last executing test programs:

3m16.375913748s ago: executing program 2 (id=11):
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xaf4, &(0x7f0000000e00)="$eJzs3V2IXFcBAOAzszv7k6RmUhO7prFNrLb1p5tmd40/wSYlQTA0RXwpBF9CmtZgjGAFtRRM8uSbLSWCT1bxqS+limBfJPTJl4INFKH4UH3wwRCxIKLRZMrOnjM7czKTO7M7O7O7831w59x7z7n3nHvnzp37e04ARla5/rmwMFMK4fIbLx/7+4N/m14cc7iRolr/HG8aqoQQSnF4PJvfe2NL4c33XzjdLiyFufpnGg5PXm9MuzWEcCHsDVdCNey+fPWlt+aeOHHx+KV9b7966NraLD0AAIyWr105tLDrL3+8d8eN1+47EibT6MWe+vF5NY7YFo/7j8QD/3T8X45haXJ5nqWm+GQitE43HrvydGu6sTbpmvOpZOnGs/Qp74ks/0qHdJPhzvmPNY1rt9ywkaXtuBpK5dmW4XJ5dnbpnDzUz+snSrPnz5575rkhFRTou3/dH0LY29QdvdQ6vN66wyuetrRWZaofW3SRrjbsdbdRuyODy+tGbcnQl3lAXW37sPdAAEvy+4W3uZBfWVidxtzGu8v/+uPl9tNDHwx6++8p/4kh5x9GPP/8YiWs0mb9/0rLlX5H2+Jwfh8hf36p8++vnM25dWx+P6LSZTk73UfYKPcXOpVzbMDlWKlO5c+3i83qyzFM6+GxLL7595N/pxvlOwba+09+/V+n061ZV+nHfELLcGU186oNef8DrF/5c3O1dH80yp/ry+MnC+KnCuKnC+K3FMRvLYiHUfab7/0kvFhaPs/Pz+l7vR6errPdFcMP9Vie/Hpkr/nnz/32arX5u0TPRvK7U0+d+cLTJ68uPf9famz/t+L2nk43qvG3dSUmSNcL8+vqjWf/q635lDukuzsrz11t0tf7d7amK+1cnk9o2s/cVo6Z1um2d0q3pzVdNUs3HbuprLz58cmWbLp0/JH2q2l9jWfLW8mWYyIrR9qv7IhhXg5YibQ9dnr+P22fM6FSeubsuTOPxuG0nf5hrDK5OP7AgMsNrF637//MhNb3f7Y1xlfKzfuF7cvjS0v7hdfj/FrHzzXyaR0/H4fT/9w3x6br42dPf+fc0/1ffBhpz/3w+W+dOnfuzHd77Fk8Hu19qjv1zE+H0NcZDqznK+WwHorRS086bVkv5dGz7nqGvGMC1tz+Hy0dBDxy9tunnj3z7Jnz8wcPzs/NHfzi/ML++nH9/uaj+2YXhlBaoJ+W//SHXRIAAAAAAAAAAACgW98/fuzqO29+/t2l9/+X3/9L7/+nJ3/T+/8/zt7/z9+TT+/Bp/cAd7SJr6fJKlidyNJVYvfhrLw7s3x2ZdN9JIaNdvzi+/8pu7xe11See7LxlQ6DWXUCt9WXMpHVQZK3F/jxGF6K4S8DDFFpuv3oGBbVb5229VQ/RVO9FDX1A28c6XtLW0OqxyS9/922XqemL3vHAMpI/w3idcJhLyPQ3j9Gqv7vfy4v+NDLouvcjaf+6kDy+9nobhO1jkfp3bZgA9Afw27/M133TOH53391arFLya4/3rq/zOsvhV786Z3W4XXd/uQA8s/b7Rt0/sNY/qke8v/Vxf7m32j/Ltv//TmOvn3/19JiXvuLx13478+vvduUbdjd7f43X/5UD/TO3vK/EfNPS/NQ6C7/2i+y/PMbQl36X5b/li7zv23596ws///H/NNqe/iBbvOvl3gylFvLkV83Tvf/8uvGyc1s+VPdnnfI/+vPt1v+FTbUeCvmD6Nso7Qz26vsOKJx0L7y9n+jC/1t/7dR2Gy3lj+H8bk4nHbE6TmHvL2TXsufnq9I/wO7svmXCv7ftP+7sX0phkW/h9T+b9oeq/Evv2m4vi7TcKXNut2s+xrYqN5b6/t/8/+u1dbBfY6+dSfXPI+poS/juu+OrHoerzzWt/LUxlYwXaOduCGvy1qttrYX1AoMNXOGvv6HfZ4w7PyHvf6L5O3/5sfwefu/eXze/m8en7f/m8dPx2+oU3ze/m++PvP2f/P4e7L55u0DzxTEf7Qgfnf7+MZp+70F0+8piP9YQfy+RvzhlhQp/r6C6e8viL+7IP6BgvhPFMR/siD+wYL4h5vim9uATvGfKph+s0vvo4zq8sMoy9/P8/uH0VG//9PUaH3++0/3hewfYPP56WsHjp789TeqS+//TzSuh6T7eEficCWeP/0gDuf3vUPT8GLcm3H4r1n8er/eAaMkrz8j/39/qCAe2LjSc15+3zCCSlPtR8ewqN6qTsf5bCyfjuFnYvjZGD4Sw9kY7o/hgRjODah8rI2jr//20Iul5fP97Vl8t8+Tl7L3gVrqiQohzHdZnvz6QK/Ps+f1+PVqtfmv8HUwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAoSnXPxcWZkohXH7j5WNPnTi7f3HM4UaKav1zvGmo0pguhEdjOBbDV2LPzfdfON0c3ophKcyFUig1xocnrzdy2hpCuBD2hiuhGnZfvvrSW3NPnLh4/NK+t189dG3t1gAAAABsfh8EAAD//9SuCeg=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x20000050)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000100)=ANY=[], 0x1, 0x2fa, &(0x7f0000001900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOl0hpbpQClUivD9JGQOc+5p7+2U5Nymw9ad148LOUvL6RUJxpQERES2RUYkKK6AcwzacVRavZCLg98+/n/r7r0b6UxmckapqfTspZRSanj03ZNncWfY+oBsjjzY+pr6svn35r9bP2cf5S2Vt1SxVFG6mit9ruhzpqEW8lZBU2raNHTLUPmiZZQb+VIjnzNLi4tVpRcXhhKLZcOylF6sqoJRVZWSqpSrKvRQzxeVpmlqKCHoJLsyM6OnD1k83+PJ4Dcpl9N6SETibZnsSl8mBAAA+srb/wdF9bL/Xz23URm8vTbs9P/rUb/+//KnxmMZSpr9f0xEfPt/9/l9+3+9u/6/vSM6W47U/+NkGI22nQo0w3qynNYTzt+v7eX91TE7oP8HAAAAAAAAAAAAAAAAAAAAAOBPsF2rJWu1WtI9uj/1XExEWn/3CInI1eOfMXppr+s/0Pn64xRo3rgXHhYxXy1ll7KNozNgQ0RMMWRMkvLDfj846rF755GqG5H35rJTv7yUDdmZdE7ydv24JCPira/Vpq5nJsdVw+76iCRa61OSlL/861O+9VG5cL6lXpOkfJiXkpiyYM+jWf98XKlrNzOe+rg9DgAAAACA00BTO3z375q2V75Rv7O/9n4+EGrur8d89+dh+S/c37UDAAAAAHBWWNWnBd00jfI+QVw6j2kEkQOM8QbhbgZ3Ebgr9KQGRPyX436XocfTOFjgPvmuVMw52fOXJdD+snQbBOUwVaP11aijrsL92GivMTI9cfxX0A7+efP2e+8e8MparMNKDx+E9n8DRJyvfwEAAAA4RZpNv3tmor8TAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDDqO/47W7zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8WvAAAA//9QvQLH")
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x980)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd05000700880000000600"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

3m15.471914481s ago: executing program 2 (id=25):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = io_uring_setup(0x3f1, &(0x7f0000000140)={0x0, 0x0, 0x3000})
poll(&(0x7f0000000080)=[{r0, 0x200}], 0x1, 0x6)

3m15.07917017s ago: executing program 2 (id=30):
r0 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc0b02)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)

3m14.724787906s ago: executing program 2 (id=31):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
stat(&(0x7f0000000240)='./file0/file0/file0\x00', &(0x7f0000000540))

3m14.662324805s ago: executing program 2 (id=32):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x458002, 0x55)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)

3m11.879962766s ago: executing program 2 (id=45):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000005c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
dup3(r0, r1, 0x0)

3m11.739046535s ago: executing program 32 (id=45):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000005c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
dup3(r0, r1, 0x0)

1m29.874940417s ago: executing program 0 (id=1120):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000104010100000000000000000d0000050500010004"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x44084)

1m29.792314844s ago: executing program 0 (id=1121):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x20000)

1m29.790585728s ago: executing program 0 (id=1122):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=ANY=[@ANYBLOB="911059000000000095"], &(0x7f00000003c0)='syzkaller\x00'}, 0x94)

1m29.674983018s ago: executing program 0 (id=1123):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r0, &(0x7f0000000080)='./file0/file0\x00', 0x8000, &(0x7f0000001dc0)={0x81, 0xc, 0x0, {r0}}, 0x20)

1m29.614702798s ago: executing program 0 (id=1124):
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4800}, 0x20000000)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, r3, 0x1, 0x70bd2c, 0x25dbdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x54)

1m29.26482127s ago: executing program 0 (id=1128):
unshare(0x22020600)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
poll(&(0x7f00000000c0)=[{r1}], 0x1, 0x70)

1m29.115665324s ago: executing program 33 (id=1128):
unshare(0x22020600)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
poll(&(0x7f00000000c0)=[{r1}], 0x1, 0x70)

2.832460683s ago: executing program 3 (id=2152):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)

2.830637094s ago: executing program 3 (id=2153):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSCAUSE(r0, 0x89e1, 0x0)

2.717956205s ago: executing program 3 (id=2154):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a6c000000060a0104000000000000000002000000400004803c0001800a0001006d617463680000002c00028014000300f4f03b0200000000030007116b61979e0c000100636c75737465720008000240000000000900010073797a30000000000900020073797a32"], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

2.577983028s ago: executing program 3 (id=2155):
socket$alg(0x26, 0x5, 0x0)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x8000000000000003}, 0x18)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000700), 0x0)
syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0xfad6}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x2c, 0x10, 0x800, 0x0, 0x0, {}, [@IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}]}, 0x2c}}, 0x20028000)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x32)

1.607845835s ago: executing program 1 (id=2156):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x619, &(0x7f0000000640)="$eJzs2z9onGUcB/Df3fX+tCc9h04uth2cCtJSt9xgS3KtVAiXFqE4VKiUYhGJEDjxyEE66AmtZiiOLkW4paZT0wwO0tCCs5SASuCGLIJBCMYhr1zuzeU0iYhGpPD5LM89P37P830eeG58g2daNvKb44GtwrvfR2R2aey3RVKpDEqtuNQZHTufJElysRiZeDPyceybw3PFoe2SYn88HhGFoe3ufnFo4ePVc/nO0sTaS1cetbODPYvxfESUB83J9B5HL/6zG7OfDsZiZebmZO1Wb1JrdjfeiPjq59H6/IX27Nxr+bNXe/XpiMdpf/9hZAbvY/ul9OX2yPlleFLe/nmvulhp9fIb1etPa83u553lkxsv1DoPro2sH124/fWpiKlexHg/d3th4V9d+w/5M1v5L6fF5pkT94/cOd14+KS+kvs16Usj0//RJxNb59ntzwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/lXnWxMnNzsnarUb3+tNbsfvTdt6+/MvXpyPyF9uxctnD2atr3OB0PpOP70YgP4p14K27EjXg7Jv8y5fDw5HImSnvk/3YoYvnke89FPLg2sj62cLt8Ku0bH6w4uB/X/lN+Jp01u1PHPrs82zxz4v6RO6cbD5/UV3I71xT39QQAAAAAAAAAAAAAAAAAAAAQMTp2/uj4q/WLEZFrlSLipw+zvXqSfuS++WV8KeJ42v9DWr9bimitnst3libWClcetX9M660oRityUf5y/lLEi4Oc6R3Jmf/6avwNvwcAAP//YYuKzg==")
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="c4000000190001000000000000000000e0000002000000000000000000000000ff02000000000000000000000000000100000000200000000a00000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000082000000000000000000000fbffffffffffffff0000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000c001500590735"], 0xc4}}, 0x2c000010)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="b8000000190001000000000000000000e000000200000000000000000000000000000000000000000000ff"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x25dfdbfd, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@loopback, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x10}, {0x8, 0x1, 0x0, 0x0, 0x8, 0x0, 0xffffffff, 0xffffffffffffffff}, {0x0, 0xfffffffffffffffa}, 0x4, 0x6e6bb5, 0x0, 0x1, 0x3, 0x3}}, 0xb8}}, 0x0)

1.234788015s ago: executing program 1 (id=2159):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x7}, [@FIB_RULE_POLICY=@FRA_OIFNAME={0x14, 0x11, 'veth0_to_bridge\x00'}, @FIB_RULE_POLICY=@FRA_FWMARK={0x8, 0xa, 0xfffffffb}, @FRA_SRC={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x17}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x40000)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)

1.158366146s ago: executing program 1 (id=2161):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000680)={0x15, 0x110, 0xfa08, {r2, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4e24, @empty}, @in={0x2, 0x4e20, @remote}}}, 0x118)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0xfffffc01, @empty, 0xfb}, {0xa, 0x4e20, 0x5, @local, 0x5}, r2, 0x295b}}, 0x48)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x6)
r4 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=@newqdisc={0x30, 0x24, 0x4, 0x20, 0x0, {0x0, 0x0, 0x0, r5, {0xf}, {0xffff, 0xa}, {0x0, 0xf}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x20000000)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000007000000050000000100000f10000000a5ab91f7ea2b502e0d0243e1df18"], &(0x7f0000005bc0)=""/255, 0x37, 0xff, 0x8, 0x1001}, 0x28)
setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c)
syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004500fde103000000007fff78000000000000000000004e22004d90780400000000000000000000000000000059268d95d99fae30ddbc4d22db6b769c013ff46e4d750c20775aabca88f56c71f69fc7bfaa95eac6004aba27963946d938beaf8f263c6a36adc8f81b333095189aba694834394bdcb0788440af1cf77c02e65ba98d93855a953e27fb5e0c86a76881e45428bb"], 0x0)
r9 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r9, 0x40946400, &(0x7f0000000140)={'ni_at_a2150\x00', [0xb013, 0x5, 0x0, 0x2, 0x88d7, 0x8f, 0x100a, 0x8012, 0x1002, 0xffffffff, 0x200, 0x7, 0x10000009, 0x4, 0x5, 0x1, 0x8, 0x6, 0x9, 0x8e, 0x108, 0x3, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0xc, 0x8, 0x400002, 0x2]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r7}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x106, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x0, 0x0, 0x1000, 0x3f8}, 0x0, 0x0)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=r6, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

282.830375ms ago: executing program 4 (id=2164):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90b, 0x9, '\x00', @p_u16=&(0x7f0000000040)}})

282.670254ms ago: executing program 4 (id=2165):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000ffc000/0x1000)=nil], &(0x7f0000002640), &(0x7f0000000000), 0x0)

277.743202ms ago: executing program 1 (id=2166):
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a4000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006b00000095"], &(0x7f0000000380)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x7, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)

214.834937ms ago: executing program 1 (id=2167):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=@ipv6_newaddr={0x40, 0x14, 0x1, 0x70bd2c, 0x25dfdbff, {0xa, 0x80, 0x3, 0xc8}, [@IFA_CACHEINFO={0x6, 0x6, {0xc8, 0x3, 0xc, 0x2}}, @IFA_LOCAL={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

214.740505ms ago: executing program 4 (id=2168):
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x21, 0x0)

197.601627ms ago: executing program 4 (id=2169):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000e4ffffff840000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

197.339956ms ago: executing program 1 (id=2170):
syz_mount_image$jfs(&(0x7f00000002c0), &(0x7f0000000040)='./bus\x00', 0xa, &(0x7f0000000340)=ANY=[@ANYRES8=0x0], 0xfa, 0x6158, &(0x7f000000c680)="$eJzs3c1vHGcdB/DfvvolNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDT288Szk93aqe2dtefzkZyZ3zyz9jP73dmXzMw+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADE97/3g5VORNz4eVqwFPGZ6EV0IxbKejkiFpaX8vr9iHgudprj2YgYzEWUt9/55+mIVyPio7MRW9vrq+Xiywfsx3f/+Pff/fDMW3/7w+Dif/90r/fapPXu3//Vf/784HDbDAAAAG1TFEXRSR/zz6XP992mOwUATEV+/S+SvPzU17/+51t/maX+qNVqtVo9hbqqGO9BtYiIjeptyvcMDscDwAmzER833QUaJP9W60fEmaY7Acy0TtMd4Fhsba+vdlK+nerrwfJuez4XZCT/jc6j6zsmTfdTP8dkWo+vzejFMxP6szClPsySnH+3nv+N3fZhWu+485+WSfkPdy99ap2cf6+ef83pyb87Nv+2yvn3nyj/nvwBAAAAAGCG5f//X2r4+O/c4TflQD7p+O/ylPoAAAAAAAAAAEftsOP/PWL8PwAAAJhZ5Wf10m/O7i2b9F1s5fLrnYinausDLZMulllsuh8AAAAAAAAAAAAA0Cb93XN4r3ciBhHx1OJiURTlT1W9flKHvf1J1/bthzZr+kkeAAB2fXS2di1/J2I+Iq6n7/obLC4uFsX8wmKxWCzM5fezw7n5YqHyuTZPy2VzwwO8Ie4Pi/KXzVduV7Xf5+X92uu/r/xbw6J3gI4dkUG6Nyc0NxQ2ACS7r0ZbXpFOmaJ4etKbDxhh/z+FlmKp6ccVs6/phykAAABw/IqiKDrp67zPpWP+3aY7BQBMRX79rx8XOFTdndAecTS/X61Wq9Vq9aeqq4rxHlSLiNio3qZ8z2A4fgA4YTbi46a7QIPk32r9iHiu6U4AM63TdAc4Flvb66udlG+n+nqQxnfP54KM5L/R2bldvv246X7q55hM6/G1Gb14ZkJ/np1SH2ZJzr9bz//GbvswrXfc+U/LpPyHO5fMtU/Ov1fPv+b05N8dm39b5fz7T5R/T/4AAAAAADDD8v//Lzn+mzcZAAAAAAAAAE6cre311Xzdaz7+/7kx67n+83TK+XeeNP+FNC//Ey3n363l/+Xaer3K/MM39/b/f2+vr/7+3r8+m6cHzX8uz3TSI6uTHhGd9Jc6/TQ9zNY9bnPQG5Z/adDp9vrpnJ9i8E7cituxFpdG1u2m+2OvfWWkvezpYKT98kh7/7H2KyPtg/S9A8VCbr8Qq/GTuB1v77QPR+/2seb3uX+Kfdpz/j3P/62U8+9Xfsr8F1N7pzYtPfyw+9h+X52O+ztv3Pr8Ly8d/+bsazN6j7atqty+8w30Z+c+OTOMn91du3Ph/s179+6sRJqMLL0caXLEcv6DnZ+5vef/F3bb8xNQdX99+OHwifOfFZvRn5j/C5X5cntfmnLfmpDzH6afnP/bqX38/n+S85+8/7/cQH8AAAAAAAAAAAAAAADgkxRFsXOJ6BsRcTVd/9PUtZkAwHTl1/8iycvVarVarVafvrqqGO/1ahERf63epnzP8ItxvwwAmGX/i4h/NN0JGiP/Fsvf91dOX2y6M8BU3X3/gx/dvH177c7dpnsCAAAAAAAAAHxaefzP5cr4zy9GxFJtvZHxX9+M5cOO/9nPM48GGD3igb4n2OwOe93KcOPPx8743Bcmjf99Ph4f/zuPidurbscEg33ah/u0z+3TPj926V5aYy/0qMj5P18Z77zM/1xt+PU2jP9aH/O+DXL+5yuP5zL/L9XWq+Zf/Hbm8t846Iqb0R3J/+K993568e77H7xy672b7669u/bjKysrl65cvXrt2rWL79y6vXZp99/j6fUMyPnnsa+dB9ouOf+cufzbJef/hVTLv11y/l9MtfzbJeef3+/Jv11y/vmzj/zbJef/Uqrl3y45/6+kWv7tsrW9Plfm/3Kq5d8uef//aqrl3y45/1dSLf92yflfSLX82yXnfzHVB8jf18OfIjn/fITL/t8uOf+VVMu/XXL+l1Mt/3bJ+V9JtfzbJef/aqrl3y45/6+lWv7tkvO/mmr5t0vO/+upln+75PyvpVr+7ZLz/0aq5d8uOf9vplr+7ZLzfy3V8m+XnP+3Ui3/dsn5fzvV8m+XnP93Ui3/dsn5v55q+bfL3vf/mzFjxkyeafqZCQAAAAAAAAAAAACom8bpxE1vIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2cHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi7txi57voO4Gf2Yq8dQgyE4KQG1o4xxlmy60t8oXUx4doApUBCoRds17s2C77htUugSDYNlEgYFVVUTR/aAkJtpKrCqnigFaV5qHp5atoH+lJRVUJqVIUooCK1Fc1WM+f//3tmdnZm1ztez57/5yPZv92ZM3POnDkzu9+1v3sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZlvfPPP5WlEU9T+NvzYVxYvqH28Y39S47A23egsBAACAlfq/xt/P35EuOLKEGzUt83ev+sdvzs/PzxcfHP7d0S/Pz6crxotidH1RNK6Lrv37h2rNywSPFWO1oabPh3qsfrjH9SM9rh/tcf26Htev73H9WI/rF+yABTaUP49p3Nn2xoebyl1a3FmMNq7b3uFWj9XWDw3Fn+U01Bq3mR89WcwWp4uZYqpl+XLZWmP5b2+tr+sdRVzXUNO6ttSPkB9++kTchlrYx9tb1nX9PqMfvKkY/9EPP33ijy8+e3en2XM3tNxfuZ07t9W387PhknJba8X6tE/idg41beeWDs/JcMt21hq3q3/cvp3PL3E7h69v5qpqf87HiqHGx0839tNI84/10n7aEi7773uLorhyfbPbl1mwrmKo2NhyydD152esPCLr91E/lF5ajCzrON26hOO0Pqe3tx6n7a+J+PxvDbcbWWQbmp+mH3xm3YLnfbnHaVR/1Iu9VtqPwX6/VgblGIzHxdONB/14x2Nwe3j8n96x+DHY8djpcAymx910DG7rdQwOrRtubHN6EmqN21w/Bne3LD/cWFOtMZ/Z0f0YnLx45vzk3Cc/9frZM8dPzZyaObt39+6pvfv3Hzx4cPLk7OmZqfLvG9zbg29jMZReA9vCvouvgde2Ldt8qM5/tX+vw7Eur8NNbcv2+3U40v7gaqvzglx4TJevjYfrO33s6lCxyGus8fzsWvnrMD3uptfhSNPrsOPXlA6vw5ElvA7ry5zftbTvWUaa/nTahpv1tWBT0zHY/v1I+zHY7+9HBuUYHAvHxb/uWvxrwZawvY9PLPf7keEFx2B6uOG9p35J+n5/7GBjdDou76lfcdu64tLczIX7Hz1+8eKF3UUYq+JlTcdK+/G6sekxFQuO16FlH69HZl/1+D0dLt8U9tXY6+t/jS36XNWX2Xd/9+eq8dWt8/5suXRPEUafrfb+7PTVvL4/U5bssj/ry3x2cuXfi6dc2vT+O7rI+2/M/S+U60t39djw6Ej5+h1Oe2e05f249akaabx31Rrrfn5yae/Ho+HPar8f39nl/Xhz27L9fj8ebX9w8f241uunHSvT/nyOhePk9FT39+P6Mpv3LPeYHOn6fnxvmLWw/18XkkLKRU3HzmLHbVrXyMhoeFwjcQ2tx+neluVHQzarr+vJPTd2nO68t7yv4fTorlut43S8bdl+H6fp/Wqx47TW66dvN6b9+RwLx8Wde7sfp/Vlntq38vfODfHDpvfOdb2OwdHhdfVtHk0HYfl+P78hHoP3FyeKc8XpYrpx7brG8VRrrGvigaUdg+vCn9V+r9zc5Rjc2bZsv4/B9HVssWOvNrLwwfdB+/M5Fo6LJx7ofgzWl3nLgf5+77ozXJKWafretf3na4v9zOuett10M3/mVd/OvznQ/Wez9WVOH1xuzuy+n+4Ll9zWYT+1v34Xe01NF6uznzaH7Xz24OL7qb499WW+fGiJx9ORoiguf/zBxs97w7+v/Pml736z5d9dOv2bzuWPP/jc7Sf/djnbD8Da90I5NpZf65r+ZWop//4PAAAArAkx9w+Fmcj/AAAAUBkx98f/FZ7I/wAAAFAZMfePhJlkkv83v+XZ2RcuF6mZPx/E69NueKhcLnZcp8Ln4/PX1S9/8OszP/7Ly0tb91BRFD956Dc6Lr/5obhdpfGwndfe2nr5whteXtL6jz1yfbnm/vpXwv3Hx7PUw6BTBXeqKIpv3/HFxnrGP3S1MZ966Fhjvu/K44/Vl3n+UPl5vP0zLyuX/4NQ/j1y8njL7Z8J++H7YU69s/P+iLf7xtXXbTnwgevri7erbXtx42E/8eHyfuPvyfnSY+XycT8vtv1/9YUnv1Ff/tHXdN7+y0Odt//JcL9fD/N/Xlku3/wc1D+Pt/tc2P64vni7+7/2nY7bf+3z5fLn31YudyzMuP6d4fPtb3t2tnl/PVo73vK4ireXy8X1T333txvXx/uL99++/WNHr7bsj/bj46l/Lu9nsm35eHlcT/QXbeuv30/z8RnX/+RvHWvZz73Wf+19z7yyfr/t67+vbbnhttu3/8amP/zcFzuuL27PkT873/J4jrw3vI7D+p/4cDgew/X/e+2LLeuNjr239f0nLv+VTZdbHk/0jh+V67/2xlON+R/jP/792150+4uvvLq+74ri6feX99dr/af+6FzL9n/1rl2N5yNeHzv67etfTFz/hU9MnD03d2l2ummvNn53zrvK7Vk/tmFjfXvvCO+t7Z8fPXfxIzMXxqfGp4pivLq/Qu+GfS3M58pxZbm33/VIeD7v+b1vb9zxT1+Il//Lw+XlV99Zft16bVjuS+HyTeXzN19b4fqf2HpX4/Vde6r8vKXH3gdbtv/nwSUtGB5/+/cF8Xg///KPNPZD/brG1434ul7h9n9vuryfb4X9Oh9+M/O2u66vr3n5+LsRrr6/fL2veP+Ft7n4vP5JeL7f/f3y/uN2xcf7vfB9zHc2t77fxePjW5eH2u+/8Vs8roT3k+JKeX1cKu7vq8/f1XHz4u8hKa7c3fj8d9L93L2sh7mYuU/OTZ6ePXvp0cmLM3MXJ+c++amjZ85dOnvxaON3eR79aK/bX39/2th4f5qe2b+vmNpQFMW5YmoV3rBuzvbXP1ra9p9/5MT0gakd0zMnj186efGR8zMXTp2YmzsxMz234/jJkzOf6HX72enDu/cc2ntgz8Sp2enDBw8d2ntoYvbsufpmlBvVw/6pj02cvXC0cZO5w/sO7X7ggX1TE2fOTc8cPjA1NXGp1+0bX5sm6rf+9YkLM6ePX5w9MzMxN/upmcO7D+3fv6fnbwM8c/7k3PjkhUtnJy/NzVyYLB/L+MXGxfWvfb1uTzXN/Vv5/Wy7WvmL+Ir33Lc//X7Wuq9/ZtG7Khdp+wWiz4bfRfMPLzl/cCmfx9w/GmaSSf4HAACAHMTcvy7MRP4HAACAyoi5f32YifwPAAAAlRFz/1iYSSb5X/9f/39p/f/yev3/vPr/5z9e9krXev8/9uf1//Nwi/v/K16//r/+f/X6/0vvz6/17df/1/9noUHr/8fcv6Eossz/AAAAkIOY+zeGmcj/AAAAUBkx998WZiL/AwAAQGXE3P+iMJNM8r/+/5L6/3t6Fa6q3/93/n/9/2Jt9v/jk6P/n41l9+8/8HDLp/r/gf6//r/+v/6//j8rNrroNbeq/x9z/+1hJpnkfwAAAMhBzP0vDjOR/wEAAKAyYu6/I8xE/gcAAIDKiLl/U5hJJvlf/9/5//X/9f8r3f9f6fn/mzZG/39tcP7/7pbd/1+v/7+0/v+Y/v9a7P+P9nf7B7v/33Pz9f+5KQbt/P8x978kzCST/A8AAAA5iLn/pWEm8j8AAABURsz9Lwszkf8BAACgMmLuvzPMJJP8r/+v/6//r/+v/995/b3P/19+pP8/WPT/u3P+/x6c/z+v/n+ft3+w+//9Pv//6Fvbb6//TyeD1v+Puf/lYSaZ5H8AAADIQcz9d4WZyP8AAABQGTH3vyLMRP4HAACAyoi5f3OYSSb5X/9f/1//X/9f/7/z+nv3/0v6/4NF/787/f8e9P/1//X/l9b/7/DNr/4/nQxa/z/m/rvDTDLJ/wAAAJCDmPvvCTOR/wEAAKAyYu7/qTAT+R8AAAAqI+b+LWEmmeR//X/9f/3/vPr/963T/9f/rzb9/+70/3vQ/9f/1/9f4vn/F1pO/399rzujMgat/x9z/yvDTDLJ/wAAAJCDmPtfFWYi/wMAAEBlxNz/6jAT+R8AAAAqI+b+8TCTTPK//n+1+v9/+tdPvLrQ/9f/77H+ivb/42Gg/585/f/u9P970P/X/9f/X5X+P/kYtP5/zP1bw0wyyf8AAACQg5j7t4WZyP8AAABQGTH33xtmIv8DAABAZcTcvz3MJJP8r/9frf5/pP+v/99t/RXt/yf6/3nT/++g6UWq/9+D/r/+f/b9//jdr/4//TFo/f+Y+18TZpJJ/gcAAIAcxNy/I8xE/gcAAIDKiLn/tWEm8j8AAABURsz9O8NMMsn/+v/6//r/+v/6/53Xr/+/Nun/d7fc/v86/X/9f/3/zPr/zv9Pfw1a/z/m/teFmWSS/wEAACAHMffvCjOR/wEAAKAy4v/fLP/fq/wPAAAAVRRz/0SYSSb5X/9f/z+n/n9N/1//X/+/8vT/u3P+/x70//X/9f/1/+mrQev/x9z/+jCTTPI/AAAA5CDm/vvDTOR/AAAAqIyY+yfDTOR/AAAAqIyY+6fCTDLJ//r/+v859f+d/1//X/+/+vT/u9P/70H/X/+/av3/otD/55YatP5/zP27w0wyyf8AAACQg5j794SZyP8AAABQGTH37w0zkf8BAACgMmLu3xdmkkn+1/+vav9/vtD/1/9fbP36//r/Vab/353+fw/6//r/Vev/O/8/t9ig9f9j7n8gzCST/A8AAAA5iLl/f5iJ/A8AAACVEXP/gTCTkP87/b9uAAAAYG2Juf9gmEkm//6v/1+R/v9v/n3Lup3/X/+/2/r70//foP8fpv7/YKlo/7/9ZXHD9P970P/X/9f/1/+nrwat/x9z/6Ewk0zyPwAAAOQg5v43hJnI/wAAAFAZMff/dJiJ/A8AAACVEXP/z4SZZJL/9f8r0v9vo/+v/99t/c7/r/9fZRXt//dNpfr/Q/r/+v+Dtf36//r/LHTz+//xo6X1/2PuPxxmkkn+BwAAgBzE3P+zYSbyPwAAAFRGzP1vDDOR/wEAAKAyYu4/EmaSSf7X/9f/1//X/785/f83Fu0Gsf9fP3j0/6tF/7+7SvX/nf9f/3/Atl//X/+fhQbt/P8x978pzCST/A8AAAA5iLn/wTAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMJJP8r/+v/6//r//v/P+d16//vzbp/3en/9+D/r/+v/6//j99NWj9/5j73xpmkkn+BwAAgBzE3P+2MBP5HwAAACoj5v63h5nI/wAAAFAZMfe/I8wkk/yv/6//r/+v/6//33n9+v9rk/5/d/r/Pej/6//r/+v/01eD1v+Puf/nwkwyyf8AAACQg5j7Hwozkf8BAACgMmLuf2eYifwPAAAAlRFz/7vCTDLJ//r/+v/6//r/+v+d16//vzbp/3en/9+D/r/+v/6//j99NWj9/5j73x1mkkn+BwAAgBzE3P/zYSbyPwAAAFRGzP3vCTOR/wEAAKAyYu7/hTCTTPK//r/+/2D1/+cvN99O/1//v+hX/79+I/3/LOj/d6f/30OH/v96/X/9f/1//X9u2KD1/2Puf2+YSSb5HwAAAHIQc//7wkzkfwAAAKiMmPvfH2Yi/wMAAEBlxNz/cJhJJvlf/z/L/n96yIPX/3f+f/1/5//X/18Z/f/u9P97cP5//X/9f/1/+mrQ+v8x9z8SZpJJ/gcAAIAcxNz/gTAT+R8AAAAqI+b+Xwwzkf8BAACgMmLu/2CYSSb5X/8/y/7/AJ//v2r9/5GW4yOn/v9Y0/OZjkv9f/3/VaD/353+fw/6//r/g9z/D0fzhkVur//PIBq0/n/M/R8KM8kk/wMAAEAOYu7/pTAT+R8AAAAqI+b+Xw4zkf8BAACgMmLu/5Uwk0zyv/6//r/+v/P/O/9/5/Xr/69N+v/d6f/3oP+v/z/I/f8e9P8ZRIPW/4+5/1fDTBYNfs/91xIeJgAAADBAYu7/cJhJJv/+DwAAADmIuf9omIn8DwAAAJURc/+xMJNM8r/+f3v/P55RVf9f/1//X/9f/38t6l///xW3F4X+v/6//r/+/2r2/4f0/6mcQev/x9x/PMwkk/wPAAAAOYi5/9fCTOR/AAAAqIyY+0+Emcj/AAAAUBkx90+HmVQx/7eXam9t/390MPv/zv9/o/3/n+j/6/8H+v+d6f+vDuf/707/vwf9f/1/5//X/6evBq3/H3P/TJhJFfM/AAAA5CX9ODjm/pNhJvI/AAAAVEbM/afCTOR/AAAAqIyY+z8SZpJJ/nf+f/1/5/+/Ff3/kZbl9f9L+v/6//2g/9+d/n8P+v/6//r/+v/01aD1/2Punw0zyST/AwAAQA5i7v9omIn8DwAAAJURc//HwkzkfwAAAKiMmPtPh5lkkv/1//X/c+//14riivP/6/93Wr/+/9qk/9+d/n8P+v/6//r/+v/01aD1/2PuPxNmkkn+BwAAgBzE3H82zET+BwAAgMqIuf9cmIn8z/+zdx/Ncp3VHof7+toKo3s/wh3fEUMYmY/AlBlVjKkimBxskzOYnIPJOedkcs45m5yjiYYqUZLWWtLRae0+0mmd3vtdzzNZSCXRfayWqD+qnzcAAADDyN1/z7ilyf7X/+v/u/f/q508/3/vj9f/n6X/1/9vw77+/ur1P+5iUfhF+/873PG6u+n/9f/6/0n6f/2//p8Lza3/z91/r7ilyf4HAACADnL33ztusf8BAABgGLn77xO32P8AAAAwjNz918UtTfa//l//r//X/+/p/2/R/+v/l83z/6fp/zfQ/+v/9f/6f7Zqbv1/7v77xi1N9j8AAAB0kLv/fnGL/Q8AAADDyN1//7jF/gcAAIBh5O5/QNzSZP/r//X/+v+l9P/HPP//gq9H/6//X0f/P03/v4H+X/+v/9f/s1Vz6/9z9z8wbmmy/wEAAKCD3P0PilvsfwAAABhG7v4Hxy32PwAAAAwjd/9D4pYm+1//r//X/y+l/z+i5//r//X/C3fz6tyfCUfd/x/bwr9/QP8/7/5/tdL/TzlwP7/+y1vO+78I/b/+n/3m1v/n7n9o3HLn1erY5X6RAAAAwKzk7n9Y3NLk7/8BAACgg9z918ct9j8AAAAMI3f/DXFLk/2v/9f/6//1//r/9a+v/18mz/+fdvj+////9x5379v/e/7/NM//33b/f/qTof9n2ebW/+fuvzFuabL/AQAAoIPc/Q+PW+x/AAAAGEbu/kfELfY/AAAADCN3/yPjlib7X/8/Wv//33t+3nn9/5naRf+v/9f/6/9Hp/+f5vn/G5z5Y+5kfVP/r//3/H/9P4czt/4/d/+j4pYm+x8AAAA6yN3/6LjF/gcAAIBh5O5/TNxi/wMAAMAwcvc/Nm5psv/1/6P1/3t/nuf/6//Xvb7+X/8/Mv3/NP3/BqM8//8yPzW77ucPa9fvX/+v/2e/ufX/ufsfF7c02f8AAADQQe7+x8ct9j8AAAAMI3f/E+IW+x8AAACGkbv/iXFLk/2v/9f/L6P/z1fQ/+v/r3z/n/T/y6T/n6b/32CU/v8y7bqfX/r71//r/9lvbv1/7v4nxS1N9j8AAAB0kLv/yXGL/Q8AAADDyN3/lLjF/gcAAIBh5O5/atzSZP/r//X/y+j/Pf9f/+/5//r/g9H/T9P/b6D/1//r//X/bNXc+v/c/TfFLU32PwAAAHSQu/9pcYv9DwAAAMPI3f/0uMX+BwAAgGHk7n9G3NJk/+v/9f/6f/2//n/96+v/l0n/P03/v4H+X/+v/9f/s1Uz6v/P+1knVs+MW5rsfwAAAOggd/+z4hb7HwAAAIaRu//ZcYv9DwAAAMPI3f+cuKXJ/tf/z6b/P5PzjdX/n1ytVvr/VdP+/+R5v571udT/6/+PgP5/mv5/A/2//l//r/9nq462/z/9Z/70vw8gd/9z45Ym+x8AAAA6yN3/vLjF/gcAAIBh5O5/ftxi/wMAAMAwcve/IG5psv/1/7Pp/88Yq//3/P8LPx+d+n/P/99P/3809P/T9P8b6P/1//p//T9bdbT9/+Zv5+5/Ydx07JrL/hIBAACAmcnd/6K4pcnf/wMAAEAHuftfHLfY/wAAALBQN+37ntz9L4lbmux//f92+/9j532f/l//f+HnQ/+v/9f/X3n6/2n6/w30//p//b/+n62aW/+fu/+lcUuT/Q8AAAAd5O6/OW6x/wEAAGAYuftfFrfY/wAAADCM3P0vj1ua7H/9v+f/6//1//r/9a+v/18m/f80/f8G+n/9/277/+Pn/qP+nzFcQv9/6tSp6694/5+7/xVxS5P9DwAAAB3k7n9l3GL/AwAAwDBy978qbrH/AQAAYBi5+18dtzTZ//r/pv1/ftSX1f/fsFrp//X/+n/9/zT9/zT9/wb6f/2/5//r/9mquT3/P3f/a+KWJvsfAAAAOsjd/9q4xf4HAACAYeTuf13cYv8DAADAMHL3vz5uabL/9f9N+3/P/9f/6/+Puv+/faX/PxKL6P9PXvz1597/36j/1/9PaNf/3+VOe76p/9f/s9/c+v/c/W+IW5rsfwAAAOggd/8b4xb7HwAAAIaRu/9NcYv9DwAAAMPI3f/muOnqJvtf/6//1//r//X/61//iJ//f2y1Wun/t2AR/f+Euff/23n+/4W/y8/R/+v/l/z+9f/6f/abW/+fu/8tcUuT/Q8AAAAd5O5/a9xi/wMAAMAwcve/LW6x/wEAAGAYufvfHrc02f/6f/2//l//P3z/f+Mi+n/P/98S/f+0efT/F6f/1/8v+f3r//X/HNyu+v/c/e+IW5rsfwAAAOggd/874xb7HwAAAIaRu/9dcYv9DwAAAMPI3f/uuKXJ/tf/6/8vpf/P96n/H6v/Pz67/v/Env++Js//1/9vif5/mv5/A/2//l//f5P+n22a2/P/c/e/J25psv8BAACgg9z9741b/9et/Q8AAADDyN3/vrjF/gcAAIBh5O5/f9zSZP/r//X/nv+v/x/++f/6/1b0/9P0/xvo//X/+n/P/2er5tb/5+7/QNzSZP8DAABAB7n7Pxi32P8AAAAwjNz9H4pb7H8AAAAYRu7+W+KWJvtf/6//1//r//X/Z38N9f9j0P9PO5r+/6T+X/9f/fx/xe8C/b/+f9PPZ0xz6/9z9384bmmy/wEAAKCD3P0fiVvsfwAAABhG7v6Pxi32PwAAACzS1Wu+L3f/x+KWJvtf/6//1//r//X/619f/79MO+n/80Oh//f8/9Cn//+/Pd9a2vP/L/zfL/2//p/tm1v/n7v/43FLk/0PAAAAHeTu/0TcYv8DAADAMHL3fzJusf8BAABgGLn7PxW3NNn/+n/9v/5f/6//X//6+v9l8vz/afr/DfT/O31+/tLfv/5f/89+c+v/c/d/Om5psv8BAACgg9z9n4lb7H8AAAAYRu7+z8Yt9j8AAAAM48zuz7is4f7X/+v/9f/6f/3/+tfX/y+T/n+a/n8D/b/+X/+v/2er5tb/f+7Mzzqx+nzc0mT/AwAAQAe5+78Qt9j/AAAAMIzc/V+MW+x/AAAAGEbu/i/FLU32v/5f/7+M/v/UqVPX6//1/3u/nnP9/636f4r+f5r+fwP9v/5f/6//Z6vm1v/n7v9y3NJk/wMAAEAHufu/ErfY/wAAADCM3P1fjVvsfwAAABhG7v6vxS1N9r/+fwb9/wn9v+f/6/9Xnv+v/98S/f80/f8GI/b/Jw7+5e+6nz+sXb9//b/+n/3m1v/n7v963NJk/wMAAEAHufu/EbfY/wAAADCM3P3fjFvsfwAAABhG7v5vxS1N9r/+/+j6/9P/7Lo8///kav371//r//X/+v8rTf8/Tf+/wYj9/yXYdT+/9Pev/9f/s9/c+v/c/d+OW/YOv2su7asEAAAA5iR3/3filiZ//w8AAAAd5O7/btxi/wMAAMAwcvd/L25psv/1/zN4/v+A/b/n/6//fOj/Z93/X6X/H4P+f5r+fwP9v/5f/7+l/j8/zfr/7ubW/+fu/37c0mT/AwAAQAe5+38Qt9j/AAAAMIzc/T+MW+x/AAAAGEbu/lvjlvP2/7q2exT6f/2//l//r/9f//r6/2XS/087aP9/fHW4/j/p//X/+v+u/b/n/3PW3Pr/3P0/ilv8/T8AAAAszjUX+f7c/T+OW+x/AAAAGEbu/p/ELfY/AAAADCN3/0/jltuu2tVbOlL6f/2//l//r/9f//r6/2XS/0/z/P8N9P/b6Oev1f+P0f+vVvp/Dm9u/X/u/p/FLf7+HwAAAIaRu//ncYv9DwAAAMPI3f+LuMX+BwAAgGHk7v9l3NJk/+v/9f+H7P/PpJn6/7P0/2fp/9fT/x8N/f80/f8G+n/P/9f/e/4/WzW3/j93/6/ilib7HwAAADrI3f/ruMX+BwAAgGHk7v9N3GL/AwAAwDBy9/82bmmy/3fW/8c/av3/4vt/z/+/4v3/6a9O/6//1/8flP5/mv5/A/2//l//r/9nq+bW/+fu/13c0mT/AwAAQAe5+38ft9j/AAAAMIzc/X+IW+x/AAAAGEbu/j/GLU32v+f/6//1/3Pv/z3/X/+v/78U+v9p+v/16hdK/6//1//r/9mqufX/ufv/FLc02f8AAADQQe7+P8ct9j8AAAAMI3f/bXGL/Q8AAADDyN3/l7ilyf7X/+v/9f/6f/3/+tfX/y+T/n/aLvv/u/7P5pf1/P+d9//5FvT/+n/9P1sxt/4/d/9f45Ym+x8AAAA6yN3/t7jF/gcAAIBh5O7/e9xi/wMAAMAwcvf/I25psv839P/H6wfq/yfp//e+f/3/+s+H/l//r/+/8vT/06b7//N+Nzd7/n/R/3v+v/5f/89Wza3/z93/z7ilyf4HAACADnL33x632P8AAAAwjNz9/4pb7H8AAAAYRu7+f8ctTfa/5/8vqf+/Vv+v/9f/6//1/xvo/6ft8vn/B6H/1/8v+f3r//X/7De3/j93/38CAAD//7iNUc0=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0)

193.333785ms ago: executing program 3 (id=2171):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x17, 0x1, 0x1100, &(0x7f0000000040)="387ed7626d850509a2d6c1aa38f15cd0c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8ddbf5e20d604413ed2ddf9bcbf881caf811852806175d638909f6234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a9013923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})

99.273662ms ago: executing program 4 (id=2172):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_off}]})

154.03µs ago: executing program 4 (id=2173):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x51, &(0x7f0000000100)={[{@nombcache}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x40}}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xb760}}]}, 0x8, 0x5fe, &(0x7f0000000ac0)="$eJzs3c1vVFUbAPDnTD9p3/dtIW9UXEgTYyBRWlrAEGMi7AnBj52rSgtBCiW0RosklgQ3JsaNCxNXLsT/QkncunDrwo0rQ0KMYSGGyJg7vVNupzOlXzNTOr9fcuk993bueW7p03PvmXPmBtCxRrJ/ShH7I+Jqihgq7OuOfOfI0vfd//PGuWxJUS6//UeKG5+kxeKxUv51MH/xP0ORfi5F7OtaXe/cwvVLkzMz09fy8tj85atjcwvXD1+8PHlh+sL0lYlXJ04cP3b8xPiRLZ1fserTt97/cOizM+9++/XDNP7dr2dSnIxH+Tdk51X72r4t1Zz9zEaivORBcXv2cz2xxWPvFH8NVX9PHku1G9ixzue/j/+LiGdjKLoK/5tD8embbQ0OaKpyimobBXSctKn879/+QIAWq14HVO/t690Hr1Zq8lUJ0Ar3Ti11ACzlfk9EVPO/e6lvMPoj2zpwP63o50kRsbWeuSVZHT/9eOZWtkSDfjigORZvVnu5a9v/VMnN4eivlAbul1bkf6mwZNvf2mT9IzVl+Q+ts3gzIp7L2//e2FD+jxTy/71N1i//AQAAAAAAYPvcORURr9Qb/1daHv/TW2f8z2BEnNyG+p/8/l/pbr6StqE6oODeqYjXI8qpTv7nhrvy0n8r4wF60vmLM9NH8jmDh6KnLyuP1xy3OEL48Of7vmpUf3H8X7Zk9VfHAuZHuttdMxF3anJ+cqvnDUTcuxnxfGX874F8y8rxP1n7n+q0/1l+X11nHfteun220b4n5z/QLOVvIg7Wnf/z+HI7rf35HGOV64Gx6lXBai98/MX3jeqX/9A+Wfs/sHb+96Xi5/XMbez4vRFxdKG73Gj/Zq//e9M7XdXjZz6anJ+/Nh7Rm06v3j6xsZhht6rmQzVfsvw/9OLa/X/L1/+FPNwTEYvrrPOZR4O/Ndqn/Yf2yfJ/au32f3hl+7/xlYnbwz80qv/sutr/Y5U2/VC+Rf8fFK3+PI71JmhbwgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp1wpIv4TqTS6vF4qjY5GDEbE/2OgNDM7N//y+dkPrkxl+yrP/y9Vn/Q7tFRO1ef/DxfKEzXloxGxNyK+7NpTKY+em52ZavfJAwAAAAAAAAAAAAAAAAAAwA4xWJnzX+6rnf+f+b2r3dEBTdedf5Xv0Hm6N/3Kct+2BgK03ObzH3jarT//e5oaB9B6jfP/wcNyRUvDAVrI9T90rk3mv7cLYBfQ/kOnWmefXn+z4wDaQfsPAAAAAAC7yt4Dd35JEbH42p7KkunN9xnsD7tbqd0BAG1jDC90ru7ZdkcAtIt7fCAtr/1dd7J/49H/qTkBAQAAAAAAAAAAAACrHNxv/j90qrXn/xvbD7vZGvP/6yW/jwuAXaTxoz9Sb0sDAVrOPT7wpDt98/8BAAAAAAAAAAAAYAfov35pcmZm+trcwtO38sbOCGNjK4uTOyKMbV151Jwj90TEzjjBVq9U5961MYw2/10CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACW/RsAAP//2SQnmg==")

0s ago: executing program 3 (id=2174):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000004bfa200000000000007020000f8ffffffb70bfa0009000000000000000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xd0}]}, 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

kernel console output (not intermixed with test programs):

[ T6708] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  169.609110][ T6708] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  169.616360][ T6708] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  169.619811][ T6708] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.623027][ T6708] usb 4-1: Product: syz
[  169.624632][ T6708] usb 4-1: Manufacturer: syz
[  169.626306][ T6708] usb 4-1: SerialNumber: syz
[  169.685241][ T8948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.691424][ T8948] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.695653][   T24] usb 2-1: USB disconnect, device number 22
[  169.741001][ T5811] Bluetooth: hci2: command tx timeout
[  169.840445][ T6708] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  169.886971][ T6708] usb 4-1: USB disconnect, device number 15
[  169.934434][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.198011][ T8968] loop4: detected capacity change from 0 to 32768
[  170.230887][ T8968] syz.4.1152: attempt to access beyond end of device
[  170.230887][ T8968] loop4: rw=2049, sector=2621792, nr_sectors = 8 limit=32768
[  170.273729][  T117] blkno = 5002c, nblocks = 1
[  170.291471][  T117] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[  170.291471][  T117] 
[  170.295887][  T117] ERROR: (device loop4): remounting filesystem as read-only
[  170.562539][ T8977] loop3: detected capacity change from 0 to 512
[  170.815209][ T8981] loop1: detected capacity change from 0 to 32768
[  170.822567][ T8981] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1159 (8981)
[  170.839300][ T8981] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  170.855403][ T8981] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  170.944674][ T9002] loop3: detected capacity change from 0 to 64
[  170.969036][ T8981] BTRFS info (device loop1): rebuilding free space tree
[  170.977003][ T8981] BTRFS info (device loop1): disabling free space tree
[  170.990666][ T8981] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  170.994429][ T8981] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  171.003349][ T8981] BTRFS info (device loop1): checking UUID tree
[  171.019323][ T8981] BTRFS info (device loop1): setting nodatasum
[  171.032497][ T8981] BTRFS info (device loop1): enabling ssd optimizations
[  171.035692][ T8981] BTRFS info (device loop1): turning off barriers
[  171.038261][ T8981] BTRFS info (device loop1): disabling tree log
[  171.048571][ T8981] BTRFS info (device loop1): turning on flush-on-commit
[  171.058884][ T8981] BTRFS info (device loop1): force clearing of disk cache
[  171.069036][ T8981] BTRFS info (device loop1): max_inline set to 0
[  171.078868][ T9007] binder: 9006:9007 ioctl 4018620d 0 returned -22
[  171.089685][ T9007] binder: 9006:9007 ioctl c0306201 200000000240 returned -11
[  171.151021][ T5807] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  171.350572][ T6708] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  171.504212][ T6708] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  171.508139][ T6708] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.514476][ T6708] usb 4-1: config 0 descriptor??
[  171.831298][ T5811] Bluetooth: hci2: command tx timeout
[  171.945672][ T6708] ath6kl: Failed to submit usb control message: -71
[  171.952533][ T6708] ath6kl: unable to send the bmi data to the device: -71
[  171.964851][ T6708] ath6kl: Unable to send get target info: -71
[  171.996061][ T6708] ath6kl: Failed to init ath6kl core: -71
[  172.001574][ T6708] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  172.016784][ T6708] usb 4-1: USB disconnect, device number 16
[  172.299832][ T9039] loop4: detected capacity change from 0 to 512
[  172.322907][ T9039] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  172.406215][   T34] audit: type=1800 audit(2000000033.471:44): pid=9039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1176" name="file1" dev="loop4" ino=1048623 res=0 errno=0
[  172.885447][ T9039] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  172.971346][ T6708] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  173.107546][ T9056] sctp: [Deprecated]: syz.4.1181 (pid 9056) Use of struct sctp_assoc_value in delayed_ack socket option.
[  173.107546][ T9056] Use struct sctp_sack_info instead
[  173.124135][ T6708] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  173.128187][ T6708] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.133730][ T6708] usb 4-1: config 0 descriptor??
[  173.138834][ T6708] cp210x 4-1:0.0: cp210x converter detected
[  173.330489][ T5861] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  173.492630][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  173.496473][ T5861] usb 2-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00
[  173.500009][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.510689][ T5861] usb 2-1: config 0 descriptor??
[  173.543446][ T6708] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  173.554192][ T6708] usb 4-1: cp210x converter now attached to ttyUSB0
[  173.756311][ T6708] usb 4-1: USB disconnect, device number 17
[  173.764521][ T6708] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  173.776757][ T6708] cp210x 4-1:0.0: device disconnected
[  173.911161][   T55] Bluetooth: hci2: command tx timeout
[  174.142595][ T5846] usb 2-1: USB disconnect, device number 23
[  174.322929][ T6708] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  174.472354][ T6708] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  174.475378][ T6708] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  174.479608][ T6708] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  174.485954][ T6708] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.714037][ T6708] usb 5-1: usb_control_msg returned -32
[  174.716314][ T6708] usbtmc 5-1:16.0: can't read capabilities
[  174.726195][ T9079] loop3: detected capacity change from 0 to 2048
[  174.729332][ T9079] EXT4-fs: Ignoring removed bh option
[  174.759139][ T9079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.931911][   T65] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  174.941279][   T65] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 18 with max blocks 8 with error 28
[  174.950589][   T65] EXT4-fs (loop3): This should not happen!! Data will be lost
[  174.950589][   T65] 
[  174.954604][   T65] EXT4-fs (loop3): Total free blocks count 0
[  174.956927][   T65] EXT4-fs (loop3): Free/Dirty block details
[  174.959248][   T65] EXT4-fs (loop3): free_blocks=2415919104
[  174.961833][ T5861] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  174.962679][   T65] EXT4-fs (loop3): dirty_blocks=32
[  174.966821][   T65] EXT4-fs (loop3): Block reservation details
[  174.969472][   T65] EXT4-fs (loop3): i_reserved_data_blocks=2
[  174.975228][ T5990] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.022669][ T9085] openvswitch: netlink: Flow actions attr not present in new flow.
[  175.069679][ T9088] usbtmc 5-1:16.0: usbtmc488_ioctl_trigger returned -90
[  175.132631][ T5861] usb 2-1: config index 0 descriptor too short (expected 16383, got 27)
[  175.136003][ T5861] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.139984][ T5861] usb 2-1: config 0 has no interfaces?
[  175.142632][ T5861] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  175.146316][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.152077][ T5861] usb 2-1: config 0 descriptor??
[  175.359098][ T5861] usb 2-1: USB disconnect, device number 24
[  176.015224][ T9097] loop1: detected capacity change from 0 to 8
[  176.039712][ T9097] SQUASHFS error: xz decompression failed, data probably corrupt
[  176.054096][ T9097] SQUASHFS error: Failed to read block 0x108: -5
[  176.056634][ T9097] SQUASHFS error: Unable to read metadata cache entry [106]
[  176.059344][ T9097] SQUASHFS error: Unable to read inode 0x11f
[  176.241498][ T9109] loop3: detected capacity change from 0 to 8
[  176.251707][ T9109] SQUASHFS error: xz decompression failed, data probably corrupt
[  176.254855][ T9109] SQUASHFS error: Failed to read block 0x108: -5
[  176.257358][ T9109] SQUASHFS error: Unable to read metadata cache entry [106]
[  176.261164][ T9109] SQUASHFS error: Unable to read inode 0x11f
[  176.370329][ T6708] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  176.520367][ T6708] usb 2-1: Using ep0 maxpacket: 8
[  176.528870][ T6708] usb 2-1: unable to get BOS descriptor or descriptor too short
[  176.534889][ T6708] usb 2-1: config 3 has an invalid interface number: 52 but max is 0
[  176.538168][ T6708] usb 2-1: config 3 has no interface number 0
[  176.540927][ T6708] usb 2-1: config 3 interface 52 has no altsetting 0
[  176.552044][ T6708] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=b5.55
[  176.555796][ T6708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.558829][ T6708] usb 2-1: Product: syz
[  176.564564][ T6708] usb 2-1: Manufacturer: syz
[  176.566429][ T6708] usb 2-1: SerialNumber: syz
[  176.786498][ T6708] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[  176.791528][ T6708] gspca_m5602: Failed to find a sensor
[  176.793568][ T6708] ALi m5602 2-1:3.52: ALi m5602 webcam failed
[  176.797519][ T6708] usb 2-1: USB disconnect, device number 25
[  177.108648][ T6708] usb 5-1: USB disconnect, device number 2
[  177.339893][ T9137] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1217'.
[  177.758544][ T9153] loop1: detected capacity change from 0 to 1
[  177.770953][ T9153] syz.1.1220: attempt to access beyond end of device
[  177.770953][ T9153] loop1: rw=2048, sector=0, nr_sectors = 8 limit=1
[  177.776030][ T9153] SQUASHFS error: Failed to read block 0x0: -5
[  177.778920][ T9153] unable to read squashfs_super_block
[  178.462563][ T9170] loop4: detected capacity change from 0 to 512
[  178.469121][ T9170] EXT4-fs (loop4): bad s_want_extra_isize: 11962
[  178.579587][ T9178] loop4: detected capacity change from 0 to 164
[  179.040207][ T6708] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  179.197323][ T6708] usb 5-1: Using ep0 maxpacket: 16
[  179.207861][ T6708] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  179.212682][ T6708] usb 5-1: config 0 has no interface number 0
[  179.220472][ T6708] usb 5-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x2A, changing to 0xA
[  179.230146][ T6708] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  179.236911][ T6708] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  179.255234][ T6708] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  179.274102][ T6708] usb 5-1: Product: syz
[  179.275839][ T6708] usb 5-1: SerialNumber: syz
[  179.290985][ T6708] usb 5-1: config 0 descriptor??
[  179.299534][ T6708] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[  179.520501][ T6708] usb 5-1: USB disconnect, device number 3
[  179.620815][ T9205] loop1: detected capacity change from 0 to 32768
[  179.637090][ T9213] trusted_key: syz.3.1250 sent an empty control message without MSG_MORE.
[  179.641784][ T9205] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[  179.641784][ T9205] 
[  179.646286][ T9205] ERROR: (device loop1): remounting filesystem as read-only
[  180.180101][ T6708] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  180.332361][ T6708] usb 2-1: unable to get BOS descriptor or descriptor too short
[  180.336150][ T6708] usb 2-1: not running at top speed; connect to a high speed hub
[  180.340469][ T6708] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.344375][ T6708] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  180.351078][ T6708] usb 2-1: string descriptor 0 read error: -22
[  180.353596][ T6708] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  180.357137][ T6708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.366732][ T6708] usb 2-1: 0:2 : does not exist
[  180.520127][ T5860] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  180.690176][ T5860] usb 4-1: Using ep0 maxpacket: 16
[  180.696643][ T5860] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  180.700641][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.705230][ T5860] usb 4-1: Product: syz
[  180.707019][ T5860] usb 4-1: Manufacturer: syz
[  180.708940][ T5860] usb 4-1: SerialNumber: syz
[  180.720282][ T5860] r8152-cfgselector 4-1: Unknown version 0x0000
[  180.722804][ T5860] r8152-cfgselector 4-1: config 0 descriptor??
[  180.727602][ T5860] hub 4-1:0.0: bad descriptor, ignoring hub
[  180.730151][ T5860] hub 4-1:0.0: probe with driver hub failed with error -5
[  181.194432][ T6708] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  181.213147][ T6703] r8152-cfgselector 4-1: reset high-speed USB device number 18 using dummy_hcd
[  181.218509][ T6708] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  181.224853][ T6703] r8152-cfgselector 4-1: device reset changed ep0 maxpacket size!
[  181.234647][ T6708] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  181.234977][ T6703] r8152-cfgselector 4-1: USB disconnect, device number 18
[  181.257309][ T6708] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  181.267736][ T6708] usb 2-1: USB disconnect, device number 26
[  181.342431][ T9252] loop4: detected capacity change from 0 to 256
[  181.351459][ T9252] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  181.531763][ T6703] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  181.682365][ T6703] usb 4-1: config 0 has no interfaces?
[  181.688822][ T6703] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  181.692525][ T6703] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  181.695568][ T6703] usb 4-1: Product: syz
[  181.697259][ T6703] usb 4-1: Manufacturer: syz
[  181.702150][ T6703] usb 4-1: config 0 descriptor??
[  181.720091][ T5861] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  181.873761][ T5861] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  181.877203][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.880854][ T5861] usb 5-1: Product: syz
[  181.882547][ T5861] usb 5-1: Manufacturer: syz
[  181.884286][ T5861] usb 5-1: SerialNumber: syz
[  181.896970][ T5861] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  181.919017][ T6692] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  181.920378][ T6708] usb 4-1: USB disconnect, device number 19
[  182.534366][   T24] usb 5-1: USB disconnect, device number 4
[  182.800820][ T9274] loop1: detected capacity change from 0 to 4096
[  182.821309][ T9274] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.466104][ T6692] usb 5-1: Service connection timeout for: 256
[  183.469376][ T6692] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  183.478073][ T6692] ath9k_htc: Failed to initialize the device
[  183.493890][   T24] usb 5-1: ath9k_htc: USB layer deinitialized
[  183.635237][ T5811] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  183.685384][ T9287] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1279'.
[  183.784331][ T9288] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  183.832601][ T5807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.261955][ T9298] loop1: detected capacity change from 0 to 64
[  184.304887][ T9298] Trying to free block not in datazone
[  184.319356][ T9298] Trying to free block not in datazone
[  184.323217][ T9298] minix_free_inode: bit 5 already cleared
[  184.444964][ T9300] tmpfs: Bad value for 'mpol'
[  185.135109][ T9318] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1294'.
[  185.385579][ T9336] syz_tun: entered allmulticast mode
[  185.396827][ T9333] syz_tun: left allmulticast mode
[  185.961211][ T9328] loop3: detected capacity change from 0 to 32768
[  186.034636][ T9328] ERROR: (device loop3): dtSearch: DT_GETPAGE: dtree page corrupt
[  186.034636][ T9328] 
[  186.034952][ T9354] netlink: 'syz.1.1309': attribute type 1 has an invalid length.
[  186.052436][ T9328] ERROR: (device loop3): remounting filesystem as read-only
[  186.055293][ T9328] jfs_lookup: dtSearch returned -5
[  186.559805][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  187.088990][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.092920][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00
[  187.096185][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.101942][   T24] usb 4-1: config 0 descriptor??
[  187.106656][   T24] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input10
[  187.565481][ T9379] loop4: detected capacity change from 0 to 32768
[  187.747191][ T9379] 
[  187.747191][ T9379]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  187.747191][ T9379] 
[  187.759985][ T5246] bcm5974 4-1:0.0: could not read from device
[  187.765360][ T9378] read_mapping_page failed!
[  187.767329][ T9378] ERROR: (device loop4): txCommit: 
[  187.767329][ T9378] 
[  187.772811][ T9378] read_mapping_page failed!
[  187.774328][ T9378] ERROR: (device loop4): txCommit: 
[  187.774328][ T9378] 
[  187.784727][ T5246] bcm5974 4-1:0.0: could not read from device
[  187.788592][ T5246] bcm5974 4-1:0.0: could not read from device
[  187.797107][   T24] usb 4-1: USB disconnect, device number 20
[  187.800490][ T5815] bcm5974 4-1:0.0: could not read from device
[  187.809468][ T5246] bcm5974 4-1:0.0: could not read from device
[  187.831678][ T5815] udevd[5815]: Error opening device "/dev/input/event3": No such file or directory
[  187.836931][ T5815] udevd[5815]: Unable to EVIOCGABS device "/dev/input/event3"
[  187.840919][ T5815] udevd[5815]: Unable to EVIOCGABS device "/dev/input/event3"
[  187.843926][ T5815] udevd[5815]: Unable to EVIOCGABS device "/dev/input/event3"
[  187.846958][ T5815] udevd[5815]: Unable to EVIOCGABS device "/dev/input/event3"
[  187.951855][ T8868] 
[  187.951855][ T8868]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  187.951855][ T8868] 
[  187.959363][ T8868] 
[  187.959363][ T8868]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  187.959363][ T8868] 
[  188.149730][ T9387] loop4: detected capacity change from 0 to 4096
[  188.154396][ T9387] ntfs3(loop4): ino=0, mi_enum_attr
[  188.165736][ T9387] ntfs3(loop4): ino=0, mi_enum_attr
[  188.295193][ T9398] PKCS7: Unknown OID: [4] 5.25.373.87(bad)
[  188.300916][ T9398] PKCS7: Only support pkcs7_signedData type
[  188.347724][ T9404] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[  188.524388][ T9420] loop3: detected capacity change from 0 to 512
[  188.557687][ T9420] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.573116][ T9420] ext4 filesystem being mounted at /471/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.606017][ T5990] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.349552][ T6703] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  189.479719][ T6692] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  189.500087][ T6703] usb 2-1: Using ep0 maxpacket: 8
[  189.509835][ T6703] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  189.513671][ T6703] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  189.516944][ T6703] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  189.525588][ T6703] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  189.531769][ T6703] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  189.535191][ T6703] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.657110][ T6692] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  189.664042][ T6692] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  189.675049][ T9480] loop4: detected capacity change from 0 to 512
[  189.678165][ T6692] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  189.682243][ T6692] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.688671][ T9480] EXT4-fs: Ignoring removed nomblk_io_submit option
[  189.693934][ T9480] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  189.700171][ T9465] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  189.719833][ T9480] EXT4-fs (loop4): 1 truncate cleaned up
[  189.724657][ T6692] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  189.729025][ T9480] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.743996][ T6703] usb 2-1: GET_CAPABILITIES returned 0
[  189.746381][ T6703] usbtmc 2-1:16.0: can't read capabilities
[  189.767195][ T9480] EXT4-fs (loop4): shut down requested (1)
[  189.808149][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.913641][ T6692] usb 4-1: USB disconnect, device number 21
[  189.948824][   T24] usb 2-1: USB disconnect, device number 27
[  190.495376][ T9497] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  190.915826][ T9503] loop4: detected capacity change from 0 to 40427
[  190.946151][ T9503] F2FS-fs (loop4): invalid crc value
[  191.013403][ T9503] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  191.028084][ T9503] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  191.044660][ T9503] syz.4.1370: attempt to access beyond end of device
[  191.044660][ T9503] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.060951][ T9503] CPU: 0 UID: 0 PID: 9503 Comm: syz.4.1370 Not tainted syzkaller #0 PREEMPT(full) 
[  191.060983][ T9503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  191.060992][ T9503] Call Trace:
[  191.060998][ T9503]  <TASK>
[  191.061006][ T9503]  dump_stack_lvl+0x189/0x250
[  191.061030][ T9503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.061046][ T9503]  ? __pfx_queue_work_on+0x10/0x10
[  191.061058][ T9503]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  191.061078][ T9503]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  191.061106][ T9503]  f2fs_handle_critical_error+0x37c/0x540
[  191.061127][ T9503]  f2fs_write_end_io+0x886/0xb60
[  191.061159][ T9503]  __submit_merged_bio+0x27a/0x6a0
[  191.061180][ T9503]  __submit_merged_write_cond+0x255/0x530
[  191.061199][ T9503]  f2fs_write_data_pages+0x261d/0x3000
[  191.061216][ T9503]  ? unwind_next_frame+0xa5/0x2390
[  191.061228][ T9503]  ? unwind_next_frame+0x19ae/0x2390
[  191.061265][ T9503]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  191.061315][ T9503]  ? check_path+0x21/0x40
[  191.061329][ T9503]  ? check_noncircular+0xe0/0x160
[  191.061381][ T9503]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  191.061399][ T9503]  do_writepages+0x32e/0x550
[  191.061424][ T9503]  ? do_raw_spin_unlock+0x4d/0x240
[  191.061444][ T9503]  filemap_fdatawrite+0x199/0x240
[  191.061461][ T9503]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  191.061513][ T9503]  ? do_raw_spin_unlock+0x4d/0x240
[  191.061534][ T9503]  f2fs_sync_dirty_inodes+0x31f/0x830
[  191.061561][ T9503]  f2fs_write_checkpoint+0x93e/0x2440
[  191.061578][ T9503]  ? check_noncircular+0xe0/0x160
[  191.061641][ T9503]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  191.061689][ T9503]  ? down_write+0x162/0x1f0
[  191.061704][ T9503]  ? __pfx_down_write+0x10/0x10
[  191.061727][ T9503]  f2fs_issue_checkpoint+0x3b8/0x610
[  191.061749][ T9503]  ? __pfx_f2fs_issue_checkpoint+0x10/0x10
[  191.061779][ T9503]  ? __lock_acquire+0xab9/0xd20
[  191.061817][ T9503]  ? f2fs_sync_fs+0x200/0x3d0
[  191.061844][ T9503]  f2fs_do_sync_file+0x869/0x1860
[  191.061870][ T9503]  ? __pfx_f2fs_do_sync_file+0x10/0x10
[  191.061917][ T9503]  ? __pfx_down_write+0x10/0x10
[  191.061931][ T9503]  ? sb_start_write+0x114/0x1c0
[  191.061950][ T9503]  ? mnt_want_write_file+0x164/0x200
[  191.061965][ T9503]  __f2fs_ioctl+0x485a/0xb5b0
[  191.062004][ T9503]  ? file_ioctl+0x22d/0x780
[  191.062019][ T9503]  ? __pfx_file_ioctl+0x10/0x10
[  191.062043][ T9503]  ? kasan_quarantine_put+0xdd/0x220
[  191.062062][ T9503]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.062077][ T9503]  ? __pfx___f2fs_ioctl+0x10/0x10
[  191.062101][ T9503]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  191.062118][ T9503]  ? do_vfs_ioctl+0xb33/0x1430
[  191.062129][ T9503]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  191.062144][ T9503]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  191.062182][ T9503]  ? __fget_files+0x2a/0x420
[  191.062200][ T9503]  ? __fget_files+0x3a0/0x420
[  191.062209][ T9503]  ? __fget_files+0x2a/0x420
[  191.062219][ T9503]  ? f2fs_ioctl+0x135/0x250
[  191.062231][ T9503]  ? __pfx_f2fs_ioctl+0x10/0x10
[  191.062242][ T9503]  __se_sys_ioctl+0xfc/0x170
[  191.062250][ T9503]  do_syscall_64+0xfa/0xfa0
[  191.062258][ T9503]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.062265][ T9503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.062272][ T9503]  ? exc_page_fault+0xab/0x100
[  191.062280][ T9503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.062287][ T9503] RIP: 0033:0x7f50aa78efc9
[  191.062295][ T9503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.062302][ T9503] RSP: 002b:00007f50ab693038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  191.062311][ T9503] RAX: ffffffffffffffda RBX: 00007f50aa9e5fa0 RCX: 00007f50aa78efc9
[  191.062317][ T9503] RDX: 0000000000000000 RSI: 000000000000f502 RDI: 0000000000000004
[  191.062321][ T9503] RBP: 00007f50aa811f91 R08: 0000000000000000 R09: 0000000000000000
[  191.062326][ T9503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  191.062330][ T9503] R13: 00007f50aa9e6038 R14: 00007f50aa9e5fa0 R15: 00007ffee34455c8
[  191.062343][ T9503]  </TASK>
[  191.062347][ T9503] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  191.137577][ T9517] loop3: detected capacity change from 0 to 32768
[  191.207302][ T9517] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1377 (9517)
[  191.217786][ T9517] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  191.235354][ T9517] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  191.300503][ T9517] BTRFS info (device loop3): enabling ssd optimizations
[  191.303368][ T9517] BTRFS info (device loop3): turning on async discard
[  191.306044][ T9517] BTRFS info (device loop3): enabling free space tree
[  191.333389][   T24] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  191.369691][ T5990] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  191.479494][   T24] usb 2-1: Using ep0 maxpacket: 16
[  191.489693][   T24] usb 2-1: config 0 has an invalid interface number: 191 but max is 0
[  191.493653][   T24] usb 2-1: config 0 has no interface number 0
[  191.495992][   T24] usb 2-1: config 0 interface 191 has no altsetting 0
[  191.504507][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c281, bcdDevice=c2.08
[  191.507951][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.525411][   T24] usb 2-1: Product: syz
[  191.527008][   T24] usb 2-1: Manufacturer: syz
[  191.536869][   T24] usb 2-1: SerialNumber: syz
[  191.550205][   T24] usb 2-1: config 0 descriptor??
[  191.768424][ T6692] usb 2-1: USB disconnect, device number 28
[  191.938841][ T9567] sd 0:0:0:0: PR command failed: 1026
[  191.940757][ T9567] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  191.942943][ T9567] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  192.417935][ T9573] loop1: detected capacity change from 0 to 32768
[  192.421973][ T9573] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1393 (9573)
[  192.427847][ T9573] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  192.432260][ T9573] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  192.454876][ T9573] BTRFS info (device loop1): enabling ssd optimizations
[  192.457744][ T9573] BTRFS info (device loop1): turning on async discard
[  192.460722][ T9573] BTRFS info (device loop1): enabling free space tree
[  192.486617][ T5807] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  192.819461][ T6692] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  192.969378][ T6692] usb 2-1: Using ep0 maxpacket: 32
[  192.973333][ T6692] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  192.979744][ T6692] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  192.983170][ T6692] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.986342][ T6692] usb 2-1: Product: syz
[  192.988171][ T6692] usb 2-1: Manufacturer: syz
[  192.990866][ T6692] usb 2-1: SerialNumber: syz
[  192.994704][ T6692] usb 2-1: config 0 descriptor??
[  193.000144][ T6692] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  193.015873][ T6692] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  193.037954][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  193.089382][ T6703] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  193.211237][ T5861] usb 2-1: USB disconnect, device number 29
[  193.241441][ T6703] usb 4-1: config 0 has an invalid interface number: 49 but max is 0
[  193.244699][ T6703] usb 4-1: config 0 has no interface number 0
[  193.247160][ T6703] usb 4-1: config 0 interface 49 has no altsetting 0
[  193.250485][ T6703] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=c7.1b
[  193.253994][ T6703] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.261557][ T6703] usb 4-1: config 0 descriptor??
[  193.470213][ T6703] usb 4-1: string descriptor 0 read error: -71
[  193.477416][ T6703] usb 4-1: USB disconnect, device number 22
[  193.752236][ T9595] loop1: detected capacity change from 0 to 512
[  193.758286][ T9595] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  193.781975][ T9595] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fffff00)
[  193.821861][ T9597] loop1: detected capacity change from 0 to 256
[  193.826924][ T9597] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  194.302913][ T9623] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  194.384143][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.386406][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  194.422440][ T6703] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  194.520328][ T9629] loop4: detected capacity change from 0 to 32768
[  194.523254][ T9629] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1413 (9629)
[  194.533696][ T9629] BTRFS info (device loop4): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  194.541539][ T9629] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  194.559971][   T24] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  194.566049][ T9629] BTRFS info (device loop4): turning off barriers
[  194.568950][ T9629] BTRFS info (device loop4): enabling free space tree
[  194.596291][ T8868] BTRFS info (device loop4): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  194.600454][ T6703] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 193, using maximum allowed: 30
[  194.604502][ T6703] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 193
[  194.608275][ T6703] usb 4-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  194.619305][ T6703] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.629024][ T6703] usb 4-1: config 0 descriptor??
[  194.721444][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  194.729067][   T24] usb 2-1: not running at top speed; connect to a high speed hub
[  194.734921][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  194.737939][   T24] usb 2-1: config 1 has no interface number 1
[  194.741605][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  194.747474][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  194.751412][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.753847][   T24] usb 2-1: Product: syz
[  194.755139][   T24] usb 2-1: Manufacturer: syz
[  194.756594][   T24] usb 2-1: SerialNumber: syz
[  194.905383][ T9655] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1418'.
[  194.908354][ T9655] ksmbd: Unknown IPC event: 1, ignore.
[  194.973690][   T24] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  194.976427][   T24] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  194.994600][   T24] usb 2-1: USB disconnect, device number 30
[  195.022048][ T9659] Bluetooth: hci0: invalid length 0, exp 2 for type 14
[  195.024410][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  195.055415][ T6703] magicmouse 0003:05AC:0269.000A: hidraw0: USB HID v11.da Device [HID 05ac:0269] on usb-dummy_hcd.3-1/input0
[  195.264283][ T6703] usb 4-1: USB disconnect, device number 23
[  195.819209][ T6703] usb 2-1: new low-speed USB device number 31 using dummy_hcd
[  195.847799][ T9685] loop3: detected capacity change from 0 to 256
[  195.860351][ T9685] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xecfd5def, utbl_chksum : 0xe619d30d)
[  195.973376][ T6703] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  195.975888][ T6703] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  195.978811][ T6703] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  195.984392][ T6703] usb 2-1: string descriptor 0 read error: -22
[  195.986397][ T6703] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.989477][ T6703] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.997041][ T6703] usb 2-1: 0:2 : does not exist
[  196.197923][ T6701] usb 2-1: USB disconnect, device number 31
[  196.309198][ T6703] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  196.409171][ T6692] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  196.479674][ T6703] usb 4-1: Using ep0 maxpacket: 16
[  196.483681][ T6703] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.487713][ T6703] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.491791][ T6703] usb 4-1: config 0 interface 0 has no altsetting 0
[  196.494433][ T6703] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  196.497817][ T6703] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.503048][ T6703] usb 4-1: config 0 descriptor??
[  196.562273][ T6692] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  196.566462][ T6692] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  196.570326][ T6692] usb 5-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00
[  196.574875][ T6692] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.581561][ T6692] usb 5-1: config 0 descriptor??
[  196.588196][ T6692] gspca_main: spca501-2.14.0 probing 0000:0000
[  196.926739][ T6703] cougar 0003:060B:500A.000B: unexpected long global item
[  196.930974][ T6703] cougar 0003:060B:500A.000B: parse failed
[  196.933346][ T6703] cougar 0003:060B:500A.000B: probe with driver cougar failed with error -22
[  196.990183][ T6692] gspca_spca501: reg write: error -71
[  196.992356][ T6692] spca501 5-1:0.0: Reg write failed for 0x02,0xa048,0x00
[  196.994723][ T6692] spca501 5-1:0.0: probe with driver spca501 failed with error -22
[  196.998020][ T6692] usb 5-1: USB disconnect, device number 5
[  197.121660][ T6703] usb 4-1: USB disconnect, device number 24
[  197.139167][   T24] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  197.292303][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  197.296441][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  197.301472][ T8568] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  197.308491][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  197.312312][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.315427][   T24] usb 2-1: Product: syz
[  197.317217][   T24] usb 2-1: Manufacturer: syz
[  197.319237][   T24] usb 2-1: SerialNumber: syz
[  197.546086][   T24] usb 2-1: 0:2 : does not exist
[  197.549451][   T24] usb 2-1: unit 255 not found!
[  197.702475][   T24] usb 2-1: USB disconnect, device number 32
[  197.750298][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  198.315150][ T9722] loop1: detected capacity change from 0 to 1024
[  198.354846][ T9722] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.365174][ T9722] EXT4-fs (loop1): shut down requested (2)
[  198.405290][ T5807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.441347][ T9732] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1453'.
[  198.466183][ T9734] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1454'.
[  198.656413][ T9746] loop4: detected capacity change from 0 to 512
[  198.672901][ T9746] EXT4-fs: Ignoring removed oldalloc option
[  198.691086][ T9746] EXT4-fs (loop4): Test dummy encryption mode enabled
[  198.693759][ T9746] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  198.698422][ T9746] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1459: bad orphan inode 131083
[  198.705611][ T9746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.885780][ T9746] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  198.926434][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.949322][ T5811] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  199.121357][ T9768] loop4: detected capacity change from 0 to 128
[  199.132459][ T9768] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  199.137680][ T9768] ext4 filesystem being mounted at /105/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  199.173743][ T8868] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  199.353556][ T9771] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1466'.
[  199.621474][   T24] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  199.844475][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  199.845043][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  199.851234][   T24] usb 5-1: config 1 has an invalid interface number: 182 but max is 0
[  199.851254][   T24] usb 5-1: config 1 has an invalid descriptor of length 11, skipping remainder of the config
[  199.851267][   T24] usb 5-1: config 1 has no interface number 0
[  199.851294][   T24] usb 5-1: config 1 interface 182 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  199.851310][   T24] usb 5-1: config 1 interface 182 has no altsetting 0
[  199.872161][   T24] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c00, bcdDevice= 8.ce
[  199.877829][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.877847][   T24] usb 5-1: Product: syz
[  199.877856][   T24] usb 5-1: Manufacturer: syz
[  199.877865][   T24] usb 5-1: SerialNumber: syz
[  199.959176][ T6692] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  200.100950][   T24] rndis_host 5-1:1.182: skipping garbage
[  200.103247][   T24] usb 5-1: bad CDC descriptors
[  200.118595][   T24] cp210x 5-1:1.182: cp210x converter detected
[  200.125656][   T24] cp210x 5-1:1.182: failed to get vendor val 0x370b size 1: -71
[  200.131182][   T24] cp210x 5-1:1.182: querying part number failed
[  200.131220][ T6692] usb 4-1: Using ep0 maxpacket: 32
[  200.147992][   T24] usb 5-1: cp210x converter now attached to ttyUSB0
[  200.157430][ T6692] usb 4-1: unable to get BOS descriptor or descriptor too short
[  200.160967][   T24] usb 5-1: USB disconnect, device number 6
[  200.164461][ T6692] usb 4-1: config 10 has an invalid interface number: 11 but max is 0
[  200.169274][ T6692] usb 4-1: config 10 has no interface number 0
[  200.176026][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  200.177821][ T6692] usb 4-1: config 10 interface 11 altsetting 224 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  200.183682][   T24] cp210x 5-1:1.182: device disconnected
[  200.188541][ T6692] usb 4-1: config 10 interface 11 altsetting 224 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  200.199595][ T6692] usb 4-1: config 10 interface 11 altsetting 224 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[  200.211002][ T6692] usb 4-1: config 10 interface 11 has no altsetting 0
[  200.225091][ T6692] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=45.2d
[  200.228545][ T6692] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.247870][ T6692] usb 4-1: Product: syz
[  200.250593][ T6692] usb 4-1: Manufacturer: syz
[  200.253008][ T6692] usb 4-1: SerialNumber: syz
[  200.479006][ T5846] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  200.482824][ T6692] usb 4-1: USB disconnect, device number 25
[  200.630748][ T5846] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  200.633770][ T5846] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  200.637138][ T5846] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  200.641523][ T5846] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.646107][ T5846] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.651790][ T5846] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  200.655432][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  200.668921][ T5846] usb 2-1: Product: syz
[  200.670644][ T5846] usb 2-1: Manufacturer: syz
[  200.684004][ T5846] cdc_wdm 2-1:1.0: skipping garbage
[  200.686099][ T5846] cdc_wdm 2-1:1.0: skipping garbage
[  200.699979][ T5846] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  200.702153][ T5846] cdc_wdm 2-1:1.0: Unknown control protocol
[  200.896885][ T9790] cdc_wdm 2-1:1.0: Error submitting int urb - -90
[  200.902466][ T6692] usb 2-1: USB disconnect, device number 33
[  201.279955][ T9811] loop3: detected capacity change from 0 to 32768
[  201.290575][ T9817] loop4: detected capacity change from 0 to 1024
[  201.299206][ T9811] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1485 (9811)
[  201.308260][ T9817] hfsplus: found bad thread record in catalog
[  201.311968][ T9817] hfsplus: catalog searching failed
[  201.340684][ T9811] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  201.348314][ T9811] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  201.397249][ T9811] BTRFS info (device loop3): enabling ssd optimizations
[  201.401317][ T9811] BTRFS info (device loop3): turning on async discard
[  201.417621][ T9811] BTRFS info (device loop3): enabling free space tree
[  201.469812][ T8568] hfsplus: found bad thread record in catalog
[  201.484998][ T8568] hfsplus: found bad thread record in catalog
[  201.541192][ T5990] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  201.651435][ T9842] loop4: detected capacity change from 0 to 2048
[  201.671256][ T9842] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.680374][ T9842] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  201.725540][   T32] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u9:1: bg 0: block 345: padding at end of block bitmap is not set
[  201.756086][   T32] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 64 with error 117
[  201.765938][   T32] EXT4-fs (loop4): This should not happen!! Data will be lost
[  201.765938][   T32] 
[  201.778080][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.866077][ T9860] loop1: detected capacity change from 0 to 256
[  202.158918][ T9866] loop4: detected capacity change from 0 to 512
[  202.178385][ T9866] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  202.193718][ T9866] EXT4-fs (loop4): invalid journal inode
[  202.197735][ T9866] EXT4-fs (loop4): can't get journal size
[  202.227954][ T9866] EXT4-fs (loop4): 1 truncate cleaned up
[  202.236306][ T9866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.282616][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.330570][ T9871] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1502'.
[  202.336967][ T9871] syz_tun: entered promiscuous mode
[  202.340601][ T9871] macvtap1: entered promiscuous mode
[  202.342574][ T9871] macvtap1: entered allmulticast mode
[  202.344239][ T9871] syz_tun: entered allmulticast mode
[  202.351150][ T9871] syz_tun: left allmulticast mode
[  202.352861][ T9871] syz_tun: left promiscuous mode
[  202.490077][ T6692] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  202.643743][ T6692] usb 2-1: Using ep0 maxpacket: 16
[  202.681093][ T6692] usb 2-1: config 0 has an invalid interface number: 217 but max is 0
[  202.684987][ T6692] usb 2-1: config 0 has no interface number 0
[  202.705371][ T6692] usb 2-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=32.5e
[  202.708955][ T6692] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.712065][ T6692] usb 2-1: Product: syz
[  202.713902][ T6692] usb 2-1: Manufacturer: syz
[  202.715786][ T6692] usb 2-1: SerialNumber: syz
[  202.723609][ T6692] usb 2-1: config 0 descriptor??
[  202.728315][ T6692] ttusb_dec_send_command: command bulk message failed: error -22
[  202.745962][ T6692] ttusb-dec 2-1:0.217: probe with driver ttusb-dec failed with error -22
[  202.945816][ T6692] usb 2-1: USB disconnect, device number 34
[  203.141799][ T9882] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input12
[  203.358183][ T9885] loop3: detected capacity change from 0 to 128
[  203.362994][ T9885] affs: Invalid blocksize (512, 1024, 2048, 4096 allowed)
[  203.625202][ T9891] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1510'.
[  203.970636][ T9907] loop4: detected capacity change from 0 to 512
[  204.002348][ T9907] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1517: bad orphan inode 11862016
[  204.031696][ T9907] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  204.036583][ T9907] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.157212][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  204.196719][ T9922] netlink: 212916 bytes leftover after parsing attributes in process `syz.3.1524'.
[  205.420113][ T6692] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[  205.548032][ T9947] loop3: detected capacity change from 0 to 512
[  205.561787][ T9947] EXT4-fs (loop3): Test dummy encryption mode enabled
[  205.567032][ T9947] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  205.575233][ T9947] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  205.580218][ T9947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.599540][ T9947] EXT4-fs: user quota file already specified
[  205.662783][ T6692] usb 5-1: unable to get BOS descriptor or descriptor too short
[  205.667056][ T6692] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  205.671059][ T6692] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 159, changing to 4
[  205.675312][ T6692] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1024, setting to 0
[  205.679873][ T6692] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 32, setting to 0
[  205.684131][ T6692] usb 5-1: config 1 interface 1 has no altsetting 0
[  205.690741][ T6692] usb 5-1: string descriptor 0 read error: -22
[  205.693233][ T6692] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  205.696975][ T6692] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.710923][ T6692] usb 5-1: low speed audio streaming not supported
[  205.779387][ T9943] loop1: detected capacity change from 0 to 131072
[  205.783224][ T9943] F2FS-fs (loop1): Test dummy encryption mode enabled
[  205.793556][ T5990] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.798013][ T9943] F2FS-fs (loop1): invalid crc value
[  205.863090][ T9943] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  205.871386][ T9943] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  205.940347][ T6692] usb 5-1: USB disconnect, device number 7
[  206.985144][ T9969] loop4: detected capacity change from 0 to 8
[  206.991925][ T9969] SQUASHFS error: lzo decompression failed, data probably corrupt
[  206.995116][ T9969] SQUASHFS error: Failed to read block 0x91: -5
[  206.997670][ T9969] SQUASHFS error: Unable to read metadata cache entry [8f]
[  207.002364][ T9969] SQUASHFS error: Unable to read inode 0x11f
[  207.568710][ T9994] loop3: detected capacity change from 0 to 4096
[  207.620780][ T9992] loop4: detected capacity change from 0 to 8192
[  207.622426][ T9997] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  207.625506][ T9992] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  207.642236][ T9992] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001)
[  207.645529][ T9992] FAT-fs (loop4): Filesystem has been set read-only
[  207.663063][ T9994] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  207.664730][ T9996] loop1: detected capacity change from 0 to 4096
[  207.700564][ T9994] Remounting filesystem read-only
[  207.731105][ T9996] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  207.754218][ T9996] ntfs3(loop1): Failed to load $Extend (-22).
[  207.756717][ T9996] ntfs3(loop1): Failed to initialize $Extend.
[  207.892460][T10006] lo: entered allmulticast mode
[  207.902549][T10004] lo: left allmulticast mode
[  207.948142][T10009] loop3: detected capacity change from 0 to 256
[  207.965289][T10009] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  208.128603][ T6692] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  208.320707][T10026] delete_channel: no stack
[  208.622215][ T6692] usb 5-1: unable to get BOS descriptor or descriptor too short
[  208.626070][ T6692] usb 5-1: config 1 interface 0 has no altsetting 0
[  208.630998][ T6692] usb 5-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.40
[  208.634114][ T6692] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.636540][ T6692] usb 5-1: Product: syz
[  208.637788][ T6692] usb 5-1: Manufacturer: syz
[  208.640727][ T6692] usb 5-1: SerialNumber: syz
[  208.672928][T10031] tipc: Invalid UDP bearer configuration
[  208.672972][T10031] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  208.794616][T10035] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  208.869149][ T6692] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input13
[  208.874111][ T5246] bcm5974 5-1:1.0: could not read from device
[  208.879236][ T5246] bcm5974 5-1:1.0: could not read from device
[  208.886603][ T5246] bcm5974 5-1:1.0: could not read from device
[  208.891876][ T6692] usb 5-1: USB disconnect, device number 8
[  208.896570][ T5246] bcm5974 5-1:1.0: could not read from device
[  208.908733][T10039] syzkaller0: entered promiscuous mode
[  208.910835][T10039] syzkaller0: entered allmulticast mode
[  209.112324][T10045] bridge0: entered allmulticast mode
[  209.114785][T10045] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1576'.
[  209.118615][T10045] bridge_slave_1: left allmulticast mode
[  209.122181][T10045] bridge_slave_1: left promiscuous mode
[  209.124577][T10045] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.133848][T10045] bridge_slave_0: left allmulticast mode
[  209.135954][T10045] bridge_slave_0: left promiscuous mode
[  209.138232][T10045] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.244940][T10045] bridge0 (unregistering): left allmulticast mode
[  209.348093][T10055] netlink: 'syz.3.1581': attribute type 10 has an invalid length.
[  209.352217][T10055] team0: Device dummy0 is up. Set it down before adding it as a team port
[  209.472685][T10065] loop1: detected capacity change from 0 to 2048
[  209.479328][T10065] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  209.482876][T10065] NILFS (loop1): mounting unchecked fs
[  209.498146][T10065] NILFS (loop1): recovery complete
[  209.505610][T10068] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  209.574999][T10058] loop3: detected capacity change from 0 to 32768
[  209.583407][T10058] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1583 (10058)
[  209.601541][T10058] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  209.605592][T10058] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  209.610843][T10076] netlink: 'syz.1.1590': attribute type 9 has an invalid length.
[  209.613366][T10076] netlink: 'syz.1.1590': attribute type 7 has an invalid length.
[  209.615804][T10076] netlink: 'syz.1.1590': attribute type 8 has an invalid length.
[  209.654909][T10093] loop1: detected capacity change from 0 to 2048
[  209.667586][T10093] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  209.670542][T10058] BTRFS info (device loop3): enabling ssd optimizations
[  209.673547][T10058] BTRFS info (device loop3): turning on async discard
[  209.676627][T10058] BTRFS info (device loop3): enabling free space tree
[  209.744066][ T5990] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  209.765763][T10099] mmap: syz.4.1595 (10099) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  210.200972][ T6692] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  210.348544][ T6692] usb 4-1: Using ep0 maxpacket: 32
[  210.352892][ T6692] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  210.362447][ T6692] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.384928][ T6692] usb 4-1: config 0 descriptor??
[  210.591912][ T6692] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  210.596592][ T6692] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  210.602325][ T6692] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  210.605084][ T6692] usb 4-1: media controller created
[  210.616402][ T6692] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  210.738423][ T6703] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  210.798411][ T6692] az6027: usb out operation failed. (-71)
[  210.800507][ T6692] az6027: usb out operation failed. (-71)
[  210.802358][ T6692] stb0899_attach: Driver disabled by Kconfig
[  210.804485][ T6692] az6027: no front-end attached
[  210.804485][ T6692] 
[  210.807851][ T6692] az6027: usb out operation failed. (-71)
[  210.811538][ T6692] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  210.819950][ T6692] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14
[  210.824179][ T6692] dvb-usb: schedule remote query interval to 400 msecs.
[  210.826646][ T6692] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  210.834822][ T6692] usb 4-1: USB disconnect, device number 26
[  210.858842][ T6692] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  210.865843][T10132] loop1: detected capacity change from 0 to 4096
[  210.870347][T10132] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  210.881072][T10132] ntfs3(loop1): ino=19, mi_enum_attr
[  210.882744][T10132] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  210.888102][T10132] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  210.902299][ T6703] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  210.905407][ T6703] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.907757][ T6703] usb 5-1: Product: syz
[  210.910405][ T6703] usb 5-1: Manufacturer: syz
[  210.912127][ T6703] usb 5-1: SerialNumber: syz
[  210.915545][ T6703] usb 5-1: config 0 descriptor??
[  210.980031][T10134] loop1: detected capacity change from 0 to 4096
[  210.983870][T10134] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  211.001983][T10134] ntfs3(loop1): ino=19, mi_enum_attr
[  211.004251][T10134] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  211.016718][T10134] ntfs3(loop1): failed to convert "c46c" to euc-jp
[  211.023336][T10134] ntfs3(loop1): ino=20, mi_enum_attr
[  211.123789][ T6703] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  211.248815][T10148] loop1: detected capacity change from 0 to 128
[  211.252460][T10148] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  211.256419][T10148] hpfs: filesystem error: improperly stopped
[  211.260761][T10148] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  211.263733][T10148] hpfs: You really don't want any checks? You are crazy...
[  211.266397][T10148] hpfs: hpfs_map_sector(): read error
[  211.268058][T10148] hpfs: code page support is disabled
[  211.271037][T10148] hpfs: hpfs_map_4sectors(): unaligned read
[  211.273454][T10148] hpfs: hpfs_map_4sectors(): unaligned read
[  211.275686][T10148] hpfs: filesystem error: unable to find root dir
[  211.351505][T10150] loop1: detected capacity change from 0 to 4096
[  211.355530][T10150] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  211.373179][T10150] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  211.376345][T10150] ntfs3(loop1): ino=1a, mi_enum_attr
[  211.379618][T10150] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  211.463525][T10152] loop3: detected capacity change from 0 to 32768
[  211.466655][T10152] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1620 (10152)
[  211.472579][T10152] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  211.477267][T10152] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  211.515632][T10152] BTRFS info (device loop3): enabling ssd optimizations
[  211.518135][T10152] BTRFS info (device loop3): turning on async discard
[  211.522246][T10152] BTRFS info (device loop3): enabling free space tree
[  211.551277][ T5990] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  211.732137][ T6703] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  211.737322][ T6703] usb 5-1: USB disconnect, device number 9
[  211.835466][T10175] loop1: detected capacity change from 0 to 40427
[  211.839172][T10175] F2FS-fs (loop1): Image doesn't support compression
[  211.841641][T10175] F2FS-fs (loop1): build fault injection type: 0x4
[  211.846004][T10175] F2FS-fs (loop1): invalid crc value
[  211.848050][T10175] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root and reserve_node
[  211.900819][T10175] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  211.905254][T10175] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  211.948425][   T33] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  212.110126][   T33] usb 4-1: config 3 has an invalid interface number: 71 but max is 0
[  212.113101][   T33] usb 4-1: config 3 has no interface number 0
[  212.114949][   T33] usb 4-1: config 3 interface 71 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  212.118964][   T33] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0004, bcdDevice=a7.ac
[  212.122320][   T33] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.129276][   T33] ati_remote 4-1:3.71: ati_remote_probe: Unexpected endpoint_in
[  212.331868][ T6703] usb 4-1: USB disconnect, device number 27
[  212.438339][ T6692] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  212.590178][ T6692] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.594046][ T6692] usb 2-1: New USB device found, idVendor=056a, idProduct=00e3, bcdDevice= 0.00
[  212.597509][ T6692] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.603907][ T6692] usb 2-1: config 0 descriptor??
[  212.738261][ T5861] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  212.910941][ T5861] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  212.913695][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.917762][ T5861] usb 5-1: config 0 descriptor??
[  212.921713][ T5861] cp210x 5-1:0.0: cp210x converter detected
[  212.999401][T10205] loop3: detected capacity change from 0 to 4096
[  213.011856][T10205] ntfs3(loop3): ino=b, mi_enum_attr
[  213.013902][T10205] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  213.017110][T10205] ntfs3(loop3): Failed to load $Extend (-22).
[  213.019604][T10205] ntfs3(loop3): Failed to initialize $Extend.
[  213.022822][ T6692] wacom 0003:056A:00E3.000C: hidraw0: USB HID v0.02 Device [HID 056a:00e3] on usb-dummy_hcd.1-1/input0
[  213.222973][ T6692] usb 2-1: USB disconnect, device number 35
[  213.329476][ T5861] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  213.341874][ T5861] usb 5-1: cp210x converter now attached to ttyUSB0
[  213.349495][T10219] loop3: detected capacity change from 0 to 256
[  213.353951][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.360750][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.363701][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.367221][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.371314][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.374055][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.376712][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.381413][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.384397][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.387030][T10219] FAT-fs (loop3): Directory bread(block 1285) failed
[  213.541681][   T33] usb 5-1: USB disconnect, device number 10
[  213.546079][   T33] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  213.558670][   T33] cp210x 5-1:0.0: device disconnected
[  213.918277][   T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  214.064735][T10236] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1648'.
[  214.068413][   T24] usb 4-1: Using ep0 maxpacket: 32
[  214.080659][   T24] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.085426][   T24] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.093858][   T24] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  214.114711][   T24] usb 4-1: config 0 interface 0 has no altsetting 0
[  214.117376][   T24] usb 4-1: New USB device found, idVendor=04b3, idProduct=3109, bcdDevice= 0.00
[  214.125157][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.142862][   T24] usb 4-1: config 0 descriptor??
[  214.313647][T10246] loop1: detected capacity change from 0 to 8192
[  214.438536][   T33] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  214.553916][   T24] lenovo 0003:04B3:3109.000D: reserved main item tag 0xd
[  214.560534][   T24] lenovo 0003:04B3:3109.000D: hidraw0: USB HID v5f.b2 Device [HID 04b3:3109] on usb-dummy_hcd.3-1/input0
[  214.591953][   T33] usb 5-1: config 0 has an invalid interface number: 46 but max is 0
[  214.595673][   T33] usb 5-1: config 0 has no interface number 0
[  214.600264][   T33] usb 5-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  214.609166][   T33] usb 5-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  214.612707][   T33] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.618222][   T33] usb 5-1: Product: syz
[  214.619826][   T33] usb 5-1: Manufacturer: syz
[  214.621706][   T33] usb 5-1: SerialNumber: syz
[  214.630224][   T33] usb 5-1: config 0 descriptor??
[  214.632900][T10242] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  214.639438][   T33] ums-karma 5-1:0.46: USB Mass Storage device detected
[  214.659832][   T33] ums-karma 5-1:0.46: probe with driver ums-karma failed with error -5
[  214.759606][ T5861] usb 4-1: USB disconnect, device number 28
[  214.767695][T10268] pim6reg: entered allmulticast mode
[  214.772380][T10268] pim6reg: left allmulticast mode
[  214.844413][   T33] usb 5-1: USB disconnect, device number 11
[  215.043973][T10270] loop1: detected capacity change from 0 to 32768
[  215.051916][T10270] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  215.067259][T10270] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  215.077936][T10270] XFS (loop1): Starting recovery (logdev: internal)
[  215.090935][T10270] XFS (loop1): Ending recovery (logdev: internal)
[  215.130215][ T5807] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  215.318903][T10282] syzkaller1: tun_chr_ioctl cmd 1074025677
[  215.321361][T10282] syzkaller1: linktype set to 780
[  215.858286][   T33] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  216.009416][   T33] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.013117][   T33] usb 4-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[  216.017221][   T33] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.023583][   T33] usb 4-1: config 0 descriptor??
[  216.060796][T10337] loop4: detected capacity change from 0 to 32768
[  216.072121][T10337] JBD2: Ignoring recovery information on journal
[  216.107217][T10337] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  216.182065][ T8868] ocfs2: Unmounting device (7,4) on (node local)
[  216.305326][T10347] loop4: detected capacity change from 0 to 512
[  216.314802][T10347] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  216.330432][T10347] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1697: bg 0: block 104: invalid block bitmap
[  216.338776][T10347] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  216.342344][T10347] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1697: invalid indirect mapped block 1 (level 1)
[  216.347223][T10347] EXT4-fs (loop4): 1 truncate cleaned up
[  216.348146][ T5846] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  216.351563][T10347] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.380898][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.440656][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.443746][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.447786][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.452463][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.456025][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.459399][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.462519][   T33] logitech-djreceiver 0003:046D:C52F.000E: unknown main item tag 0x0
[  216.501265][ T5846] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.505439][ T5846] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  216.509570][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.514851][ T5846] usb 2-1: config 0 descriptor??
[  216.654887][T10309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1680'.
[  216.662964][T10309] binder: 10308:10309 ioctl c0306201 0 returned -14
[  216.674702][T10360] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  216.679860][T10360] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.682888][T10360] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.927010][ T5846] kovaplus 0003:1E7D:2D50.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0
[  216.958105][ T6692] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  217.110417][ T6692] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  217.113586][ T6692] usb 5-1: config 0 has no interface number 0
[  217.115968][ T6692] usb 5-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  217.119885][ T6692] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.128362][ T6703] usb 2-1: USB disconnect, device number 36
[  217.131368][ T6692] usb 5-1: config 0 descriptor??
[  217.137017][ T6692] usb 5-1: bad CDC descriptors
[  217.344858][ T6703] usb 5-1: USB disconnect, device number 12
[  217.873115][T10381] netlink: 'syz.4.1707': attribute type 23 has an invalid length.
[  217.991977][T10386] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  217.994280][T10386] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  217.996635][T10386] comedi comedi3: 8255: I/O port conflict (0xd,4)
[  218.001376][T10386] comedi comedi3: 8255: I/O port conflict (0x40cc7,4)
[  218.004225][T10386] comedi comedi3: 8255: I/O port conflict (0x8,4)
[  218.006484][T10386] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  218.009098][T10386] comedi comedi3: 8255: I/O port conflict (0xa,4)
[  218.011581][T10386] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  218.013813][T10386] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  218.016042][T10386] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  218.018651][T10386] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  218.021018][T10386] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  218.023444][T10386] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  218.026058][T10386] comedi comedi3: 8255: I/O port conflict (0x1a449,4)
[  218.028676][T10386] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  218.032707][T10386] comedi comedi3: 8255: I/O port conflict (0x40000003,4)
[  218.035218][T10386] comedi comedi3: 8255: I/O port conflict (0x89,4)
[  218.037484][T10386] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  218.040092][T10386] comedi comedi3: 8255: I/O port conflict (0xb,4)
[  218.042622][T10386] comedi comedi3: 8255: I/O port conflict (0x8,4)
[  218.044933][T10386] comedi comedi3: 8255: I/O port conflict (0x10001,4)
[  218.047502][T10386] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffb,4)
[  218.651679][T10390] loop4: detected capacity change from 0 to 32768
[  218.656720][ T5846] usb 4-1: USB disconnect, device number 29
[  218.695672][T10390] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  218.699564][T10390] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  218.743655][T10390] XFS (loop4): Ending clean mount
[  218.757570][T10390] XFS (loop4): Quotacheck needed: Please wait.
[  218.789885][T10390] XFS (loop4): Quotacheck: Done.
[  218.890558][ T8868] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  219.624840][T10469] loop3: detected capacity change from 0 to 1024
[  219.633887][T10469] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  219.640037][T10469] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  219.644974][T10474] loop1: detected capacity change from 0 to 1024
[  219.657161][ T5990] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.687429][  T876] hfsplus: b-tree write err: -5, ino 4
[  219.714586][T10479] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1749'.
[  219.720105][T10479] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1749'.
[  219.752234][T10484] xt_CT: You must specify a L4 protocol and not use inversions on it
[  220.187874][ T5846] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  220.237932][ T6703] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  220.415648][ T6703] usb 2-1: Using ep0 maxpacket: 16
[  220.419022][ T6703] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  220.422437][ T6703] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  220.425547][ T6703] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 42580, setting to 1024
[  220.429992][ T6703] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a
[  220.433053][ T6703] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.436886][ T6703] usb 2-1: config 0 descriptor??
[  220.439190][T10505] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  220.442678][ T6703] pegasus_notetaker 2-1:0.0: probe with driver pegasus_notetaker failed with error -12
[  220.477845][ T5846] usb 4-1: Using ep0 maxpacket: 8
[  220.481609][ T5846] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  220.484962][ T5846] usb 4-1: config 179 has no interface number 0
[  220.487385][ T5846] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  220.491908][ T5846] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  220.496226][ T5846] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  220.500714][ T5846] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  220.505126][ T5846] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  220.510401][ T5846] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  220.513757][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.519594][T10497] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  220.656013][ T6703] usb 2-1: USB disconnect, device number 37
[  220.943602][ T6703] usb 4-1: USB disconnect, device number 30
[  220.943646][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  220.951189][    C1] dummy_hcd dummy_hcd.3: timer fired with no URBs pending?
[  221.163811][T10519] loop4: detected capacity change from 0 to 4096
[  221.167436][T10519] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  221.189890][T10519] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  221.192935][T10519] ntfs3(loop4): Failed to load root (-22).
[  221.357034][T10529] loop1: detected capacity change from 0 to 512
[  221.361976][T10529] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  221.366000][T10529] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal
[  221.410081][T10533] netpci0: tun_chr_ioctl cmd 35108
[  221.613529][T10537] loop1: detected capacity change from 0 to 32768
[  221.666735][T10537] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  221.696280][ T5807] ocfs2: Unmounting device (7,1) on (node local)
[  222.024209][T10561] loop1: detected capacity change from 0 to 4096
[  222.027132][T10561] EXT4-fs (loop1): Test dummy encryption mode enabled
[  222.030405][T10561] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  222.032895][T10561] System zones: 0-5
[  222.035263][T10561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.042231][   T34] audit: type=1800 audit(2000000083.114:45): pid=10561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1785" name="file1" dev="loop1" ino=15 res=0 errno=0
[  222.065605][ T5807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.814949][T10594] loop3: detected capacity change from 0 to 256
[  222.821818][T10594] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0x2f9e4978, utbl_chksum : 0xe619d30d)
[  223.285965][T10615] loop1: detected capacity change from 0 to 32768
[  223.300311][T10615] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.349833][T10615] XFS (loop1): Ending clean mount
[  223.369616][ T5807] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.377933][ T6708] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  223.489016][T10631] loop4: detected capacity change from 0 to 1024
[  223.516469][T10631] hfsplus: b-tree write err: -5, ino 3
[  223.526527][T10633] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1813'.
[  223.537820][ T6708] usb 4-1: Using ep0 maxpacket: 8
[  223.542498][ T6708] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  223.545242][ T6708] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.552448][ T6708] usb 4-1: Product: syz
[  223.553746][ T6708] usb 4-1: Manufacturer: syz
[  223.555152][ T6708] usb 4-1: SerialNumber: syz
[  223.560189][ T6708] usb 4-1: config 0 descriptor??
[  223.610671][T10637] loop1: detected capacity change from 0 to 4096
[  223.614636][T10639] netlink: 'syz.4.1817': attribute type 1 has an invalid length.
[  223.637485][T10639] 8021q: adding VLAN 0 to HW filter on device bond1
[  223.672873][T10639] bond1: (slave gretap1): making interface the new active one
[  223.689062][T10639] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  223.731551][T10642] loop1: detected capacity change from 0 to 128
[  223.744024][T10642] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  223.748152][T10642] ext4 filesystem being mounted at /595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  223.766314][ T6708] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  223.787415][ T5807] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  223.922978][T10658] block nbd4: shutting down sockets
[  224.127646][ T6692] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  224.468859][ T6692] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  224.471591][ T6692] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  224.474645][ T6692] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  224.477336][ T6692] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  224.480792][ T6692] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  224.485358][ T6692] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  224.488171][ T6692] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  224.490592][ T6692] usb 2-1: Product: syz
[  224.491872][ T6692] usb 2-1: Manufacturer: syz
[  224.495629][ T6692] cdc_wdm 2-1:1.0: skipping garbage
[  224.498194][ T6692] cdc_wdm 2-1:1.0: skipping garbage
[  224.501341][ T6692] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  224.503621][ T6692] cdc_wdm 2-1:1.0: Unknown control protocol
[  224.907931][ T6692] usb 2-1: USB disconnect, device number 38
[  224.990762][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1829'.
[  225.259937][ T6708] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  225.265147][ T6708] usb 4-1: USB disconnect, device number 31
[  225.293692][T10684] loop4: detected capacity change from 0 to 4096
[  225.306961][T10685] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  225.495937][T10695] loop1: detected capacity change from 0 to 128
[  225.502932][T10695] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  225.506806][T10695] ext4 filesystem being mounted at /601/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.519529][T10695] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:375: inode #2: comm syz.1.1840: No space for directory leaf checksum. Please run e2fsck -D.
[  225.525560][T10695] EXT4-fs error (device loop1): htree_dirblock_to_tree:1051: inode #2: comm syz.1.1840: Directory block failed checksum
[  225.552093][ T5807] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  225.647634][   T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  225.807771][   T24] usb 5-1: Using ep0 maxpacket: 16
[  225.813527][   T24] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  225.816841][   T24] usb 5-1: config 0 has no interface number 0
[  225.834154][   T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  225.838939][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.848096][   T24] usb 5-1: Product: syz
[  225.849890][   T24] usb 5-1: Manufacturer: syz
[  225.851783][   T24] usb 5-1: SerialNumber: syz
[  225.889234][   T24] usb 5-1: config 0 descriptor??
[  225.892722][   T24] hub 5-1:0.132: bad descriptor, ignoring hub
[  225.894918][   T24] hub 5-1:0.132: probe with driver hub failed with error -5
[  225.901691][   T24] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input21
[  226.046012][T10714] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1848'.
[  226.053111][T10714] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1848'.
[  226.523703][T10724] batadv_slave_1: entered promiscuous mode
[  226.641832][T10724] veth0: entered promiscuous mode
[  226.917520][   T24] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  226.985241][T10737] loop1: detected capacity change from 0 to 1024
[  226.989034][T10737] EXT4-fs: Ignoring removed mblk_io_submit option
[  226.991070][T10737] EXT4-fs: inline encryption not supported
[  226.993280][T10737] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  226.999383][T10737] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1858: bad orphan inode 11
[  227.002606][T10737] EXT4-fs (loop1): Remounting filesystem read-only
[  227.004648][T10737] ext4_test_bit(bit=10, block=4) = 1
[  227.006304][T10737] is_bad_inode(inode)=0
[  227.008316][T10737] NEXT_ORPHAN(inode)=3254779904
[  227.009871][T10737] max_ino=32
[  227.010965][T10737] i_nlink=0
[  227.012801][T10737] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.023838][T10737] EXT4-fs: Remounting fs w/o journal so ignoring data_err option
[  227.026267][T10737] EXT4-fs: Cannot change journaled quota options when quota turned on
[  227.039450][ T5807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.081000][   T24] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  227.085503][   T24] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  227.092275][   T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  227.095773][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.104281][   T24] usbtmc 4-1:16.0: bulk endpoints not found
[  227.307553][ T6703] usb 4-1: USB disconnect, device number 32
[  227.367534][ T6692] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  227.517408][ T6692] usb 2-1: Using ep0 maxpacket: 32
[  227.520415][ T6692] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.523658][ T6692] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.528223][ T6692] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  227.530971][ T6692] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  227.533431][ T6692] usb 2-1: Product: syz
[  227.534924][ T6692] usb 2-1: Manufacturer: syz
[  227.538922][ T6692] hub 2-1:4.0: USB hub found
[  227.742766][ T6692] hub 2-1:4.0: 2 ports detected
[  227.950456][T10751] loop3: detected capacity change from 0 to 4096
[  227.955146][T10751] NILFS (loop3): mounting unchecked fs
[  227.956914][T10751] NILFS (loop3): recovery required for readonly filesystem
[  227.959693][T10751] NILFS (loop3): write access will be enabled during recovery
[  227.963987][T10751] NILFS (loop3): invalid segment: Checksum error in segment payload
[  227.966632][T10751] NILFS (loop3): trying rollback from an earlier position
[  227.973980][T10751] NILFS (loop3): norecovery option specified, skipping roll-forward recovery
[  228.204445][T10758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1867'.
[  228.224853][   T37] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  228.349131][ T6692] usb 2-1: USB disconnect, device number 39
[  228.420853][T10725] veth0: left promiscuous mode
[  228.422431][T10725] batadv_slave_1: left promiscuous mode
[  228.567719][   T33] usb 5-1: USB disconnect, device number 13
[  228.879971][T10776] loop3: detected capacity change from 0 to 65536
[  228.885598][T10776] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  228.894016][T10776] XFS (loop3): Ending clean mount
[  228.897840][T10776] XFS (loop3): Quotacheck needed: Please wait.
[  228.921440][T10776] XFS (loop3): Quotacheck: Done.
[  228.950672][ T5990] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  229.075137][T10804] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1886'.
[  229.304328][T10808] loop3: detected capacity change from 0 to 32768
[  229.306978][T10808] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1884 (10808)
[  229.431698][T10810] xt_l2tp: unknown flags: 17
[  229.528501][T10808] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  229.531615][T10808] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  229.547385][T10808] BTRFS info (device loop3): enabling ssd optimizations
[  229.549491][T10808] BTRFS info (device loop3): turning on async discard
[  229.551569][T10808] BTRFS info (device loop3): enabling free space tree
[  229.568861][ T5990] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  229.957289][ T6703] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  230.058063][T10851] loop1: detected capacity change from 0 to 2048
[  230.062735][T10851] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  230.228906][T10855] loop1: detected capacity change from 0 to 32768
[  230.232217][T10855] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1901 (10855)
[  230.237656][T10855] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  230.240980][T10855] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  230.247858][ T6703] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.00
[  230.251102][ T6703] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.256029][ T6703] usb 5-1: config 0 descriptor??
[  230.265244][ T6703] go7007 5-1:0.0: probe with driver go7007 failed with error -12
[  230.276473][T10855] BTRFS info (device loop1): setting nodatasum
[  230.279230][T10855] BTRFS info (device loop1): allowing degraded mounts
[  230.281930][T10855] BTRFS info (device loop1): enabling ssd optimizations
[  230.284673][T10855] BTRFS info (device loop1): disabling tree log
[  230.287142][T10855] BTRFS info (device loop1): turning on async discard
[  230.289850][T10855] BTRFS info (device loop1): enabling free space tree
[  230.292516][T10855] BTRFS info (device loop1): max_inline set to 0
[  230.304187][   T34] audit: type=1800 audit(2000000091.375:46): pid=10855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1901" name="file1" dev="loop1" ino=260 res=0 errno=0
[  230.313011][T10855] BTRFS error (device loop1): balance: invalid convert system profile single
[  230.327610][ T5807] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  230.464650][   T24] usb 5-1: USB disconnect, device number 14
[  230.593504][T10874] loop1: detected capacity change from 0 to 32768
[  230.757310][T10884] netlink: 'syz.3.1908': attribute type 5 has an invalid length.
[  230.923195][T10886] loop3: detected capacity change from 0 to 32768
[  230.930000][T10886] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.939711][T10886] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  230.946970][T10886] XFS (loop3): Starting recovery (logdev: internal)
[  230.955731][T10886] XFS (loop3): Ending recovery (logdev: internal)
[  230.961474][T10886] XFS (loop3): Quotacheck needed: Please wait.
[  230.980429][T10886] XFS (loop3): Quotacheck: Done.
[  231.025499][ T5990] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  231.527391][ T6692] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  231.695992][ T6692] usb 5-1: unable to get BOS descriptor or descriptor too short
[  231.701941][ T6692] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  231.706021][ T6692] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  231.712536][ T6692] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  231.715988][ T6692] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.721090][ T6692] usb 5-1: Product: syz
[  231.724118][ T6692] usb 5-1: Manufacturer: syz
[  231.725951][ T6692] usb 5-1: SerialNumber: syz
[  231.777553][ T5861] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  231.937332][ T5861] usb 4-1: Using ep0 maxpacket: 16
[  231.944719][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.952369][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.956485][ T5861] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  231.961006][ T6692] usb 5-1: 0:2 : does not exist
[  231.966772][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.974582][ T5861] usb 4-1: config 0 descriptor??
[  231.980276][ T6692] usb 5-1: USB disconnect, device number 15
[  232.384624][ T5861] corsair 0003:1B1C:1B02.0010: unbalanced collection at end of report description
[  232.389914][ T5861] corsair 0003:1B1C:1B02.0010: parse failed
[  232.392375][ T5861] corsair 0003:1B1C:1B02.0010: probe with driver corsair failed with error -22
[  232.588388][ T6708] usb 4-1: USB disconnect, device number 33
[  232.737220][ T5861] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  232.887155][ T5861] usb 5-1: Using ep0 maxpacket: 8
[  232.892428][ T5861] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  232.895591][ T5861] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  232.899678][ T5861] usb 5-1: config 0 has no interface number 0
[  232.902643][ T5861] usb 5-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  232.906432][ T5861] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  232.910802][ T5861] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  232.915167][ T5861] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  232.919650][ T5861] usb 5-1: config 0 interface 52 has no altsetting 0
[  232.921682][ T5861] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  232.924978][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.929241][ T5861] usb 5-1: config 0 descriptor??
[  233.127194][ T6708] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  233.136978][ T5861] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input22
[  233.277312][ T6708] usb 2-1: Using ep0 maxpacket: 16
[  233.283063][ T6708] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  233.298533][ T6708] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  233.303415][ T6708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.306588][ T6708] usb 2-1: Product: syz
[  233.310141][ T6708] usb 2-1: Manufacturer: syz
[  233.312085][ T6708] usb 2-1: SerialNumber: syz
[  233.315533][ T6708] usb 2-1: config 0 descriptor??
[  233.321714][ T6708] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  233.324829][ T6708] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  233.338902][   T24] usb 5-1: USB disconnect, device number 16
[  233.925731][ T6708] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  234.293246][T10982] loop4: detected capacity change from 0 to 32768
[  234.298674][T10982] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  234.322083][T10982] XFS (loop4): Ending clean mount
[  234.324659][T10982] XFS (loop4): Quotacheck needed: Please wait.
[  234.346308][T10982] XFS (loop4): Quotacheck: Done.
[  234.354856][ T6708] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  234.367233][ T6708] em28xx 2-1:0.0: board has no eeprom
[  234.369863][T10980] loop3: detected capacity change from 0 to 32768
[  234.374226][ T8868] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  234.403588][T10980] OCFS2: ERROR (device loop3): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 76: suballoc slot 3
[  234.413994][T10980] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  234.419238][T10980] OCFS2: Returning error to the calling process.
[  234.421407][T10980] (syz.3.1944,10980,0):ocfs2_read_locked_inode:597 ERROR: status = -5
[  234.426912][T10980] (syz.3.1944,10980,0):_ocfs2_get_system_file_inode:144 ERROR: status = -5
[  234.430097][T10980] (syz.3.1944,10980,0):ocfs2_init_local_system_inodes:496 ERROR: status=-22, sysfile=11, slot=0
[  234.433235][T10980] (syz.3.1944,10980,0):ocfs2_init_local_system_inodes:505 ERROR: status = -22
[  234.435977][T10980] (syz.3.1944,10980,0):ocfs2_mount_volume:1758 ERROR: status = -22
[  234.450754][T10980] (syz.3.1944,10980,0):ocfs2_fill_super:1177 ERROR: status = -22
[  234.835596][T10995] loop4: detected capacity change from 0 to 32768
[  234.839958][T10995] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1948 (10995)
[  234.851412][T10995] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  234.856077][T10995] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  234.860317][T10995] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  234.895255][T10995] BTRFS info (device loop4): rebuilding free space tree
[  234.910717][T10995] BTRFS info (device loop4): disabling free space tree
[  234.913627][T10995] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  234.918416][T10995] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  234.926082][T10995] BTRFS info (device loop4): checking UUID tree
[  234.926220][T11022] loop3: detected capacity change from 0 to 16
[  234.930585][T10995] BTRFS info (device loop4): enabling ssd optimizations
[  234.932292][T11022] erofs (device loop3): mounted with root inode @ nid 36.
[  234.933772][T10995] BTRFS info (device loop4): turning off barriers
[  235.008177][T10995] BTRFS info (device loop4): disabling tree log
[  235.010539][T10995] BTRFS info (device loop4): turning on flush-on-commit
[  235.012856][T10995] BTRFS info (device loop4): enabling disk space caching
[  235.015067][T10995] BTRFS info (device loop4): force clearing of disk cache
[  235.017739][T10995] BTRFS info (device loop4): use zstd compression, level 3
[  235.020041][T10995] BTRFS info (device loop4): max_inline set to 0
[  235.077396][ T8868] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  235.414499][T11025] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.418056][T11025] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.421544][T11025] erofs (device loop3): read error -117 @ 123 of nid 36
[  235.437717][T11025] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.440598][T11025] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.443256][T11025] erofs (device loop3): read error -117 @ 123 of nid 36
[  235.469154][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.471712][T10962] em28xx 2-1:0.0: reading from i2c device at 0x2 failed (error=-5)
[  235.472276][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.478192][T11024] erofs (device loop3): read error -117 @ 123 of nid 36
[  235.488145][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.491341][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.494348][T11024] erofs (device loop3): read error -117 @ 123 of nid 36
[  235.497650][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.500560][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.503594][T11024] erofs (device loop3): read error -117 @ 123 of nid 36
[  235.506762][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.510413][T11024] erofs (device loop3): per-inode big pcluster without sb feature for nid 36
[  235.513364][T11024] erofs (device loop3): read error -117 @ 123 of nid 36
[  235.537110][ T6708] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  235.542546][ T6708] em28xx 2-1:0.0: dvb set to bulk mode.
[  235.551874][ T6708] usb 2-1: USB disconnect, device number 40
[  235.555438][ T6708] em28xx 2-1:0.0: Disconnecting em28xx
[  235.561825][ T5846] em28xx 2-1:0.0: Binding DVB extension
[  235.588121][ T5846] em28xx 2-1:0.0: Registering input extension
[  235.593447][ T6708] em28xx 2-1:0.0: Closing input extension
[  235.615307][ T6708] em28xx 2-1:0.0: Freeing device
[  236.131041][T11070] netlink: 'syz.1.1975': attribute type 7 has an invalid length.
[  236.133625][T11070] netlink: 'syz.1.1975': attribute type 8 has an invalid length.
[  236.173503][T11075] bpf: Bad value for 'gid'
[  236.241371][T11072] loop4: detected capacity change from 0 to 2048
[  236.248953][T11080] loop1: detected capacity change from 0 to 512
[  236.262391][T11080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.270330][T11072] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.274492][T11080] ext4 filesystem being mounted at /646/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.307828][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.314622][   T34] audit: type=1800 audit(2000000097.385:47): pid=11080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1979" name="file1" dev="loop1" ino=15 res=0 errno=0
[  236.367980][   T34] audit: type=1800 audit(2000000097.445:48): pid=11090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1979" name="file1" dev="loop1" ino=15 res=0 errno=0
[  236.383698][   T34] audit: type=1800 audit(2000000097.455:49): pid=11090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1979" name="file1" dev="loop1" ino=15 res=0 errno=0
[  236.422187][ T5807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.533728][T11095] binder: 11093:11095 ioctl 4018620d 0 returned -22
[  236.635281][T11089] loop3: detected capacity change from 0 to 32768
[  236.650181][T11089] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  236.661604][T11089] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  236.670986][ T5847] (kworker/u8:3,5847,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  236.740622][T11101] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1985'.
[  236.788985][ T5990] ocfs2: Unmounting device (7,3) on (node local)
[  237.181630][T11112] loop4: detected capacity change from 0 to 4096
[  237.186087][T11112] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  237.197325][ T6692] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  237.203600][T11112] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  237.210097][T11112] ntfs3(loop4): mft corrupted
[  237.211756][T11112] ntfs3(loop4): Failed to load $Extend (-22).
[  237.213997][T11112] ntfs3(loop4): Failed to initialize $Extend.
[  237.364834][ T6692] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  237.375273][ T6692] usb 4-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=74.72
[  237.383269][ T6692] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.386459][ T6692] usb 4-1: Product: syz
[  237.392042][ T6692] usb 4-1: Manufacturer: syz
[  237.394337][ T6692] usb 4-1: SerialNumber: syz
[  237.403843][ T6692] usb 4-1: config 0 descriptor??
[  237.414524][ T6692] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[  237.421705][ T6692] dvb-usb: bulk message failed: -22 (3/0)
[  237.452486][ T6692] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  237.461734][ T6692] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19)
[  237.465151][ T6692] dvb_usb_umt_010 4-1:0.0: probe with driver dvb_usb_umt_010 failed with error -22
[  237.558531][T11118] netlink: 'syz.4.1992': attribute type 29 has an invalid length.
[  237.636611][ T6692] usb 4-1: USB disconnect, device number 34
[  237.778355][T11130] tap0: tun_chr_ioctl cmd 1074025675
[  237.780485][T11130] tap0: persist enabled
[  237.782539][T11130] tap0: tun_chr_ioctl cmd 1074025675
[  237.784688][T11130] tap0: persist enabled
[  237.840859][T11135] loop1: detected capacity change from 0 to 2048
[  237.846733][T11135] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  237.896904][ T5811] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  237.897001][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  238.136914][ T6708] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  238.286869][ T6708] usb 5-1: Using ep0 maxpacket: 16
[  238.290738][ T6708] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.294990][ T6708] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  238.306380][ T6708] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  238.313750][ T6708] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.325038][ T6708] usb 5-1: config 0 descriptor??
[  238.811177][T11161] veth0_to_team: entered promiscuous mode
[  238.813664][T11161] veth0_to_team: entered allmulticast mode
[  239.081729][ T6708] HID 045e:07da: Invalid code 65791 type 1
[  239.086327][ T6708] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0011/input/input24
[  239.098441][ T6708] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  239.105165][ T6708] usb 5-1: USB disconnect, device number 17
[  239.491218][T11185] netlink: 'syz.3.2022': attribute type 10 has an invalid length.
[  239.494304][T11185] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2022'.
[  239.499067][T11185] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  239.501715][T11185] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  239.505865][T11185] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  239.535205][T11189] loop3: detected capacity change from 0 to 16
[  239.537876][T11189] erofs (device loop3): mounted with root inode @ nid 36.
[  239.746573][   T33] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  239.806758][ T5846] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  239.896766][   T33] usb 2-1: Using ep0 maxpacket: 32
[  239.900716][   T33] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  239.903850][   T33] usb 2-1: config 0 has no interface number 0
[  239.906255][   T33] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  239.916706][   T33] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[  239.920562][   T33] usb 2-1: config 0 interface 85 has no altsetting 0
[  239.939538][   T33] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  239.943083][   T33] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.946001][   T33] usb 2-1: Product: syz
[  239.947739][   T33] usb 2-1: Manufacturer: syz
[  239.949425][   T33] usb 2-1: SerialNumber: syz
[  239.957426][   T33] usb 2-1: config 0 descriptor??
[  239.960221][ T5846] usb 5-1: config 4 has an invalid interface descriptor of length 2, skipping
[  239.963127][ T5846] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  239.966567][ T5846] usb 5-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  239.976827][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  239.981370][ T5846] usb 5-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a
[  239.984992][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.997544][ T5846] usb 5-1: Product: syz
[  239.999139][ T5846] usb 5-1: Manufacturer: syz
[  240.006721][ T5846] usb 5-1: SerialNumber: syz
[  240.214484][ T5861] usb 5-1: USB disconnect, device number 18
[  240.365755][   T33] appletouch 2-1:0.85: Failed to request geyser raw mode
[  240.368435][   T33] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[  240.377689][   T33] usb 2-1: USB disconnect, device number 41
[  241.282578][T11224] loop4: detected capacity change from 0 to 40427
[  241.285450][T11224] F2FS-fs (loop4): build fault injection rate: 14
[  241.287807][T11224] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  241.290908][T11224] F2FS-fs (loop4): invalid crc value
[  241.293702][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  241.299774][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  241.327166][T11224] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  241.329965][T11224] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  241.333789][T11224] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  241.347933][T11224] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  241.352986][T11224] F2FS-fs (loop4): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0xfa/0x570
[  241.369536][ T8868] syz-executor: attempt to access beyond end of device
[  241.369536][ T8868] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  241.373776][ T8868] CPU: 1 UID: 0 PID: 8868 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  241.373787][ T8868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  241.373792][ T8868] Call Trace:
[  241.373795][ T8868]  <TASK>
[  241.373799][ T8868]  dump_stack_lvl+0x189/0x250
[  241.373813][ T8868]  ? __pfx_dump_stack_lvl+0x10/0x10
[  241.373824][ T8868]  ? __pfx_queue_work_on+0x10/0x10
[  241.373832][ T8868]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  241.373845][ T8868]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  241.373861][ T8868]  f2fs_handle_critical_error+0x37c/0x540
[  241.373874][ T8868]  f2fs_write_end_io+0x886/0xb60
[  241.373891][ T8868]  __submit_merged_bio+0x27a/0x6a0
[  241.373903][ T8868]  __submit_merged_write_cond+0x255/0x530
[  241.373915][ T8868]  f2fs_write_data_pages+0x261d/0x3000
[  241.373939][ T8868]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  241.373970][ T8868]  ? __perf_event_task_sched_in+0xec/0x17e0
[  241.373986][ T8868]  ? __lock_acquire+0xab9/0xd20
[  241.373998][ T8868]  ? do_raw_spin_lock+0x121/0x290
[  241.374012][ T8868]  ? do_raw_spin_unlock+0x4d/0x240
[  241.374041][ T8868]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  241.374052][ T8868]  do_writepages+0x32e/0x550
[  241.374067][ T8868]  ? do_raw_spin_unlock+0x4d/0x240
[  241.374078][ T8868]  filemap_fdatawrite+0x199/0x240
[  241.374088][ T8868]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  241.374118][ T8868]  ? do_raw_spin_unlock+0x4d/0x240
[  241.374129][ T8868]  f2fs_sync_dirty_inodes+0x31f/0x830
[  241.374146][ T8868]  f2fs_write_checkpoint+0x93e/0x2440
[  241.374155][ T8868]  ? __lock_acquire+0xab9/0xd20
[  241.374175][ T8868]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  241.374208][ T8868]  kill_f2fs_super+0x2cc/0x6d0
[  241.374221][ T8868]  ? __pfx_kill_f2fs_super+0x10/0x10
[  241.374238][ T8868]  ? shrinker_free+0x2ce/0x3e0
[  241.374248][ T8868]  deactivate_locked_super+0xbc/0x130
[  241.374256][ T8868]  cleanup_mnt+0x425/0x4c0
[  241.374268][ T8868]  ? lockdep_hardirqs_on+0x9c/0x150
[  241.374277][ T8868]  task_work_run+0x1d4/0x260
[  241.374289][ T8868]  ? __pfx_task_work_run+0x10/0x10
[  241.374298][ T8868]  ? __x64_sys_umount+0x122/0x160
[  241.374308][ T8868]  ? exit_to_user_mode_loop+0x40/0x130
[  241.374317][ T8868]  exit_to_user_mode_loop+0xe9/0x130
[  241.374324][ T8868]  do_syscall_64+0x2bd/0xfa0
[  241.374331][ T8868]  ? lockdep_hardirqs_on+0x9c/0x150
[  241.374338][ T8868]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.374345][ T8868]  ? exc_page_fault+0xab/0x100
[  241.374353][ T8868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.374360][ T8868] RIP: 0033:0x7f50aa7902f7
[  241.374368][ T8868] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  241.374374][ T8868] RSP: 002b:00007ffee3444858 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  241.374383][ T8868] RAX: 0000000000000000 RBX: 00007f50aa811d7d RCX: 00007f50aa7902f7
[  241.374388][ T8868] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee3444910
[  241.374392][ T8868] RBP: 00007ffee3444910 R08: 0000000000000000 R09: 0000000000000000
[  241.374397][ T8868] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee34459a0
[  241.374401][ T8868] R13: 00007f50aa811d7d R14: 000000000003ae61 R15: 00007ffee34459e0
[  241.374415][ T8868]  </TASK>
[  241.374418][ T8868] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  242.348159][ T6701] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  242.416618][ T5861] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  242.497439][ T6701] usb 5-1: Using ep0 maxpacket: 32
[  242.500661][ T6701] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  242.503396][ T6701] usb 5-1: config 0 has no interface number 0
[  242.507863][ T6701] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  242.510702][ T6701] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.513487][ T6701] usb 5-1: Product: syz
[  242.520938][ T6701] usb 5-1: Manufacturer: syz
[  242.522425][ T6701] usb 5-1: SerialNumber: syz
[  242.526794][ T6701] usb 5-1: config 0 descriptor??
[  242.537417][ T6701] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  242.576647][ T5861] usb 2-1: Using ep0 maxpacket: 32
[  242.582536][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.586809][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1092, setting to 1024
[  242.590767][ T5861] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  242.594425][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.604198][ T5861] usb 2-1: config 0 descriptor??
[  242.608067][T11244] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  242.612637][ T5861] hub 2-1:0.0: USB hub found
[  242.668242][T11264] loop3: detected capacity change from 0 to 16
[  242.745739][ T6701] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  242.751488][ T6701] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  242.817708][ T5861] hub 2-1:0.0: 1 port detected
[  242.942066][T11268] loop3: detected capacity change from 0 to 32768
[  242.953720][T11268] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  242.964670][T11268] CIFS mount error: No usable UNC path provided in device string!
[  242.964670][T11268] 
[  242.969284][T11268] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  242.995647][ T5990] ocfs2: Unmounting device (7,3) on (node local)
[  243.151999][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  243.154958][ T6703] usb 5-1: USB disconnect, device number 19
[  243.164712][ T6703] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  243.171472][ T6703] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  243.186958][ T6703] quatech2 5-1:0.51: device disconnected
[  243.597648][T11279] loop3: detected capacity change from 0 to 32768
[  243.606143][T11279] (syz.3.2061,11279,1):ocfs2_journal_init:961 ERROR: Journal file size (0) is too small!
[  243.610164][T11279] (syz.3.2061,11279,1):ocfs2_check_volume:2347 ERROR: Could not initialize journal!
[  243.617527][T11279] (syz.3.2061,11279,1):ocfs2_check_volume:2432 ERROR: status = -22
[  243.620700][T11279] (syz.3.2061,11279,1):ocfs2_mount_volume:1764 ERROR: status = -22
[  243.626146][T11279] (syz.3.2061,11279,1):ocfs2_fill_super:1177 ERROR: status = -22
[  243.644238][ T6703] usb 2-1: USB disconnect, device number 42
[  243.646771][ T5861] hub 2-1:0.0: hub_ext_port_status failed (err = -71)
[  243.749724][T11282] loop4: detected capacity change from 0 to 4096
[  244.012103][T11297] loop4: detected capacity change from 0 to 512
[  244.020505][T11297] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.024388][T11297] ext4 filesystem being mounted at /302/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  244.039472][T11297] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  244.045144][T11297] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  244.064251][ T8868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.096468][T11302] Bluetooth: hci0: invalid length 0, exp 2 for type 27
[  245.768845][T11313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2074'.
[  246.622683][T11347] loop1: detected capacity change from 0 to 256
[  246.637490][T11347] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf5596061, utbl_chksum : 0xe619d30d)
[  247.242679][T11358] loop4: detected capacity change from 0 to 32768
[  247.376300][ T6703] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  247.536284][ T6703] usb 4-1: Using ep0 maxpacket: 16
[  247.549918][ T6703] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  247.556454][ T6703] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  247.559464][ T6703] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  247.563317][ T6703] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  247.586343][ T6703] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.592026][ T6703] usb 4-1: config 0 descriptor??
[  247.761911][T11365] loop4: detected capacity change from 0 to 32768
[  247.772565][   T34] audit: type=1800 audit(2000000108.846:50): pid=11365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2095" name="file1" dev="loop4" ino=4 res=0 errno=0
[  247.986333][ T6708] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  248.012505][ T6703] microsoft 0003:045E:07DA.0012: report is too long
[  248.014533][ T6703] microsoft 0003:045E:07DA.0012: item 0 4 0 8 parsing failed
[  248.017325][ T6703] microsoft 0003:045E:07DA.0012: parse failed
[  248.019204][ T6703] microsoft 0003:045E:07DA.0012: probe with driver microsoft failed with error -22
[  248.136458][ T6708] usb 2-1: Using ep0 maxpacket: 16
[  248.139887][ T6708] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.144065][ T6708] usb 2-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[  248.147853][ T6708] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.152098][ T6708] usb 2-1: config 0 descriptor??
[  248.218561][   T33] usb 4-1: USB disconnect, device number 35
[  248.396450][T11374] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2099'.
[  248.499650][T11382] xt_ecn: cannot match TCP bits for non-tcp packets
[  248.542988][T11386] cgroup: Name too long
[  248.812797][T11402] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  248.938425][T11413] 8021q: adding VLAN 0 to HW filter on device bond2
[  250.389581][T11464] netlink: 'syz.4.2138': attribute type 12 has an invalid length.
[  250.392013][T11464] netlink: 'syz.4.2138': attribute type 29 has an invalid length.
[  250.394477][T11464] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2138'.
[  250.398438][T11464] netlink: 'syz.4.2138': attribute type 1 has an invalid length.
[  250.441510][T11468] input: syz0 as /devices/virtual/input/input26
[  250.621014][T11473] loop1: detected capacity change from 0 to 32768
[  250.623736][T11473] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2143 (11473)
[  250.681640][T11473] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  250.685826][T11473] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  250.711593][T11473] BTRFS info (device loop1): rebuilding free space tree
[  250.722252][T11473] BTRFS info (device loop1): disabling free space tree
[  250.725079][T11473] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  250.729070][T11473] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  250.770756][T11473] BTRFS info (device loop1): setting nodatasum
[  250.773545][T11473] BTRFS info (device loop1): setting nodatacow
[  250.778192][T11473] BTRFS info (device loop1): turning off barriers
[  250.782467][T11473] BTRFS info (device loop1): force clearing of disk cache
[  251.043795][ T5807] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  251.545070][T11508] netlink: 'syz.4.2150': attribute type 1 has an invalid length.
[  251.547751][T11508] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2150'.
[  251.597300][T11512] binder_alloc: binder_alloc_mmap_handler: 11511 200000ffc000-200000ffd000 already mapped failed -16
[  251.762213][T11518] xt_cluster: you have exceeded the maximum number of cluster nodes (37482740 > 32)
[  252.197374][   T41] Bluetooth: hci3: Frame reassembly failed (-84)
[  252.208707][T11522] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  253.099268][T11524] loop1: detected capacity change from 0 to 2048
[  253.127972][T11524]  loop1: p4 < >
[  253.148682][T11524] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2156'.
[  253.193146][ T6708] usbhid 2-1:0.0: can't add hid device: -32
[  253.195089][ T6708] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[  253.220698][T11528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2158'.
[  253.256045][T11530] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2159'.
[  253.325501][T11534] binder: 11533:11534 ioctl 4018620d 0 returned -22
[  253.511584][T11537] loop4: detected capacity change from 0 to 32768
[  253.529097][   T41] JFS: metapage_get_blocks failed
[  253.531130][   T41] JFS: metapage_get_blocks failed
[  253.533333][   T41] JFS: metapage_get_blocks failed
[  253.535466][  T116] blkno = 50030, nblocks = 1
[  253.538093][  T116] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[  253.538093][  T116] 
[  253.542792][  T116] ERROR: (device loop4): remounting filesystem as read-only
[  253.545473][  T116] blkno = 5002c, nblocks = 4
[  253.547457][  T116] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[  253.547457][  T116] 
[  253.736044][ T5672] af_packet: tpacket_rcv: packet too big, clamped from 66 to 4294967286. macoff=82
[  253.796083][T11537] JFS: metapage_get_blocks failed
[  253.798138][T11537] JFS: metapage_get_blocks failed
[  254.216629][ T5811] Bluetooth: hci3: command 0x1003 tx timeout
[  254.216922][   T55] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  254.343447][T11556] loop4: detected capacity change from 0 to 512
[  254.371164][T11556] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2172: bg 0: block 393: padding at end of block bitmap is not set
[  254.387875][T11556] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  254.396407][T11556] EXT4-fs (loop4): 2 truncates cleaned up
[  254.398808][T11556] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.472640][T11554] loop1: detected capacity change from 0 to 32768
[  254.504145][ T9883] ==================================================================
[  254.506611][ T9883] BUG: KASAN: slab-use-after-free in __mutex_lock+0x801/0x1350
[  254.509131][ T9883] Read of size 8 at addr ffff888177ea00a0 by task khidpd_04580058/9883
[  254.512587][ T9883] 
[  254.513412][ T9883] CPU: 1 UID: 0 PID: 9883 Comm: khidpd_04580058 Not tainted syzkaller #0 PREEMPT(full) 
[  254.513426][ T9883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  254.513433][ T9883] Call Trace:
[  254.513439][ T9883]  <TASK>
[  254.513445][ T9883]  dump_stack_lvl+0x189/0x250
[  254.513462][ T9883]  ? __kasan_check_byte+0x12/0x40
[  254.513473][ T9883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.513482][ T9883]  ? lock_release+0x4b/0x3e0
[  254.513490][ T9883]  ? __virt_addr_valid+0x4a5/0x5c0
[  254.513501][ T9883]  print_report+0xca/0x240
[  254.513510][ T9883]  ? __mutex_lock+0x801/0x1350
[  254.513517][ T9883]  kasan_report+0x118/0x150
[  254.513525][ T9883]  ? __mutex_lock+0x801/0x1350
[  254.513533][ T9883]  __mutex_lock+0x801/0x1350
[  254.513541][ T9883]  ? __mutex_lock+0x5bb/0x1350
[  254.513549][ T9883]  ? l2cap_unregister_user+0x6a/0x1b0
[  254.513560][ T9883]  ? __pfx___mutex_lock+0x10/0x10
[  254.513576][ T9883]  ? __pfx___timer_delete_sync+0x10/0x10
[  254.513587][ T9883]  l2cap_unregister_user+0x6a/0x1b0
[  254.513598][ T9883]  hidp_session_thread+0x3c9/0x410
[  254.513606][ T9883]  ? __pfx_hidp_session_thread+0x10/0x10
[  254.513612][ T9883]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  254.513622][ T9883]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  254.513629][ T9883]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  254.513636][ T9883]  ? __kthread_parkme+0x7b/0x200
[  254.513645][ T9883]  ? __kthread_parkme+0x1a1/0x200
[  254.513653][ T9883]  kthread+0x711/0x8a0
[  254.513663][ T9883]  ? __pfx_hidp_session_thread+0x10/0x10
[  254.513669][ T9883]  ? __pfx_kthread+0x10/0x10
[  254.513678][ T9883]  ? _raw_spin_unlock_irq+0x23/0x50
[  254.513688][ T9883]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.513695][ T9883]  ? __pfx_kthread+0x10/0x10
[  254.513703][ T9883]  ret_from_fork+0x4bc/0x870
[  254.513712][ T9883]  ? __pfx_ret_from_fork+0x10/0x10
[  254.513719][ T9883]  ? __switch_to_asm+0x39/0x70
[  254.513725][ T9883]  ? __switch_to_asm+0x33/0x70
[  254.513731][ T9883]  ? __pfx_kthread+0x10/0x10
[  254.513739][ T9883]  ret_from_fork_asm+0x1a/0x30
[  254.513748][ T9883]  </TASK>
[  254.513750][ T9883] 
[  254.585591][ T9883] Allocated by task 8868:
[  254.587021][ T9883]  kasan_save_track+0x3e/0x80
[  254.588624][ T9883]  __kasan_kmalloc+0x93/0xb0
[  254.590134][ T9883]  __kmalloc_noprof+0x41d/0x800
[  254.591776][ T9883]  hci_alloc_dev_priv+0x28/0x2060
[  254.593525][ T9883]  vhci_create_device+0x120/0x650
[  254.595132][ T9883]  vhci_write+0x3ce/0x4a0
[  254.596636][ T9883]  vfs_write+0x5c9/0xb30
[  254.597965][ T9883]  ksys_write+0x145/0x250
[  254.599322][ T9883]  do_syscall_64+0xfa/0xfa0
[  254.600803][ T9883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.602654][ T9883] 
[  254.603427][ T9883] Freed by task 9877:
[  254.604826][ T9883]  kasan_save_track+0x3e/0x80
[  254.606299][ T9883]  kasan_save_free_info+0x46/0x50
[  254.608158][ T9883]  __kasan_slab_free+0x5c/0x80
[  254.609989][ T9883]  kfree+0x19a/0x6d0
[  254.611304][ T9883]  bt_host_release+0x82/0x90
[  254.612859][ T9883]  device_release+0x9c/0x1c0
[  254.614409][ T9883]  kobject_put+0x22b/0x480
[  254.615821][ T9883]  vhci_release+0x15a/0x1a0
[  254.617288][ T9883]  __fput+0x44c/0xa70
[  254.618620][ T9883]  task_work_run+0x1d4/0x260
[  254.620101][ T9883]  do_exit+0x6b5/0x2300
[  254.621429][ T9883]  do_group_exit+0x21c/0x2d0
[  254.622892][ T9883]  get_signal+0x1285/0x1340
[  254.624356][ T9883]  arch_do_signal_or_restart+0xa0/0x790
[  254.626102][ T9883]  exit_to_user_mode_loop+0x72/0x130
[  254.627782][ T9883]  do_syscall_64+0x2bd/0xfa0
[  254.629260][ T9883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.631144][ T9883] 
[  254.631892][ T9883] Last potentially related work creation:
[  254.633696][ T9883]  kasan_save_stack+0x3e/0x60
[  254.635210][ T9883]  kasan_record_aux_stack+0xbd/0xd0
[  254.636856][ T9883]  insert_work+0x3d/0x330
[  254.638229][ T9883]  __queue_work+0xcd2/0xfb0
[  254.639639][ T9883]  queue_work_on+0x181/0x270
[  254.641211][ T9883]  hci_recv_frame+0x625/0x7c0
[  254.642719][ T9883]  vhci_write+0x358/0x4a0
[  254.644240][ T9883]  vfs_write+0x5c9/0xb30
[  254.645592][ T9883]  ksys_write+0x145/0x250
[  254.646974][ T9883]  do_syscall_64+0xfa/0xfa0
[  254.648369][ T9883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.650446][ T9883] 
[  254.651367][ T9883] Second to last potentially related work creation:
[  254.653619][ T9883]  kasan_save_stack+0x3e/0x60
[  254.655384][ T9883]  kasan_record_aux_stack+0xbd/0xd0
[  254.657375][ T9883]  insert_work+0x3d/0x330
[  254.659037][ T9883]  __queue_work+0xbaf/0xfb0
[  254.660749][ T9883]  queue_work_on+0x181/0x270
[  254.662507][ T9883]  process_scheduled_works+0xae1/0x17b0
[  254.664358][ T9883]  worker_thread+0x8a0/0xda0
[  254.665788][ T9883]  kthread+0x711/0x8a0
[  254.667089][ T9883]  ret_from_fork+0x4bc/0x870
[  254.668570][ T9883]  ret_from_fork_asm+0x1a/0x30
[  254.670059][ T9883] 
[  254.670843][ T9883] The buggy address belongs to the object at ffff888177ea0000
[  254.670843][ T9883]  which belongs to the cache kmalloc-8k of size 8192
[  254.675444][ T9883] The buggy address is located 160 bytes inside of
[  254.675444][ T9883]  freed 8192-byte region [ffff888177ea0000, ffff888177ea2000)
[  254.679917][ T9883] 
[  254.680642][ T9883] The buggy address belongs to the physical page:
[  254.682628][ T9883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888177ea4000 pfn:0x177ea0
[  254.685666][ T9883] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  254.688213][ T9883] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[  254.690929][ T9883] page_type: f5(slab)
[  254.692214][ T9883] raw: 057ff00000000240 ffff888100042280 ffffea0006c7f210 ffffea0006c4ca10
[  254.694891][ T9883] raw: ffff888177ea4000 0000000000020001 00000000f5000000 0000000000000000
[  254.697593][ T9883] head: 057ff00000000240 ffff888100042280 ffffea0006c7f210 ffffea0006c4ca10
[  254.700316][ T9883] head: ffff888177ea4000 0000000000020001 00000000f5000000 0000000000000000
[  254.703198][ T9883] head: 057ff00000000003 ffffea0005dfa801 00000000ffffffff 00000000ffffffff
[  254.706047][ T9883] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  254.708642][ T9883] page dumped because: kasan: bad access detected
[  254.710592][ T9883] page_owner tracks the page as allocated
[  254.712326][ T9883] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8868, tgid 8868 (syz-executor), ts 165539074890, free_ts 154830147293
[  254.718621][ T9883]  post_alloc_hook+0x240/0x2a0
[  254.720090][ T9883]  get_page_from_freelist+0x2365/0x2440
[  254.721786][ T9883]  __alloc_frozen_pages_noprof+0x181/0x370
[  254.723567][ T9883]  alloc_pages_mpol+0x232/0x4a0
[  254.725091][ T9883]  allocate_slab+0x96/0x350
[  254.726510][ T9883]  ___slab_alloc+0xe94/0x18a0
[  254.727955][ T9883]  __slab_alloc+0x65/0x100
[  254.729321][ T9883]  __kmalloc_noprof+0x47d/0x800
[  254.730824][ T9883]  hci_alloc_dev_priv+0x28/0x2060
[  254.732410][ T9883]  vhci_create_device+0x120/0x650
[  254.734124][ T9883]  vhci_write+0x3ce/0x4a0
[  254.735790][ T9883]  vfs_write+0x5c9/0xb30
[  254.737410][ T9883]  ksys_write+0x145/0x250
[  254.739062][ T9883]  do_syscall_64+0xfa/0xfa0
[  254.740671][ T9883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.742922][ T9883] page last free pid 5261 tgid 5261 stack trace:
[  254.745284][ T9883]  __free_frozen_pages+0xbc8/0xd30
[  254.747061][ T9883]  __put_partials+0x146/0x170
[  254.748864][ T9883]  put_cpu_partial+0x1f2/0x2e0
[  254.750631][ T9883]  __slab_free+0x2b9/0x390
[  254.752353][ T9883]  qlist_free_all+0x97/0x140
[  254.753847][ T9883]  kasan_quarantine_reduce+0x148/0x160
[  254.755661][ T9883]  __kasan_slab_alloc+0x22/0x80
[  254.757171][ T9883]  __kmalloc_cache_noprof+0x37c/0x700
[  254.758798][ T9883]  kernfs_fop_open+0x397/0xca0
[  254.760282][ T9883]  do_dentry_open+0x953/0x13f0
[  254.761766][ T9883]  vfs_open+0x3b/0x340
[  254.763034][ T9883]  path_openat+0x2ee5/0x3830
[  254.764800][ T9883]  do_filp_open+0x1fa/0x410
[  254.766401][ T9883]  do_sys_openat2+0x121/0x1c0
[  254.768213][ T9883]  __x64_sys_openat+0x138/0x170
[  254.770081][ T9883]  do_syscall_64+0xfa/0xfa0
[  254.771837][ T9883] 
[  254.772785][ T9883] Memory state around the buggy address:
[  254.774739][ T9883]  ffff888177e9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  254.777284][ T9883]  ffff888177ea0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.779804][ T9883] >ffff888177ea0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.782347][ T9883]                                ^
[  254.783964][ T9883]  ffff888177ea0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.786778][ T9883]  ffff888177ea0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.789847][ T9883] ==================================================================
[  254.793445][ T9883] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  254.795937][ T9883] CPU: 1 UID: 0 PID: 9883 Comm: khidpd_04580058 Not tainted syzkaller #0 PREEMPT(full) 
[  254.798845][ T9883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  254.801906][ T9883] Call Trace:
[  254.802935][ T9883]  <TASK>
[  254.803840][ T9883]  dump_stack_lvl+0x99/0x250
[  254.805273][ T9883]  ? __asan_memcpy+0x40/0x70
[  254.806714][ T9883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.808303][ T9883]  ? __pfx__printk+0x10/0x10
[  254.809904][ T9883]  vpanic+0x237/0x6d0
[  254.811298][ T9883]  ? __pfx_vpanic+0x10/0x10
[  254.812706][ T9883]  panic+0xb9/0xc0
[  254.813899][ T9883]  ? __pfx_panic+0x10/0x10
[  254.815261][ T9883]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  254.817061][ T9883]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  254.818927][ T9883]  ? __mutex_lock+0x801/0x1350
[  254.820556][ T9883]  check_panic_on_warn+0x89/0xb0
[  254.822128][ T9883]  ? __mutex_lock+0x801/0x1350
[  254.823596][ T9883]  end_report+0x78/0x160
[  254.824971][ T9883]  kasan_report+0x129/0x150
[  254.826753][ T9883]  ? __mutex_lock+0x801/0x1350
[  254.828611][ T9883]  __mutex_lock+0x801/0x1350
[  254.830399][ T9883]  ? __mutex_lock+0x5bb/0x1350
[  254.832084][ T9883]  ? l2cap_unregister_user+0x6a/0x1b0
[  254.833739][ T9883]  ? __pfx___mutex_lock+0x10/0x10
[  254.835294][ T9883]  ? __pfx___timer_delete_sync+0x10/0x10
[  254.837011][ T9883]  l2cap_unregister_user+0x6a/0x1b0
[  254.838615][ T9883]  hidp_session_thread+0x3c9/0x410
[  254.840195][ T9883]  ? __pfx_hidp_session_thread+0x10/0x10
[  254.841932][ T9883]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  254.843803][ T9883]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  254.845733][ T9883]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  254.847679][ T9883]  ? __kthread_parkme+0x7b/0x200
[  254.849218][ T9883]  ? __kthread_parkme+0x1a1/0x200
[  254.850760][ T9883]  kthread+0x711/0x8a0
[  254.852028][ T9883]  ? __pfx_hidp_session_thread+0x10/0x10
[  254.853813][ T9883]  ? __pfx_kthread+0x10/0x10
[  254.855257][ T9883]  ? _raw_spin_unlock_irq+0x23/0x50
[  254.856849][ T9883]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.858428][ T9883]  ? __pfx_kthread+0x10/0x10
[  254.859840][ T9883]  ret_from_fork+0x4bc/0x870
[  254.861424][ T9883]  ? __pfx_ret_from_fork+0x10/0x10
[  254.863400][ T9883]  ? __switch_to_asm+0x39/0x70
[  254.865103][ T9883]  ? __switch_to_asm+0x33/0x70
[  254.866725][ T9883]  ? __pfx_kthread+0x10/0x10
[  254.868267][ T9883]  ret_from_fork_asm+0x1a/0x30
[  254.869710][ T9883]  </TASK>
[  254.871263][ T9883] Kernel Offset: disabled
[  254.872556][ T9883] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:47:39  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000007d RBX=0000000000000cf8 RCX=0000000000042800 RDX=ffffffff93326358
RSI=0000000000000004 RDI=000000000004e870 RBP=ffffffff937667d0 RSP=ffffc90000087ba0
R8 =0000000000000000 R9 =ffffffff81aa76c8 R10=dffffc0000000000 R11=fffffbfff1efa02f
R12=000000000006d99b R13=ffffffff937a1630 R14=ffffffff92784d22 R15=00000000000074f9
RIP=ffffffff819dcdd5 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88818eb35000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c260087 CR3=000000017641c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0065766973727563 65725f73726f7463
XMM02=00007f17903b7498 00007f17903b7470 XMM03=00007f17903b74a8 00007f17903b74a0
XMM04=00007f1790f1d100 00007f17903b7460 XMM05=00007f17903b7478 00007f17903b74c0
XMM06=00007f17903b74b8 00007f17903b74b0 XMM07=00007f17903b74a8 00007f17903b74a0
XMM08=ffa92fffe7bff64d 2dc77ffeee461800 XMM09=0000000000000000 00007f179021315a
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000035 RBX=0000000000000035 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90007427350
R8 =ffff88816c780237 R9 =1ffff1102d8f0046 R10=dffffc0000000000 R11=ffffffff8515b630
R12=dffffc0000000000 R13=ffffffff997df935 R14=ffffffff99af2f20 R15=0000000000000000
RIP=ffffffff8515b6ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a9f35000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=000000000dd38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
