last executing test programs:

2.908972084s ago: executing program 1 (id=450):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x30004084)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000), 0x4)

2.76514999s ago: executing program 1 (id=451):
r0 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r0, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
listen(r0, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x26020400)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9)
pselect6(0x40, &(0x7f0000000240)={0x2, 0x0, 0x4, 0x3, 0x2, 0x0, 0x100, 0x5}, &(0x7f0000000040)={0x1d, 0xfffffffffffffffe, 0x40, 0x7eff, 0x0, 0xfffffffffffffffe, 0x71e7, 0x8}, 0x0, 0x0, 0x0)

2.6477512s ago: executing program 1 (id=452):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$ocfs2(&(0x7f0000000140), &(0x7f0000004780)='./file0\x00', 0x180080f, &(0x7f0000000000)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6865617274626561743d6e6f6e652c6c6f63616c666c6f636b732c696e6f646536342c6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f61636c2c6e6f61636c2c6572726f72733d636f6e74696e75652c00edc97523793b5022d016bb24c65ba594abbd38fd9c301bfa101e61d574eb5cc84215aa20846b6f33df6281eaedb4b4afaaacd321e4df0d16b4f5a8a992efe2554b52ec9c980e5544cd4b8df3e1ba594d07e0bfe3471c164430a36b7ebddc35caf2959224d8330f1807117fc520d8ff5660c5691afd66a8e397bb802ed69df198008fb799cc37"], 0x1, 0x470e, &(0x7f0000008f40)="$eJzs222IHGcBB/BnNqe5pMn1XtImafqySQQPLceln6r1QzyrNpo2L9pWU+Xcu1wvp3u7592uFgxSgyAKghIEFV+oCqVfakEM9EstQsEXpFUoFUXrF5FCFfxg0AZ6srszuZ3Zvc7mNmlp+/tBOzfPzPPMs/e/eebl2RRitVMLK8WFlWKpUqzO3r9yS/Fz1XJ9cS4UXiWv9fHpzZXISfavnSPv+8BH7rklhD8c+9qHVldXV0PDcOjqQNvP5/99erZ9mShk6jTa7d5ayx/rj7z087e80h55ToQQdnT0q2FTCOFjvwhhcwhhJC4bjZdbQgjbQghRCOHR3/zrx4P9dKHN2XtfeO7YmcP7zkw9/tgzF+aPrrtjFMJ3y7tvnl98cf+m255/x2U6PAAAvKIPHj9y99HJA+HJKAydG+i8X98ZL5P74zvf9qm7Hh5Y275Kbza9iqECAABAxtrz/3D0cpf5umRmLZkSfOKBE3c/Fa1t92D7+nboriO3v3/yQDz/G3VsvzUu+ud7NzXnULPzvtn535FM/e7zv2vHefirz/6y8taN9z/pX3Lc4RAVJlLrhcLERAjHplrru6KthXJ1pfbO+6v1ysmNH/eNIp1/dvZ+bUK/1/xHM9Xz5v93f+LzP9sy0M8nGAvZv9rGerHzT5ku0vmvP5b/5EtRT/mPZerl5X/H09vP/2pzP58ge0QuRTr/1om4r32HYmsAaOT/zYH8/Hdk2s/L//tT5x49sYHv/zTGmeGo0dfB1Ajwcly+zleYyEjn3woiNXTGv8j1zv//ZfK/JtN+Xv53Vv/xu7/1cf1fb/wfn+qnzTePdP6tIIqpPdbO/5FC/vl/bab9vPx/e+rPz36yr2t1Z/6N/o+7/vcknX98IU4Pns3fZK/j/85M+3n57xq776GFDfT7w1vifg5FYaztW6fnGpewobX56uYjTWPz0gYO8iaQzr/1W0udOkOtRfP8H84f/3dl2s/L/6E9X3/P6b6+/9t9/J80/vcknf+WZtml5P9SJv/dmfbz8v/h6b//5b7LPP431g/Kvyfp/Ld2bF97/1Po6fnvukz9vPc/+0afeuSvfTz/J/1Ljpu8/0neQ4xHrfc/dJfO/6p19+v1+r8nUy/v/P/Wf55/en8/43802PEGwK1f79L5b2sVdnkA7DX/6zPt5+X/hXu+/PE/beD5r3nHN5jk3/b8v7lVftT435N0/ttbhal/DPVg8//N63/Umft/M/nfkGk/L/8LhyYGvnKZr/+N/o93eZVNp3T+Q+vu18j/9z1c/2/M1MvL/4t7f/rizX3d/4cwacDfsHT+V6+7X/P8H8zP/6ZMvbz8v/ONXz/xYB/9f3sfdcnm37rWp06n+N681+f/Yqb9vPx/NH7+7P4r8Px3q+t/T9L5t2bNLyX/7PP/3kz7efl/78gPlgeuwPufO+QPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIaPxcjhEhYnUeqEwMRHCWLy+K2yNZkonp2fK1dnPrISwIy4vhtFovlydKZWnFyrVk3PTpXK5OhvCNfH2HWEwWilXa9OLpaVrL7a1JTo1V1quzcyVaiGEnXH59WF70tbMQm2xtNTcN6lzVVT6bL1aK03UV+aWw+6L5duS8vnlan3puottXV2oLi+dKlWmTy4sv3tycnIy7LnY55Fo7oHaXKXW6m1ra6NOUnc4avswzc03tB3v09X6cqVUbpbf2FanXJ0tldvq3NR2vNpyvTJbqs1Nl6vzyfGKbXXbPltz895423gYSX2+pG7WwXh5+6HjHz1++EDH9mKUzrtSX5yb3N79bwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN64nb3vXt0MIA621QgjhYPJDFP+XcvbeF547dubwvjNTjz/2zIX5o932AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg/O3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi5n5cowjgOwO+MbRZIKV2EPAaGiOhNwoJ+EUnlGtmxS+egTgkZFAWGER0LgiCoW1QQdAoq/4Kog8dO1aUOHQwiqBidSdld2HKh13aeB4Z3htF3vjCwO/N+3n0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYP87uWOzK2ku7Ni9t3f0hdObnNoYQRpPl/c97O0JPCOHrl5nToUFb6Knp/83k3Hj9VZPfe/vHH14fTdZef/G/xXW7Q5IOrTremaTp0NDa+29XdwafTQ8mIaSxCyGKhbEnZyohhI7YhRDFz4/zF7PP9w2xCyGK/g93u7L7X4ldCFFs3f2pr5I/49EOOv/qr89XLwyu/u5v9gjewiM669Dbk1fepW5q6b3M3/+TfPM+WA6zJ468fx67CKKZnZs6GrsGAADg3zrXJP8PW5b3719OQk93fe7/rSb/763pv3H+v+Le9htjMy2FENvqxiaz4+F9rfTZ/k4NXL39umK8p6zk/+Um/y83+X+5yf/LTf5fbvJ/Mq/k/6X0+OaexRexiyAa+T8AAJTPoeMTU9Xhkezlf9OPzvq8vi9vq3me/uDW9MCjVeNG8sP/2+FjEwcODo/k971+QHBl/Yd06ez3fL5HbVuYrJl30Wz9h96nC/PXGvx0rfqH8zeK+orrWv8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/szrEJg2AQgNH/kioTZI1kikCaRME9nMHSARzF2hmcw8oFtBDRxtJG3mvu4IPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi+T/4r/q936iLdpojUZ/V335/rUi5jaKp2vG89Du4+TvoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmduBABgAAAECYv3Ue7QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpwAAAP//6bfLTA==")
mount(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x1000022, &(0x7f0000000340)='heartbeat=none')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)

2.030620352s ago: executing program 1 (id=459):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000140)='rxrpc_client\x00', r0, 0x0, 0x5}, 0x18)
r1 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0xfffc, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00)

1.660600804s ago: executing program 1 (id=461):
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{0x0, 0x0, 0xd, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8000000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000000000, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x80000001, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000]})
r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x2808044, &(0x7f00000023c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c696f636861727365743d6370313235302c73686f72746e616d653d77696e6e742c696f636861727365743d69736f383835392d31352c73686f72746e616d653d6c6f7765722c636f6465706167653d3935302c696f636861727365743d6d6163696e7569742c696f636861727365743d63703835352c756e695f786c6174653d302c757466383d302c696f636861727365743d6d6163637972696c6c69632c726f6469722c756e695f786c6174653d302c00b71262797105a4ca5243145acfad2df4757393b2196afc49f9f1ffa7efa1e55ee40e45a9ff97dc10fefa238b414ca6c285b983e4148c2377573fa4fa3f6fd4510fa1fb210b06504d78cb1d88749d5b468f47e0ba96b66d44959539914ed5c96c6a"], 0x1, 0x294, &(0x7f0000000500)="$eJzs3c1qY1UcAPD/TZM0VSFZuBLBC7pwFabzBBOkwmBWSha60cHpgCSh0EDAD4xduRdc+Q6+gw/gxjdw4VJwZxfilfTem6+mrYE0HcLvt8k/55z/+cppC4V78tmbw/7zs9GLi29+j0YjicqTeBKXSbSiEqXvAgDYJ5dZFn9lubvaVqMeEVmzeFfZwfQAgHuwyd9/AGA/fPTxJx90ut2TD9O0ETH8ftxLIn/N6zsv4osYxGk8imb8E5HN5PFrT7snUU3T8p8B46PoRQw//bV43/kz4ir/OJrRup7//tPuyXGai3eGk3FvOvL0tRavJBGdLMk7ehzNeD0iq0XRyTz/8Zr86NXj3bd/Kub/72m0oxm/fR5nMYjnV13M8789TtP3sh///jpfQS8imYx7h1ft5rKDnX0oAAAAAAAAAAAAAAAAAAAAAADsvXY601q8P6e8DbDdXl9/4/1AxQ0/k4X7dR6laVpe4zPu1SLPr8Yb1ag+3MoBAAAAAAAAAAAAAAAAAADg5TH68qv+s8Hg9Hwp+CVbLbk7qC6UlI/1b5C+FPR/jtg86/8EcVBMbZBcGyIpq7Yw1uEmjY/WDRqVm/awOoh88j9sPrG3trXAW4PydPWfJXFH48b6Q7JwMo+Kzs5Hya2HdjnI1mzdwY1Z9S2tvf7qdjdzuuLabDOX2zSmn+RCSW3LPykrknv5/QMAAAAAAAAAAAAAAAAAAMzNH/qNP65VXjzIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5+bf/z8LorVashpMiuTb2pTB4flozbCtHS8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPfdfAAAA///SBV2L")
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.619217056s ago: executing program 1 (id=462):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f00000001c0)={0x0, 0x16, 0xe, "31536db808554e45db2899f33ad9"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x8}, 0x0, 0x0, &(0x7f0000000300)={0x40, 0xa0, 0x4, 0x3}, &(0x7f0000000340)={0xc0, 0xa2, 0x2f, "4397686573aa0d9d270508fc53ffd1e237b200707056af32e2ac31c3b9080e562f74e484b8297c6330054594cdc8ab"}})

1.344619559s ago: executing program 2 (id=468):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000002006301b9000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.343836844s ago: executing program 0 (id=470):
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x7c0, 0x1125, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf8, 0x50, 0x5, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x3, 0x37, {0x9, 0x21, 0x6, 0x90, 0x1, {0x22, 0x75d}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0xc6, 0x2}}}}}]}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x5, &(0x7f0000000240)={0x5, 0xf, 0x5}})

1.343619054s ago: executing program 2 (id=471):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',default_permissions'], 0x0, 0x0, 0x0)
rename(&(0x7f0000000280)='./file0/../file0/file0\x00', 0x0)

420.712085ms ago: executing program 2 (id=472):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = io_uring_setup(0x868, &(0x7f00000000c0)={0x0, 0x2bad, 0x2, 0x1, 0x13b})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x14, &(0x7f0000001900)=[0xffffffff], 0x2)

420.557471ms ago: executing program 2 (id=473):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
close(r0)

349.391237ms ago: executing program 2 (id=474):
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x30}, [@ldst={0x3, 0x3, 0x3, 0xa, 0x0, 0xff00}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)

349.043287ms ago: executing program 2 (id=475):
syz_usb_connect(0x3, 0x47, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xd6, 0x97, 0xcb, 0x40, 0x4dd, 0x9032, 0x9299, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x35, 0x1, 0x3, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0xee, 0x97, 0x2, 0x2, 0xa, 0x0, 0x7, [], [{{0x9, 0x5, 0x1, 0x0, 0x40, 0xc, 0x2, 0x9, [@generic={0x9, 0xb, "6b05c60c0b1e7d"}]}}, {{0x9, 0x5, 0x8, 0x8, 0x40, 0x5, 0x1, 0x1, [@generic={0x8, 0xb, "24fc2c651aa2"}]}}]}}]}}]}}, 0x0)

120.473691ms ago: executing program 0 (id=476):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2, 0x80000}, 0x10)

70.465638ms ago: executing program 0 (id=477):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x25, &(0x7f0000000080), 0x4)

70.292998ms ago: executing program 0 (id=478):
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)

311.229µs ago: executing program 0 (id=479):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0xe, &(0x7f0000fee000)=0x3fa, 0x4)

0s ago: executing program 0 (id=480):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = accept(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$alg(r3, 0x0, 0x0, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r0, &(0x7f0000003240), 0x4000000000000e4, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:12643' (ED25519) to the list of known hosts.
syzkaller login: [   55.926810][ T5830] cgroup: Unknown subsys name 'net'
[   56.093622][ T5830] cgroup: Unknown subsys name 'cpuset'
[   56.097470][ T5830] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.420877][ T5830] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.817063][ T5916] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   70.607640][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.612532][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.616143][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.620520][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.624282][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.699364][ T5234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.705007][ T5234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.709525][ T5234] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.713683][ T5234] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.717403][ T5234] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.774176][   T56] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.777838][   T56] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.785750][   T56] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.797343][ T5945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.802171][ T5945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   71.063247][ T5941] chnl_net:caif_netlink_parms(): no params data found
[   71.125312][ T5937] chnl_net:caif_netlink_parms(): no params data found
[   71.143267][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.145925][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.157444][ T5943] chnl_net:caif_netlink_parms(): no params data found
[   71.265152][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.268265][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.271239][ T5941] bridge_slave_0: entered allmulticast mode
[   71.274480][ T5941] bridge_slave_0: entered promiscuous mode
[   71.294330][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.296658][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.299322][ T5941] bridge_slave_1: entered allmulticast mode
[   71.303388][ T5941] bridge_slave_1: entered promiscuous mode
[   71.343404][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.346394][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.349433][ T5943] bridge_slave_0: entered allmulticast mode
[   71.354802][ T5943] bridge_slave_0: entered promiscuous mode
[   71.367021][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.369495][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.371989][ T5937] bridge_slave_0: entered allmulticast mode
[   71.374776][ T5937] bridge_slave_0: entered promiscuous mode
[   71.378478][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.381601][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.384244][ T5937] bridge_slave_1: entered allmulticast mode
[   71.387554][ T5937] bridge_slave_1: entered promiscuous mode
[   71.391134][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.393980][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.396900][ T5943] bridge_slave_1: entered allmulticast mode
[   71.401212][ T5943] bridge_slave_1: entered promiscuous mode
[   71.425711][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.452671][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.470545][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.484640][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.492153][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.508854][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.533012][ T5941] team0: Port device team_slave_0 added
[   71.548126][ T5941] team0: Port device team_slave_1 added
[   71.552160][ T5943] team0: Port device team_slave_0 added
[   71.567598][ T5943] team0: Port device team_slave_1 added
[   71.592910][ T5937] team0: Port device team_slave_0 added
[   71.619484][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.622678][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.634467][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.641211][ T5937] team0: Port device team_slave_1 added
[   71.644280][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.646907][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.656252][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.661120][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.663567][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.673707][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.693548][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.695929][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.706145][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.729346][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.732386][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.741301][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.764529][ T5943] hsr_slave_0: entered promiscuous mode
[   71.766913][ T5943] hsr_slave_1: entered promiscuous mode
[   71.770698][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.773017][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.784055][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.875247][ T5941] hsr_slave_0: entered promiscuous mode
[   71.878236][ T5941] hsr_slave_1: entered promiscuous mode
[   71.881087][ T5941] debugfs: 'hsr0' already exists in 'hsr'
[   71.883175][ T5941] Cannot create hsr debugfs directory
[   71.898412][ T5937] hsr_slave_0: entered promiscuous mode
[   71.900976][ T5937] hsr_slave_1: entered promiscuous mode
[   71.903139][ T5937] debugfs: 'hsr0' already exists in 'hsr'
[   71.905031][ T5937] Cannot create hsr debugfs directory
[   72.141212][ T5943] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.166696][ T5943] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.173082][ T5943] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.180537][ T5943] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.211502][ T5941] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.218113][ T5941] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   72.238111][ T5941] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   72.252659][ T5941] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.290984][ T5937] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.301156][ T5937] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.306820][ T5937] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.321534][ T5937] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.397534][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.415291][ T5943] 8021q: adding VLAN 0 to HW filter on device team0
[   72.436957][ T3998] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.439959][ T3998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.453130][ T3998] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.455810][ T3998] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.496277][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.517183][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.543766][ T5941] 8021q: adding VLAN 0 to HW filter on device team0
[   72.566378][ T5937] 8021q: adding VLAN 0 to HW filter on device team0
[   72.573423][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.576005][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.580590][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.583490][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.602013][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.604520][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.626076][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.628872][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.652538][ T5941] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.661011][ T5945] Bluetooth: hci0: command tx timeout
[   72.715149][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.740750][ T5945] Bluetooth: hci1: command tx timeout
[   72.765291][ T5943] veth0_vlan: entered promiscuous mode
[   72.776979][ T5943] veth1_vlan: entered promiscuous mode
[   72.826325][ T5943] veth0_macvtap: entered promiscuous mode
[   72.833641][ T5945] Bluetooth: hci2: command tx timeout
[   72.843066][ T5943] veth1_macvtap: entered promiscuous mode
[   72.886288][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.892698][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.903592][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.916435][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.934469][ T5694] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.942605][ T5694] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.952184][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.956831][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.037785][ T5937] veth0_vlan: entered promiscuous mode
[   73.043818][ T5941] veth0_vlan: entered promiscuous mode
[   73.059423][ T5937] veth1_vlan: entered promiscuous mode
[   73.063291][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.066479][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.076586][ T5941] veth1_vlan: entered promiscuous mode
[   73.118917][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.122937][ T5937] veth0_macvtap: entered promiscuous mode
[   73.125511][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.129176][ T5941] veth0_macvtap: entered promiscuous mode
[   73.144118][ T5941] veth1_macvtap: entered promiscuous mode
[   73.156265][ T5937] veth1_macvtap: entered promiscuous mode
[   73.193796][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.199173][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.214375][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.224678][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.242124][ T5694] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.245794][ T5694] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.260591][ T5694] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.264073][ T5694] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.280720][ T5694] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.286509][ T5694] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.296181][ T5694] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.304751][ T5694] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.388716][ T6004] loop2: detected capacity change from 0 to 512
[   73.392251][ T6004] EXT4-fs: Ignoring removed mblk_io_submit option
[   73.404404][ T6004] EXT4-fs (loop2): orphan cleanup on readonly fs
[   73.407000][ T6004] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[   73.425383][ T6004] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.75: attempt to clear invalid blocks 2 len 1
[   73.439701][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.444251][ T6004] EXT4-fs (loop2): Remounting filesystem read-only
[   73.450555][ T6004] EXT4-fs (loop2): 1 truncate cleaned up
[   73.453487][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.454562][ T6004] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   73.486471][ T6004] overlayfs: cannot append lower layer
[   73.526117][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.529003][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.529305][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.535093][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.539067][ T5943] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.605724][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.608881][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.818561][ T6019] loop2: detected capacity change from 0 to 512
[   73.823950][ T6019] =======================================================
[   73.823950][ T6019] WARNING: The mand mount option has been deprecated and
[   73.823950][ T6019]          and is ignored by this kernel. Remove the mand
[   73.823950][ T6019]          option from the mount to silence this warning.
[   73.823950][ T6019] =======================================================
[   73.854187][ T6019] EXT4-fs (loop2): Test dummy encryption mode enabled
[   73.859670][ T6019] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[   73.903450][ T6019] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[   73.908581][ T6019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.972178][ T6024] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters
[   74.173786][ T6019] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[   74.266620][ T6034] loop1: detected capacity change from 0 to 512
[   74.315953][ T6034] EXT4-fs: Ignoring removed nomblk_io_submit option
[   74.317485][ T5943] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.388113][ T6034] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   74.396792][ T6034] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=842c01c, mo2=0002]
[   74.407532][ T6034] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[   74.416196][ T6034] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[   74.423765][ T6034] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   74.555944][ T5941] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.750793][ T5945] Bluetooth: hci0: command tx timeout
[   74.820365][ T5945] Bluetooth: hci1: command tx timeout
[   74.900223][ T5945] Bluetooth: hci2: command tx timeout
[   74.903999][ T5971] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   75.029427][ T6062] loop1: detected capacity change from 0 to 256
[   75.046429][ T6062] FAT-fs (loop1): Directory bread(block 64) failed
[   75.049141][ T6062] FAT-fs (loop1): Directory bread(block 65) failed
[   75.052420][ T6062] FAT-fs (loop1): Directory bread(block 66) failed
[   75.055183][ T6062] FAT-fs (loop1): Directory bread(block 67) failed
[   75.058014][ T6062] FAT-fs (loop1): Directory bread(block 68) failed
[   75.063354][ T6062] FAT-fs (loop1): Directory bread(block 69) failed
[   75.066388][ T6062] FAT-fs (loop1): Directory bread(block 70) failed
[   75.069323][ T6062] FAT-fs (loop1): Directory bread(block 71) failed
[   75.074143][ T6062] FAT-fs (loop1): Directory bread(block 72) failed
[   75.090826][ T6062] FAT-fs (loop1): Directory bread(block 73) failed
[   75.113754][ T6064] loop0: detected capacity change from 0 to 256
[   75.115655][ T5971] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.130242][ T5971] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   75.133926][ T6064] FAT-fs (loop0): Directory bread(block 64) failed
[   75.136439][ T6064] FAT-fs (loop0): Directory bread(block 65) failed
[   75.137343][ T5971] usb 3-1: New USB device found, idVendor=056a, idProduct=003d, bcdDevice= 0.00
[   75.138930][ T6064] FAT-fs (loop0): Directory bread(block 66) failed
[   75.147789][ T6064] FAT-fs (loop0): Directory bread(block 67) failed
[   75.150758][ T6064] FAT-fs (loop0): Directory bread(block 68) failed
[   75.153243][ T6064] FAT-fs (loop0): Directory bread(block 69) failed
[   75.154328][ T5971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.155477][ T6064] FAT-fs (loop0): Directory bread(block 70) failed
[   75.161777][ T6064] FAT-fs (loop0): Directory bread(block 71) failed
[   75.166145][ T5971] usb 3-1: config 0 descriptor??
[   75.170185][ T6064] FAT-fs (loop0): Directory bread(block 72) failed
[   75.174886][ T6064] FAT-fs (loop0): Directory bread(block 73) failed
[   75.474596][ T6074] gfs2: gfs2 mount does not exist
[   75.586864][ T5971] wacom 0003:056A:003D.0001: unknown main item tag 0x0
[   75.600051][ T5971] wacom 0003:056A:003D.0001: unknown main item tag 0x0
[   75.602779][ T5971] wacom 0003:056A:003D.0001: unknown main item tag 0x0
[   75.610258][ T5971] wacom 0003:056A:003D.0001: unknown main item tag 0x0
[   75.783507][ T5971] usb 3-1: USB disconnect, device number 2
[   76.138303][ T6099] syz.0.113 uses obsolete (PF_INET,SOCK_PACKET)
[   76.589085][ T6110] loop0: detected capacity change from 0 to 16
[   76.606119][ T6110] erofs (device loop0): mounted with root inode @ nid 36.
[   76.620484][ T6111] loop2: detected capacity change from 0 to 1024
[   76.625871][ T6111] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   76.638192][ T6111] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.118: lblock 1 mapped to illegal pblock 1 (length 1)
[   76.644944][ T6111] Quota error (device loop2): write_blk: dquota write failed
[   76.647971][ T6111] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   76.653049][ T6111] EXT4-fs error (device loop2): ext4_acquire_dquot:6943: comm syz.2.118: Failed to acquire dquot type 0
[   76.658275][ T6111] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.118: Freeing blocks not in datazone - block = 0, count = 4096
[   76.666205][ T6111] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.118: Invalid inode bitmap blk 0 in block_group 0
[   76.673268][ T3998] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u9:5: lblock 1 mapped to illegal pblock 1 (length 1)
[   76.680414][ T6111] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[   76.684365][ T6111] EXT4-fs (loop2): 1 orphan inode deleted
[   76.687825][ T6111] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.693106][ T3998] Quota error (device loop2): remove_tree: Can't read quota data block 1
[   76.696591][ T3998] EXT4-fs error (device loop2): ext4_release_dquot:6979: comm kworker/u9:5: Failed to release dquot type 0
[   76.722369][ T6111] EXT4-fs error (device loop2): ext4_search_dir:1474: inode #2: block 16: comm syz.2.118: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[   76.794985][ T5943] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.832491][ T5945] Bluetooth: hci0: command tx timeout
[   76.900636][ T5945] Bluetooth: hci1: command tx timeout
[   76.990224][ T5945] Bluetooth: hci2: command tx timeout
[   77.021874][ T6130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.127'.
[   77.105639][   T24] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   77.275020][ T6143] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.281374][   T24] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[   77.285769][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   77.296678][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[   77.306192][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   77.311537][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   77.314706][   T24] usb 2-1: SerialNumber: syz
[   77.530735][   T24] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[   77.536462][   T24] usb 2-1: USB disconnect, device number 2
[   77.598181][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.138'.
[   77.609381][ T6154] bond_slave_0: entered promiscuous mode
[   77.612014][ T6154] bond_slave_1: entered promiscuous mode
[   77.615081][ T6154] macvlan2: entered promiscuous mode
[   77.617330][ T6154] bond0: entered promiscuous mode
[   77.620985][ T6154] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   77.708642][ T6160] process 'syz.0.141' launched './file1' with NULL argv: empty string added
[   78.136063][ T6178] loop0: detected capacity change from 0 to 256
[   78.139555][ T6178] exfat: Deprecated parameter 'utf8'
[   78.151997][ T6178] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[   78.178797][   T33] audit: type=1800 audit(1757527501.000:2): pid=6178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.148" name="file1" dev="loop0" ino=1048640 res=0 errno=0
[   78.199205][ T6181] loop2: detected capacity change from 0 to 256
[   78.208971][   T33] audit: type=1800 audit(1757527501.000:3): pid=6178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.148" name="file1" dev="loop0" ino=1048640 res=0 errno=0
[   78.211336][ T6181] exfat: Deprecated parameter 'namecase'
[   78.228231][ T6181] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[   78.682147][ T6187] netlink: 'syz.0.150': attribute type 32 has an invalid length.
[   78.686153][ T6187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.150'.
[   78.689978][ T6187] (unnamed net_device) (uninitialized): option coupled_control: invalid value (205)
[   78.905083][ T6199] loop0: detected capacity change from 0 to 512
[   78.911328][ T5945] Bluetooth: hci0: command tx timeout
[   78.918234][ T6199] EXT4-fs (loop0): orphan cleanup on readonly fs
[   78.922880][ T6199] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.157: bad orphan inode 13
[   78.927454][ T6199] ext4_test_bit(bit=12, block=18) = 1
[   78.929645][ T6199] is_bad_inode(inode)=0
[   78.932427][ T6199] NEXT_ORPHAN(inode)=2130706432
[   78.936386][ T6199] max_ino=32
[   78.958155][ T6199] i_nlink=1
[   78.960491][ T6199] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.973151][ T6199] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.157: deleted inode referenced: 12
[   78.981674][ T5945] Bluetooth: hci1: command tx timeout
[   78.996732][ T5937] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.060056][ T5945] Bluetooth: hci2: command tx timeout
[   79.209864][   T10] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   79.330469][ T5964] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   79.361873][   T10] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[   79.365446][   T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   79.371219][   T10] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[   79.375730][   T10] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[   79.382057][   T10] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   79.386867][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[   79.392520][   T10] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   79.396185][   T10] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   79.399544][   T10] usb 3-1: Product: syz
[   79.402064][   T10] usb 3-1: Manufacturer: syz
[   79.403999][   T10] usb 3-1: SerialNumber: syz
[   79.410109][   T10] usb 3-1: config 0 descriptor??
[   79.413079][ T6204] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   79.418303][   T10] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   79.425103][   T10] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   79.479928][ T5964] usb 1-1: Using ep0 maxpacket: 32
[   79.483477][ T5964] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.487416][ T5964] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.491086][ T5964] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   79.494118][ T5964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.499129][ T5964] usb 1-1: config 0 descriptor??
[   79.505950][ T5964] hub 1-1:0.0: USB hub found
[   79.633354][   T10] usb 3-1: USB disconnect, device number 3
[   79.644755][   T10] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[   79.705452][ T5964] hub 1-1:0.0: 31 ports detected
[   79.709661][ T5964] hub 1-1:0.0: insufficient power available to use all downstream ports
[   79.906806][ T5964] hub 1-1:0.0: hub_hub_status failed (err = -71)
[   79.910455][ T5964] hub 1-1:0.0: config failed, can't get hub status (err -71)
[   79.929262][ T5964] usbhid 1-1:0.0: can't add hid device: -71
[   79.931982][ T5964] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   79.970646][ T5964] usb 1-1: USB disconnect, device number 2
[   80.673031][ T6231] input: syz1 as /devices/virtual/input/input4
[   80.820448][ T5964] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   80.875012][ T6238] loop2: detected capacity change from 0 to 512
[   80.878461][ T6238] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   80.926140][ T6240] loop1: detected capacity change from 0 to 8
[   80.943995][ T6240] SQUASHFS error: lzo decompression failed, data probably corrupt
[   80.960069][ T6240] SQUASHFS error: Failed to read block 0x28d: -5
[   80.963067][ T6240] SQUASHFS error: Unable to read metadata cache entry [28b]
[   80.966913][ T6240] SQUASHFS error: Unable to read inode 0x11f
[   80.999853][ T5964] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[   81.003327][ T5964] usb 1-1: config 0 has no interface number 0
[   81.005852][ T5964] usb 1-1: too many endpoints for config 0 interface 85 altsetting 0: 157, using maximum allowed: 30
[   81.012083][ T5964] usb 1-1: config 0 interface 85 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 157
[   81.017534][ T5964] usb 1-1: New USB device found, idVendor=1934, idProduct=0706, bcdDevice=f1.f8
[   81.041458][ T5964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.055845][ T5964] usb 1-1: config 0 descriptor??
[   81.062588][ T5964] hub 1-1:0.85: bad descriptor, ignoring hub
[   81.066017][ T5964] hub 1-1:0.85: probe with driver hub failed with error -5
[   81.070404][ T5964] f81232 1-1:0.85: f81232 converter detected
[   81.076945][ T5964] usb 1-1: f81232 converter now attached to ttyUSB0
[   81.305569][ T6243] loop1: detected capacity change from 0 to 40427
[   81.370552][ T5964] usb 1-1: USB disconnect, device number 3
[   81.379420][ T6243] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   81.384849][ T5964] f81232 ttyUSB0: f81232 converter now disconnected from ttyUSB0
[   81.388247][ T5964] f81232 1-1:0.85: device disconnected
[   81.390966][  T794] cfg80211: failed to load regulatory.db
[   81.403289][ T6243] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   81.484923][ T5941] syz-executor: attempt to access beyond end of device
[   81.484923][ T5941] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   81.491971][ T5941] CPU: 0 UID: 0 PID: 5941 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   81.491990][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   81.491997][ T5941] Call Trace:
[   81.492002][ T5941]  <TASK>
[   81.492008][ T5941]  dump_stack_lvl+0x189/0x250
[   81.492028][ T5941]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.492042][ T5941]  ? __pfx_queue_work_on+0x10/0x10
[   81.492058][ T5941]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   81.492075][ T5941]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.492100][ T5941]  f2fs_handle_critical_error+0x37c/0x540
[   81.492121][ T5941]  f2fs_write_end_io+0x886/0xb60
[   81.492152][ T5941]  __submit_merged_bio+0x27a/0x6a0
[   81.492172][ T5941]  __submit_merged_write_cond+0x255/0x530
[   81.492193][ T5941]  f2fs_write_data_pages+0x261d/0x3000
[   81.492236][ T5941]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.492306][ T5941]  ? __lock_acquire+0xab9/0xd20
[   81.492329][ T5941]  ? do_raw_spin_lock+0x121/0x290
[   81.492351][ T5941]  ? do_raw_spin_unlock+0x4d/0x240
[   81.492365][ T5941]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.492383][ T5941]  do_writepages+0x32e/0x550
[   81.492408][ T5941]  ? do_raw_spin_unlock+0x4d/0x240
[   81.492424][ T5941]  filemap_fdatawrite+0x199/0x240
[   81.492441][ T5941]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   81.492491][ T5941]  ? do_raw_spin_unlock+0x4d/0x240
[   81.492508][ T5941]  f2fs_sync_dirty_inodes+0x31f/0x830
[   81.492538][ T5941]  f2fs_write_checkpoint+0x93e/0x2440
[   81.492550][ T5941]  ? __lock_acquire+0xab9/0xd20
[   81.492586][ T5941]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   81.492639][ T5941]  kill_f2fs_super+0x2cc/0x6d0
[   81.492656][ T5941]  ? __pfx_kill_f2fs_super+0x10/0x10
[   81.492681][ T5941]  ? shrinker_free+0x2ce/0x3e0
[   81.492696][ T5941]  deactivate_locked_super+0xbc/0x130
[   81.492712][ T5941]  cleanup_mnt+0x425/0x4c0
[   81.492725][ T5941]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.492740][ T5941]  task_work_run+0x1d4/0x260
[   81.492767][ T5941]  ? __pfx_task_work_run+0x10/0x10
[   81.492780][ T5941]  ? __x64_sys_umount+0x122/0x160
[   81.492798][ T5941]  ? exit_to_user_mode_loop+0x40/0x130
[   81.492844][ T5941]  exit_to_user_mode_loop+0xec/0x130
[   81.492862][ T5941]  do_syscall_64+0x2bd/0xfa0
[   81.492873][ T5941]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.492885][ T5941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.492897][ T5941]  ? exc_page_fault+0xab/0x100
[   81.492916][ T5941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.492928][ T5941] RIP: 0033:0x7f86cad8fed7
[   81.492941][ T5941] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   81.492950][ T5941] RSP: 002b:00007fff4f2255a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   81.492964][ T5941] RAX: 0000000000000000 RBX: 00007f86cae11c05 RCX: 00007f86cad8fed7
[   81.492972][ T5941] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4f225660
[   81.492979][ T5941] RBP: 00007fff4f225660 R08: 0000000000000000 R09: 0000000000000000
[   81.492987][ T5941] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4f2266f0
[   81.492994][ T5941] R13: 00007f86cae11c05 R14: 0000000000013dc1 R15: 00007fff4f226730
[   81.493016][ T5941]  </TASK>
[   81.493021][ T5941] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   81.628472][ T5941] CPU: 1 UID: 0 PID: 5941 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   81.628488][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   81.628494][ T5941] Call Trace:
[   81.628499][ T5941]  <TASK>
[   81.628504][ T5941]  dump_stack_lvl+0x189/0x250
[   81.628520][ T5941]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.628528][ T5941]  ? __pfx_queue_work_on+0x10/0x10
[   81.628539][ T5941]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   81.628550][ T5941]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.628565][ T5941]  f2fs_handle_critical_error+0x37c/0x540
[   81.628578][ T5941]  f2fs_write_end_io+0x886/0xb60
[   81.628596][ T5941]  __submit_merged_bio+0x27a/0x6a0
[   81.628608][ T5941]  __submit_merged_write_cond+0x255/0x530
[   81.628621][ T5941]  f2fs_write_data_pages+0x261d/0x3000
[   81.628644][ T5941]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.628682][ T5941]  ? __lock_acquire+0xab9/0xd20
[   81.628696][ T5941]  ? do_raw_spin_lock+0x121/0x290
[   81.628716][ T5941]  ? do_raw_spin_unlock+0x4d/0x240
[   81.628724][ T5941]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.628735][ T5941]  do_writepages+0x32e/0x550
[   81.628748][ T5941]  ? do_raw_spin_unlock+0x4d/0x240
[   81.628758][ T5941]  filemap_fdatawrite+0x199/0x240
[   81.628767][ T5941]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   81.628794][ T5941]  ? do_raw_spin_unlock+0x4d/0x240
[   81.628803][ T5941]  f2fs_sync_dirty_inodes+0x31f/0x830
[   81.628861][ T5941]  f2fs_write_checkpoint+0x93e/0x2440
[   81.628869][ T5941]  ? __lock_acquire+0xab9/0xd20
[   81.628889][ T5941]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   81.628916][ T5941]  kill_f2fs_super+0x2cc/0x6d0
[   81.628925][ T5941]  ? __pfx_kill_f2fs_super+0x10/0x10
[   81.628939][ T5941]  ? shrinker_free+0x2ce/0x3e0
[   81.628947][ T5941]  deactivate_locked_super+0xbc/0x130
[   81.628957][ T5941]  cleanup_mnt+0x425/0x4c0
[   81.628966][ T5941]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.628974][ T5941]  task_work_run+0x1d4/0x260
[   81.628984][ T5941]  ? __pfx_task_work_run+0x10/0x10
[   81.628991][ T5941]  ? __x64_sys_umount+0x122/0x160
[   81.629001][ T5941]  ? exit_to_user_mode_loop+0x40/0x130
[   81.629014][ T5941]  exit_to_user_mode_loop+0xec/0x130
[   81.629023][ T5941]  do_syscall_64+0x2bd/0xfa0
[   81.629030][ T5941]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.629036][ T5941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.629043][ T5941]  ? exc_page_fault+0xab/0x100
[   81.629054][ T5941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.629061][ T5941] RIP: 0033:0x7f86cad8fed7
[   81.629069][ T5941] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   81.629075][ T5941] RSP: 002b:00007fff4f2255a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   81.629084][ T5941] RAX: 0000000000000000 RBX: 00007f86cae11c05 RCX: 00007f86cad8fed7
[   81.629088][ T5941] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4f225660
[   81.629092][ T5941] RBP: 00007fff4f225660 R08: 0000000000000000 R09: 0000000000000000
[   81.629097][ T5941] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4f2266f0
[   81.629101][ T5941] R13: 00007f86cae11c05 R14: 0000000000013dc1 R15: 00007fff4f226730
[   81.629113][ T5941]  </TASK>
[   81.629116][ T5941] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   81.887240][ T6253] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   81.891230][ T6253] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[   81.895074][ T6253] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   81.898458][ T6253] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[   82.128622][ T6267] Failed to get privilege flags for destination (handle=0x2:0x0)
[   82.695737][  T794] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   82.859973][  T794] usb 1-1: Using ep0 maxpacket: 32
[   82.867967][  T794] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[   82.871831][  T794] usb 1-1: config 0 has no interface number 0
[   82.875553][  T794] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   82.894733][  T794] usb 1-1: config 0 interface 85 has no altsetting 0
[   82.925573][  T794] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[   82.929514][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.947318][  T794] usb 1-1: Product: syz
[   82.961151][  T794] usb 1-1: Manufacturer: syz
[   82.969662][  T794] usb 1-1: SerialNumber: syz
[   83.052013][  T794] usb 1-1: config 0 descriptor??
[   83.317273][ T6277] loop0: detected capacity change from 0 to 1024
[   83.354866][ T6277] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.675833][ T6303] batadv1: entered promiscuous mode
[   84.137958][  T794] appletouch 1-1:0.85: Geyser mode initialized.
[   84.157398][  T794] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input5
[   84.175417][    C0] appletouch 1-1:0.85: atp_complete: usb_submit_urb failed with result -1
[   84.177299][  T794] usb 1-1: USB disconnect, device number 4
[   84.205795][  T794] appletouch 1-1:0.85: input: appletouch disconnected
[   84.470186][  T793] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   84.630050][  T793] usb 3-1: Using ep0 maxpacket: 32
[   84.636128][  T793] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.640947][  T793] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[   84.645106][  T793] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[   84.649214][  T793] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[   84.657069][  T793] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   84.660923][  T793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.664106][  T793] usb 3-1: Product: syz
[   84.665921][  T793] usb 3-1: Manufacturer: syz
[   84.667915][  T793] usb 3-1: SerialNumber: syz
[   84.685711][ T5937] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.639870][   T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   85.702040][  T793] cdc_ncm 3-1:1.0: bind() failure
[   85.709514][  T793] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[   85.714405][  T793] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[   85.718630][  T793] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[   85.727102][  T793] usb 3-1: USB disconnect, device number 4
[   85.796774][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   85.801579][   T10] usb 2-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00
[   85.805296][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.812026][   T10] usb 2-1: config 0 descriptor??
[   86.049939][  T794] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   86.200688][  T794] usb 1-1: Using ep0 maxpacket: 32
[   86.203769][  T794] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[   86.206564][  T794] usb 1-1: config 0 has no interface number 0
[   86.210845][  T794] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[   86.219964][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.226881][  T794] usb 1-1: Product: syz
[   86.227903][   T10] kye 0003:0458:5012.0002: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[   86.236825][  T794] usb 1-1: Manufacturer: syz
[   86.238674][  T794] usb 1-1: SerialNumber: syz
[   86.242043][   T10] kye 0003:0458:5012.0002: hidraw0: USB HID v0.00 Device [HID 0458:5012] on usb-dummy_hcd.1-1/input0
[   86.242857][  T794] usb 1-1: config 0 descriptor??
[   86.246571][   T10] kye 0003:0458:5012.0002: tablet-enabling feature report not found
[   86.251917][  T794] quatech2 1-1:0.1: Quatech 2nd gen USB to Serial Driver converter detected
[   86.275361][   T10] kye 0003:0458:5012.0002: tablet enabling failed
[   86.305384][ T6332] netlink: 'syz.2.209': attribute type 1 has an invalid length.
[   86.308612][ T6332] netlink: 172 bytes leftover after parsing attributes in process `syz.2.209'.
[   86.445079][ T5313] usb 2-1: USB disconnect, device number 3
[   86.464512][  T794] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[   86.493578][  T794] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[   86.716851][ T6345] loop2: detected capacity change from 0 to 4096
[   86.734439][ T6345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.749165][   T33] audit: type=1800 audit(1757527509.570:4): pid=6345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.215" name="file1" dev="loop2" ino=15 res=0 errno=0
[   86.782697][ T5943] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.873784][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[   86.877749][  T793] usb 1-1: USB disconnect, device number 5
[   86.892352][  T793] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[   86.906033][  T793] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[   86.917445][  T793] quatech2 1-1:0.1: device disconnected
[   87.080235][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   87.193470][ T6357] loop1: detected capacity change from 0 to 4096
[   87.201196][ T6357] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[   87.231404][   T10] usb 3-1: Using ep0 maxpacket: 16
[   87.237130][   T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[   87.243129][   T10] usb 3-1: config 0 has no interface number 0
[   87.245486][   T10] usb 3-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[   87.250777][   T10] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[   87.255391][   T10] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[   87.264974][   T10] usb 3-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[   87.268681][   T10] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   87.272477][   T10] usb 3-1: Product: syz
[   87.274336][   T10] usb 3-1: SerialNumber: syz
[   87.282953][   T10] usb 3-1: config 0 descriptor??
[   87.509085][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   87.521379][   T10] usb 3-1: invalid MIDI out EP 0
[   87.609410][   T10] snd-usb-audio 3-1:0.2: probe with driver snd-usb-audio failed with error -22
[   87.615378][   T10] usb 3-1: USB disconnect, device number 5
[   87.648483][ T5936] udevd[5936]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   87.846520][ T6375] overlayfs: failed to resolve './file0': -14
[   87.948119][ T6377] loop1: detected capacity change from 0 to 64
[   88.013249][ T6379] loop1: detected capacity change from 0 to 512
[   88.045013][ T6379] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.051366][ T6379] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.127287][ T5941] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.268822][ T6390] syzkaller0: entered promiscuous mode
[   88.277717][ T6390] syzkaller0: entered allmulticast mode
[   88.617163][ T6397] loop1: detected capacity change from 0 to 256
[   88.653541][ T6397] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   88.692564][ T5971] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   88.909868][ T5971] usb 1-1: Using ep0 maxpacket: 32
[   88.917601][ T5971] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[   88.927079][ T5971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.937365][ T5971] usb 1-1: config 0 descriptor??
[   88.954097][ T5971] gspca_main: nw80x-2.14.0 probing 055f:d001
[   89.414353][ T6410] capability: warning: `syz.2.241' uses 32-bit capabilities (legacy support in use)
[   90.001425][  T794] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   90.154187][  T794] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[   90.157681][  T794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.161848][  T794] usb 3-1: Product: syz
[   90.163475][  T794] usb 3-1: Manufacturer: syz
[   90.165488][  T794] usb 3-1: SerialNumber: syz
[   90.169672][  T794] usb 3-1: config 0 descriptor??
[   90.176874][  T794] ch341 3-1:0.0: ch341-uart converter detected
[   90.201615][ T5971] gspca_nw80x: reg_w err -71
[   90.205028][ T5971] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[   90.208683][ T5971] usb 1-1: USB disconnect, device number 6
[   90.400642][ T6427] loop1: detected capacity change from 0 to 1024
[   90.446085][   T32] hfsplus: b-tree write err: -5, ino 4
[   90.492475][ T6431] input: syz1 as /devices/virtual/input/input6
[   90.618298][ T6435] loop1: detected capacity change from 0 to 512
[   90.640265][ T6435] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.654948][ T6435] EXT4-fs warning (device loop1): ext4_begin_enable_verity:135: inode #15: comm syz.1.253: verity is only allowed on extent-based files
[   90.680543][ T5941] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.724221][ T6438] loop1: detected capacity change from 0 to 1024
[   90.846903][ T6443] loop0: detected capacity change from 0 to 256
[   90.852618][ T6443] exfat: Deprecated parameter 'utf8'
[   90.855087][ T6443] exfat: Deprecated parameter 'utf8'
[   90.875801][ T6443] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4d7dfc9d, utbl_chksum : 0xe619d30d)
[   90.993258][  T794] usb 3-1: failed to send control message: -71
[   90.996945][  T794] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[   91.018575][  T794] usb 3-1: USB disconnect, device number 6
[   91.028491][  T794] ch341 3-1:0.0: device disconnected
[   91.039503][ T6452] loop0: detected capacity change from 0 to 128
[   91.062286][ T6452] overlay: Unknown parameter 'uni_xlate'
[   91.174649][ T6456] netlink: 'syz.1.262': attribute type 5 has an invalid length.
[   91.427142][ T6460] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.661174][ T6458] loop1: detected capacity change from 0 to 32768
[   91.676246][ T6458] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[   91.821742][ T6458] (syz.1.264,6458,0):ocfs2_dio_end_io:2401 ERROR: Direct IO failed, bytes = -28
[   91.874446][ T5941] ocfs2: Unmounting device (7,1) on (node local)
[   92.052397][ T6472] netlink: 'syz.1.268': attribute type 1 has an invalid length.
[   92.179144][ T6478] loop0: detected capacity change from 0 to 4096
[   92.196503][ T6478] ntfs3(loop0): Failed to load $Volume (-22).
[   92.410183][  T794] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.499911][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   92.559880][  T794] usb 2-1: Using ep0 maxpacket: 32
[   92.563673][  T794] usb 2-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[   92.567282][  T794] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.574101][  T794] usb 2-1: config 0 descriptor??
[   92.579572][  T794] usb 2-1: dvb_usb_v2: found a 'Anysee' in warm state
[   92.582124][  T794] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[   92.585005][  T794] dvb_usb_anysee 2-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[   92.660446][   T10] usb 1-1: Using ep0 maxpacket: 32
[   92.671098][   T10] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[   92.674408][   T10] usb 1-1: config 0 has no interface number 0
[   92.677042][   T10] usb 1-1: config 0 interface 12 has no altsetting 0
[   92.690871][   T10] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[   92.694562][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.697651][   T10] usb 1-1: Product: syz
[   92.699309][   T10] usb 1-1: Manufacturer: syz
[   92.705433][   T10] usb 1-1: SerialNumber: syz
[   92.711593][   T10] usb 1-1: config 0 descriptor??
[   92.799592][  T794] usb 2-1: USB disconnect, device number 4
[   92.825027][ T6488] loop2: detected capacity change from 0 to 4096
[   92.832567][ T6488] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[   92.859424][ T6488] ntfs3(loop2): Failed to initialize $Extend/$Reparse.
[   93.043224][ T6496] loop2: detected capacity change from 0 to 64
[   93.118297][ T5945] Bluetooth: hci2: unknown advertising packet type: 0x82
[   93.118332][ T5945] Bluetooth: hci2: Malformed LE Event: 0x02
[   93.347969][   T10] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[   93.351264][   T10] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[   93.354440][   T10] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[   93.357584][   T10] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[   93.366613][   T10] usb 1-1: USB disconnect, device number 7
[   93.424399][ T6503] loop1: detected capacity change from 0 to 65
[   93.434407][ T6503] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[   93.442488][ T6503] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop1
[   93.886790][ T6519] loop0: detected capacity change from 0 to 256
[   93.958518][ T6521] mkiss: ax0: crc mode is auto.
[   93.980835][ T5313] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   94.129820][ T5313] usb 3-1: Using ep0 maxpacket: 32
[   94.133414][ T5313] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[   94.137049][ T5313] usb 3-1: config 0 has no interface number 0
[   94.145340][ T5313] usb 3-1: New USB device found, idVendor=16d8, idProduct=6803, bcdDevice=e5.e5
[   94.150237][ T5313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.152952][ T5313] usb 3-1: Product: syz
[   94.154479][ T5313] usb 3-1: Manufacturer: syz
[   94.156076][ T5313] usb 3-1: SerialNumber: syz
[   94.160053][ T5313] usb 3-1: config 0 descriptor??
[   94.164688][ T5313] hub 3-1:0.184: bad descriptor, ignoring hub
[   94.166823][ T5313] hub 3-1:0.184: probe with driver hub failed with error -5
[   94.169690][ T5313] option 3-1:0.184: GSM modem (1-port) converter detected
[   94.309886][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   94.471469][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.476218][   T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   94.482803][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.488694][   T10] usb 1-1: config 0 descriptor??
[   94.491330][ T5997] usb 3-1: USB disconnect, device number 7
[   94.495622][ T5997] option 3-1:0.184: device disconnected
[   94.527276][ T6525] loop1: detected capacity change from 0 to 4096
[   94.545591][ T6525] ntfs3(loop1): Primary boot: invalid bytes per MFT record 2 (-1).
[   94.549161][ T6525] ntfs3(loop1): try to read out of volume at offset 0x1ffe00
[   94.706937][   T10] usbhid 1-1:0.0: can't add hid device: -71
[   94.709604][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   94.723258][   T10] usb 1-1: USB disconnect, device number 8
[   94.926132][ T6542] tmpfs: Bad value for 'mpol'
[   95.180074][   T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   95.301560][ T5313] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   95.334543][   T10] usb 1-1: Using ep0 maxpacket: 32
[   95.352226][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.358444][   T10] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[   95.363101][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.372693][   T10] usb 1-1: config 0 descriptor??
[   95.381058][   T10] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   95.389262][   T10] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   95.459943][ T5313] usb 3-1: Using ep0 maxpacket: 8
[   95.474280][ T5313] usb 3-1: config 8 has an invalid interface number: 161 but max is 0
[   95.480679][ T5313] usb 3-1: config 8 has no interface number 0
[   95.483518][ T5313] usb 3-1: config 8 interface 161 has no altsetting 0
[   95.490690][ T5313] usb 3-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=60.da
[   95.494727][ T5313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.498299][ T5313] usb 3-1: Product: syz
[   95.500678][ T5313] usb 3-1: Manufacturer: syz
[   95.502780][ T5313] usb 3-1: SerialNumber: syz
[   95.766063][ T5313] net1080 3-1:8.161: probe with driver net1080 failed with error -22
[   95.776987][ T5313] usb 3-1: USB disconnect, device number 8
[   95.863243][   T10] usb 1-1: USB disconnect, device number 9
[   95.901046][   T10] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[   96.534364][ T6562] loop0: detected capacity change from 0 to 1764
[   96.577149][ T6562] iso9660: Corrupted directory entry in block 2 of inode 1920
[   96.980318][ T5313] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   97.130156][ T5313] usb 2-1: Using ep0 maxpacket: 16
[   97.144682][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.153020][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.156886][ T5313] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   97.162080][ T5313] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   97.166403][ T5313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.175674][ T5313] usb 2-1: config 0 descriptor??
[   97.288877][ T6580] loop2: detected capacity change from 0 to 8192
[   97.616122][   T10] kernel write not supported for file /sg0 (pid: 10 comm: kworker/0:1)
[   97.704042][ T5313] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0003/input/input7
[   97.754529][ T5313] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[   97.857687][ T5964] usb 2-1: USB disconnect, device number 5
[   98.133541][ T6594] wg2: entered allmulticast mode
[   98.761133][ T6604] input: syz1 as /devices/virtual/input/input8
[   99.073108][ T1090] Bluetooth: (null): Invalid header checksum
[   99.075861][ T1090] Bluetooth: (null): Invalid header checksum
[   99.090210][ T6607] loop1: detected capacity change from 0 to 32768
[   99.123916][ T6607] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[   99.127804][ T6607] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   99.151970][ T6607] XFS (loop1): Ending clean mount
[   99.165052][ T6607] XFS (loop1): Quotacheck needed: Please wait.
[   99.186175][ T6607] XFS (loop1): Quotacheck: Done.
[   99.190397][ T1090] Bluetooth: (null): Invalid header checksum
[   99.242580][ T5941] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   99.269942][ T5313] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   99.441054][ T5313] usb 3-1: Using ep0 maxpacket: 32
[   99.445476][ T5313] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[   99.448216][ T5313] usb 3-1: config 0 has no interface number 0
[   99.454346][ T5313] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   99.458293][ T5313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.464144][ T5313] usb 3-1: Product: syz
[   99.465535][ T5313] usb 3-1: Manufacturer: syz
[   99.467200][ T5313] usb 3-1: SerialNumber: syz
[   99.474270][ T5313] usb 3-1: config 0 descriptor??
[   99.480947][ T5313] smsc95xx v2.0.0
[   99.572267][ T6628] loop1: detected capacity change from 0 to 1024
[   99.642540][   T33] audit: type=1800 audit(1757527522.460:5): pid=6628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.336" name="file2" dev="loop1" ino=21 res=0 errno=0
[   99.757099][   T33] audit: type=1326 audit(1757527522.570:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86cad85b67 code=0x7ffc0000
[   99.806157][   T33] audit: type=1326 audit(1757527522.570:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86cad2ada9 code=0x7ffc0000
[   99.825784][   T33] audit: type=1326 audit(1757527522.570:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cad8eba9 code=0x7ffc0000
[   99.842570][   T33] audit: type=1326 audit(1757527522.570:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86cad85b67 code=0x7ffc0000
[   99.851663][   T33] audit: type=1326 audit(1757527522.570:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86cad2ada9 code=0x7ffc0000
[   99.861457][   T33] audit: type=1326 audit(1757527522.570:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86cad85b67 code=0x7ffc0000
[   99.870854][   T33] audit: type=1326 audit(1757527522.570:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86cad2ada9 code=0x7ffc0000
[   99.879448][   T33] audit: type=1326 audit(1757527522.570:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86cad85b67 code=0x7ffc0000
[   99.899914][   T33] audit: type=1326 audit(1757527522.570:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86cad2ada9 code=0x7ffc0000
[  100.009158][ T6636] loop1: detected capacity change from 0 to 512
[  100.039576][ T6636] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.045336][ T6636] ext4 filesystem being mounted at /102/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  100.069446][ T6636] EXT4-fs error (device loop1): ext4_xattr_block_find:1869: inode #15: comm syz.1.340: corrupted xattr block 33: invalid ea_ino
[  100.075505][ T6636] EXT4-fs (loop1): Remounting filesystem read-only
[  100.105657][ T5941] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.111139][   T36] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  100.116297][   T36] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  100.121371][   T36] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  100.369300][ T6641] loop1: detected capacity change from 0 to 32768
[  100.385757][ T6646] Bluetooth: MGMT ver 1.23
[  100.398945][ T6641] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  100.434595][ T6641] XFS (loop1): Ending clean mount
[  100.461309][ T6641] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xe0, xfs_rmapbt block 0x14 
[  100.466229][ T6641] XFS (loop1): Unmount and run xfs_repair
[  100.468842][ T6641] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  100.472617][ T6641] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  100.476179][ T6641] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80  ..P.............
[  100.479137][ T6641] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  100.483062][ T6641] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  100.486200][ T6641] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  100.490090][ T6641] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  100.493658][ T6641] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  100.498459][ T6641] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  100.503405][ T6641] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x14 len 4 error 74
[  100.512836][ T6641] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  100.518343][ T6641] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  100.523544][ T5971] loop1: writeback error on inode 9286, offset 0, sector 18692
[  100.557107][ T5941] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  100.700711][  T794] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  100.710368][ T5313] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  100.714876][ T5313] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  100.718980][ T5313] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  100.724135][ T5313] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  100.730121][ T5313] usb 3-1: USB disconnect, device number 9
[  100.733086][ T5940] udevd[5940]: failed to send result of seq 11266 to main daemon: Connection refused
[  100.763569][ T6659] loop1: detected capacity change from 0 to 128
[  100.768195][ T6659] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  100.774137][ T6659] ext4 filesystem being mounted at /105/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  100.876961][ T5941] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  100.879836][  T794] usb 1-1: Using ep0 maxpacket: 8
[  100.883884][  T794] usb 1-1: unable to get BOS descriptor or descriptor too short
[  100.893114][  T794] usb 1-1: config 7 has an invalid interface number: 67 but max is 0
[  100.896451][  T794] usb 1-1: config 7 has no interface number 0
[  100.907417][  T794] usb 1-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  100.913407][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.916794][  T794] usb 1-1: Product: syz
[  100.918567][  T794] usb 1-1: Manufacturer: syz
[  100.925522][  T794] usb 1-1: SerialNumber: syz
[  101.143825][  T794] usb 1-1: USB disconnect, device number 10
[  101.489927][ T5313] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  101.649903][ T5313] usb 3-1: Using ep0 maxpacket: 32
[  101.654260][ T5313] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  101.659657][ T5313] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  101.664615][ T5313] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  101.668855][ T5313] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  101.675333][ T5313] usb 3-1: config 1 interface 1 has no altsetting 0
[  101.680606][ T5313] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  101.684385][ T5313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.688462][ T5313] usb 3-1: Product: syz
[  101.690678][ T5313] usb 3-1: Manufacturer: syz
[  101.692904][ T5313] usb 3-1: SerialNumber: syz
[  101.879627][ T6681] netlink: 'syz.1.353': attribute type 1 has an invalid length.
[  101.890382][ T6681] netlink: 'syz.1.353': attribute type 2 has an invalid length.
[  101.911087][ T5313] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  101.914403][ T5313] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  101.951460][ T5313] usb 3-1: USB disconnect, device number 10
[  101.977823][ T6687] netlink: 8 bytes leftover after parsing attributes in process `syz.1.356'.
[  101.981850][ T6687] sch_tbf: burst 6 is lower than device team_slave_0 mtu (1514) !
[  102.165698][ T6696] loop0: detected capacity change from 0 to 128
[  102.174545][ T6696] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  102.180819][ T6696] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  102.240818][ T5937] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  102.864949][ T6717] Bluetooth: hci0: expected 2 bytes, got 7 bytes
[  102.942908][ T6723] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  102.947668][ T6723] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  103.028117][ T6727] loop2: detected capacity change from 0 to 128
[  103.052535][ T6727] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  103.064207][ T6727] ext4 filesystem being mounted at /92/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  103.098398][ T5943] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  103.302964][ T6749] netlink: 'syz.2.378': attribute type 4 has an invalid length.
[  103.875953][ T6753] vxcan1: tx address claim with dest, not broadcast
[  103.918183][ T6757] loop0: detected capacity change from 0 to 1024
[  103.935977][ T6759] loop2: detected capacity change from 0 to 128
[  104.021920][ T6759] vfat: Unknown parameter ''
[  104.350726][  T794] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  104.519911][  T794] usb 3-1: Using ep0 maxpacket: 16
[  104.528057][  T794] usb 3-1: config 0 has an invalid interface number: 180 but max is 0
[  104.534926][  T794] usb 3-1: config 0 has no interface number 0
[  104.553411][  T794] usb 3-1: New USB device found, idVendor=0421, idProduct=0114, bcdDevice=11.72
[  104.560398][  T794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.564849][  T794] usb 3-1: Product: syz
[  104.566799][  T794] usb 3-1: Manufacturer: syz
[  104.576847][  T794] usb 3-1: SerialNumber: syz
[  104.597462][  T794] usb 3-1: config 0 descriptor??
[  104.609572][  T794] usb 3-1: bad CDC descriptors
[  105.056087][ T5997] usb 3-1: USB disconnect, device number 11
[  106.186605][ T6789] loop2: detected capacity change from 0 to 1024
[  106.226383][ T6784] loop0: detected capacity change from 0 to 32768
[  106.230773][ T6784] btrfs: Unknown parameter 'ref_verify'
[  106.233426][ T3998] hfsplus: b-tree write err: -5, ino 4
[  106.359462][ T6799] loop0: detected capacity change from 0 to 512
[  106.370764][ T6799] EXT4-fs (loop0): Test dummy encryption mode enabled
[  106.374718][ T6799] EXT4-fs error (device loop0): __ext4_iget:5464: inode #11: block 1: comm syz.0.400: invalid block
[  106.378623][ T6799] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.400: couldn't read orphan inode 11 (err -117)
[  106.385172][ T6799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.393402][ T6799] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters
[  106.419565][ T5937] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.462664][ T6807] ip_vti0: Master is either lo or non-ether device
[  106.535429][ T6813] loop0: detected capacity change from 0 to 4096
[  106.569156][ T6816] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  106.729316][ T6829] loop0: detected capacity change from 0 to 256
[  106.734850][ T6829] exfat: Deprecated parameter 'utf8'
[  106.737202][ T6829] exfat: Deprecated parameter 'utf8'
[  106.747044][ T6829] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  106.797684][ T6834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.416'.
[  106.878128][   T33] kauditd_printk_skb: 20 callbacks suppressed
[  106.878142][   T33] audit: type=1326 audit(1757527529.700:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.893851][   T33] audit: type=1326 audit(1757527529.720:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.912790][   T33] audit: type=1326 audit(1757527529.720:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.931378][   T33] audit: type=1326 audit(1757527529.720:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.959489][   T33] audit: type=1326 audit(1757527529.720:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.968858][   T33] audit: type=1326 audit(1757527529.720:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.981892][   T33] audit: type=1326 audit(1757527529.720:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  106.991463][   T33] audit: type=1326 audit(1757527529.730:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  107.002795][   T33] audit: type=1326 audit(1757527529.730:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.0.417" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  107.225760][   T33] audit: type=1326 audit(1757527529.770:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6841 comm="syz.0.420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ee918eba9 code=0x7ffc0000
[  107.279886][ T5964] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  107.450321][ T5964] usb 3-1: Using ep0 maxpacket: 8
[  107.465168][ T6856] loop0: detected capacity change from 0 to 256
[  107.468725][ T6856] exfat: Deprecated parameter 'namecase'
[  107.471499][ T6856] exfat: Deprecated parameter 'utf8'
[  107.479517][ T6856] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  107.487336][ T5964] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  107.491660][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.494935][ T5964] usb 3-1: Product: syz
[  107.496605][ T5964] usb 3-1: Manufacturer: syz
[  107.498596][ T5964] usb 3-1: SerialNumber: syz
[  107.515490][ T5964] usb 3-1: config 0 descriptor??
[  107.597418][ T6860] loop0: detected capacity change from 0 to 512
[  107.601094][ T6860] EXT4-fs: Ignoring removed mblk_io_submit option
[  107.603951][ T6860] EXT4-fs: inline encryption not supported
[  107.606577][ T6860] EXT4-fs: Ignoring removed mblk_io_submit option
[  107.612858][ T6860] EXT4-fs (loop0): Test dummy encryption mode enabled
[  107.615728][ T6860] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  107.621515][ T6860] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  107.703622][ T6860] EXT4-fs (loop0): 1 truncate cleaned up
[  107.707257][ T6860] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.730351][ T5964] usb 3-1: USB disconnect, device number 12
[  107.831906][ T6860] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  107.868536][ T5937] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.085330][ T6884] netlink: 'syz.0.434': attribute type 1 has an invalid length.
[  108.106368][ T6875] loop1: detected capacity change from 0 to 32768
[  108.150662][ T6875] ERROR: (device loop1): diAllocAG: error reading iag
[  108.150662][ T6875] 
[  108.156316][ T6875] ialloc: diAlloc returned -5!
[  108.349327][ T6886] loop1: detected capacity change from 0 to 1024
[  109.281586][ T5971] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  109.349065][ T6910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.447'.
[  109.401986][ T6912] loop0: detected capacity change from 0 to 1024
[  109.406601][ T6912] EXT4-fs: Ignoring removed nobh option
[  109.408885][ T6912] EXT4-fs: Ignoring removed bh option
[  109.413365][ T6912] EXT4-fs: Mount option(s) incompatible with ext2
[  109.438940][ T5971] usb 3-1: Using ep0 maxpacket: 16
[  109.449501][ T5971] usb 3-1: config 75 has an invalid interface number: 136 but max is 0
[  109.460811][ T5971] usb 3-1: config 75 has no interface number 0
[  109.497475][ T5971] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=bc.ca
[  109.505017][ T5971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.512919][ T5971] usb 3-1: Product: syz
[  109.514822][ T5971] usb 3-1: Manufacturer: syz
[  109.516791][ T5971] usb 3-1: SerialNumber: syz
[  109.823633][ T5971] ftdi_sio 3-1:75.136: FTDI USB Serial Device converter detected
[  109.829143][ T5971] ftdi_sio ttyUSB0: unknown device type: 0xbcca
[  109.839032][ T5971] usb 3-1: USB disconnect, device number 13
[  109.846248][ T5971] ftdi_sio 3-1:75.136: device disconnected
[  110.097590][ T6916] netlink: 16 bytes leftover after parsing attributes in process `syz.1.449'.
[  110.850253][ T6922] loop1: detected capacity change from 0 to 32768
[  110.854256][ T6922] (syz.1.452,6922,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  110.859527][ T6922] (syz.1.452,6922,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  110.893995][ T6922] (syz.1.452,6922,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  110.902125][ T6922] JBD2: Ignoring recovery information on journal
[  110.938450][ T6922] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  110.961162][ T6922] (syz.1.452,6922,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC.
[  110.969044][ T6922] (syz.1.452,6922,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae
[  110.984763][ T6922] (syz.1.452,6922,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[  110.989298][ T6922] (syz.1.452,6922,1):ocfs2_quota_read:201 ERROR: status = -5
[  110.994917][ T6922] (syz.1.452,6922,1):ocfs2_acquire_dquot:890 ERROR: status = -5
[  111.000987][ T6922] (syz.1.452,6922,1):ocfs2_mknod:317 ERROR: status = -5
[  111.003876][ T6922] (syz.1.452,6922,1):ocfs2_mknod:505 ERROR: status = -5
[  111.007325][ T6922] (syz.1.452,6922,1):ocfs2_create:678 ERROR: status = -5
[  111.193166][ T6935] loop0: detected capacity change from 0 to 65536
[  111.206718][ T5941] ocfs2: Unmounting device (7,1) on (node local)
[  111.234483][ T6935] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  111.268130][ T6935] XFS (loop0): Ending clean mount
[  111.299631][ T5937] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  111.437059][ T6953] loop1: detected capacity change from 0 to 256
[  111.633996][ T6963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[  111.637951][ T6963] netlink: 660 bytes leftover after parsing attributes in process `syz.0.465'.
[  111.751564][ T5971] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  111.919865][ T5971] usb 2-1: Using ep0 maxpacket: 32
[  111.923736][ T5971] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  111.927222][ T5971] usb 2-1: config 0 has no interface number 0
[  111.931510][ T5971] usb 2-1: config 0 interface 89 has no altsetting 0
[  111.936433][ T5971] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  111.940563][ T5971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.943850][ T5971] usb 2-1: Product: syz
[  111.945583][ T5971] usb 2-1: Manufacturer: syz
[  111.947523][ T5971] usb 2-1: SerialNumber: syz
[  111.952355][ T5971] usb 2-1: config 0 descriptor??
[  111.957498][ T5971] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  111.961644][ T5971] em28xx 2-1:0.89: Video interface 89 found: bulk
[  112.009883][   T10] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  112.171641][   T10] usb 1-1: not running at top speed; connect to a high speed hub
[  112.175557][   T10] usb 1-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  112.180946][   T10] usb 1-1: config 1 interface 0 has no altsetting 0
[  112.186467][   T10] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40
[  112.191583][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.195107][   T10] usb 1-1: Product: syz
[  112.196954][   T10] usb 1-1: Manufacturer: syz
[  112.198943][   T10] usb 1-1: SerialNumber: syz
[  112.415011][   T10] usbhid 1-1:1.0: can't add hid device: -71
[  112.417645][   T10] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  112.426745][   T10] usb 1-1: USB disconnect, device number 11
[  112.559099][ T5971] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[  112.722845][ T6983] capability: warning: `syz.2.474' uses deprecated v2 capabilities in a way that may be insecure
[  112.980700][ T5971] em28xx 2-1:0.89: AC97 command still being executed: not handled properly!
[  112.999950][  T794] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  113.171275][ T5971] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  113.174608][  T794] usb 3-1: config 3 has an invalid interface number: 238 but max is 0
[  113.174963][ T5971] em28xx 2-1:0.89: board has no eeprom
[  113.177615][  T794] usb 3-1: config 3 has no interface number 0
[  113.185051][  T794] usb 3-1: config 3 interface 238 has no altsetting 0
[  113.205252][  T794] usb 3-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=92.99
[  113.208985][  T794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.213353][  T794] usb 3-1: Product: syz
[  113.215307][  T794] usb 3-1: Manufacturer: syz
[  113.217247][  T794] usb 3-1: SerialNumber: syz
[  113.249851][ T5971] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[  113.253279][ T5971] em28xx 2-1:0.89: analog set to bulk mode.
[  113.256080][ T5997] em28xx 2-1:0.89: Registering V4L2 extension
[  113.277140][ T5971] usb 2-1: USB disconnect, device number 6
[  113.290464][ T5971] em28xx 2-1:0.89: Disconnecting em28xx
[  113.328723][ T5997] em28xx 2-1:0.89: Config register raw data: 0xffffffed
[  113.332789][ T5997] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[  113.336088][ T5997] em28xx 2-1:0.89: No AC97 audio processor
[  113.348015][ T5997] usb 2-1: Decoder not found
[  113.350555][ T5997] em28xx 2-1:0.89: failed to create media graph
[  113.353376][ T5997] em28xx 2-1:0.89: V4L2 device video103 deregistered
[  113.364784][ T5997] em28xx 2-1:0.89: Registering snapshot button...
[  113.372374][ T5997] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input9
[  113.381644][ T5997] em28xx 2-1:0.89: Remote control support is not available for this card.
[  113.385992][ T5971] em28xx 2-1:0.89: Closing input extension
[  113.389552][ T5971] em28xx 2-1:0.89: Deregistering snapshot button
[  113.413971][ T5971] ==================================================================
[  113.417264][ T5971] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0
[  113.420758][ T5971] Read of size 4 at addr ffff888026da44f0 by task kworker/0:3/5971
[  113.424835][ T5971] 
[  113.425845][ T5971] CPU: 0 UID: 0 PID: 5971 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[  113.425861][ T5971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  113.425871][ T5971] Workqueue: usb_hub_wq hub_event
[  113.425888][ T5971] Call Trace:
[  113.425894][ T5971]  <TASK>
[  113.425900][ T5971]  dump_stack_lvl+0x189/0x250
[  113.425917][ T5971]  ? rcu_is_watching+0x15/0xb0
[  113.425936][ T5971]  ? __kasan_check_byte+0x12/0x40
[  113.425956][ T5971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.425970][ T5971]  ? rcu_is_watching+0x15/0xb0
[  113.425988][ T5971]  ? lock_release+0x4b/0x3e0
[  113.426007][ T5971]  ? __virt_addr_valid+0x1c8/0x5c0
[  113.426022][ T5971]  ? __virt_addr_valid+0x4a5/0x5c0
[  113.426036][ T5971]  print_report+0xca/0x240
[  113.426049][ T5971]  ? media_devnode_unregister+0xe2/0xf0
[  113.426066][ T5971]  kasan_report+0x118/0x150
[  113.426085][ T5971]  ? media_devnode_unregister+0xe2/0xf0
[  113.426104][ T5971]  media_devnode_unregister+0xe2/0xf0
[  113.426122][ T5971]  media_device_unregister+0x37c/0x400
[  113.426141][ T5971]  em28xx_release_resources+0xac/0x240
[  113.426162][ T5971]  em28xx_usb_disconnect+0x19f/0x2f0
[  113.426182][ T5971]  usb_unbind_interface+0x26e/0x910
[  113.426201][ T5971]  ? __pfx_usb_unbind_interface+0x10/0x10
[  113.426216][ T5971]  device_release_driver_internal+0x4d9/0x800
[  113.426231][ T5971]  bus_remove_device+0x34d/0x410
[  113.426250][ T5971]  device_del+0x511/0x8e0
[  113.426271][ T5971]  ? __pfx_device_del+0x10/0x10
[  113.426289][ T5971]  ? kobject_put+0x446/0x480
[  113.426305][ T5971]  usb_disable_device+0x3e9/0x8a0
[  113.426320][ T5971]  usb_disconnect+0x330/0x950
[  113.426336][ T5971]  hub_event+0x1cf5/0x4a20
[  113.426356][ T5971]  ? do_raw_spin_lock+0x121/0x290
[  113.426370][ T5971]  ? register_lock_class+0x51/0x320
[  113.426392][ T5971]  ? __pfx_hub_event+0x10/0x10
[  113.426406][ T5971]  ? process_scheduled_works+0x9ef/0x17b0
[  113.426427][ T5971]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.426445][ T5971]  ? process_scheduled_works+0x9ef/0x17b0
[  113.426463][ T5971]  ? process_scheduled_works+0x9ef/0x17b0
[  113.426481][ T5971]  process_scheduled_works+0xae1/0x17b0
[  113.426507][ T5971]  ? __pfx_process_scheduled_works+0x10/0x10
[  113.426529][ T5971]  worker_thread+0x8a0/0xda0
[  113.426554][ T5971]  kthread+0x711/0x8a0
[  113.426568][ T5971]  ? __pfx_worker_thread+0x10/0x10
[  113.426586][ T5971]  ? __pfx_kthread+0x10/0x10
[  113.426600][ T5971]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.426617][ T5971]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.426628][ T5971]  ? __pfx_kthread+0x10/0x10
[  113.426641][ T5971]  ret_from_fork+0x47f/0x820
[  113.426684][ T5971]  ? __pfx_ret_from_fork+0x10/0x10
[  113.426705][ T5971]  ? __switch_to_asm+0x39/0x70
[  113.426722][ T5971]  ? __switch_to_asm+0x33/0x70
[  113.426738][ T5971]  ? __pfx_kthread+0x10/0x10
[  113.426752][ T5971]  ret_from_fork_asm+0x1a/0x30
[  113.426775][ T5971]  </TASK>
[  113.426785][ T5971] 
[  113.542044][ T5971] Allocated by task 5971:
[  113.543938][ T5971]  kasan_save_track+0x3e/0x80
[  113.545945][ T5971]  __kasan_kmalloc+0x93/0xb0
[  113.548036][ T5971]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  113.550325][ T5971]  __media_device_register+0x58/0x280
[  113.552587][ T5971]  em28xx_usb_probe+0x1764/0x2a20
[  113.554646][ T5971]  usb_probe_interface+0x668/0xc30
[  113.556915][ T5971]  really_probe+0x26d/0x9e0
[  113.558914][ T5971]  __driver_probe_device+0x18c/0x2f0
[  113.561199][ T5971]  driver_probe_device+0x4f/0x430
[  113.563277][ T5971]  __device_attach_driver+0x2ce/0x530
[  113.565449][ T5971]  bus_for_each_drv+0x251/0x2e0
[  113.567422][ T5971]  __device_attach+0x2b8/0x400
[  113.569415][ T5971]  bus_probe_device+0x185/0x260
[  113.571439][ T5971]  device_add+0x7b6/0xb50
[  113.573275][ T5971]  usb_set_configuration+0x1a87/0x20e0
[  113.575583][ T5971]  usb_generic_driver_probe+0x8d/0x150
[  113.577810][ T5971]  usb_probe_device+0x1c4/0x390
[  113.579808][ T5971]  really_probe+0x26d/0x9e0
[  113.581768][ T5971]  __driver_probe_device+0x18c/0x2f0
[  113.584201][ T5971]  driver_probe_device+0x4f/0x430
[  113.586288][ T5971]  __device_attach_driver+0x2ce/0x530
[  113.588601][ T5971]  bus_for_each_drv+0x251/0x2e0
[  113.590645][ T5971]  __device_attach+0x2b8/0x400
[  113.592647][ T5971]  bus_probe_device+0x185/0x260
[  113.594766][ T5971]  device_add+0x7b6/0xb50
[  113.596552][ T5971]  usb_new_device+0xa39/0x16f0
[  113.598553][ T5971]  hub_event+0x2958/0x4a20
[  113.600433][ T5971]  process_scheduled_works+0xae1/0x17b0
[  113.602763][ T5971]  worker_thread+0x8a0/0xda0
[  113.604803][ T5971]  kthread+0x711/0x8a0
[  113.606800][ T5971]  ret_from_fork+0x47f/0x820
[  113.608863][ T5971]  ret_from_fork_asm+0x1a/0x30
[  113.610867][ T5971] 
[  113.611863][ T5971] Freed by task 5971:
[  113.613538][ T5971]  kasan_save_track+0x3e/0x80
[  113.615617][ T5971]  __kasan_save_free_info+0x46/0x50
[  113.617915][ T5971]  __kasan_slab_free+0x5b/0x80
[  113.620013][ T5971]  kfree+0x199/0x6d0
[  113.621644][ T5971]  media_devnode_release+0x61/0xa0
[  113.623718][ T5971]  device_release+0x9c/0x1c0
[  113.625645][ T5971]  kobject_put+0x22b/0x480
[  113.627478][ T5971]  media_devnode_unregister+0x6d/0xf0
[  113.629693][ T5971]  media_device_unregister+0x37c/0x400
[  113.631819][ T5971]  em28xx_release_resources+0xac/0x240
[  113.633745][ T5971]  em28xx_usb_disconnect+0x19f/0x2f0
[  113.635825][ T5971]  usb_unbind_interface+0x26e/0x910
[  113.637763][ T5971]  device_release_driver_internal+0x4d9/0x800
[  113.639651][ T5971]  bus_remove_device+0x34d/0x410
[  113.641581][ T5971]  device_del+0x511/0x8e0
[  113.643187][ T5971]  usb_disable_device+0x3e9/0x8a0
[  113.644919][ T5971]  usb_disconnect+0x330/0x950
[  113.646382][ T5971]  hub_event+0x1cf5/0x4a20
[  113.647771][ T5971]  process_scheduled_works+0xae1/0x17b0
[  113.649925][ T5971]  worker_thread+0x8a0/0xda0
[  113.651587][ T5971]  kthread+0x711/0x8a0
[  113.653257][ T5971]  ret_from_fork+0x47f/0x820
[  113.655125][ T5971]  ret_from_fork_asm+0x1a/0x30
[  113.657051][ T5971] 
[  113.658105][ T5971] The buggy address belongs to the object at ffff888026da4000
[  113.658105][ T5971]  which belongs to the cache kmalloc-2k of size 2048
[  113.663306][ T5971] The buggy address is located 1264 bytes inside of
[  113.663306][ T5971]  freed 2048-byte region [ffff888026da4000, ffff888026da4800)
[  113.667800][ T5971] 
[  113.668677][ T5971] The buggy address belongs to the physical page:
[  113.671149][ T5971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26da0
[  113.674222][ T5971] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  113.677507][ T5971] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  113.680535][ T5971] page_type: f5(slab)
[  113.682243][ T5971] raw: 00fff00000000040 ffff88801a842000 0000000000000000 dead000000000001
[  113.685809][ T5971] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  113.689420][ T5971] head: 00fff00000000040 ffff88801a842000 0000000000000000 dead000000000001
[  113.693035][ T5971] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  113.696280][ T5971] head: 00fff00000000003 ffffea00009b6801 00000000ffffffff 00000000ffffffff
[  113.699564][ T5971] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  113.703169][ T5971] page dumped because: kasan: bad access detected
[  113.705924][ T5971] page_owner tracks the page as allocated
[  113.708364][ T5971] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18941266506, free_ts 0
[  113.715878][ T5971]  post_alloc_hook+0x240/0x2a0
[  113.717914][ T5971]  get_page_from_freelist+0x21e4/0x22c0
[  113.720268][ T5971]  __alloc_frozen_pages_noprof+0x181/0x370
[  113.722772][ T5971]  alloc_pages_mpol+0x232/0x4a0
[  113.724832][ T5971]  allocate_slab+0x8a/0x330
[  113.726803][ T5971]  ___slab_alloc+0xbd1/0x13f0
[  113.728834][ T5971]  __slab_alloc+0x55/0xa0
[  113.730589][ T5971]  __kmalloc_noprof+0x471/0x7f0
[  113.732430][ T5971]  ops_init+0x7b/0x5c0
[  113.733785][ T5971]  register_pernet_operations+0x336/0x800
[  113.735694][ T5971]  register_pernet_device+0x2a/0x80
[  113.737952][ T5971]  ip6gre_init+0x1d/0xd0
[  113.739583][ T5971]  do_one_initcall+0x236/0x820
[  113.741459][ T5971]  do_initcall_level+0x104/0x190
[  113.743448][ T5971]  do_initcalls+0x59/0xa0
[  113.745008][ T5971]  kernel_init_freeable+0x334/0x4b0
[  113.746887][ T5971] page_owner free stack trace missing
[  113.749020][ T5971] 
[  113.750014][ T5971] Memory state around the buggy address:
[  113.752283][ T5971]  ffff888026da4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.755527][ T5971]  ffff888026da4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.758711][ T5971] >ffff888026da4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.761690][ T5971]                                                              ^
[  113.764760][ T5971]  ffff888026da4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.767989][ T5971]  ffff888026da4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.771183][ T5971] ==================================================================
[  113.786920][ T5971] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  113.789163][ T5971] CPU: 0 UID: 0 PID: 5971 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[  113.792109][ T5971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  113.795490][ T5971] Workqueue: usb_hub_wq hub_event
[  113.797209][ T5971] Call Trace:
[  113.798414][ T5971]  <TASK>
[  113.799645][ T5971]  dump_stack_lvl+0x99/0x250
[  113.801605][ T5971]  ? __asan_memcpy+0x40/0x70
[  113.803532][ T5971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.805474][ T5971]  ? __pfx__printk+0x10/0x10
[  113.807342][ T5971]  vpanic+0x237/0x6d0
[  113.808958][ T5971]  ? __pfx_vpanic+0x10/0x10
[  113.810585][ T5971]  ? preempt_schedule+0xae/0xc0
[  113.812514][ T5971]  ? __pfx_preempt_schedule+0x10/0x10
[  113.814552][ T5971]  panic+0xb9/0xc0
[  113.815918][ T5971]  ? __pfx_panic+0x10/0x10
[  113.817741][ T5971]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  113.819947][ T5971]  ? media_devnode_unregister+0xe2/0xf0
[  113.822091][ T5971]  check_panic_on_warn+0x89/0xb0
[  113.824062][ T5971]  ? media_devnode_unregister+0xe2/0xf0
[  113.826203][ T5971]  end_report+0x78/0x160
[  113.827892][ T5971]  kasan_report+0x129/0x150
[  113.829609][ T5971]  ? media_devnode_unregister+0xe2/0xf0
[  113.831426][ T5971]  media_devnode_unregister+0xe2/0xf0
[  113.833212][ T5971]  media_device_unregister+0x37c/0x400
[  113.835414][ T5971]  em28xx_release_resources+0xac/0x240
[  113.837678][ T5971]  em28xx_usb_disconnect+0x19f/0x2f0
[  113.839865][ T5971]  usb_unbind_interface+0x26e/0x910
[  113.842023][ T5971]  ? __pfx_usb_unbind_interface+0x10/0x10
[  113.844350][ T5971]  device_release_driver_internal+0x4d9/0x800
[  113.846844][ T5971]  bus_remove_device+0x34d/0x410
[  113.848905][ T5971]  device_del+0x511/0x8e0
[  113.850640][ T5971]  ? __pfx_device_del+0x10/0x10
[  113.852319][ T5971]  ? kobject_put+0x446/0x480
[  113.854042][ T5971]  usb_disable_device+0x3e9/0x8a0
[  113.855852][ T5971]  usb_disconnect+0x330/0x950
[  113.857620][ T5971]  hub_event+0x1cf5/0x4a20
[  113.859277][ T5971]  ? do_raw_spin_lock+0x121/0x290
[  113.861180][ T5971]  ? register_lock_class+0x51/0x320
[  113.862928][ T5971]  ? __pfx_hub_event+0x10/0x10
[  113.864551][ T5971]  ? process_scheduled_works+0x9ef/0x17b0
[  113.866868][ T5971]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.868628][ T5971]  ? process_scheduled_works+0x9ef/0x17b0
[  113.870501][ T5971]  ? process_scheduled_works+0x9ef/0x17b0
[  113.872392][ T5971]  process_scheduled_works+0xae1/0x17b0
[  113.874494][ T5971]  ? __pfx_process_scheduled_works+0x10/0x10
[  113.876965][ T5971]  worker_thread+0x8a0/0xda0
[  113.878900][ T5971]  kthread+0x711/0x8a0
[  113.880583][ T5971]  ? __pfx_worker_thread+0x10/0x10
[  113.882682][ T5971]  ? __pfx_kthread+0x10/0x10
[  113.884213][ T5971]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.885846][ T5971]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.887506][ T5971]  ? __pfx_kthread+0x10/0x10
[  113.889048][ T5971]  ret_from_fork+0x47f/0x820
[  113.890513][ T5971]  ? __pfx_ret_from_fork+0x10/0x10
[  113.892206][ T5971]  ? __switch_to_asm+0x39/0x70
[  113.893799][ T5971]  ? __switch_to_asm+0x33/0x70
[  113.895378][ T5971]  ? __pfx_kthread+0x10/0x10
[  113.896948][ T5971]  ret_from_fork_asm+0x1a/0x30
[  113.898455][ T5971]  </TASK>
[  113.900168][ T5971] Kernel Offset: disabled
[  113.901567][ T5971] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:05:36  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000009513 RDI=0000000000009514 RBP=00000000000003f8 RSP=ffffc90003e26c30
R8 =ffff888107730237 R9 =1ffff11020ee6046 R10=dffffc0000000000 R11=ffffffff85535fb0
R12=dffffc0000000000 R13=ffffffff99d28909 R14=ffffffff9a03b060 R15=0000000000000000
RIP=ffffffff8553602c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b83ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f3d12cf4440 CR3=000000011312a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f5a2cc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=22ff839eecafe200 RBX=ffffffff81968448 RCX=22ff839eecafe200 RDX=0000000000000001
RSI=ffffffff8dbbb89d RDI=ffffffff8c036580 RBP=ffffc90000177f10 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fc3ce30 R13=0000000000000001 R14=0000000000000001 R15=1ffff11020005000
RIP=ffffffff8b829dd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a39ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3bffb1 CR3=0000000118df0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8133d69e ffffffff8133d69e
XMM02=ffffffff823d7584 ffffffff8133d69e XMM03=ffffffff895e8990 ffffffff895e8720
XMM04=ffffffff895e8adf ffffffff895e8990 XMM05=ffffffff895e8720 ffffffff823d7584
XMM06=ffffffff823d741d ffffffff823d6abc XMM07=ffffffff823d6a34 ffffffff823d6772
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4ee9212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
