KDPwvQ5pG/ql/BVwQ9za7mhEsD054HXjh5/6/5nOwsqM2o20pE/jdRlCzung8mKC5iJ+ZNCCCGEEEIIIYQQQgghhBBCCCHEGYcBAAD//4rMUes=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000)

2.597346972s ago: executing program 4 (id=2084):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000040)={0x1, 0xffffffff, 0x7, 0x7, 0x2, 0x3})

558.081194ms ago: executing program 2 (id=2109):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

441.13444ms ago: executing program 2 (id=2113):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
syz_mount_image$ocfs2(&(0x7f0000000000), &(0x7f0000004480)='./file0\x00', 0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f61636c2c636f686572656e63793d66756c6c2c6865617274626561743d6e6f6e652c6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f757365725f78617474722c008e1d54758732e066b2e39f7bd9e6e2dab460"], 0x1, 0x4460, &(0x7f00000044c0)="$eJzs2M1vG2kdB/DfTJLGSZPiQg9BcIgEEhVCIckJARIgXqpKiFSBIkSQIuelbcCJQ+KgHHoAqUcORXDizBHOnJAq7iDtP7D7B+zuoXvo7mm98nicemJ74+7GTpr9fA4Zz/Myz5N8Pc88kzRXf7RzOL9zOF/Zm69tPjhcnv9DrXq0ux3piFz0+AxmGDnJ/uKs/PAnP//lcsT+k+W1RqPRiIgoR29LHZ9fPH+82XlsS0/1aV63z+XOya8j4lbXvJrGIuJX/45IIiLJf6k0P07lvZp1v/n9V/8cpVcZc6pvzR/X/z/zz+O73/zXg/996cXbK0/7Nkwi/l794jce7r7zlbHvvPX1rKwx+Az++yrTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBG5s7py/97iUjxLytn5/pPltc76yXL+odS7f6Mx9CkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJfcndWV+/cWl+JZEqX3JiP2nyyvddaPl/MP5d79G98bwSQZmrs/W/nRjxeXstwbjaSr/lt50bs/GIubEfHi+ePNKBzfnO1sn5z6npz+PuWtzm3+7fm1xy1Hki4UztN0YSEiOW6dzyXTabV2WJ6IONrbOrdpvLaK+adZWSGdVtHH5N86njQfKP/z9IWub1N2PjfcUa+Kl/nPrDUaY33b/eNPSeER0C//sQvI/5OaPNd5vJ6K9/94Vla8n1qBNvP/y/jZ9//4Gfmf18p/o/mjlF2v1LkCNPcwzfJ++xWKivlPZGX98u+1/n9wKv+J3vnf++vQfoM+6//+0Aa8Uor5X8vKin/P1gYgyz89+/6/dlme//PDHfWqKOY/+d20u0n25xx0/Z8cUf7l9sp0I+n6BmTlpYjZYQx8xRTzL3XVv3z/Swfa/5cu6P2vdOr9r/0ecjtpvf/RWzH/qb7tBr3/p0a8/rf2fwOYGOYsXl/F/Kezsk+z/58eUf7Zc6rH/v/D9v7/eBijXj3F/K9nZcVV4Gn2M9v/Jd25v38q/+uXYP+Xzf/2cEe9Kor5z/Rt18z/jQGe/zMjzz9i+pV7nOxz+v/D6zOimH++Y/5Pd7vs/i+dnf/siPP/2pkt/CMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DJKy61jOZJ0oXCepgsLEWP5+VxMJxuVrfWNam3zd4cR43n5fHw+eVitbVSq6zt7ta3t9Uq1WtuMmMjrb0UpOazW6uu7lf1rJ9eaSh5tVw7qG9uVekRM5uVfjtn2tTZ26ruV/YgondR9Lq0d7D+q7K1v7Rx8e3FxcTGmTuZwM9k+rm/v1Vujt2ojpk/6lpOOyWXV10/mMpP8tnZ0sFepZuUzHX2qtc1KtaPPbF73t7iZ1A+O9jYr9e31au1he7zeps4nqDN8Pz+md1d/sfrTpe4Gc3l9eSTTAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CN255gGYSgMAvA9YMQBIpgJBmBCAhsakMGICBDAhoHWSPfOTdM+AZ26fF/yJ//ddAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzyP5/eSXZT2iS51KfMV41dfvd2/3lej99Hc+i72yvZlnWWAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVdeldNIIjCADwzKXKp9jFSLbup0gYSQpqsCFaWvoClhaWva2FnJaLMgqy7aKOFfF+zlzOHc2B+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH8DtuJqOqDiGGl91zCPPVx/S0/lbkl0V//9MdduR2/v6b75+qzvcez+qf+df6Kx2r281yFnqerdjJSTdP+dTlxQbyNrRfO7cIMZWH75zb95hSWfZ1vl43AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPbswIEAAAAAgCB/6xUGKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGApAAD//y5GmuM=")
pread64(r0, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)

289.1118ms ago: executing program 1 (id=2117):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d68bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527ffd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f891f547c7e69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d255b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe0879c77fff7b241439686cb4db435d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b3943"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)

216.792602ms ago: executing program 1 (id=2118):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x99)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x7a680000)

143.287877ms ago: executing program 1 (id=2119):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104000000000000000000000200", @ANYRES32, @ANYBLOB="0000000002000100240012800b00010065727370616e0000140002800600020030000000080004"], 0x44}}, 0x0)

142.318148ms ago: executing program 2 (id=2120):
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x37}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

141.930772ms ago: executing program 1 (id=2121):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000840)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000000)={0x38, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x2}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x1ff}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5, 0xe, 0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x18000}, 0x0)

79.187622ms ago: executing program 1 (id=2122):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000640)='/proc/key-users\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f00000040c0)={0x2020}, 0x2020)
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/128, 0x80}], 0x1, 0xffffffff, 0x0)
read$FUSE(r0, &(0x7f0000000e40)={0x2020}, 0x2020)

79.048955ms ago: executing program 1 (id=2123):
syz_usb_connect(0x0, 0x49, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a52bfb0821048f79548601020301090237000100000000090400000002fe"], 0x0)

78.816961ms ago: executing program 2 (id=2124):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3e}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.68766ms ago: executing program 2 (id=2125):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0xe00, 0x0, 0x13}]}}, 0x0, 0x26}, 0x20)

159.361µs ago: executing program 4 (id=2126):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x69, 0x11, 0x7e}}, &(0x7f0000000000)='GPL\x00'}, 0x90)

0s ago: executing program 2 (id=2127):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x1c, 0x0, 0x0)

kernel console output (not intermixed with test programs):

yz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.627572][   T10] usb 3-1: Using ep0 maxpacket: 32
[  131.629933][   T33] audit: type=1326 audit(1756334572.028:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.640361][   T10] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  131.643068][   T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  131.647365][   T33] audit: type=1326 audit(1756334572.028:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.657677][   T10] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  131.665134][   T10] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  131.672455][   T33] audit: type=1326 audit(1756334572.028:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.680521][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  131.683354][   T33] audit: type=1326 audit(1756334572.028:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.691831][   T33] audit: type=1326 audit(1756334572.028:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.701502][   T10] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  131.711746][   T10] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  131.715069][   T33] audit: type=1326 audit(1756334572.028:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.722152][   T33] audit: type=1326 audit(1756334572.028:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.729983][   T10] usb 3-1: Product: syz
[  131.731468][   T10] usb 3-1: Manufacturer: syz
[  131.733026][   T10] usb 3-1: SerialNumber: syz
[  131.739640][   T10] usb 3-1: config 0 descriptor??
[  131.741562][   T33] audit: type=1326 audit(1756334572.028:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.751611][   T10] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  131.759341][   T33] audit: type=1326 audit(131.523:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz.1.828" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  131.768469][   T10] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  132.102084][ T8165] loop3: detected capacity change from 0 to 1024
[  132.519522][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.522179][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.928111][ T8174] loop3: detected capacity change from 0 to 32768
[  133.328266][ T8176] loop3: detected capacity change from 0 to 40427
[  133.360623][ T8176] F2FS-fs (loop3): invalid crc value
[  133.419565][ T8176] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  133.426222][ T8176] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  133.652104][ T8198] loop3: detected capacity change from 0 to 164
[  133.680516][ T8198] iso9660: Corrupted directory entry in block 2 of inode 1792
[  134.247892][   T10] usb 3-1: USB disconnect, device number 13
[  134.254165][   T10] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  134.322807][ T8232] loop2: detected capacity change from 0 to 4096
[  134.334471][ T8232] EXT4-fs (loop2): Test dummy encryption mode enabled
[  134.340062][ T8232] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  134.343896][ T8232] System zones: 0-5
[  134.351466][ T8232] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.373003][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.583406][ T8258] loop2: detected capacity change from 0 to 512
[  134.596885][ T8258] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 18)!
[  134.603610][ T8258] EXT4-fs (loop2): group descriptors corrupted!
[  134.797227][ T8271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.875'.
[  135.545975][ T5908] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  135.694924][ T5908] usb 3-1: Using ep0 maxpacket: 32
[  135.700346][ T5908] usb 3-1: config 1 has an invalid interface number: 236 but max is 0
[  135.703793][ T5908] usb 3-1: config 1 has no interface number 0
[  135.718474][ T5908] usb 3-1: config 1 interface 236 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0
[  135.722623][ T5908] usb 3-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 0
[  135.728122][ T5908] usb 3-1: config 1 interface 236 has no altsetting 0
[  135.732468][ T5908] usb 3-1: config 1 has an invalid interface number: 236 but max is 0
[  135.737910][ T5908] usb 3-1: config 1 has no interface number 0
[  135.740533][ T5908] usb 3-1: config 1 interface 236 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0
[  135.744545][ T5908] usb 3-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 0
[  135.748910][ T5908] usb 3-1: config 1 interface 236 has no altsetting 0
[  135.754042][ T5908] usb 3-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=aa.6a
[  135.757976][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.761383][ T5908] usb 3-1: Product: syz
[  135.764453][ T5908] usb 3-1: Manufacturer: syz
[  135.767907][ T5908] usb 3-1: SerialNumber: syz
[  135.951650][ T5908] ti_usb_3410_5052 3-1:1.236: TI USB 5052 2 port adapter converter detected
[  136.125531][ T5894] usb 3-1: USB disconnect, device number 14
[  136.899841][ T8315] random: crng reseeded on system resumption
[  137.010116][ T8323] loop2: detected capacity change from 0 to 128
[  137.036868][ T8323] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  137.064625][ T5853] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  137.123911][ T8333] loop2: detected capacity change from 0 to 1024
[  137.150667][ T8333] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  137.156557][ T8335] netlink: 8 bytes leftover after parsing attributes in process `syz.3.905'.
[  137.178551][ T8333] EXT4-fs error (device loop2): ext4_get_first_dir_block:3552: inode #11: comm syz.2.906: directory missing '..'
[  137.201189][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.790109][ T8371] netlink: 296 bytes leftover after parsing attributes in process `syz.3.922'.
[  138.461674][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.928'.
[  138.465480][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.928'.
[  138.469374][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.928'.
[  138.473165][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.928'.
[  138.771273][ T8400] netlink: 12 bytes leftover after parsing attributes in process `syz.2.935'.
[  138.910860][ T8411] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  138.930013][ T8411] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  139.137726][ T8415] loop2: detected capacity change from 0 to 32768
[  139.140751][ T8415] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.942 (8415)
[  139.154117][ T8415] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  139.158568][ T8415] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  139.222858][ T8415] BTRFS info (device loop2): rebuilding free space tree
[  139.230725][ T8415] BTRFS info (device loop2): turning on flush-on-commit
[  139.233133][ T8415] BTRFS info (device loop2): enabling free space tree
[  139.235709][ T8415] BTRFS info (device loop2): force clearing of disk cache
[  139.238205][ T8415] BTRFS info (device loop2): doing ref verification
[  139.240725][ T8415] BTRFS info (device loop2): force zlib compression, level 3
[  139.260237][ T5853] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  139.437895][ T8439] netlink: 32 bytes leftover after parsing attributes in process `syz.2.946'.
[  139.527660][ T8441] loop3: detected capacity change from 0 to 4096
[  139.628243][ T1092] ntfs3(loop3): ino=5, mi_enum_attr
[  139.754927][ T5908] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  139.907773][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  139.912400][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  139.918344][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  139.922340][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  139.929213][ T5908] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  139.933003][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.934781][   T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  139.945519][ T5908] usb 3-1: config 0 descriptor??
[  140.086617][   T10] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  140.090371][   T10] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  140.096508][   T10] usb 4-1: config 220 has no interface number 2
[  140.099194][   T10] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  140.106347][   T10] usb 4-1: config 220 interface 0 has no altsetting 0
[  140.109118][   T10] usb 4-1: config 220 interface 76 has no altsetting 0
[  140.111915][   T10] usb 4-1: config 220 interface 1 has no altsetting 0
[  140.118058][   T10] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  140.121953][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.125494][   T10] usb 4-1: Product: syz
[  140.127596][   T10] usb 4-1: Manufacturer: syz
[  140.129604][   T10] usb 4-1: SerialNumber: syz
[  140.349722][   T10] usb 4-1: selecting invalid altsetting 0
[  140.362086][   T10] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  140.363843][ T5908] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  140.366730][   T10] usb 4-1: No valid video chain found.
[  140.380057][   T10] usb 4-1: selecting invalid altsetting 0
[  140.382459][   T10] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  140.388309][ T5908] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  140.389840][   T10] usb 4-1: USB disconnect, device number 5
[  140.632018][ T5908] usb 3-1: USB disconnect, device number 15
[  141.134181][ T8458] bridge0: port 1(bridge_slave_0) entered listening state
[  141.947553][ T8474] loop2: detected capacity change from 0 to 8
[  142.550405][ T8489] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  142.565526][ T8489] block device autoloading is deprecated and will be removed.
[  142.618044][ T8484] md2: using deprecated bitmap file support
[  142.624815][ T8484] md2: error: bitmap file must be a regular file
[  142.964120][ T8491] loop3: detected capacity change from 0 to 32768
[  142.979871][ T8503] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  143.020002][ T8491] syz.3.968: attempt to access beyond end of device
[  143.020002][ T8491] loop3: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  143.044763][ T8491] metapage_write_end_io: I/O error
[  143.048860][ T8491] ERROR: (device loop3): release_metapage: metapage_write_one() failed
[  143.048860][ T8491] 
[  143.056240][ T8491] ERROR: (device loop3): remounting filesystem as read-only
[  143.059606][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.975'.
[  143.063373][ T8491] ERROR: (device loop3): diWrite: ixpxd invalid
[  143.063373][ T8491] 
[  143.069680][ T8491] ERROR: (device loop3): txCommit: 
[  143.069680][ T8491] 
[  143.086463][ T8491] blkno = 8f7c0, nblocks = 1
[  143.088556][ T8491] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  143.088556][ T8491] 
[  143.094066][ T8491] ERROR: (device loop3): dbAllocNext: Corrupt dmap page
[  143.094066][ T8491] 
[  143.103722][ T8491] ialloc: diAlloc returned -5!
[  143.109236][ T1089] kworker/u9:5: attempt to access beyond end of device
[  143.109236][ T1089] loop3: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  143.115933][ T1089] metapage_write_end_io: I/O error
[  143.245677][ T8501] loop2: detected capacity change from 0 to 32768
[  143.284379][ T8501] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  143.325913][ T8501] XFS (loop2): Ending clean mount
[  143.348712][ T8501] XFS (loop2): Quotacheck needed: Please wait.
[  143.385914][ T8501] XFS (loop2): Quotacheck: Done.
[  143.405766][ T8524] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.417491][ T5853] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  143.457209][ T8524] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.585095][ T8527] loop3: detected capacity change from 0 to 512
[  143.593604][ T8527] FAT-fs (loop3): bogus number of FAT sectors
[  143.596869][ T8527] FAT-fs (loop3): Can't find a valid FAT filesystem
[  143.748535][ T8542] loop3: detected capacity change from 0 to 512
[  143.754518][ T8542] EXT4-fs: Ignoring removed i_version option
[  143.783378][ T8542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.904101][ T8558] loop2: detected capacity change from 0 to 128
[  144.183621][ T8542] evm: overlay not supported
[  144.432827][ T8576] loop2: detected capacity change from 0 to 1024
[  144.451400][ T8576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  144.470551][ T8576] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.1005: lblock 1 mapped to illegal pblock 1 (length 4)
[  144.480703][ T8576] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 4 with error 117
[  144.485876][ T8576] EXT4-fs (loop2): This should not happen!! Data will be lost
[  144.485876][ T8576] 
[  144.493617][ T8576] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 7: comm syz.2.1005: lblock 7 mapped to illegal pblock 7 (length 1)
[  144.501109][ T8576] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 1 with error 117
[  144.507283][ T8576] EXT4-fs (loop2): This should not happen!! Data will be lost
[  144.507283][ T8576] 
[  145.044504][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  145.065176][ T7341] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.304339][ T8594] netlink: 'syz.1.1012': attribute type 63 has an invalid length.
[  145.491906][ T8600] loop2: detected capacity change from 0 to 8192
[  145.502344][ T8600] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  147.066767][ T8629] loop3: detected capacity change from 0 to 256
[  147.072619][ T8629] exfat: Deprecated parameter 'utf8'
[  147.074489][ T8629] exfat: Deprecated parameter 'namecase'
[  147.081329][ T8629] exfat: Deprecated parameter 'namecase'
[  147.084327][ T8629] exfat: Deprecated parameter 'utf8'
[  147.109676][ T8629] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x9270b71c, utbl_chksum : 0xe619d30d)
[  147.118657][ T8631] loop2: detected capacity change from 0 to 1024
[  147.142675][ T8631] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  147.163771][ T8631] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  147.166819][ T8631] EXT4-fs (loop2): orphan cleanup on readonly fs
[  147.170242][ T8631] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.1026: Freeing blocks not in datazone - block = 0, count = 4096
[  147.181056][ T8631] EXT4-fs (loop2): 1 orphan inode deleted
[  147.184104][ T8631] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  147.939055][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.551903][ T8664] loop2: detected capacity change from 0 to 128
[  148.568094][ T8664] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  148.604943][ T5853] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  148.737240][ T8668] loop3: detected capacity change from 0 to 32768
[  148.753502][ T8668] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  148.816976][ T7341] (syz-executor,7341,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  148.823644][ T7341] ocfs2: Unmounting device (7,3) on (node local)
[  149.048294][ T8689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1048'.
[  149.055527][ T8689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1048'.
[  149.059857][ T8689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1048'.
[  149.063567][ T8689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1048'.
[  149.254567][ T8708] loop2: detected capacity change from 0 to 8
[  149.284237][ T8708] SQUASHFS error: Unable to read directory block [629:26]
[  149.541135][ T8716] loop2: detected capacity change from 0 to 32768
[  149.556308][ T8716] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  149.575862][ T8716] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  149.588934][ T8716] XFS (loop2): Starting recovery (logdev: internal)
[  149.599539][ T8716] XFS (loop2): Ending recovery (logdev: internal)
[  149.665848][ T5853] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  149.964050][ T8744] loop3: detected capacity change from 0 to 256
[  149.975281][ T8744] exfat: Deprecated parameter 'utf8'
[  149.992650][ T8744] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  150.513358][ T8773] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.519218][ T8773] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.523204][ T8773] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.526444][ T8773] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.691752][ T8781] geneve2: entered promiscuous mode
[  151.027819][ T8804] syzkaller0: entered allmulticast mode
[  151.029951][ T8804] syzkaller0: entered promiscuous mode
[  151.039880][ T8804] syzkaller0 (unregistering): left allmulticast mode
[  151.042819][ T8804] syzkaller0 (unregistering): left promiscuous mode
[  151.171967][ T8812] loop3: detected capacity change from 0 to 4096
[  151.187138][ T8812] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  151.210695][ T8812] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  151.220971][ T8812] ntfs3(loop3): ino=1f, "file2" failed to open parent directory r=5 to update
[  151.258380][   T68] ntfs3(loop3): ino=1f, failed to open parent directory r=5 to update
[  151.264841][ T8816] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1105'.
[  151.316325][ T8819] CIFS: VFS: Malformed UNC in devname
[  151.335627][   T51] Process accounting resumed
[  151.436030][ T8830] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1113'.
[  151.476136][ T8833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1114'.
[  151.574050][ T8847] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  151.578773][ T8847] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  151.580993][ T8847] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  151.585509][ T8847] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  151.588545][ T8847] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  151.591291][ T8847] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  151.600783][ T8847] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  151.603682][ T8847] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  151.607687][ T8847] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  151.610652][ T8847] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  151.613480][ T8847] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  151.616720][ T8847] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  151.761982][ T8867] loop3: detected capacity change from 0 to 2048
[  151.787908][ T8870] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  151.815666][ T8870] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  151.819898][ T8870] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  151.831008][ T8870] Remounting filesystem read-only
[  151.832836][ T8867] NILFS (loop3): mounting fs with errors
[  151.842721][ T8867] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=2)
[  151.849341][ T8867] Remounting filesystem read-only
[  151.852830][ T8867] NILFS error (device loop3): nilfs_readdir: bad page in #2
[  151.883946][ T7341] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  151.932126][ T8880] Bluetooth: MGMT ver 1.23
[  151.965768][   T33] audit: type=1326 audit(151.843:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  151.974438][   T33] audit: type=1326 audit(151.843:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.005785][   T33] audit: type=1326 audit(151.843:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.026080][   T33] audit: type=1326 audit(151.843:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.052560][   T33] audit: type=1326 audit(151.843:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.086314][   T33] audit: type=1326 audit(151.843:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.108036][   T33] audit: type=1326 audit(151.843:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.132605][   T33] audit: type=1326 audit(151.843:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.2.1135" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  152.208982][ T8897] loop3: detected capacity change from 0 to 4096
[  152.215779][ T8897] ntfs3: Unknown parameter './file0'
[  152.464881][ T5908] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  152.626995][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  152.631349][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  152.641506][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  152.653609][ T5908] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  152.659507][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.666239][ T5908] usb 3-1: Product: syz
[  152.670257][ T5908] usb 3-1: Manufacturer: syz
[  152.673502][ T5908] usb 3-1: SerialNumber: syz
[  152.683528][ T5908] usb 3-1: config 0 descriptor??
[  152.690692][ T8904] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  152.693385][ T8904] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  152.702024][ T5908] usb 3-1: ucan: probing device on interface #0
[  153.153985][ T5908] usb 3-1: ucan: failed to retrieve device info
[  153.161367][ T5908] usb 3-1: ucan: probe failed; try to update the device firmware
[  153.171501][ T5908] usb 3-1: USB disconnect, device number 16
[  153.740152][ T8953] loop2: detected capacity change from 0 to 4096
[  153.763691][ T8956] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  153.788777][   T33] audit: type=1800 audit(153.673:51): pid=8953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1166" name="file1" dev="loop2" ino=15 res=0 errno=0
[  153.816329][ T8953] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  153.828125][ T8953] Remounting filesystem read-only
[  153.831340][ T8953] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288
[  153.835465][ T8953] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  153.839459][ T8953] NILFS (loop2): error -5 truncating bmap (ino=15)
[  153.869095][ T5853] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  153.908839][ T8963] loop2: detected capacity change from 0 to 1024
[  153.912187][ T8963] EXT4-fs: inline encryption not supported
[  153.915109][ T8963] EXT4-fs: Ignoring removed i_version option
[  153.938042][ T8963] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.960594][ T8963] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  154.082129][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.319390][ T8974] loop3: detected capacity change from 0 to 40427
[  154.335715][ T8974] F2FS-fs (loop3): invalid crc value
[  154.385643][ T8974] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  154.389900][ T8974] F2FS-fs (loop3): Start checkpoint disabled!
[  154.397543][ T8974] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  154.406433][   T33] audit: type=1800 audit(154.293:52): pid=8974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1175" name="file1" dev="loop3" ino=10 res=0 errno=0
[  154.532185][    C0] vcan0: j1939_tp_rxtimer: 0xffff888107269400: rx timeout, send abort
[  154.715127][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.715127][ T9007] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  154.728857][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.728857][ T9007] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  154.739237][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.739237][ T9007] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  154.748149][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.748149][ T9007] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  154.757033][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.757033][ T9007] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  154.766818][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.766818][ T9007] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  154.776490][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.776490][ T9007] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  154.784376][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.784376][ T9007] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  154.793457][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.793457][ T9007] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  154.802186][ T9007] syz.3.1175: attempt to access beyond end of device
[  154.802186][ T9007] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  155.032784][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880304d8000: rx timeout, send abort
[  155.040169][    C0] vcan0: j1939_tp_rxtimer: 0xffff888107269400: abort rx timeout. Force session deactivation
[  155.060184][ T9013] loop2: detected capacity change from 0 to 256
[  155.123980][ T1089] CPU: 0 UID: 0 PID: 1089 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) 
[  155.123999][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  155.124005][ T1089] Workqueue: writeback wb_workfn (flush-7:3)
[  155.124024][ T1089] Call Trace:
[  155.124028][ T1089]  <TASK>
[  155.124033][ T1089]  dump_stack_lvl+0x189/0x250
[  155.124049][ T1089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.124061][ T1089]  ? __pfx_queue_work_on+0x10/0x10
[  155.124070][ T1089]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  155.124083][ T1089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  155.124102][ T1089]  f2fs_handle_critical_error+0x37c/0x540
[  155.124123][ T1089]  f2fs_write_end_io+0x886/0xb60
[  155.124146][ T1089]  __submit_merged_bio+0x27a/0x6a0
[  155.124166][ T1089]  __submit_merged_write_cond+0x255/0x530
[  155.124188][ T1089]  f2fs_write_data_pages+0x261d/0x3000
[  155.124230][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  155.124260][ T1089]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  155.124301][ T1089]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  155.124328][ T1089]  ? trace_f2fs_writepages+0x7f/0x200
[  155.124345][ T1089]  ? f2fs_write_node_pages+0x478/0x6e0
[  155.124366][ T1089]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  155.124379][ T1089]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  155.124439][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  155.124459][ T1089]  do_writepages+0x32e/0x550
[  155.124481][ T1089]  ? reacquire_held_locks+0x127/0x1d0
[  155.124493][ T1089]  ? writeback_sb_inodes+0x384/0x1010
[  155.124516][ T1089]  __writeback_single_inode+0x145/0xff0
[  155.124532][ T1089]  ? do_raw_spin_unlock+0x4d/0x240
[  155.124556][ T1089]  writeback_sb_inodes+0x6c7/0x1010
[  155.124593][ T1089]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  155.124641][ T1089]  ? rcu_is_watching+0x15/0xb0
[  155.124682][ T1089]  wb_writeback+0x43b/0xaf0
[  155.124704][ T1089]  ? queue_io+0x361/0x590
[  155.124721][ T1089]  ? __pfx_wb_writeback+0x10/0x10
[  155.124743][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  155.124762][ T1089]  wb_workfn+0x409/0xef0
[  155.124809][ T1089]  ? __pfx_wb_workfn+0x10/0x10
[  155.124828][ T1089]  ? __lock_acquire+0xab9/0xd20
[  155.124854][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  155.124872][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  155.124886][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  155.124897][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  155.124910][ T1089]  process_scheduled_works+0xae1/0x17b0
[  155.124949][ T1089]  ? __pfx_process_scheduled_works+0x10/0x10
[  155.124977][ T1089]  worker_thread+0x8a0/0xda0
[  155.125015][ T1089]  kthread+0x711/0x8a0
[  155.125033][ T1089]  ? __pfx_worker_thread+0x10/0x10
[  155.125045][ T1089]  ? __pfx_kthread+0x10/0x10
[  155.125061][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  155.125075][ T1089]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.125090][ T1089]  ? __pfx_kthread+0x10/0x10
[  155.125106][ T1089]  ret_from_fork+0x3fc/0x770
[  155.125122][ T1089]  ? __pfx_ret_from_fork+0x10/0x10
[  155.125140][ T1089]  ? __switch_to_asm+0x39/0x70
[  155.125154][ T1089]  ? __switch_to_asm+0x33/0x70
[  155.125167][ T1089]  ? __pfx_kthread+0x10/0x10
[  155.125183][ T1089]  ret_from_fork_asm+0x1a/0x30
[  155.125213][ T1089]  </TASK>
[  155.199595][ T9013] FAT-fs (loop2): Directory bread(block 64) failed
[  155.201313][    C0] vkms_vblank_simulate: vblank timer overrun
[  155.213387][ T9013] FAT-fs (loop2): Directory bread(block 65) failed
[  155.220279][ T1089] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  155.238968][ T9013] FAT-fs (loop2): Directory bread(block 66) failed
[  155.290472][ T9013] FAT-fs (loop2): Directory bread(block 67) failed
[  155.293431][ T9013] FAT-fs (loop2): Directory bread(block 68) failed
[  155.296218][ T9013] FAT-fs (loop2): Directory bread(block 69) failed
[  155.299064][ T9013] FAT-fs (loop2): Directory bread(block 70) failed
[  155.301286][ T9013] FAT-fs (loop2): Directory bread(block 71) failed
[  155.303512][ T9013] FAT-fs (loop2): Directory bread(block 72) failed
[  155.306974][ T9013] FAT-fs (loop2): Directory bread(block 73) failed
[  155.536366][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880304d8000: abort rx timeout. Force session deactivation
[  155.742628][ T9040] loop3: detected capacity change from 0 to 512
[  155.757344][ T9040] EXT4-fs: journaled quota format not specified
[  155.771329][ T9039] Driver unsupported XDP return value 0 on prog  (id 99) dev N/A, expect packet loss!
[  155.787680][ T9040] loop3: detected capacity change from 0 to 8
[  155.980572][ T9044] loop2: detected capacity change from 0 to 512
[  156.040751][ T9044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.221548][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.417482][ T9062] openvswitch: netlink: Key 4 has unexpected len 0 expected 12
[  156.810880][ T9090] loop2: detected capacity change from 0 to 164
[  156.825971][ T9090] Unable to read rock-ridge attributes
[  156.866718][ T9090] Unable to read rock-ridge attributes
[  156.873146][ T9090] iso9660: Corrupted directory entry in block 4 of inode 1792
[  157.769282][ T9132] loop2: detected capacity change from 0 to 32768
[  157.773443][ T9132] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1235 (9132)
[  157.781792][ T9132] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  157.786303][ T9132] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  157.872492][ T9132] BTRFS info (device loop2): setting nodatasum
[  157.874873][ T9132] BTRFS info (device loop2): turning off barriers
[  157.877322][ T9132] BTRFS info (device loop2): enabling free space tree
[  158.022149][ T9163] syz_tun: entered allmulticast mode
[  158.177951][ T5853] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  158.309922][   T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  158.450935][   T24] usb 4-1: Using ep0 maxpacket: 16
[  158.455075][   T24] usb 4-1: config 0 has an invalid interface number: 147 but max is 0
[  158.458671][   T24] usb 4-1: config 0 has no interface number 0
[  158.461446][   T24] usb 4-1: config 0 interface 147 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[  158.465763][   T24] usb 4-1: config 0 interface 147 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  158.470638][   T24] usb 4-1: config 0 interface 147 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  158.477171][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=1080, bcdDevice=5b.44
[  158.480961][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.484411][   T24] usb 4-1: Product: syz
[  158.486252][   T24] usb 4-1: Manufacturer: syz
[  158.488272][   T24] usb 4-1: SerialNumber: syz
[  158.492526][   T24] usb 4-1: config 0 descriptor??
[  158.496578][ T9158] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  158.499858][ T9158] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  158.699505][   T24] net1080 4-1:0.147: probe with driver net1080 failed with error -71
[  158.712822][   T24] usb 4-1: USB disconnect, device number 6
[  158.756987][ T9178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1254'.
[  159.226063][ T9196] netlink: 424 bytes leftover after parsing attributes in process `syz.3.1263'.
[  159.230345][ T9196] netlink: 'syz.3.1263': attribute type 1 has an invalid length.
[  159.512798][ T9213] loop3: detected capacity change from 0 to 4096
[  159.535557][ T9213] NILFS (loop3): invalid segment: Checksum error in segment payload
[  159.549110][ T9213] NILFS (loop3): trying rollback from an earlier position
[  159.569251][ T9213] NILFS (loop3): recovery complete
[  159.572323][ T9216] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.664886][ T9218] sctp: [Deprecated]: syz.1.1274 (pid 9218) Use of struct sctp_assoc_value in delayed_ack socket option.
[  159.664886][ T9218] Use struct sctp_sack_info instead
[  161.363113][ T9251] netlink: 'syz.3.1286': attribute type 13 has an invalid length.
[  161.423822][ T9251] gretap0: refused to change device tx_queue_len
[  161.426420][ T9251] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  161.463212][ T9255] 8021q: adding VLAN 0 to HW filter on device bond1
[  161.634304][ T9272] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1296'.
[  162.330962][ T9286] loop3: detected capacity change from 0 to 32768
[  162.339718][ T9286] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1303 (9286)
[  162.350657][ T9286] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  162.355092][ T9286] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  162.391256][ T9286] BTRFS info (device loop3): rebuilding free space tree
[  162.399879][ T9286] BTRFS info (device loop3): enabling ssd optimizations
[  162.402316][ T9286] BTRFS info (device loop3): turning on flush-on-commit
[  162.407829][ T9286] BTRFS info (device loop3): enabling free space tree
[  162.410945][ T9286] BTRFS info (device loop3): force clearing of disk cache
[  162.414365][ T9286] BTRFS info (device loop3): doing ref verification
[  162.417538][ T9286] BTRFS info (device loop3): max_inline set to 4096
[  162.658095][ T7341] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  163.208486][   T51] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  163.293902][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  163.366017][   T51] usb 4-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77
[  163.370035][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.373532][   T51] usb 4-1: Product: syz
[  163.375281][   T51] usb 4-1: Manufacturer: syz
[  163.377319][   T51] usb 4-1: SerialNumber: syz
[  163.383570][   T51] usb 4-1: config 0 descriptor??
[  163.390581][   T51] usb 4-1: disable ehci-hcd to run US-144
[  163.438094][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.442894][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  163.449290][    T9] usb 3-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  163.453154][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.460516][    T9] usb 3-1: config 0 descriptor??
[  163.584813][ T5908] usb 4-1: USB disconnect, device number 7
[  163.854698][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.857878][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.860912][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.864755][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.867892][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.871238][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.874213][    T9] a4tech 0003:09DA:000A.0004: unknown main item tag 0x0
[  163.882007][    T9] a4tech 0003:09DA:000A.0004: hidraw0: USB HID v0.00 Device [HID 09da:000a] on usb-dummy_hcd.2-1/input0
[  164.047681][ T5908] usb 3-1: USB disconnect, device number 17
[  164.103851][ T9332] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1315'.
[  164.751774][ T9350] loop2: detected capacity change from 0 to 512
[  164.762355][ T9350] EXT4-fs: Ignoring removed mblk_io_submit option
[  164.764650][ T9350] EXT4-fs: inline encryption not supported
[  164.769162][ T9350] EXT4-fs: Ignoring removed mblk_io_submit option
[  164.772140][ T9350] EXT4-fs (loop2): Test dummy encryption mode enabled
[  164.774570][ T9350] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  164.783949][ T9350] EXT4-fs (loop2): 1 truncate cleaned up
[  164.791774][ T9350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.794216][ T9354] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  164.882694][ T9350] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  164.900823][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.531240][ T9393] loop8: detected capacity change from 0 to 5
[  165.535277][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.538706][ T5313] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  165.543334][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.546983][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.555834][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.559290][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.562683][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.566215][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.569557][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.578419][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.581858][ T6580] Buffer I/O error on dev loop8, logical block 0, async page read
[  165.638621][ T9399] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1341'.
[  165.661764][ T9399] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1341'.
[  165.679837][ T5313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.683969][ T5313] usb 4-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00
[  165.689010][ T5313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.694473][ T5313] usb 4-1: config 0 descriptor??
[  165.950531][ T9403] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1343'.
[  166.017567][ T9407] loop2: detected capacity change from 0 to 4096
[  166.081531][ T9407] ntfs3(loop2): ino=0, "file0" failed to extend initialized size to 8fecc.
[  166.098084][ T5313] kye 0003:0458:5012.0005: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  166.117642][ T5313] kye 0003:0458:5012.0005: hidraw0: USB HID v0.00 Device [HID 0458:5012] on usb-dummy_hcd.3-1/input0
[  166.122282][ T5313] kye 0003:0458:5012.0005: tablet-enabling feature report not found
[  166.137940][ T5313] kye 0003:0458:5012.0005: tablet enabling failed
[  166.298016][    T9] usb 4-1: USB disconnect, device number 8
[  166.374778][ T9426] netlink: 3176 bytes leftover after parsing attributes in process `syz.2.1353'.
[  166.461016][ T9432] PKCS7: Unknown OID: [4] 5.25.373.87(bad)
[  166.465590][ T9432] PKCS7: Only support pkcs7_signedData type
[  166.497870][ T9434] loop2: detected capacity change from 0 to 512
[  166.531415][ T9434] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.548992][ T9434] fs-verity (loop2, inode 15): Unrecognized descriptor size: 0 bytes
[  166.571311][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.601785][   T33] audit: type=1326 audit(935.011:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9442 comm="syz.1.1362" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  166.618846][   T33] audit: type=1326 audit(935.032:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1361" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  166.641285][   T33] audit: type=1326 audit(935.032:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1361" exe="/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  166.666164][   T33] audit: type=1326 audit(935.032:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.2.1361" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  166.675578][   T33] audit: type=1326 audit(935.032:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9442 comm="syz.1.1362" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6ae898d550 code=0x7ffc0000
[  166.689476][   T33] audit: type=1326 audit(935.032:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9442 comm="syz.1.1362" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  166.700226][   T33] audit: type=1326 audit(935.032:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9442 comm="syz.1.1362" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  166.708286][ T9447] loop2: detected capacity change from 0 to 8192
[  166.761686][ T6580]  loop2: p1 p2 < > p3 p4 < p5 >
[  166.763938][ T6580] loop2: partition table partially beyond EOD, truncated
[  166.768360][ T6580] loop2: p1 size 100663296 extends beyond EOD, truncated
[  166.774978][ T6580] loop2: p2 start 591104 is beyond EOD, truncated
[  166.783686][ T6580] loop2: p3 start 33572980 is beyond EOD, truncated
[  166.791449][ T6580] loop2: p5 size 100663296 extends beyond EOD, truncated
[  166.806656][ T9447]  loop2: p1 p2 < > p3 p4 < p5 >
[  166.811488][ T9447] loop2: partition table partially beyond EOD, truncated
[  166.817796][ T9447] loop2: p1 size 100663296 extends beyond EOD, truncated
[  166.838219][ T9447] loop2: p2 start 591104 is beyond EOD, truncated
[  166.840743][ T9447] loop2: p3 start 33572980 is beyond EOD, truncated
[  166.845864][ T9447] loop2: p5 size 100663296 extends beyond EOD, truncated
[  166.847871][ T9455] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  166.857296][ T9457] loop3: detected capacity change from 0 to 2048
[  166.884207][ T9457] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  167.039206][ T6580] udevd[6580]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  167.046553][ T5961] udevd[5961]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  167.059049][ T5956] udevd[5956]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory
[  167.128038][ T9467] device ioctl magic numbers don't match! Did you rebuild pvfs2-client-core/libpvfs2? [cmd c0189374, magic 93 != 6b]
[  167.291424][ T9463] loop3: detected capacity change from 0 to 32768
[  167.305495][ T9480] syz.2.1379 (9480): drop_caches: 0
[  167.354126][ T9463] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  167.491087][ T9463] XFS (loop3): Ending clean mount
[  167.503493][ T9463] XFS (loop3): Quotacheck needed: Please wait.
[  167.634235][ T9463] XFS (loop3): Quotacheck: Done.
[  167.836916][ T7341] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  169.140330][ T9517] loop2: detected capacity change from 0 to 1024
[  169.168125][ T9517] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.325324][ T9535] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1398'.
[  169.331427][   T33] audit: type=1326 audit(937.832:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9530 comm="syz.1.1396" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  169.347524][   T33] audit: type=1326 audit(937.832:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9530 comm="syz.1.1396" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  169.368587][   T33] audit: type=1326 audit(937.842:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9530 comm="syz.1.1396" exe="/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  169.537115][ T9545] IPVS: length: 139 != 8
[  169.855353][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.944448][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1406'.
[  170.023514][ T9554] loop2: detected capacity change from 0 to 4096
[  170.090227][ T9556] loop2: detected capacity change from 0 to 512
[  170.102742][ T9556] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e042c118, mo2=0002]
[  170.105901][ T9556] System zones: 1-12
[  170.107833][ T9556] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.1408: corrupted in-inode xattr: e_value size too large
[  170.113641][ T9556] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1408: couldn't read orphan inode 15 (err -117)
[  170.120145][ T9556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.145842][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.178280][ T9559] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1409'.
[  170.181859][ T9559] netlink: 660 bytes leftover after parsing attributes in process `syz.2.1409'.
[  170.261242][ T9563] batadv_slave_0: entered promiscuous mode
[  170.263794][ T9563] batadv_slave_0: entered allmulticast mode
[  170.269687][ T9563] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  170.423869][ T9568] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1413'.
[  170.428261][ T9568] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615)
[  170.440234][ T9568] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647
[  170.462472][   T51] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  170.755033][ T9578] loop3: detected capacity change from 0 to 40427
[  170.780489][   T51] usb 3-1: Using ep0 maxpacket: 32
[  170.784240][   T51] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  170.787462][   T51] usb 3-1: config 0 has no interface number 0
[  170.793476][   T51] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  170.796623][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.827334][ T9578] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  170.832797][ T9578] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  170.837782][   T51] usb 3-1: Product: syz
[  170.839513][   T51] usb 3-1: Manufacturer: syz
[  170.841836][   T51] usb 3-1: SerialNumber: syz
[  170.845038][   T51] usb 3-1: config 0 descriptor??
[  170.853674][   T51] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  171.299333][   T51] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  171.343546][   T51] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  171.633259][ T9596] tc_dump_action: action bad kind
[  171.656008][ T5313] usb 3-1: USB disconnect, device number 18
[  171.660787][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -108
[  171.676769][ T5313] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  171.713692][ T5313] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  171.730462][ T5313] quatech2 3-1:0.51: device disconnected
[  172.077486][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  172.203716][ T9626] netlink: 'syz.2.1436': attribute type 11 has an invalid length.
[  172.207056][ T9626] netlink: 'syz.2.1436': attribute type 5 has an invalid length.
[  172.220207][    T9] usb 4-1: Using ep0 maxpacket: 32
[  172.224910][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC4, changing to 0x84
[  172.244118][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  172.250560][    T9] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16
[  172.256237][    T9] usb 4-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3
[  172.267498][    T9] usb 4-1: Product: syz
[  172.269129][    T9] usb 4-1: Manufacturer: syz
[  172.271726][    T9] usb 4-1: SerialNumber: syz
[  172.284754][    T9] usb 4-1: config 0 descriptor??
[  172.353527][    T9] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  172.500132][   T51] usb 4-1: USB disconnect, device number 9
[  172.503730][ T5873] usb 4-1: Failed to submit usb control message: -71
[  172.506349][ T5873] usb 4-1: unable to send the bmi data to the device: -71
[  172.512219][ T5873] usb 4-1: unable to get target info from device
[  172.517742][ T5873] usb 4-1: could not get target info (-71)
[  172.532253][ T5873] usb 4-1: could not probe fw (-71)
[  173.181706][ T9646] netlink: 'syz.3.1444': attribute type 2 has an invalid length.
[  173.215915][ T9646] : entered promiscuous mode
[  173.710295][ T9665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1454'.
[  174.445876][ T9695] loop2: detected capacity change from 0 to 8
[  174.490497][ T9689] loop3: detected capacity change from 0 to 32768
[  174.508479][ T9689] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1464 (9689)
[  174.530614][ T9696] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1467'.
[  174.622660][ T9689] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  174.632709][ T9689] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  174.909175][ T9689] BTRFS info (device loop3): turning off barriers
[  174.912043][ T9689] BTRFS info (device loop3): enabling free space tree
[  174.914979][ T9689] BTRFS info (device loop3): use zstd compression, level 3
[  175.465587][ T9689] BTRFS info (device loop3 state M): resize thread pool 4 -> 2097158
[  175.469471][ T9689] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  175.474611][ T9689] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  175.480937][ T9689] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW
[  175.485911][ T9689] BTRFS info (device loop3 state M): disabling log replay at mount time
[  175.489718][ T9689] BTRFS info (device loop3 state M): force clearing of disk cache
[  175.493020][ T9689] BTRFS info (device loop3 state M): ignoring bad roots
[  175.496021][ T9689] BTRFS info (device loop3 state M): ignoring data csums
[  175.500562][ T9689] BTRFS info (device loop3 state M): ignoring meta csums
[  175.503627][ T9689] BTRFS info (device loop3 state M): ignoring unknown super block flags
[  175.568686][ T7341] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  176.469734][ T9745] loop3: detected capacity change from 0 to 256
[  176.601475][ T9753] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  176.959050][ T9777] sctp: [Deprecated]: syz.2.1495 (pid 9777) Use of int in maxseg socket option.
[  176.959050][ T9777] Use struct sctp_assoc_value instead
[  177.031207][  T792] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  177.175264][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.179887][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.192599][  T792] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  177.201510][  T792] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  177.205447][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.217698][ T9779] loop2: detected capacity change from 0 to 32768
[  177.232554][  T792] usb 4-1: config 0 descriptor??
[  177.259923][ T9779] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  177.309535][ T9779] XFS (loop2): Ending clean mount
[  177.342758][ T5853] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  177.602983][   T33] kauditd_printk_skb: 10 callbacks suppressed
[  177.602992][   T33] audit: type=1326 audit(946.638:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  177.612739][   T33] audit: type=1326 audit(946.648:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  177.621169][   T33] audit: type=1326 audit(946.648:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  177.634212][   T33] audit: type=1326 audit(946.648:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  177.644116][  T792] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  177.647463][   T33] audit: type=1326 audit(946.648:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x7ffc0000
[  177.766312][ T9807] netlink: 'syz.1.1506': attribute type 4 has an invalid length.
[  177.817635][ T5894] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  177.875844][  T792] usb 4-1: USB disconnect, device number 10
[  177.993518][ T5894] usb 3-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  177.997473][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.000736][ T5894] usb 3-1: Product: syz
[  178.003971][ T5894] usb 3-1: Manufacturer: syz
[  178.005941][ T5894] usb 3-1: SerialNumber: syz
[  178.014293][ T5894] usb 3-1: config 0 descriptor??
[  178.021343][ T9811] overlayfs: failed to clone upperpath
[  178.115660][ T9815] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1510'.
[  178.119488][ T9815] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1510'.
[  178.123462][ T9815] netlink: 21 bytes leftover after parsing attributes in process `syz.1.1510'.
[  178.786018][ T5894] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  178.803472][ T5894] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  178.819565][ T5894] asix 3-1:0.0: probe with driver asix failed with error -71
[  178.890264][ T5894] usb 3-1: USB disconnect, device number 19
[  179.351818][ T9851] loop3: detected capacity change from 0 to 512
[  179.356387][ T9851] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  179.377225][ T9851] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  179.411298][ T7341] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  179.426389][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  179.426457][ T5846] Bluetooth: hci2: command 0x0406 tx timeout
[  179.514292][ T9858] loop2: detected capacity change from 0 to 1024
[  179.551030][ T9858] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  179.569578][ T9858] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.1530: Freeing blocks not in datazone - block = 0, count = 16
[  179.601774][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  180.186632][   T33] audit: type=1326 audit(949.361:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.2.1538" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  180.197069][   T33] audit: type=1326 audit(949.361:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.2.1538" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  180.213793][   T33] audit: type=1326 audit(949.371:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.2.1538" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  180.224155][   T33] audit: type=1326 audit(949.371:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.2.1538" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  180.232427][   T33] audit: type=1326 audit(949.371:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.2.1538" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ab98ebe9 code=0x7ffc0000
[  180.260278][ T9886] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.943323][ T9899] IPv6: Can't replace route, no match found
[  180.983446][ T9901] loop2: detected capacity change from 0 to 512
[  180.987750][ T9901] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  181.013740][ T9901] EXT4-fs (loop2): 1 orphan inode deleted
[  181.016034][ T9901] EXT4-fs (loop2): 1 truncate cleaned up
[  181.018862][ T9901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  181.056558][ T9907] loop3: detected capacity change from 0 to 64
[  181.098288][ T9908] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  181.637724][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.204666][ T5894] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  183.275739][ T5894] usb 3-1: unable to get BOS descriptor or descriptor too short
[  183.565404][ T9940] loop3: detected capacity change from 0 to 2048
[  183.840655][ T5894] usb 3-1: no configurations
[  183.842503][ T5894] usb 3-1: can't read configurations, error -22
[  184.073131][ T6580]  loop3: p4 < >
[  184.108210][ T9940]  loop3: p4 < >
[  184.133314][ T9954] loop2: detected capacity change from 0 to 1024
[  184.170536][ T6580] udevd[6580]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  184.186039][ T6580] udevd[6580]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  184.356215][ T9960] loop3: detected capacity change from 0 to 32768
[  184.361133][ T9960] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1570 (9960)
[  184.369686][ T9960] BTRFS info (device loop3 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  184.373329][ T9960] BTRFS info (device loop3 state S): using crc32c (crc32c-lib) checksum algorithm
[  184.390431][ T1095] BTRFS warning (device loop3 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x3a96e814 level 0, ignored
[  184.398696][ T9960] BTRFS error (device loop3 state S): devid 1 uuid ffe9ff7f-0000-0000-0000-9003f3eadbc4 is missing
[  184.402638][ T9960] BTRFS error (device loop3 state S): failed to read chunk tree: -2
[  184.422451][ T9960] BTRFS error (device loop3 state S): open_ctree failed: -2
[  184.583880][ T5894] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  184.735313][ T5894] usb 3-1: Using ep0 maxpacket: 8
[  184.740736][ T5894] usb 3-1: config 0 has an invalid interface number: 78 but max is 0
[  184.746889][ T5894] usb 3-1: config 0 has no interface number 0
[  184.753855][ T5894] usb 3-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=f0.21
[  184.757646][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.761419][ T5894] usb 3-1: Product: syz
[  184.763325][ T5894] usb 3-1: Manufacturer: syz
[  184.765475][ T5894] usb 3-1: SerialNumber: syz
[  184.772341][ T5894] usb 3-1: config 0 descriptor??
[  184.972121][ T5894] usbhid 3-1:0.78: couldn't find an input interrupt endpoint
[  184.978150][ T5894] usb 3-1: USB disconnect, device number 21
[  186.691293][ T9994] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  186.694055][ T9994] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  186.700416][ T9994] comedi comedi3: 8255: I/O port conflict (0x21,4)
[  186.703173][ T9994] comedi comedi3: 8255: I/O port conflict (0x8,4)
[  187.147048][T10007] CUSE: DEVNAME unspecified
[  187.510246][   T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  187.517619][ T5235] Bluetooth: hci2: unexpected event for opcode 0x2005
[  187.529427][T10019] loop2: detected capacity change from 0 to 512
[  187.538392][T10019] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  187.541563][T10019] EXT4-fs (loop2): orphan cleanup on readonly fs
[  187.545040][T10019] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  187.555982][T10019] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  187.559520][T10019] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #16: comm syz.2.1590: casefold flag without casefold feature
[  187.565911][T10019] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1590: couldn't read orphan inode 16 (err -117)
[  187.581824][T10019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  187.612034][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.665518][   T24] usb 4-1: Using ep0 maxpacket: 8
[  187.671419][   T24] usb 4-1: config 0 has an invalid interface number: 151 but max is 1
[  187.674017][   T24] usb 4-1: config 0 has no interface number 1
[  187.683273][   T24] usb 4-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  187.687665][   T24] usb 4-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  187.692490][   T24] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[  187.702268][   T24] usb 4-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  187.707720][   T24] usb 4-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  187.712351][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC9, changing to 0x89
[  187.722313][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  187.726855][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  187.743083][   T24] usb 4-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[  187.750742][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.753408][   T24] usb 4-1: Product: syz
[  187.754912][   T24] usb 4-1: Manufacturer: syz
[  187.756474][   T24] usb 4-1: SerialNumber: syz
[  187.763668][   T24] usb 4-1: config 0 descriptor??
[  187.765960][T10011] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.773306][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  187.778774][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  187.795458][   T24] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -12
[  187.796109][T10034] loop2: detected capacity change from 0 to 4096
[  187.803396][T10034] ntfs3: Unknown parameter 'noacl'
[  187.822743][T10034] tipc: Started in network mode
[  187.824763][T10034] tipc: Node identity 2d8594bdb4a9d548002e, cluster identity 4711
[  187.984390][  T792] usb 4-1: USB disconnect, device number 11
[  188.048434][T10048] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  188.155015][ T5873] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x82
[  188.494387][T10088] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1618'.
[  188.497478][T10088] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1618'.
[  188.527550][T10092] loop3: detected capacity change from 0 to 2048
[  188.542018][T10093] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  188.552804][T10092] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: disallowed inode number - offset=56, inode=6, rec_len=24, name_len=5
[  188.559630][T10092] Remounting filesystem read-only
[  188.604852][T10095] tipc: Started in network mode
[  188.606581][T10095] tipc: Node identity 4, cluster identity 4711
[  188.608817][T10095] tipc: Node number set to 4
[  188.727184][  T792] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  188.859861][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  188.870530][  T792] usb 3-1: Using ep0 maxpacket: 32
[  188.874028][  T792] usb 3-1: config 0 has an invalid interface number: 23 but max is 0
[  188.876734][  T792] usb 3-1: config 0 has no interface number 0
[  188.878754][  T792] usb 3-1: config 0 interface 23 has no altsetting 0
[  188.883316][  T792] usb 3-1: New USB device found, idVendor=0557, idProduct=2002, bcdDevice=b6.ad
[  188.886332][  T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.890106][  T792] usb 3-1: Product: syz
[  188.891641][  T792] usb 3-1: Manufacturer: syz
[  188.893321][  T792] usb 3-1: SerialNumber: syz
[  188.897219][  T792] usb 3-1: config 0 descriptor??
[  188.997011][T10101] tipc: Invalid UDP bearer configuration
[  188.997063][T10101] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  189.011708][    T9] usb 4-1: Using ep0 maxpacket: 16
[  189.015750][    T9] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  189.019007][    T9] usb 4-1: config 0 has no interface number 0
[  189.021975][    T9] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.029520][    T9] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  189.033850][    T9] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  189.037103][    T9] usb 4-1: Product: syz
[  189.038745][    T9] usb 4-1: SerialNumber: syz
[  189.048416][    T9] usb 4-1: config 0 descriptor??
[  189.055196][    T9] cm109 4-1:0.8: invalid payload size 123, expected 4
[  189.068578][    T9] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input13
[  189.093528][T10090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.106658][T10090] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.134653][  T792] kaweth 3-1:0.23: Firmware present in device.
[  189.152723][  T792] kaweth 3-1:0.23: Error reading configuration (-71), no net device created
[  189.154639][T10107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1627'.
[  189.162173][  T792] kaweth 3-1:0.23: probe with driver kaweth failed with error -5
[  189.162771][T10107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1627'.
[  189.168478][  T792] usb 3-1: USB disconnect, device number 22
[  189.257180][T10111] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.444899][    C0] cm109 4-1:0.8: cm109_urb_irq_callback: urb status -71
[  189.447474][    C0] cm109_urb_ctl_callback: 2 callbacks suppressed
[  189.447483][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.452421][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.455445][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.458726][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.461694][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.464679][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.468294][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.470879][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.473614][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.477312][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  189.487265][  T792] usb 4-1: USB disconnect, device number 12
[  189.489726][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  189.503093][  T792] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  189.660639][    T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  189.669127][T10130] loop2: detected capacity change from 0 to 1024
[  189.725799][    T9] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  190.005996][ T5235] Bluetooth: hci1: Malformed LE Event: 0x0b
[  190.263183][T10139] loop2: detected capacity change from 0 to 32768
[  190.275039][T10139] btrfs: Deprecated parameter 'usebackuproot'
[  190.277653][T10139] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  190.289896][T10139] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1642 (10139)
[  190.319693][T10154] netlink: 'syz.1.1649': attribute type 1 has an invalid length.
[  190.324985][T10139] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  190.329146][T10139] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  190.333094][T10154] netlink: 'syz.1.1649': attribute type 2 has an invalid length.
[  190.350078][T10139] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  190.456125][T10139] BTRFS info (device loop2): setting nodatasum
[  190.464276][T10139] BTRFS info (device loop2): setting nodatacow
[  190.471559][T10139] BTRFS info (device loop2): turning on sync discard
[  190.478666][T10139] BTRFS info (device loop2): enabling disk space caching
[  190.483510][T10139] BTRFS info (device loop2): force clearing of disk cache
[  190.491955][T10139] BTRFS info (device loop2): trying to use backup root at mount time
[  190.506704][T10174] ip6tnl1: entered promiscuous mode
[  190.517037][T10139] btrfs: Deprecated parameter 'usebackuproot'
[  190.519560][T10139] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  190.538191][T10139] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW
[  190.552630][T10139] BTRFS info (device loop2 state M): enabling free space tree
[  190.562498][T10139] BTRFS info (device loop2 state M): force clearing of disk cache
[  190.565106][T10139] BTRFS info (device loop2 state M): trying to use backup root at mount time
[  190.584325][T10139] BTRFS info (device loop2 state M): disabling disk space caching
[  190.659082][ T5853] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  191.144333][T10188] loop2: detected capacity change from 0 to 40427
[  191.156269][T10188] F2FS-fs: heap/no_heap options were deprecated
[  191.160114][T10188] F2FS-fs (loop2): build fault injection rate: 19
[  191.163044][T10188] F2FS-fs (loop2): build fault injection type: 0xb23a
[  191.171763][T10188] F2FS-fs (loop2): invalid crc value
[  191.252511][T10188] F2FS-fs (loop2): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x4462/0x6ff0
[  191.256691][T10188] F2FS-fs (loop2): Failed to initialize F2FS node manager (-12)
[  191.442832][T10197] netlink: 'syz.3.1659': attribute type 21 has an invalid length.
[  191.446216][T10197] IPv6: NLM_F_CREATE should be specified when creating new route
[  191.823834][T10203] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1662'.
[  192.047294][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  192.049912][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  192.064314][T10211] loop2: detected capacity change from 0 to 32768
[  192.101028][T10211] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  192.161272][ T5853] ocfs2: Unmounting device (7,2) on (node local)
[  192.362864][T10234] loop2: detected capacity change from 0 to 512
[  192.377032][T10234] EXT4-fs: inline encryption not supported
[  192.385180][T10234] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  192.397315][T10234] EXT4-fs (loop2): 1 truncate cleaned up
[  192.402111][T10234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.244416][T10242] loop3: detected capacity change from 0 to 32768
[  193.266715][T10242] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section downgrade: downgrade entry with mismatched major version (0 != 1)
[  193.266715][T10242] downgrade (size 2912):
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	
[  193.266715][T10242] errors:	sb_clean_missing
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	snapshots_read
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	set_fs_needs_rebalance
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	alloc_read,check_inodes,delete_dead_inodes,set_fs_needs_rebalance
[  193.266715][T10242] errors:	(unknown error 512)
[  193.266715][T10242] version:	0.5: (unknown version)
[  193.266715][T10242] recovery passes:	
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	fs_freespace_init,bucket_gens_init,check_inodes,delete_dead_inodes
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.266715][T10242] recovery passes:	
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.6: (unknown version)
[  193.266715][T10242] recovery passes:	check_subvols
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.33: (unknown version)
[  193.266715][T10242] recovery passes:	check_snapshots
[  193.266715][T10242] errors:	
[  193.266715][T10242] version:	0.0: (unknown version)
[  193.331726][T10242] bcachefs: bch2_fs_get_tree() error: invalid_sb_downgrade
[  193.865870][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.156465][T10269] lo speed is unknown, defaulting to 1000
[  195.037448][T10280] overlayfs: failed to clone upperpath
[  195.320300][T10294] netlink: 'syz.3.1699': attribute type 3 has an invalid length.
[  195.398167][T10298] netlink: 'syz.3.1701': attribute type 24 has an invalid length.
[  195.437633][T10292] loop2: detected capacity change from 0 to 32768
[  195.532763][T10311] program syz.3.1704 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  195.551821][T10292] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  195.551842][T10292]   allowing incompatible features above 0.0: (unknown version)
[  195.551850][T10292]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  195.579552][T10292] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  195.585462][T10292] bcachefs (loop2): initializing new filesystem
[  195.594410][T10292] bcachefs (loop2): going read-write
[  195.613864][T10292] bcachefs (loop2): marking superblocks
[  195.696811][T10292] bcachefs (loop2): initializing freespace
[  195.720062][T10292] bcachefs (loop2): done initializing freespace
[  195.736316][T10292] bcachefs (loop2): reading snapshots table
[  195.744273][T10292] bcachefs (loop2): reading snapshots done
[  195.792760][T10292] bcachefs (loop2): done starting filesystem
[  195.857815][T10327] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  196.192656][T10292] syz.2.1698 (10292) used greatest stack depth: 17448 bytes left
[  196.218416][ T5853] bcachefs (loop2): shutting down
[  196.220370][ T5853] bcachefs (loop2): going read-only
[  196.226607][ T5853] bcachefs (loop2): finished waiting for writes to stop
[  196.237972][ T5853] bcachefs (loop2): flushing journal and stopping allocators, journal seq 6
[  196.295163][ T5853] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 9
[  196.303041][ T5853] bcachefs (loop2): clean shutdown complete, journal seq 10
[  196.309787][ T5853] bcachefs (loop2): marking filesystem clean
[  196.340061][ T5853] bcachefs (loop2): shutdown complete
[  196.789961][T10362] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1724'.
[  197.991728][T10397] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  197.994454][T10397] team0: Device ipvlan2 is already an upper device of the team interface
[  198.343673][T10416] loop2: detected capacity change from 0 to 2048
[  198.358501][T10416] EXT4-fs: Ignoring removed mblk_io_submit option
[  198.412439][T10416] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.438430][T10416] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1748'.
[  198.464245][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.470097][T10430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1752'.
[  198.473917][T10430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1752'.
[  198.477814][T10430] netlink: 'syz.3.1752': attribute type 5 has an invalid length.
[  198.579159][T10436] loop3: detected capacity change from 0 to 512
[  198.582707][T10436] EXT4-fs: Ignoring removed oldalloc option
[  198.603951][T10440] trusted_key: syz.2.1757 sent an empty control message without MSG_MORE.
[  198.608800][T10436] EXT4-fs: Ignoring removed orlov option
[  198.617961][T10436] EXT4-fs: Invalid want_extra_isize 8
[  198.682779][T10442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1758'.
[  198.687456][T10442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1758'.
[  199.084093][T10465] loop2: detected capacity change from 0 to 32768
[  199.142465][T10465] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=ask,norecovery,nojournal_transaction_names,read_only
[  199.142478][T10465]   allowing incompatible features above 0.0: (unknown version)
[  199.142483][T10465]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  199.157861][T10465] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  199.160800][T10465] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  199.163830][T10465] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  199.163830][T10465]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  199.188152][T10465] bcachefs (loop2): btree node read error at btree lru level 0/0
[  199.188212][T10465]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[  199.188225][T10465]   loop2 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[  199.188233][T10465]   loop2 btree validate error
[  199.188239][T10465]   flagging btree lru lost data
[  199.188246][T10465]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  199.188254][T10465]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  199.188262][T10465]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  199.188271][T10465]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  199.188279][T10465]   ret btree_node_read_err_bad_node
[  199.225180][T10465] bcachefs (loop2): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  199.234378][T10465] bcachefs (loop2): btree node read error at btree freespace level 0/0
[  199.234392][T10465]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[  199.234402][T10465]   loop2 node offset 0/32 bset u64s 0: invalid bkey format: field 4 too large: 0 + 4294967296 > 4294967295
[  199.234411][T10465]   u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:4294967296, 0:0
[  199.234418][T10465]   loop2 btree validate error
[  199.234424][T10465]   flagging btree freespace lost data
[  199.234431][T10465]   ret btree_node_read_err_bad_node
[  199.257628][T10465] bcachefs (loop2): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  199.266324][T10465] bcachefs (loop2): check_topology... done
[  199.270425][T10465] bcachefs (loop2): accounting_read... done
[  199.275326][T10465] bcachefs (loop2): alloc_read... done
[  199.278483][T10465] bcachefs (loop2): snapshots_read... done
[  199.281396][T10465] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  199.285395][T10465] bcachefs (loop2): done starting filesystem
[  199.387577][ T5853] bcachefs (loop2): shutting down
[  199.411289][ T5853] bcachefs (loop2): shutdown complete
[  199.879633][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1783'.
[  199.889808][T10495] : entered promiscuous mode
[  199.896519][T10495] : left promiscuous mode
[  200.066142][T10499] openvswitch: netlink: Actions may not be safe on all matching packets
[  200.294791][T10511] loop2: detected capacity change from 0 to 8
[  200.308883][T10511] SQUASHFS error: xz decompression failed, data probably corrupt
[  200.312435][T10511] SQUASHFS error: Failed to read block 0x108: -5
[  200.314753][T10511] SQUASHFS error: Unable to read metadata cache entry [106]
[  200.317745][T10511] SQUASHFS error: Unable to read inode 0x11f
[  200.786988][T10538] loop2: detected capacity change from 0 to 2048
[  200.797989][T10539] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  200.848727][T10541] program syz.2.1802 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  201.320844][T10568] rtc_cmos 00:04: Alarms can be up to one day in the future
[  201.420905][T10564] loop2: detected capacity change from 0 to 32768
[  201.443020][T10564] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1813 (10564)
[  201.476938][T10564] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  201.489876][T10564] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  201.493807][T10564] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  201.666482][T10586] loop3: detected capacity change from 0 to 1764
[  201.682491][T10586] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  201.888264][  T792] rtc_cmos 00:04: Alarms can be up to one day in the future
[  201.893073][  T792] rtc_cmos 00:04: Alarms can be up to one day in the future
[  201.896883][T10564] BTRFS info (device loop2): rebuilding free space tree
[  201.897459][  T792] rtc_cmos 00:04: Alarms can be up to one day in the future
[  201.906460][  T792] rtc_cmos 00:04: Alarms can be up to one day in the future
[  201.909568][  T792] rtc rtc0: __rtc_set_alarm: err=-22
[  201.923705][T10564] BTRFS info (device loop2): disabling free space tree
[  201.926997][T10564] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  201.936788][T10564] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  201.949276][T10564] BTRFS info (device loop2): allowing degraded mounts
[  201.951545][T10564] BTRFS info (device loop2): enabling ssd optimizations
[  201.967906][T10564] BTRFS info (device loop2): enabling disk space caching
[  201.984186][T10564] BTRFS info (device loop2): force clearing of disk cache
[  201.986627][T10564] BTRFS info (device loop2): use zlib compression, level 3
[  202.021806][T10564] BTRFS info (device loop2): balance: start -f -sprofiles=raid0|dup|0x800,usage=47244704239,drange=5..0,vrange=288230376151711744..1,limit=471..128,stripes=0..0
[  202.029418][T10564] BTRFS info (device loop2): balance: ended with status: 0
[  202.105956][ T5853] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  202.545109][T10602] loop2: detected capacity change from 0 to 512
[  202.552890][T10602] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  202.558901][T10602] EXT4-fs (loop2): 1 truncate cleaned up
[  202.563230][T10602] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.586777][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.680497][ T5235] Bluetooth: hci2: unexpected subevent 0x0e length: 30 > 15
[  202.685807][ T5235] Bluetooth: hci2: Unable to find connection for dst 00:00:00:00:00:20 sid 0x00
[  202.780056][T10604] loop3: detected capacity change from 0 to 32768
[  202.791521][T10604] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.818740][T10604] XFS (loop3): Ending clean mount
[  202.824265][T10604] XFS (loop3): Quotacheck needed: Please wait.
[  202.842751][T10604] XFS (loop3): Quotacheck: Done.
[  203.261880][T10636] loop2: detected capacity change from 0 to 512
[  203.294880][T10636] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.382244][ T7341] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  203.723035][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.825693][T10655] loop2: detected capacity change from 0 to 4096
[  203.846575][T10655] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  203.857692][T10655] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.909601][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.930066][   T51] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  204.042988][T10672] loop2: detected capacity change from 0 to 128
[  204.065379][   T33] kauditd_printk_skb: 18 callbacks suppressed
[  204.065396][   T33] audit: type=1800 audit(974.537:101): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1849" name="file2" dev="loop2" ino=1048628 res=0 errno=0
[  204.221422][   T51] usb 4-1: Using ep0 maxpacket: 32
[  204.230443][   T51] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  204.233667][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.238562][   T51] usb 4-1: config 0 descriptor??
[  204.243297][   T51] gspca_main: nw80x-2.14.0 probing 055f:d001
[  204.358585][T10682] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  204.362428][T10682] FAT-fs (loop2): Filesystem has been set read-only
[  204.365620][T10682] bio_check_eod: 176 callbacks suppressed
[  204.365692][T10682] syz.2.1849: attempt to access beyond end of device
[  204.365692][T10682] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  204.377552][T10682] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  204.381210][T10682] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  204.445167][T10682] syz.2.1849: attempt to access beyond end of device
[  204.445167][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.452396][T10682] syz.2.1849: attempt to access beyond end of device
[  204.452396][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.460071][T10682] syz.2.1849: attempt to access beyond end of device
[  204.460071][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.468305][T10682] syz.2.1849: attempt to access beyond end of device
[  204.468305][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.475313][T10682] syz.2.1849: attempt to access beyond end of device
[  204.475313][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.480434][T10682] syz.2.1849: attempt to access beyond end of device
[  204.480434][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.486199][T10682] syz.2.1849: attempt to access beyond end of device
[  204.486199][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.492697][T10682] syz.2.1849: attempt to access beyond end of device
[  204.492697][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.499811][T10682] syz.2.1849: attempt to access beyond end of device
[  204.499811][T10682] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  204.656161][   T33] audit: type=1326 audit(975.148:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.668264][   T33] audit: type=1326 audit(975.148:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.677927][   T33] audit: type=1326 audit(975.159:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.689639][   T33] audit: type=1326 audit(975.159:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.700751][   T33] audit: type=1326 audit(975.159:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.712844][   T33] audit: type=1326 audit(975.159:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.722619][   T33] audit: type=1326 audit(975.159:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.737138][   T33] audit: type=1326 audit(975.159:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.751634][   T33] audit: type=1326 audit(975.159:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.1.1856" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae898ebe9 code=0x50000
[  204.846845][   T51] gspca_nw80x: reg_w err -71
[  204.853518][   T51] nw80x 4-1:0.0: probe with driver nw80x failed with error -71
[  204.857532][   T51] usb 4-1: USB disconnect, device number 13
[  205.131744][T10696] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  206.183191][T10720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1871'.
[  207.117628][T10743] loop2: detected capacity change from 0 to 32768
[  207.179205][T10743] JFS: charset not found
[  207.462174][T10755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1885'.
[  209.340036][T10816] fuse: Bad value for 'fd'
[  210.038668][T10854] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1932'.
[  210.201452][T10864] loop2: detected capacity change from 0 to 1024
[  210.296964][ T5235] Bluetooth: Wrong link type (-71)
[  210.375398][T10874] mmap: syz.2.1942 (10874) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  210.571809][T10884] syz.2.1947 (10884): /proc/10883/oom_adj is deprecated, please use /proc/10883/oom_score_adj instead.
[  210.841792][T10902] fuse: Bad value for 'fd'
[  210.844955][T10902] overlayfs: failed to clone upperpath
[  211.130896][T10922] overlayfs: empty lowerdir
[  211.235916][T10928] loop3: detected capacity change from 0 to 2048
[  211.251923][T10929] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  211.349628][T10933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1969'.
[  211.442967][T10938] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  211.482293][T10940] loop3: detected capacity change from 0 to 256
[  211.496913][T10940] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  211.512535][T10940] FAT-fs (loop3): Directory bread(block 64) failed
[  211.515596][T10940] FAT-fs (loop3): Directory bread(block 65) failed
[  211.518699][T10940] FAT-fs (loop3): Directory bread(block 66) failed
[  211.521314][T10940] FAT-fs (loop3): Directory bread(block 67) failed
[  211.524625][T10940] FAT-fs (loop3): Directory bread(block 68) failed
[  211.527213][T10940] FAT-fs (loop3): Directory bread(block 69) failed
[  211.529803][T10940] FAT-fs (loop3): Directory bread(block 70) failed
[  211.532262][T10940] FAT-fs (loop3): Directory bread(block 71) failed
[  211.534924][T10940] FAT-fs (loop3): Directory bread(block 72) failed
[  211.537696][T10940] FAT-fs (loop3): Directory bread(block 73) failed
[  211.743642][T10959] program syz.2.1980 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  212.309563][T11006] loop3: detected capacity change from 0 to 4096
[  212.347577][T11010] loop2: detected capacity change from 0 to 1024
[  212.352801][T11011] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  212.362304][T11010] EXT4-fs: Ignoring removed mblk_io_submit option
[  212.375076][T11010] EXT4-fs: inline encryption not supported
[  212.388519][T11010] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  212.417722][T11010] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c842e018, mo2=0000]
[  212.453992][T11010] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.2003: bad orphan inode 11
[  212.467946][T11010] ext4_test_bit(bit=10, block=4) = 1
[  212.469831][T11010] is_bad_inode(inode)=0
[  212.471293][T11010] NEXT_ORPHAN(inode)=3254779904
[  212.489740][T11010] max_ino=32
[  212.490924][T11010] i_nlink=0
[  212.519722][T11010] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.2003: lblock 2 mapped to illegal pblock 2 (length 1)
[  212.529664][T11010] __quota_error: 59 callbacks suppressed
[  212.529673][T11010] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  212.534196][T11010] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.2003: lblock 0 mapped to illegal pblock 48 (length 1)
[  212.549672][T11021] netlink: 'syz.1.2007': attribute type 2 has an invalid length.
[  212.552216][T11021] netlink: 1184 bytes leftover after parsing attributes in process `syz.1.2007'.
[  212.564826][T11010] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  212.570376][T11010] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.2003: Failed to acquire dquot type 0
[  212.575774][T11010] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  212.583444][T11023] loop3: detected capacity change from 0 to 256
[  212.586582][T11010] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.2003: mark_inode_dirty error
[  212.599918][T11010] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  212.618238][T11010] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.638902][T11010] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz.2.2003: Invalid inode table block 1 in block_group 0
[  212.653153][T11010] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  212.678474][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.685545][ T5853] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0
[  212.698566][ T5853] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  212.724558][ T5853] EXT4-fs error (device loop2): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error
[  212.801159][T11027] loop2: detected capacity change from 0 to 1024
[  212.848872][ T6088] hfsplus: b-tree write err: -5, ino 4
[  212.964845][ T5716] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.056914][ T5716] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.133755][ T5716] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.224824][ T5716] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.271889][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  213.276250][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  213.286401][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  213.292887][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  213.296794][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  213.390864][ T5716] bridge_slave_1: left allmulticast mode
[  213.393092][ T5716] bridge_slave_1: left promiscuous mode
[  213.396905][ T5716] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.405736][ T5716] bridge_slave_0: left allmulticast mode
[  213.408295][ T5716] bridge_slave_0: left promiscuous mode
[  213.410844][ T5716] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.506405][T11038] loop2: detected capacity change from 0 to 40427
[  213.515151][T11038] F2FS-fs (loop2): build fault injection rate: 14
[  213.518474][T11038] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  213.535656][T11038] F2FS-fs (loop2): invalid crc value
[  213.551181][    C1] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  213.571509][    C1] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  213.632009][T11038] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  213.635185][T11038] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  213.665360][T11038] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  213.687910][T11038] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  213.707126][T11043] bio_check_eod: 5586 callbacks suppressed
[  213.707145][T11043] f2fs_ckpt-7:2: attempt to access beyond end of device
[  213.707145][T11043] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  213.739865][T11043] CPU: 1 UID: 0 PID: 11043 Comm: f2fs_ckpt-7:2 Not tainted syzkaller #0 PREEMPT(full) 
[  213.739889][T11043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  213.739897][T11043] Call Trace:
[  213.739904][T11043]  <TASK>
[  213.739910][T11043]  dump_stack_lvl+0x189/0x250
[  213.739934][T11043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.739949][T11043]  ? __pfx_queue_work_on+0x10/0x10
[  213.739961][T11043]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  213.739977][T11043]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  213.740000][T11043]  f2fs_handle_critical_error+0x37c/0x540
[  213.740023][T11043]  f2fs_write_end_io+0x886/0xb60
[  213.740048][T11043]  __submit_merged_bio+0x27a/0x6a0
[  213.740070][T11043]  __submit_merged_write_cond+0x255/0x530
[  213.740115][T11043]  f2fs_write_data_pages+0x261d/0x3000
[  213.740158][T11043]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  213.740207][T11043]  ? check_path+0x21/0x40
[  213.740220][T11043]  ? check_noncircular+0xe0/0x160
[  213.740265][T11043]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  213.740282][T11043]  do_writepages+0x32e/0x550
[  213.740306][T11043]  ? do_raw_spin_unlock+0x4d/0x240
[  213.740322][T11043]  filemap_fdatawrite+0x199/0x240
[  213.740366][T11043]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  213.740413][T11043]  ? do_raw_spin_unlock+0x4d/0x240
[  213.740431][T11043]  f2fs_sync_dirty_inodes+0x31f/0x830
[  213.740454][T11043]  f2fs_write_checkpoint+0x95a/0x1df0
[  213.740482][T11043]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  213.740522][T11043]  ? down_write+0x162/0x1f0
[  213.740533][T11043]  ? __pfx_down_write+0x10/0x10
[  213.740544][T11043]  ? __pfx___schedule+0x10/0x10
[  213.740566][T11043]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  213.740582][T11043]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  213.740606][T11043]  issue_checkpoint_thread+0xd9/0x260
[  213.740621][T11043]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  213.740635][T11043]  ? __pfx_autoremove_wake_function+0x10/0x10
[  213.740650][T11043]  ? __kthread_parkme+0x7b/0x200
[  213.740663][T11043]  ? __kthread_parkme+0x1a1/0x200
[  213.740681][T11043]  kthread+0x711/0x8a0
[  213.740698][T11043]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  213.740710][T11043]  ? __pfx_kthread+0x10/0x10
[  213.740726][T11043]  ? _raw_spin_unlock_irq+0x23/0x50
[  213.740740][T11043]  ? lockdep_hardirqs_on+0x9c/0x150
[  213.740756][T11043]  ? __pfx_kthread+0x10/0x10
[  213.740770][T11043]  ret_from_fork+0x3fc/0x770
[  213.740787][T11043]  ? __pfx_ret_from_fork+0x10/0x10
[  213.740804][T11043]  ? __switch_to_asm+0x39/0x70
[  213.740818][T11043]  ? __switch_to_asm+0x33/0x70
[  213.740830][T11043]  ? __pfx_kthread+0x10/0x10
[  213.740846][T11043]  ret_from_fork_asm+0x1a/0x30
[  213.740872][T11043]  </TASK>
[  213.740956][T11043] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  213.877958][ T5716] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  213.892130][ T5716] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.905639][ T5716] bond0 (unregistering): Released all slaves
[  214.093448][T11055] loop2: detected capacity change from 0 to 764
[  214.113279][T11055] rock: directory entry would overflow storage
[  214.114223][ T5716] bond1 (unregistering): Released all slaves
[  214.117797][T11055] rock: sig=0x4654, size=5, remaining=4
[  214.131635][ T5716] bond2 (unregistering): Released all slaves
[  214.166437][T11041] lo speed is unknown, defaulting to 1000
[  214.234804][ T5716] : left promiscuous mode
[  214.387889][ T5716] tipc: Left network mode
[  214.513043][T11041] chnl_net:caif_netlink_parms(): no params data found
[  214.689344][T11041] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.691648][T11041] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.693963][T11041] bridge_slave_0: entered allmulticast mode
[  214.716026][T11041] bridge_slave_0: entered promiscuous mode
[  214.724678][ T5716] hsr_slave_0: left promiscuous mode
[  214.733819][ T5716] hsr_slave_1: left promiscuous mode
[  214.753908][ T5716] veth1_macvtap: left promiscuous mode
[  214.756306][ T5716] veth0_macvtap: left promiscuous mode
[  214.758619][ T5716] veth1_vlan: left promiscuous mode
[  214.763827][ T5716] veth0_vlan: left promiscuous mode
[  214.809502][T11094] fuse: Bad value for 'fd'
[  214.887413][   T10] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  215.034889][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.038684][   T10] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  215.041624][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.056179][   T10] usb 3-1: config 0 descriptor??
[  215.143933][ T5716] team0 (unregistering): Port device team_slave_1 removed
[  215.188347][ T5716] team0 (unregistering): Port device team_slave_0 removed
[  215.246573][ T5851] Bluetooth: hci0: command tx timeout
[  215.453366][   T10] prodikeys 0003:041E:2801.0008: item fetching failed at offset 3/7
[  215.456716][   T10] prodikeys 0003:041E:2801.0008: hid parse failed
[  215.458881][   T10] prodikeys 0003:041E:2801.0008: probe with driver prodikeys failed with error -22
[  215.593488][T11041] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.595985][T11041] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.598577][T11041] bridge_slave_1: entered allmulticast mode
[  215.601393][T11041] bridge_slave_1: entered promiscuous mode
[  215.637934][T11041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  215.642396][T11041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  215.652406][ T5894] usb 3-1: USB disconnect, device number 23
[  215.712593][T11041] team0: Port device team_slave_0 added
[  215.718855][T11041] team0: Port device team_slave_1 added
[  215.746724][T11041] batman_adv: batadv0: Adding interface: batadv_slave_0
[  215.750716][T11041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.760692][T11041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  215.769900][T11041] batman_adv: batadv0: Adding interface: batadv_slave_1
[  215.785372][T11041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.795618][T11041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  215.846716][T11041] hsr_slave_0: entered promiscuous mode
[  215.849095][T11041] hsr_slave_1: entered promiscuous mode
[  215.851233][T11041] debugfs: 'hsr0' already exists in 'hsr'
[  215.853534][T11041] Cannot create hsr debugfs directory
[  216.111475][T11041] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  216.112193][T11126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2042'.
[  216.119351][T11041] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  216.127216][T11041] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  216.153534][T11126] vxlan0: entered promiscuous mode
[  216.184674][T11041] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  216.206919][ T5716] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  216.210723][ T5716] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  216.224617][ T5716] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  216.228295][ T5716] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  216.324028][T11041] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.389533][T11041] 8021q: adding VLAN 0 to HW filter on device team0
[  216.411164][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.414215][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.439188][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.441937][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.849957][T11041] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.102846][T11041] veth0_vlan: entered promiscuous mode
[  217.120694][T11041] veth1_vlan: entered promiscuous mode
[  217.142845][T11167] loop2: detected capacity change from 0 to 512
[  217.159095][T11167] EXT4-fs: Ignoring removed bh option
[  217.175522][T11041] veth0_macvtap: entered promiscuous mode
[  217.187512][T11167] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  217.197453][T11041] veth1_macvtap: entered promiscuous mode
[  217.215767][T11041] batman_adv: batadv0: Interface activated: batadv_slave_0
[  217.217981][T11167] EXT4-fs (loop2): 1 truncate cleaned up
[  217.221272][ T5851] Bluetooth: hci0: command tx timeout
[  217.224764][T11167] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.228290][T11041] batman_adv: batadv0: Interface activated: batadv_slave_1
[  217.250447][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  217.267870][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  217.275885][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  217.286069][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.315575][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.452945][T11182] netlink: 14528 bytes leftover after parsing attributes in process `syz.1.2052'.
[  217.487065][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.491913][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.561006][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.564951][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  218.146584][T11205] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  218.164841][T11185] overlayfs: failed to clone upperpath
[  218.208640][T11209] loop4: detected capacity change from 0 to 1024
[  218.239603][T11209] hfsplus: b-tree write err: -5, ino 4
[  218.579959][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  218.726388][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  218.730565][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  218.738415][   T10] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  218.742621][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.746818][   T10] usb 5-1: Product: syz
[  218.748657][   T10] usb 5-1: Manufacturer: syz
[  218.753304][   T10] usb 5-1: SerialNumber: syz
[  218.758640][   T10] usb 5-1: config 0 descriptor??
[  218.766533][T11213] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  218.778666][T11213] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  218.990542][T11213] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  218.993831][T11213] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  219.130198][   T51] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  219.196573][ T5851] Bluetooth: hci0: command tx timeout
[  219.273094][   T51] usb 3-1: Using ep0 maxpacket: 16
[  219.277150][   T51] usb 3-1: config 166 has an invalid interface number: 177 but max is 1
[  219.280713][   T51] usb 3-1: config 166 has an invalid interface number: 34 but max is 1
[  219.285655][   T51] usb 3-1: config 166 has no interface number 0
[  219.288308][   T51] usb 3-1: config 166 has no interface number 1
[  219.290976][   T51] usb 3-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  219.295637][   T51] usb 3-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  219.300256][   T51] usb 3-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  219.305075][   T51] usb 3-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  219.310063][   T51] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  219.315115][   T51] usb 3-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  219.318844][   T51] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  219.324356][   T51] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  219.327936][   T51] usb 3-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  219.333468][   T51] usb 3-1: config 166 interface 177 has no altsetting 0
[  219.335717][   T51] usb 3-1: config 166 interface 34 has no altsetting 0
[  219.340844][   T51] usb 3-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[  219.344512][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.347757][   T51] usb 3-1: Product: syz
[  219.350343][   T51] usb 3-1: Manufacturer: syz
[  219.351903][   T51] usb 3-1: SerialNumber: syz
[  219.381204][   T10] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  219.559392][   T51] ums-realtek 3-1:166.177: USB Mass Storage device detected
[  219.749726][   T51] ums-realtek 3-1:166.34: USB Mass Storage device detected
[  219.763853][   T10] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  219.771162][   T10] usb 5-1: USB disconnect, device number 2
[  219.972401][   T51] ums-realtek 3-1:166.34: probe with driver ums-realtek failed with error -5
[  220.609738][T11262] loop4: detected capacity change from 0 to 16
[  220.613358][T11262] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  220.906596][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  220.955015][T11287] netlink: 'syz.1.2095': attribute type 4 has an invalid length.
[  221.050690][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.056246][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.060168][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  221.065041][   T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  221.069548][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.078496][   T10] usb 5-1: config 0 descriptor??
[  221.182718][ T5851] Bluetooth: hci0: command tx timeout
[  221.504196][   T51] usb 3-1: Found UVC 0.00 device syz (0bda:0138)
[  221.510406][   T51] usb 3-1: No valid video chain found.
[  221.528591][   T51] usb 3-1: USB disconnect, device number 24
[  221.566300][   T10] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  221.726620][T11301] loop2: detected capacity change from 0 to 128
[  221.747235][   T33] audit: type=1800 audit(993.154:170): pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2100" name="file2" dev="loop2" ino=1048639 res=0 errno=0
[  221.765039][T11301] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  221.768676][T11301] FAT-fs (loop2): Filesystem has been set read-only
[  221.772383][T11301] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  221.776517][T11301] syz.2.2100: attempt to access beyond end of device
[  221.776517][T11301] loop2: rw=2049, sector=2065, nr_sectors = 8 limit=128
[  222.117887][T11305] loop2: detected capacity change from 0 to 40427
[  222.124221][T11305] F2FS-fs: heap/no_heap options were deprecated
[  222.139962][T11305] F2FS-fs (loop2): invalid crc value
[  222.177797][T11305] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  222.182699][T11305] F2FS-fs (loop2): Start checkpoint disabled!
[  222.190560][T11305] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  222.219634][T11305] syz.2.2102: attempt to access beyond end of device
[  222.219634][T11305] loop2: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  222.231416][T11305] syz.2.2102: attempt to access beyond end of device
[  222.231416][T11305] loop2: rw=2049, sector=77960, nr_sectors = 120 limit=40427
[  222.246859][T11305] syz.2.2102: attempt to access beyond end of device
[  222.246859][T11305] loop2: rw=2049, sector=77824, nr_sectors = 16 limit=40427
[  222.264722][T11305] syz.2.2102: attempt to access beyond end of device
[  222.264722][T11305] loop2: rw=2049, sector=77960, nr_sectors = 120 limit=40427
[  222.294034][T11305] syz.2.2102: attempt to access beyond end of device
[  222.294034][T11305] loop2: rw=2049, sector=78080, nr_sectors = 544 limit=40427
[  222.302870][T11305] syz.2.2102: attempt to access beyond end of device
[  222.302870][T11305] loop2: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  222.321304][T11312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2104'.
[  222.332839][   T70] kworker/u9:3: attempt to access beyond end of device
[  222.332839][   T70] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  222.338528][   T70] CPU: 0 UID: 0 PID: 70 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  222.338540][   T70] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  222.338545][   T70] Workqueue: writeback wb_workfn (flush-7:2)
[  222.338560][   T70] Call Trace:
[  222.338563][   T70]  <TASK>
[  222.338568][   T70]  dump_stack_lvl+0x189/0x250
[  222.338581][   T70]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.338589][   T70]  ? __pfx_queue_work_on+0x10/0x10
[  222.338598][   T70]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  222.338626][   T70]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  222.338641][   T70]  f2fs_handle_critical_error+0x37c/0x540
[  222.338656][   T70]  f2fs_write_end_io+0x886/0xb60
[  222.338672][   T70]  __submit_merged_bio+0x27a/0x6a0
[  222.338686][   T70]  __submit_merged_write_cond+0x255/0x530
[  222.338698][   T70]  f2fs_write_data_pages+0x261d/0x3000
[  222.338724][   T70]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  222.338741][   T70]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  222.338764][   T70]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  222.338780][   T70]  ? trace_f2fs_writepages+0x7f/0x200
[  222.338790][   T70]  ? f2fs_write_node_pages+0x478/0x6e0
[  222.338801][   T70]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  222.338817][   T70]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  222.338828][   T70]  do_writepages+0x32e/0x550
[  222.338841][   T70]  ? reacquire_held_locks+0x127/0x1d0
[  222.338848][   T70]  ? writeback_sb_inodes+0x384/0x1010
[  222.338862][   T70]  __writeback_single_inode+0x145/0xff0
[  222.338871][   T70]  ? do_raw_spin_unlock+0x4d/0x240
[  222.338881][   T70]  writeback_sb_inodes+0x6c7/0x1010
[  222.338902][   T70]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  222.338930][   T70]  ? rcu_is_watching+0x15/0xb0
[  222.338943][   T70]  wb_writeback+0x43b/0xaf0
[  222.338955][   T70]  ? queue_io+0x361/0x590
[  222.338965][   T70]  ? __pfx_wb_writeback+0x10/0x10
[  222.338978][   T70]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.338989][   T70]  wb_workfn+0x409/0xef0
[  222.339003][   T70]  ? __pfx_wb_workfn+0x10/0x10
[  222.339013][   T70]  ? __lock_acquire+0xab9/0xd20
[  222.339029][   T70]  ? process_scheduled_works+0x9ef/0x17b0
[  222.339039][   T70]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.339052][   T70]  ? process_scheduled_works+0x9ef/0x17b0
[  222.339058][   T70]  ? process_scheduled_works+0x9ef/0x17b0
[  222.339065][   T70]  process_scheduled_works+0xae1/0x17b0
[  222.339086][   T70]  ? __pfx_process_scheduled_works+0x10/0x10
[  222.339101][   T70]  worker_thread+0x8a0/0xda0
[  222.339109][   T70]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  222.339122][   T70]  ? __kthread_parkme+0x7b/0x200
[  222.339134][   T70]  kthread+0x711/0x8a0
[  222.339144][   T70]  ? __pfx_worker_thread+0x10/0x10
[  222.339151][   T70]  ? __pfx_kthread+0x10/0x10
[  222.339160][   T70]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.339168][   T70]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.339179][   T70]  ? __pfx_kthread+0x10/0x10
[  222.339188][   T70]  ret_from_fork+0x3fc/0x770
[  222.339197][   T70]  ? __pfx_ret_from_fork+0x10/0x10
[  222.339208][   T70]  ? __switch_to_asm+0x39/0x70
[  222.339216][   T70]  ? __switch_to_asm+0x33/0x70
[  222.339223][   T70]  ? __pfx_kthread+0x10/0x10
[  222.339232][   T70]  ret_from_fork_asm+0x1a/0x30
[  222.339248][   T70]  </TASK>
[  222.343768][   T70] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  222.660533][T11317] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2105'.
[  222.664705][T11317] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2105'.
[  222.670763][T11317] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2105'.
[  222.722968][T11323] vlan2: entered promiscuous mode
[  222.950014][T11339] fuse: Bad value for 'fd'
[  223.036613][T11332] loop2: detected capacity change from 0 to 32768
[  223.050675][T11332] JBD2: Ignoring recovery information on journal
[  223.089002][T11332] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  223.115748][ T5853] ocfs2: Unmounting device (7,2) on (node local)
[  223.352036][T11365] ==================================================================
[  223.355344][T11365] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  223.358621][T11365] Read of size 2 at addr ffff88801cee4a42 by task syz.2.2128/11365
[  223.362783][T11365] 
[  223.363825][T11365] CPU: 0 UID: 0 PID: 11365 Comm: syz.2.2128 Not tainted syzkaller #0 PREEMPT(full) 
[  223.363844][T11365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  223.363854][T11365] Call Trace:
[  223.363862][T11365]  <TASK>
[  223.363869][T11365]  dump_stack_lvl+0x189/0x250
[  223.363890][T11365]  ? __kasan_check_byte+0x12/0x40
[  223.363911][T11365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.363927][T11365]  ? lock_release+0x4b/0x3e0
[  223.363948][T11365]  ? __virt_addr_valid+0x4a5/0x5c0
[  223.363967][T11365]  print_report+0xca/0x240
[  223.363980][T11365]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  223.363991][T11365]  kasan_report+0x118/0x150
[  223.364009][T11365]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  223.364022][T11365]  __xfrm_state_lookup+0x6ad/0x8d0
[  223.364036][T11365]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  223.364057][T11365]  ? xfrm_state_lookup+0x45/0x1e0
[  223.364071][T11365]  xfrm_state_lookup+0x11e/0x1e0
[  223.364087][T11365]  xfrm_user_state_lookup+0x231/0x370
[  223.364107][T11365]  ? __pfx_xfrm_user_state_lookup+0x10/0x10
[  223.364124][T11365]  ? apparmor_capable+0x137/0x1b0
[  223.364142][T11365]  xfrm_get_sa+0x93/0x290
[  223.364156][T11365]  ? __nla_parse+0x40/0x60
[  223.364175][T11365]  xfrm_user_rcv_msg+0x7a3/0xab0
[  223.364191][T11365]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  223.364213][T11365]  ? __pfx___mutex_trylock_common+0x10/0x10
[  223.364228][T11365]  ? rcu_is_watching+0x15/0xb0
[  223.364240][T11365]  ? trace_contention_end+0x39/0x120
[  223.364254][T11365]  ? __mutex_lock+0x335/0x1350
[  223.364272][T11365]  netlink_rcv_skb+0x208/0x470
[  223.364289][T11365]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  223.364304][T11365]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  223.364355][T11365]  ? netlink_deliver_tap+0x2e/0x1b0
[  223.364372][T11365]  ? netlink_deliver_tap+0x2e/0x1b0
[  223.364392][T11365]  xfrm_netlink_rcv+0x79/0x90
[  223.364407][T11365]  netlink_unicast+0x82f/0x9e0
[  223.364428][T11365]  ? __pfx_netlink_unicast+0x10/0x10
[  223.364445][T11365]  ? netlink_sendmsg+0x642/0xb30
[  223.364462][T11365]  ? skb_put+0x11b/0x210
[  223.364476][T11365]  netlink_sendmsg+0x805/0xb30
[  223.364496][T11365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.364514][T11365]  ? aa_sock_msg_perm+0xf1/0x1d0
[  223.364525][T11365]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  223.364539][T11365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.364555][T11365]  __sock_sendmsg+0x21c/0x270
[  223.364572][T11365]  ____sys_sendmsg+0x505/0x830
[  223.364586][T11365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.364599][T11365]  ? import_iovec+0x74/0xa0
[  223.364613][T11365]  ___sys_sendmsg+0x21f/0x2a0
[  223.364626][T11365]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.364647][T11365]  ? __fget_files+0x2a/0x420
[  223.364657][T11365]  ? __fget_files+0x3a0/0x420
[  223.364671][T11365]  __x64_sys_sendmsg+0x19b/0x260
[  223.364684][T11365]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  223.364700][T11365]  ? rcu_is_watching+0x15/0xb0
[  223.364711][T11365]  ? do_syscall_64+0xbe/0x3b0
[  223.364730][T11365]  do_syscall_64+0xfa/0x3b0
[  223.364745][T11365]  ? lockdep_hardirqs_on+0x9c/0x150
[  223.364760][T11365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.364771][T11365]  ? exc_page_fault+0x9f/0xf0
[  223.364787][T11365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.364799][T11365] RIP: 0033:0x7fb6ab98ebe9
[  223.364813][T11365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.364823][T11365] RSP: 002b:00007fb6ac716038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  223.364838][T11365] RAX: ffffffffffffffda RBX: 00007fb6abbb5fa0 RCX: 00007fb6ab98ebe9
[  223.364846][T11365] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  223.364853][T11365] RBP: 00007fb6aba11e19 R08: 0000000000000000 R09: 0000000000000000
[  223.364861][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  223.364869][T11365] R13: 00007fb6abbb6038 R14: 00007fb6abbb5fa0 R15: 00007fff5a0b1448
[  223.364882][T11365]  </TASK>
[  223.364889][T11365] 
[  223.524031][T11365] Allocated by task 9765:
[  223.525833][T11365]  kasan_save_track+0x3e/0x80
[  223.527792][T11365]  __kasan_slab_alloc+0x6c/0x80
[  223.529788][T11365]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  223.532262][T11365]  xfrm_state_alloc+0x24/0x2f0
[  223.534380][T11365]  __find_acq_core+0x8a7/0x1c00
[  223.536494][T11365]  xfrm_find_acq+0x78/0xa0
[  223.538394][T11365]  xfrm_alloc_userspi+0x6b3/0xc90
[  223.540454][T11365]  xfrm_user_rcv_msg+0x7a3/0xab0
[  223.542491][T11365]  netlink_rcv_skb+0x208/0x470
[  223.544480][T11365]  xfrm_netlink_rcv+0x79/0x90
[  223.546456][T11365]  netlink_unicast+0x82f/0x9e0
[  223.548495][T11365]  netlink_sendmsg+0x805/0xb30
[  223.550561][T11365]  __sock_sendmsg+0x21c/0x270
[  223.552579][T11365]  ____sys_sendmsg+0x505/0x830
[  223.554608][T11365]  ___sys_sendmsg+0x21f/0x2a0
[  223.556574][T11365]  __x64_sys_sendmsg+0x19b/0x260
[  223.558679][T11365]  do_syscall_64+0xfa/0x3b0
[  223.560595][T11365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.563149][T11365] 
[  223.564206][T11365] Freed by task 10:
[  223.565911][T11365]  kasan_save_track+0x3e/0x80
[  223.568165][T11365]  kasan_save_free_info+0x46/0x50
[  223.570238][T11365]  __kasan_slab_free+0x5b/0x80
[  223.572237][T11365]  kmem_cache_free+0x18f/0x400
[  223.574269][T11365]  xfrm_state_gc_task+0x52d/0x6b0
[  223.576376][T11365]  process_scheduled_works+0xae1/0x17b0
[  223.578671][T11365]  worker_thread+0x8a0/0xda0
[  223.580512][T11365]  kthread+0x711/0x8a0
[  223.582070][T11365]  ret_from_fork+0x3fc/0x770
[  223.583554][T11365]  ret_from_fork_asm+0x1a/0x30
[  223.585493][T11365] 
[  223.586518][T11365] The buggy address belongs to the object at ffff88801cee4900
[  223.586518][T11365]  which belongs to the cache xfrm_state of size 928
[  223.592260][T11365] The buggy address is located 322 bytes inside of
[  223.592260][T11365]  freed 928-byte region [ffff88801cee4900, ffff88801cee4ca0)
[  223.598053][T11365] 
[  223.599128][T11365] The buggy address belongs to the physical page:
[  223.601754][T11365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801cee4000 pfn:0x1cee4
[  223.605418][T11365] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  223.608484][T11365] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  223.610956][T11365] page_type: f5(slab)
[  223.612435][T11365] raw: 00fff00000000040 ffff88801c75ab40 dead000000000122 0000000000000000
[  223.615663][T11365] raw: ffff88801cee4000 00000000800e000d 00000000f5000000 0000000000000000
[  223.618704][T11365] head: 00fff00000000040 ffff88801c75ab40 dead000000000122 0000000000000000
[  223.621889][T11365] head: ffff88801cee4000 00000000800e000d 00000000f5000000 0000000000000000
[  223.624797][T11365] head: 00fff00000000002 ffffea000073b901 00000000ffffffff 00000000ffffffff
[  223.627682][T11365] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  223.630543][T11365] page dumped because: kasan: bad access detected
[  223.632806][T11365] page_owner tracks the page as allocated
[  223.634693][T11365] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7260, tgid 7259 (syz.1.509), ts 98881457218, free_ts 98805656481
[  223.640796][T11365]  post_alloc_hook+0x240/0x2a0
[  223.642405][T11365]  get_page_from_freelist+0x21e4/0x22c0
[  223.644233][T11365]  __alloc_frozen_pages_noprof+0x181/0x370
[  223.646275][T11365]  alloc_pages_mpol+0x232/0x4a0
[  223.647976][T11365]  allocate_slab+0x8a/0x370
[  223.649512][T11365]  ___slab_alloc+0xbeb/0x1410
[  223.651038][T11365]  kmem_cache_alloc_noprof+0x283/0x3c0
[  223.652857][T11365]  xfrm_state_alloc+0x24/0x2f0
[  223.654531][T11365]  __find_acq_core+0x8a7/0x1c00
[  223.656265][T11365]  xfrm_find_acq+0x78/0xa0
[  223.657755][T11365]  pfkey_getspi+0x65d/0xee0
[  223.659254][T11365]  pfkey_sendmsg+0xbfe/0x1090
[  223.660815][T11365]  __sock_sendmsg+0x21c/0x270
[  223.662331][T11365]  ____sys_sendmsg+0x505/0x830
[  223.663935][T11365]  ___sys_sendmsg+0x21f/0x2a0
[  223.665584][T11365]  __x64_sys_sendmsg+0x19b/0x260
[  223.667167][T11365] page last free pid 7249 tgid 7248 stack trace:
[  223.669204][T11365]  __free_frozen_pages+0xbc4/0xd30
[  223.670890][T11365]  stack_depot_save_flags+0x436/0x860
[  223.672903][T11365]  kasan_save_track+0x4f/0x80
[  223.674638][T11365]  __kasan_slab_alloc+0x6c/0x80
[  223.676286][T11365]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  223.678297][T11365]  mempool_alloc_noprof+0x1a7/0x510
[  223.680207][T11365]  bio_alloc_bioset+0x241/0x1110
[  223.681897][T11365]  lbmRead+0x15a/0x600
[  223.683265][T11365]  lmLogInit+0xc0c/0x19e0
[  223.684870][T11365]  lmLogOpen+0x4e1/0xfb0
[  223.686402][T11365]  jfs_mount_rw+0xe9/0x670
[  223.687968][T11365]  jfs_fill_super+0x754/0xd80
[  223.689541][T11365]  get_tree_bdev_flags+0x40e/0x4d0
[  223.691263][T11365]  vfs_get_tree+0x92/0x2b0
[  223.692749][T11365]  do_new_mount+0x2a2/0x9e0
[  223.694407][T11365]  __se_sys_mount+0x317/0x410
[  223.696184][T11365] 
[  223.697096][T11365] Memory state around the buggy address:
[  223.699106][T11365]  ffff88801cee4900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.702118][T11365]  ffff88801cee4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.705089][T11365] >ffff88801cee4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.708054][T11365]                                            ^
[  223.710254][T11365]  ffff88801cee4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.712985][T11365]  ffff88801cee4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.715719][T11365] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  223.743720][   T10] usb 5-1: USB disconnect, device number 3
[  223.748008][T11365] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  223.751029][T11365] CPU: 1 UID: 0 PID: 11365 Comm: syz.2.2128 Not tainted syzkaller #0 PREEMPT(full) 
[  223.754847][T11365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  223.759114][T11365] Call Trace:
[  223.760587][T11365]  <TASK>
[  223.761875][T11365]  dump_stack_lvl+0x99/0x250
[  223.763816][T11365]  ? __asan_memcpy+0x40/0x70
[  223.765776][T11365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.767927][T11365]  ? __pfx__printk+0x10/0x10
[  223.769985][T11365]  vpanic+0x281/0x750
[  223.771685][T11365]  ? preempt_schedule+0xae/0xc0
[  223.773698][T11365]  ? __pfx_vpanic+0x10/0x10
[  223.775616][T11365]  ? preempt_schedule_common+0x83/0xd0
[  223.777848][T11365]  ? preempt_schedule+0xae/0xc0
[  223.779908][T11365]  ? __pfx_preempt_schedule+0x10/0x10
[  223.782158][T11365]  panic+0xb9/0xc0
[  223.783806][T11365]  ? __pfx_panic+0x10/0x10
[  223.785763][T11365]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  223.788296][T11365]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  223.790571][T11365]  check_panic_on_warn+0x89/0xb0
[  223.792657][T11365]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  223.794894][T11365]  end_report+0x78/0x160
[  223.796725][T11365]  kasan_report+0x129/0x150
[  223.798718][T11365]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  223.800908][T11365]  __xfrm_state_lookup+0x6ad/0x8d0
[  223.802998][T11365]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  223.805356][T11365]  ? xfrm_state_lookup+0x45/0x1e0
[  223.807459][T11365]  xfrm_state_lookup+0x11e/0x1e0
[  223.809471][T11365]  xfrm_user_state_lookup+0x231/0x370
[  223.811675][T11365]  ? __pfx_xfrm_user_state_lookup+0x10/0x10
[  223.814215][T11365]  ? apparmor_capable+0x137/0x1b0
[  223.816423][T11365]  xfrm_get_sa+0x93/0x290
[  223.818258][T11365]  ? __nla_parse+0x40/0x60
[  223.820166][T11365]  xfrm_user_rcv_msg+0x7a3/0xab0
[  223.822265][T11365]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  223.824646][T11365]  ? __pfx___mutex_trylock_common+0x10/0x10
[  223.827111][T11365]  ? rcu_is_watching+0x15/0xb0
[  223.829087][T11365]  ? trace_contention_end+0x39/0x120
[  223.831308][T11365]  ? __mutex_lock+0x335/0x1350
[  223.833373][T11365]  netlink_rcv_skb+0x208/0x470
[  223.835400][T11365]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  223.837668][T11365]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  223.839877][T11365]  ? netlink_deliver_tap+0x2e/0x1b0
[  223.842116][T11365]  ? netlink_deliver_tap+0x2e/0x1b0
[  223.844339][T11365]  xfrm_netlink_rcv+0x79/0x90
[  223.846295][T11365]  netlink_unicast+0x82f/0x9e0
[  223.848343][T11365]  ? __pfx_netlink_unicast+0x10/0x10
[  223.850530][T11365]  ? netlink_sendmsg+0x642/0xb30
[  223.852601][T11365]  ? skb_put+0x11b/0x210
[  223.854405][T11365]  netlink_sendmsg+0x805/0xb30
[  223.856472][T11365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.858666][T11365]  ? aa_sock_msg_perm+0xf1/0x1d0
[  223.860725][T11365]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  223.862948][T11365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.865231][T11365]  __sock_sendmsg+0x21c/0x270
[  223.867228][T11365]  ____sys_sendmsg+0x505/0x830
[  223.869260][T11365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.871540][T11365]  ? import_iovec+0x74/0xa0
[  223.873516][T11365]  ___sys_sendmsg+0x21f/0x2a0
[  223.875468][T11365]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.877717][T11365]  ? __fget_files+0x2a/0x420
[  223.879727][T11365]  ? __fget_files+0x3a0/0x420
[  223.881759][T11365]  __x64_sys_sendmsg+0x19b/0x260
[  223.883889][T11365]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  223.886222][T11365]  ? rcu_is_watching+0x15/0xb0
[  223.888301][T11365]  ? do_syscall_64+0xbe/0x3b0
[  223.890263][T11365]  do_syscall_64+0xfa/0x3b0
[  223.892154][T11365]  ? lockdep_hardirqs_on+0x9c/0x150
[  223.894090][T11365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.896087][T11365]  ? exc_page_fault+0x9f/0xf0
[  223.897924][T11365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.900418][T11365] RIP: 0033:0x7fb6ab98ebe9
[  223.902060][T11365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.908584][T11365] RSP: 002b:00007fb6ac716038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  223.911804][T11365] RAX: ffffffffffffffda RBX: 00007fb6abbb5fa0 RCX: 00007fb6ab98ebe9
[  223.914267][T11365] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  223.916925][T11365] RBP: 00007fb6aba11e19 R08: 0000000000000000 R09: 0000000000000000
[  223.919700][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  223.922277][T11365] R13: 00007fb6abbb6038 R14: 00007fb6abbb5fa0 R15: 00007fff5a0b1448
[  223.924800][T11365]  </TASK>
[  223.926477][T11365] Kernel Offset: disabled
[  223.927961][T11365] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:44:17  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001003 RDI=0000000000001004 RBP=00000000000003f8 RSP=ffffc90004ea69f0
R8 =ffff888106120237 R9 =1ffff11020c24046 R10=dffffc0000000000 R11=ffffffff854f3ac0
R12=dffffc0000000000 R13=ffffffff99afa8f7 R14=ffffffff99def420 R15=0000000000000000
RIP=ffffffff854f3b3c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb6ac7166c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555586aa3808 CR3=000000002d90e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fb6abb87498 00007fb6abb87470 XMM03=00007fb6abb874a8 00007fb6abb874a0
XMM04=00007fb6ac6ed100 00007fb6abb87460 XMM05=00007fb6abb87478 00007fb6abb874c0
XMM06=00007fb6abb874b8 00007fb6abb874b0 XMM07=00007fb6abb874a8 00007fb6abb874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fb6aba12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b44cfb RBX=1ffff11009608341 RCX=ffff888020538000 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc9000319f700 RSP=ffffc9000319f580
R8 =ffffffff8fa38a37 R9 =1ffffffff1f47146 R10=dffffc0000000000 R11=fffffbfff1f47147
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b44ce3 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0c948e7d60 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f0c93d876c3 00007f0c93d876c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=010210000fffffff ffffff043c100001
XMM06=000002080608010d ea02800401d1a408 XMM07=0004020eec000000 0000000000000000
XMM08=0001ffffffffffff ffffe70802b80301 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
