last executing test programs:

1m34.339606366s ago: executing program 2 (id=446):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)

1m34.267723787s ago: executing program 2 (id=448):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000340)={[0xfffffffffffffffd]}, 0x8, 0x800)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x40002000})
timer_create(0x1, 0x0, &(0x7f0000000000)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_settime(r2, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x77359400}}, 0x0)
rt_sigaction(0xe, &(0x7f00000000c0)={&(0x7f0000000180)="f30f1efc6645f10f0808c482adbcaf07000000c4e1fd5aa13c9c43713ef2400f1ed3c4c2e93be7f2262e669f8f88a4a2e100430f12957b2c0000653ed9fa", 0x80000004, 0x0, {[0x7ffc]}}, 0x0, 0x8, &(0x7f0000000200))

1m34.210119431s ago: executing program 2 (id=450):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0xc08, 0x3, 0x1e4, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24, '\x00', 0x4}}}}, 0x240)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x0, 0x0, 0x2})
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000005c0)='btrfs_find_cluster\x00', r1}, 0xffffffffffffffde)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
ioctl$NBD_CLEAR_SOCK(r2, 0xab04)

1m33.969628815s ago: executing program 2 (id=452):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@lazytime}, {@init_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189)
pwrite64(r0, &(0x7f0000000880)='u', 0x1, 0x83)
syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file4\x00', 0x1018000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file4'}}], [], 0x2c})
chdir(&(0x7f00000001c0)='./file0\x00')
creat(&(0x7f0000000040)='./file1\x00', 0x5e)

1m33.861524241s ago: executing program 2 (id=454):
r0 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)=@newqdisc={0x64, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0x4, 0x7, 0x20000001, 0x2, 0x2cf, 0x8d2}}, {0x4}}]}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}, @qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x401}}]}, 0x64}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m33.417018543s ago: executing program 2 (id=457):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000007000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x40010)

1m33.228062651s ago: executing program 32 (id=457):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000007000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x40010)

3.08082237s ago: executing program 3 (id=1356):
syz_usb_connect(0x0, 0x56, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x14, 0x3e, 0xdd, 0x8, 0x22b8, 0x6425, 0xd36c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0xa, 0x0, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}, [@mdlm={0x15}]}]}}]}}]}}, 0x0)

2.608861922s ago: executing program 1 (id=1361):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
gettid()
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x2c, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r1, 0x19c05, 0x55007}, [@IFLA_ADDRESS={0xa, 0x1, @random="ef1121ffa332"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4802}, 0x20040050)

2.60833186s ago: executing program 1 (id=1362):
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100)={0x2, 0x7, 0xe, 0x9, 0x5, 0x9})
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x9, 0x103103)
ioctl$TIOCGPGRP(r0, 0x4c07, 0x0)

2.521209336s ago: executing program 1 (id=1363):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000400)=0x2, 0x4)

2.520950745s ago: executing program 1 (id=1364):
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000052e8e510b1134200c4dc0102030109021b00010000000009044400012eafb2000905810dff"], 0x0)

1.880856175s ago: executing program 3 (id=1368):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300)

1.826616982s ago: executing program 3 (id=1369):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@netkit}, 0x1c)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000300)=ANY=[@ANYBLOB='nobarrier,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6465636f6d706f73652c666f7263652c666f7263652c756d61736b3d30303030303030303030303030303030303030303031302c6e6c733d64656661756c742c00d4023937168c6a03faba6a3338c76bbb2cc123a1966858d8147d2c8f6696a3afb73a4233a7d6d17cbf793d9f3d5dc088fadadfdb7688c6a99fb22e09bb9b1fbe01fd94fae1e35f93fdbc2d26ac49430c71a16ad073e2416238a4b5f8c9877c553b2690fd7148fad9a9579680000d1a5caad58758c05f80c742dfc96510890d6ab62c3d6bc97ea00353e76f0f436500c88ef1b3ec52d6d1b6189c2c09e76160176ee4c21e9bcebdcac3565569f673575a04183f4095c2743d1547baa170a07fb5b39c0af610bbf13953ecb5e354858f41aa5b7bf2fbde", @ANYRESDEC, @ANYRESDEC], 0x44, 0x6f7, &(0x7f0000001f80)="$eJzs3U1sHGcZAOB31uu1N5XcbZu0BSHFakQEDSS2l5IgIREqhHyoUCQuvS6J01heu5HtIidCxAUKRzihHDgUIXPoCfWABOKAKGckJK4o90jcIw4smtmZ9f7Y693GP0n6PNJ4vpn5ft55O/Pt7myjDeAza/HtmNyOJBYvvLWVbj/YqTcf7NRXi3JETEVEKaLcXkWyFpF8EnE12kt8Lt2Zd5fsN84bD//0m/P3P6q3t8r5ktUvDWu3qzVkhO18idmImMjXYyrv19/1eHOgv3tjdZ104k4Tdq5IHJy01oDtcZqPcN8CT7p7EROTe+yvRZyKiOn8fUDks0PpmMM7dGPNcgAAAPBkmjiowvOP4lFsxczxhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPhqT9m4FJvpSK8mwkxe//V/J9qUrlhOMd7isHHP/g5jEFAgAAAAAAAABH4uP8i/uzj+JRbMVMsb+VZN/5v5ZtnM7+PhfvxUYsxXpcjK1oxGZsxnrMR0zOdHVY2Wpsbq7PD7b8daQtW63WvbzlQkTUBlouHMNJAwAAAAAAAMCz6yexGDMnHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRLIibaq2w5XZRrUSpHxHREVNJ62xF/KcpPuuqQY389xjgAAADghBQfjWeS/7ULrST7zP9y9rl/Ot6LtdiM5diMZizFjexZQPtTf+mf2/Xmg536aroMdvzt/4wVR9ZjREzE+/uMPJfVONNpsRjfje/HhZiNa7Eey/HDaMRmLMVsVNOTiEYkUau2n17Uijj3jvdqz9a1/tjO9m2/mkVSjZuxnMV2Ma5Xov3YJDuHdMxXu0b7YyWib8T30+wk38qNmKMbXf+9fpU/l8m1nh+xj6NRy858spORuTT3eTZeGJ77Ma+T/pHmo9R5BnV6d5R0s3+kIuc/GCfnp/J1muuf9+b8sI35KK0/EwtRyq++iJd7c377i/df7G385X/97dqt0trKrZsbF47wlB7H7EEVJotCfybqXZl4ZfjVl2eimWZie/RMTPbvmB615dGq5NnIpqIRZ8vvZKVGvNZ1Cb4bN2IpLsdczMeVmItvxELUO1dYupzpyWu5vtqbk+xeKw3Ob8OexJ77UlelXxxQ+XileXmhK6/dM10tO5bvufrLmOu6+l4cfvWN/SqQjv/5vJyO8dPOK86ToCcT+dxcRPfS8Ez8tpX+3Wiurazfatwecbzz+Tq9bT/onZt/N3rU/a/uhyG9XtIZt5xtZTmpFtdLeuylTrS9+ark37i025UGjp3pHKvFTCzH9/a9Uyv5e7jBntrHXuk+9u/dmbOSv78pjvW8y4l3o5m9C+lz4FQNwDE79fqpSvVh9R/VD6s/q96qvjX95tSVqS9UYvLv5T9P/KH0+9I3k9fjw/hxzJx0pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CzYuHN3pdFsLq13CjHdv+dxC5V9xxpeiNKBdXaeG63DqEUMHyvJC5XDPfensVCNvj3FLyw9bs8fR8SQOpXHDj4Z+xobu5Dm4VA6LH44LdvTmhijeblotXedcmxMx0ojKe9xx03t3gVRW2k0/9vqaV6NrlsGeMZd2ly9fWnjzt2vLq823ll6Z2lt4crlK5frX5//2qWby82lufbfk44SOAobd+5OnHQMAAAAAAAAAAAAwHjy//t/81P/Y4byAXUq6xt7j3z2uE8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeEotvh2T25HE/NzFuXT7wU69mS5FebdmOSJKEZH8KCL5JOJqtJeodXWX7DfOGw+jdP7+R/XdvspF/dKwdqPZzpeYjYiJfH2wqT26Gezveld/258qvKRzhmnCzhWJg5P2/wAAAP//vnbzsA==")

1.681397087s ago: executing program 3 (id=1370):
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000810087406d040e0a759400000001090212000100000000090400200003"], 0x0)

1.279769376s ago: executing program 1 (id=1376):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x200810, &(0x7f00000000c0)={[{@ssd_spread}, {@thread_pool={'thread_pool', 0x3d, 0xe6e2}}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@max_inline={'max_inline', 0x3d, [0x36, 0x70, 0x32, 0x67, 0x67, 0x38, 0x39, 0x70]}}, {@discard_async}, {@subvol={'subvol', 0x3d, '$-'}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")

1.088253331s ago: executing program 0 (id=1380):
syz_read_part_table(0x62c, &(0x7f0000000640)="$eJzs1L+LHGUcBvBndnd25/TiRoiNAfUvSCMIgkcuYCMWCREFrdJYCIIgiljtHpcilT9AEC2sAoqI6WxEEJE7rSSCYKNYBHtFjNiMvDM76xFFhByahM+nmHnf7/ve+75z88yGm9q0v1WZDJX5Pb9VSdrFIllOkvqF1cCsGZd627apk41Sevz9sw8/9ugsb272i1TDeqmGy3e/p0o77xboK01pj5J22PHrZtV47sNu4N7kZL9AbzysdfGHavXnf290sFNdM/jS+gnr5EjX2P73/yduTJe29ua7o5KvrWemKSke5cFq2aXkSsnqoqrqMrFZ5+HOn78sUVgeyv7jddarfFs2vTwrvVG57s/7OevE/tiUjXdWX127XH0zvUUXzGv1pZ2Dpe7gm4dyeq7X0ezNd8/X+fRqW35NzmaSqhpnNoy/Xl9t2/L6qpKCtukCc9uou83+36MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC3mEmSabIx9O/fSI6/OtrOqEpGSep2XOqXX3vgrp2+8qc3Zte9/6Wtvfnu+ec3LrySfHZHku+/Of7Q9PRP7xw58dV+tVzNOppU6XafJtlJ0jyRuj86N7P+/dfJy83bv7ZtKW0mQ64+X+fyl2mzOPZi113m3IEFqjRD62SX5r44GZJa/3XPVWiOHf7TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3hA8eue/MqdHBysW9ZDx02nacuz956r1nvzjV7D+dnJ59lO1+eGOYM0lyZtbNnic5d3uSE6WYaa5cSN59q7THyZMfp1mvu/ivnpB/8EcAAAD//9NRYfw=")

999.875681ms ago: executing program 0 (id=1381):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
open(&(0x7f0000000000)='./file0\x00', 0x14a600, 0x78e22799f4a46f8f)

880.779882ms ago: executing program 0 (id=1382):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000340), r0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x24, r1, 0x109, 0x70bd27, 0x25dfdbff, {}, [@NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x20}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40880}, 0x48000)

824.708875ms ago: executing program 0 (id=1383):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x29)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000540)={0xfffffff7, 0x200401, 0xfffffffd, 0xc6cf, 0x91, "0000080100", 0x240000, 0x1fd})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x1)

748.438997ms ago: executing program 0 (id=1384):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0xffffffff, 0x48008200, 0xfffd, 0x2, 0xfffffffd, 0x7c, 0x0, 0x0, 0xaa41d96b805f9574, 0x5}}, 0x50)

747.999694ms ago: executing program 0 (id=1385):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0)
clock_settime(0x0, &(0x7f0000000540))

186.173817ms ago: executing program 3 (id=1386):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x405c5504, 0x0)

10.527237ms ago: executing program 3 (id=1387):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)

0s ago: executing program 1 (id=1388):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f353b68090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

kernel console output (not intermixed with test programs):

SID 50:50:50:50:50:50
[  120.239927][  T596] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.240290][ T7250] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  120.292600][  T596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.295690][  T596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.306825][ T7254] f2fs_ckpt-7:1: attempt to access beyond end of device
[  120.306825][ T7254] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  120.315895][ T7254] CPU: 1 UID: 0 PID: 7254 Comm: f2fs_ckpt-7:1 Not tainted syzkaller #0 PREEMPT(full) 
[  120.315909][ T7254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  120.315915][ T7254] Call Trace:
[  120.315940][ T7254]  <TASK>
[  120.315946][ T7254]  dump_stack_lvl+0x189/0x250
[  120.315963][ T7254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.315973][ T7254]  ? __pfx_queue_work_on+0x10/0x10
[  120.315982][ T7254]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  120.315996][ T7254]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  120.316011][ T7254]  f2fs_handle_critical_error+0x37c/0x540
[  120.316028][ T7254]  f2fs_write_end_io+0x886/0xb60
[  120.316045][ T7254]  __submit_merged_bio+0x27a/0x6a0
[  120.316056][ T7254]  ? up_write+0x1c4/0x420
[  120.316070][ T7254]  __submit_merged_write_cond+0x44c/0x530
[  120.316084][ T7254]  f2fs_sync_node_pages+0x1479/0x15e0
[  120.316104][ T7254]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  120.316147][ T7254]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  120.316160][ T7254]  ? up_write+0x1c4/0x420
[  120.316167][ T7254]  ? do_raw_spin_unlock+0x4d/0x240
[  120.316179][ T7254]  f2fs_write_checkpoint+0xe6f/0x1df0
[  120.316198][ T7254]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  120.316223][ T7254]  ? down_write+0x162/0x1f0
[  120.316231][ T7254]  ? __pfx_down_write+0x10/0x10
[  120.316265][ T7254]  ? __pfx___schedule+0x10/0x10
[  120.316285][ T7254]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  120.316299][ T7254]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  120.316321][ T7254]  issue_checkpoint_thread+0xd9/0x260
[  120.316331][ T7254]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  120.316339][ T7254]  ? __pfx_autoremove_wake_function+0x10/0x10
[  120.316350][ T7254]  ? __kthread_parkme+0x7b/0x200
[  120.316360][ T7254]  ? __kthread_parkme+0x1a1/0x200
[  120.316372][ T7254]  kthread+0x711/0x8a0
[  120.316384][ T7254]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  120.316392][ T7254]  ? __pfx_kthread+0x10/0x10
[  120.316402][ T7254]  ? _raw_spin_unlock_irq+0x23/0x50
[  120.316412][ T7254]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.316425][ T7254]  ? __pfx_kthread+0x10/0x10
[  120.316435][ T7254]  ret_from_fork+0x3fc/0x770
[  120.316445][ T7254]  ? __pfx_ret_from_fork+0x10/0x10
[  120.316456][ T7254]  ? __switch_to_asm+0x39/0x70
[  120.316466][ T7254]  ? __switch_to_asm+0x33/0x70
[  120.316474][ T7254]  ? __pfx_kthread+0x10/0x10
[  120.316484][ T7254]  ret_from_fork_asm+0x1a/0x30
[  120.316502][ T7254]  </TASK>
[  120.316577][ T7254] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  120.405590][ T7254] CPU: 1 UID: 0 PID: 7254 Comm: f2fs_ckpt-7:1 Not tainted syzkaller #0 PREEMPT(full) 
[  120.405611][ T7254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  120.405619][ T7254] Call Trace:
[  120.405625][ T7254]  <TASK>
[  120.405633][ T7254]  dump_stack_lvl+0x189/0x250
[  120.405659][ T7254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.405674][ T7254]  ? __pfx_queue_work_on+0x10/0x10
[  120.405687][ T7254]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  120.405705][ T7254]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  120.405735][ T7254]  f2fs_handle_critical_error+0x37c/0x540
[  120.405762][ T7254]  f2fs_write_end_io+0x886/0xb60
[  120.405794][ T7254]  __submit_merged_bio+0x27a/0x6a0
[  120.405812][ T7254]  ? up_write+0x1c4/0x420
[  120.405833][ T7254]  __submit_merged_write_cond+0x44c/0x530
[  120.405860][ T7254]  f2fs_sync_node_pages+0x1479/0x15e0
[  120.405898][ T7254]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  120.405945][ T7254]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  120.405964][ T7254]  ? up_write+0x1c4/0x420
[  120.405976][ T7254]  ? do_raw_spin_unlock+0x4d/0x240
[  120.405997][ T7254]  f2fs_write_checkpoint+0xe6f/0x1df0
[  120.406036][ T7254]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  120.406090][ T7254]  ? down_write+0x162/0x1f0
[  120.406104][ T7254]  ? __pfx_down_write+0x10/0x10
[  120.406118][ T7254]  ? __pfx___schedule+0x10/0x10
[  120.406144][ T7254]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  120.406164][ T7254]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  120.406195][ T7254]  issue_checkpoint_thread+0xd9/0x260
[  120.406213][ T7254]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  120.406256][ T7254]  ? __pfx_autoremove_wake_function+0x10/0x10
[  120.406276][ T7254]  ? __kthread_parkme+0x7b/0x200
[  120.406290][ T7254]  ? __kthread_parkme+0x1a1/0x200
[  120.406305][ T7254]  kthread+0x711/0x8a0
[  120.406323][ T7254]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  120.406352][ T7254]  ? __pfx_kthread+0x10/0x10
[  120.406367][ T7254]  ? _raw_spin_unlock_irq+0x23/0x50
[  120.406382][ T7254]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.406397][ T7254]  ? __pfx_kthread+0x10/0x10
[  120.406410][ T7254]  ret_from_fork+0x3fc/0x770
[  120.406433][ T7254]  ? __pfx_ret_from_fork+0x10/0x10
[  120.406450][ T7254]  ? __switch_to_asm+0x39/0x70
[  120.406466][ T7254]  ? __switch_to_asm+0x33/0x70
[  120.406479][ T7254]  ? __pfx_kthread+0x10/0x10
[  120.406493][ T7254]  ret_from_fork_asm+0x1a/0x30
[  120.406519][ T7254]  </TASK>
[  120.406526][ T7254] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  120.443158][ T5851] usb 1-1: USB disconnect, device number 11
[  121.541300][ T5236] Bluetooth: hci1: command tx timeout
[  121.566309][ T7284] loop0: detected capacity change from 0 to 1024
[  121.576950][ T7285] mkiss: ax0: crc mode is auto.
[  121.626098][ T7284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.657201][ T7284] EXT4-fs error (device loop0): ext4_empty_dir:3109: inode #11: block 38: comm syz.0.495: Attempting to read directory block (38) that is past i_size (39680)
[  121.688251][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.060548][ T5851] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  123.222234][ T5851] usb 1-1: Using ep0 maxpacket: 32
[  123.232387][ T5851] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.235830][ T5851] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.239399][ T5851] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.249920][ T5851] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  123.258520][ T5851] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= 0.40
[  123.266677][ T5851] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  123.269316][ T5851] usb 1-1: SerialNumber: syz
[  123.290966][ T5851] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  123.293552][ T5851] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[  123.298871][ T5851] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[  123.304848][ T5851] usbtest 1-1:1.0: Linux gadget zero
[  123.306627][ T5851] usbtest 1-1:1.0: high-speed {control in/out int-in} tests (+alt)
[  123.493688][ T5851] usb 1-1: USB disconnect, device number 12
[  123.508007][ T7331] netlink: 44 bytes leftover after parsing attributes in process `syz.3.514'.
[  123.521814][ T7331] netlink: 43 bytes leftover after parsing attributes in process `syz.3.514'.
[  123.524840][ T7331] netlink: 'syz.3.514': attribute type 6 has an invalid length.
[  123.527375][ T7331] netlink: 'syz.3.514': attribute type 5 has an invalid length.
[  123.532447][ T7331] netlink: 43 bytes leftover after parsing attributes in process `syz.3.514'.
[  123.569141][ T7336] loop1: detected capacity change from 0 to 256
[  123.574837][ T7336] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  123.583806][ T7336] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  123.595696][ T7336] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  123.620978][ T5236] Bluetooth: hci1: command tx timeout
[  123.683689][ T7339] loop1: detected capacity change from 0 to 8
[  123.690000][ T7339] unable to read id index table
[  123.820537][ T5916] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  123.888137][ T7343] loop1: detected capacity change from 0 to 32768
[  123.907970][ T7343] (syz.1.520,7343,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  123.913810][ T7343] (syz.1.520,7343,0):ocfs2_fill_super:1177 ERROR: status = -22
[  124.000664][ T5916] usb 4-1: Using ep0 maxpacket: 16
[  124.010530][ T5916] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.013956][ T5916] usb 4-1: config 0 interface 0 has no altsetting 0
[  124.016047][ T5916] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  124.028235][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.044740][ T5916] usb 4-1: config 0 descriptor??
[  124.089615][   T33] audit: type=1326 audit(1757071750.653:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.0.524" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff857f8ebe9 code=0x0
[  124.535101][ T5916] nzxt-smart2 0003:1E71:2009.0003: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  125.033898][ T5900] usb 4-1: USB disconnect, device number 2
[  125.247078][ T7378] loop0: detected capacity change from 0 to 2048
[  125.254529][ T7378] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[  125.256950][ T7378] UDF-fs: Scanning with blocksize 512 failed
[  125.283479][ T7378] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  125.324396][ T7385] loop1: detected capacity change from 0 to 3
[  125.620141][ T7397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.542'.
[  125.627012][ T5900] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  125.846632][ T5900] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  125.850541][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.859161][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  125.863004][ T5900] usb 2-1: config 1 has no interface number 0
[  125.865683][ T5900] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  125.871999][ T5900] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  125.887033][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  125.892725][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.896892][ T5900] usb 2-1: Product: syz
[  125.898624][ T5900] usb 2-1: Manufacturer: syz
[  125.902896][ T5900] usb 2-1: SerialNumber: syz
[  125.920178][ T5900] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  125.923471][ T5900] cdc_ncm 2-1:1.1: bind() failure
[  126.128202][ T5900] usb 2-1: USB disconnect, device number 15
[  126.145311][ T7402] loop3: detected capacity change from 0 to 32768
[  126.400064][ T7404] netlink: 4 bytes leftover after parsing attributes in process `syz.0.546'.
[  126.405459][ T7404] bridge_slave_1: left allmulticast mode
[  126.407988][ T7404] bridge_slave_1: left promiscuous mode
[  126.414503][ T7404] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.426246][ T7404] bridge_slave_0: left allmulticast mode
[  126.428487][ T7404] bridge_slave_0: left promiscuous mode
[  126.431954][ T7404] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.811671][ T7420] loop3: detected capacity change from 0 to 2048
[  126.847528][ T7424] netlink: 'syz.1.554': attribute type 11 has an invalid length.
[  126.847672][ T7420] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.865272][ T7420] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  126.943999][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.944168][ T7431] netlink: 'syz.1.556': attribute type 1 has an invalid length.
[  126.951032][ T7431] netlink: 244 bytes leftover after parsing attributes in process `syz.1.556'.
[  127.113562][ T7436] netlink: 56 bytes leftover after parsing attributes in process `syz.1.558'.
[  127.117351][ T7436] netlink: 16 bytes leftover after parsing attributes in process `syz.1.558'.
[  127.742128][ T5916] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  127.901022][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  127.918119][ T5916] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.927872][ T5916] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.940635][ T5916] usb 4-1: config 0 interface 0 has no altsetting 0
[  127.950815][ T5916] usb 4-1: New USB device found, idVendor=0b43, idProduct=0003, bcdDevice= 0.00
[  127.954589][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.990961][ T5916] usb 4-1: config 0 descriptor??
[  128.415190][ T5916] smartjoyplus 0003:0B43:0003.0004: ignoring exceeding usage max
[  128.434266][ T5916] smartjoyplus 0003:0B43:0003.0004: item fetching failed at offset 10/11
[  128.439196][ T5916] smartjoyplus 0003:0B43:0003.0004: parse failed
[  128.448345][ T5916] smartjoyplus 0003:0B43:0003.0004: probe with driver smartjoyplus failed with error -22
[  128.654830][ T5851] usb 4-1: USB disconnect, device number 3
[  128.866218][ T7459] netlink: 'syz.1.568': attribute type 2 has an invalid length.
[  128.869365][ T7459] netlink: 'syz.1.568': attribute type 8 has an invalid length.
[  128.873938][ T7459] netlink: 1148 bytes leftover after parsing attributes in process `syz.1.568'.
[  129.125908][ T7465] loop1: detected capacity change from 0 to 32768
[  129.129130][ T7465] XFS: ikeep mount option is deprecated.
[  129.176557][ T7465] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  129.214796][ T7465] XFS (loop1): Ending clean mount
[  129.218409][ T7465] XFS (loop1): Quotacheck needed: Please wait.
[  129.251863][ T7465] XFS (loop1): Quotacheck: Done.
[  129.286995][   T33] audit: type=1326 audit(1757071755.843:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.470852][   T33] audit: type=1326 audit(1757071755.843:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.499272][   T33] audit: type=1326 audit(1757071755.843:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.533307][   T33] audit: type=1326 audit(1757071755.843:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.553485][ T7492] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  129.558453][   T33] audit: type=1326 audit(1757071755.853:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.592931][ T7492] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  129.595299][   T33] audit: type=1326 audit(1757071755.853:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.626487][   T33] audit: type=1326 audit(1757071755.853:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.651431][   T33] audit: type=1326 audit(1757071755.853:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7483 comm="syz.3.576" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x7ffc0000
[  129.819746][ T7495] netlink: 24 bytes leftover after parsing attributes in process `syz.3.580'.
[  129.882059][ T5848] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  129.892696][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'.
[  129.896278][ T7497] netlink: 12 bytes leftover after parsing attributes in process `syz.3.582'.
[  129.899931][ T7497] netlink: 'syz.3.582': attribute type 13 has an invalid length.
[  129.931829][ T7490] loop0: detected capacity change from 0 to 32768
[  129.951759][ T7490] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.578 (7490)
[  129.993468][ T7490] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  129.998066][ T7490] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  130.157756][ T7490] BTRFS info (device loop0): setting nodatasum
[  130.160051][ T7490] BTRFS info (device loop0): enabling ssd optimizations
[  130.172966][ T7490] BTRFS info (device loop0): enabling free space tree
[  130.175757][ T7490] BTRFS info (device loop0): enabling auto defrag
[  130.190581][ T7490] BTRFS info (device loop0): max_inline set to 0
[  130.351228][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  130.378074][ T5858] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  130.504611][   T24] usb 4-1: Using ep0 maxpacket: 16
[  130.518810][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  130.520772][   T24] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  130.526023][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  130.541267][   T24] usb 4-1: config 0 has no interface number 0
[  130.543843][   T24] usb 4-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  130.548394][   T24] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  130.555952][   T24] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  130.582428][   T24] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  130.586443][   T24] usb 4-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  130.604419][   T24] usb 4-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  130.608069][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.655800][   T24] usb 4-1: config 0 descriptor??
[  130.667141][ T7512] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  130.710730][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  130.711495][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  130.719417][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  130.740450][    T9] usb 2-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[  130.743571][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.772932][    T9] usb 2-1: config 0 descriptor??
[  130.887602][ T7542] binder: 7541:7542 unknown command 0
[  130.905756][ T7542] binder: 7541:7542 ioctl c0306201 2000000001c0 returned -22
[  130.949742][   T24] usb 4-1: USB disconnect, device number 4
[  131.071286][    T9] usb 2-1: USB disconnect, device number 16
[  131.814447][ T7562] loop3: detected capacity change from 0 to 2048
[  131.832852][ T7562] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  132.406756][ T7566] loop3: detected capacity change from 0 to 32768
[  132.428935][ T7566] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 0 transid 8 /dev/loop3 (7:3) scanned by syz.3.594 (7566)
[  132.483300][ T5949] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 0 transid 8 /dev/loop3 (7:3) scanned by udevd (5949)
[  132.642980][ T7571] binfmt_misc: register: failed to install interpreter file ./file2
[  132.824867][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.827291][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  133.207611][ T5296] udevd[5296]: worker [5949] terminated by signal 33 (Unknown signal 33)
[  133.220544][ T5296] udevd[5296]: worker [5949] failed while handling '/devices/virtual/block/loop3'
[  133.332386][ T7573] loop3: detected capacity change from 0 to 32768
[  133.507767][ T7573] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  133.507796][ T7573]   allowing incompatible features above 0.0: (unknown version)
[  133.507805][ T7573]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  133.556899][ T7573] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  133.559896][ T7573] bcachefs (loop3): initializing new filesystem
[  133.587317][ T7573] bcachefs (loop3): going read-write
[  133.602540][ T7573] bcachefs (loop3): marking superblocks
[  133.637063][ T7577] loop0: detected capacity change from 0 to 32768
[  133.647816][ T7573] bcachefs (loop3): initializing freespace
[  133.659491][ T7573] bcachefs (loop3): done initializing freespace
[  133.669892][ T7577] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.599 (7577)
[  133.670171][ T7573] bcachefs (loop3): reading snapshots table
[  133.693262][ T7573] bcachefs (loop3): reading snapshots done
[  133.732871][ T7573] bcachefs (loop3): done starting filesystem
[  133.753939][ T7577] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  133.757829][ T7577] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  133.900099][   T33] audit: type=1800 audit(1757071760.473:38): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.598" name="file1" dev="loop3" ino=4098 res=0 errno=0
[  133.918493][ T7613] loop1: detected capacity change from 0 to 22
[  133.925690][ T7613] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  133.939453][ T7577] BTRFS info (device loop0): enabling ssd optimizations
[  133.943193][ T7577] BTRFS info (device loop0): enabling free space tree
[  133.946380][ T7613] VFS: Can't find a romfs filesystem on dev loop1.
[  133.946380][ T7613] 
[  133.993194][ T7153] bcachefs (loop3): shutting down
[  133.995259][ T7153] bcachefs (loop3): going read-only
[  134.001358][ T7153] bcachefs (loop3): finished waiting for writes to stop
[  134.009433][ T7153] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  134.038958][ T7617] netlink: 28 bytes leftover after parsing attributes in process `syz.1.607'.
[  134.043719][ T5858] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  134.046106][ T7617] netlink: 'syz.1.607': attribute type 7 has an invalid length.
[  134.054113][ T7617] netlink: 'syz.1.607': attribute type 8 has an invalid length.
[  134.059381][ T7617] netlink: 4 bytes leftover after parsing attributes in process `syz.1.607'.
[  134.071065][ T7153] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  134.072968][ T7617] gretap0: entered promiscuous mode
[  134.089100][ T7617] batadv_slave_1: entered promiscuous mode
[  134.091266][ T7153] bcachefs (loop3): clean shutdown complete, journal seq 4
[  134.097997][ T7153] bcachefs (loop3): marking filesystem clean
[  134.105565][ T7617] gretap0: left promiscuous mode
[  134.130016][ T7617] batadv_slave_1: left promiscuous mode
[  134.157747][ T7153] bcachefs (loop3): shutdown complete
[  134.622352][ T7622] loop0: detected capacity change from 0 to 32768
[  134.648083][ T7622] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  134.663240][ T7622] XFS (loop0): Ending clean mount
[  134.682683][ T7622] XFS (loop0): Quotacheck needed: Please wait.
[  134.708429][ T1200] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x1806 dinode
[  134.713359][ T1200] XFS (loop0): Unmount and run xfs_repair
[  134.715893][ T1200] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  134.719432][ T1200] 00000000: 49 4e 81 ed 03 02 00 00 00 00 00 00 00 00 00 00  IN..............
[  134.724058][ T1200] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  134.727838][ T1200] 00000020: 34 f7 58 68 a5 e2 bf 3d 34 f7 58 68 a5 e2 bf 3d  4.Xh...=4.Xh...=
[  134.731436][ T1200] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 0a  4.Xh...=........
[  134.734986][ T1200] 00000040: 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01  ................
[  134.738540][ T1200] 00000050: 00 00 65 01 00 00 00 00 00 00 00 00 2c 50 36 f0  ..e.........,P6.
[  134.745017][ T1200] 00000060: ff ff ff ff cb 1f f2 eb 00 00 00 00 00 00 00 08  ................
[  134.748738][ T1200] 00000070: 00 00 00 01 00 00 00 0d 00 00 00 00 00 00 00 08  ................
[  134.778061][ T7622] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  134.802593][ T5858] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  134.824541][ T5858] XFS (loop0): Uncorrected metadata errors detected; please run xfs_repair.
[  134.990783][ T7637] loop7: detected capacity change from 0 to 16384
[  135.211345][ T7638] loop7: detected capacity change from 16384 to 0
[  135.352452][ T7640] loop0: detected capacity change from 0 to 4096
[  135.365456][ T7640] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  135.752622][ T7655] loop1: detected capacity change from 0 to 2048
[  135.763228][ T7655] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  135.772359][ T7544] udevd[7544]: incorrect nilfs2 checksum on /dev/loop1
[  135.792382][ T7544] udevd[7544]: incorrect nilfs2 checksum on /dev/loop1
[  135.811645][ T7656] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.859446][ T7644] loop0: detected capacity change from 0 to 32768
[  135.865620][ T7644] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.615 (7644)
[  135.882290][ T7644] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  135.885657][ T7644] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  135.924847][ T7653] loop3: detected capacity change from 0 to 32768
[  135.928038][ T7653] XFS: attr2 mount option is deprecated.
[  135.995317][ T7644] BTRFS info (device loop0): enabling ssd optimizations
[  135.997593][ T7644] BTRFS info (device loop0): enabling free space tree
[  136.008655][ T7653] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.052039][ T7653] XFS (loop3): Ending clean mount
[  136.062544][ T7653] XFS (loop3): Quotacheck needed: Please wait.
[  136.076958][ T5858] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  136.099094][ T7685] loop1: detected capacity change from 0 to 512
[  136.106607][ T7653] XFS (loop3): Quotacheck: Done.
[  136.216416][ T7685] EXT4-fs (loop1): 1 orphan inode deleted
[  136.219325][ T7685] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.235939][ T7153] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.240195][ T7685] ext4 filesystem being mounted at /215/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.295622][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.495256][ T7700] loop3: detected capacity change from 0 to 128
[  136.513622][ T7700] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  136.517888][ T7700] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  136.532393][ T7700] EXT4-fs warning (device loop3): verify_group_input:137: Cannot add at group 1029 (only 1 groups)
[  136.558713][ T7153] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  136.559983][ T7703] ieee802154 phy0 wpan0: encryption failed: -22
[  136.720652][  T792] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  136.900516][  T792] usb 1-1: Using ep0 maxpacket: 32
[  136.933807][  T792] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  136.936865][  T792] usb 1-1: config 0 has no interface number 0
[  136.943035][  T792] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  136.946157][  T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.948813][  T792] usb 1-1: Product: syz
[  136.950240][  T792] usb 1-1: Manufacturer: syz
[  136.956327][  T792] usb 1-1: SerialNumber: syz
[  136.986459][  T792] usb 1-1: config 0 descriptor??
[  136.998923][  T792] smsc95xx v2.0.0
[  137.068523][ T7717] loop1: detected capacity change from 0 to 40427
[  137.072282][ T7717] F2FS-fs: heap/no_heap options were deprecated
[  137.075983][ T7717] F2FS-fs (loop1): Mismatch start address, segment0(0) cp_blkaddr(512)
[  137.080225][ T7717] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  137.088756][ T7717] F2FS-fs (loop1): invalid crc value
[  137.142089][ T7717] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  137.146147][ T7717] F2FS-fs (loop1): Start checkpoint disabled!
[  137.157063][ T7717] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  137.159983][ T7717] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  137.178548][   T33] audit: type=1800 audit(1757071763.743:39): pid=7717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.635" name="file1" dev="loop1" ino=10 res=0 errno=0
[  137.211387][ T6282] kworker/u10:6: attempt to access beyond end of device
[  137.211387][ T6282] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  137.227692][ T6282] CPU: 1 UID: 0 PID: 6282 Comm: kworker/u10:6 Not tainted syzkaller #0 PREEMPT(full) 
[  137.227710][ T6282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  137.227717][ T6282] Workqueue: writeback wb_workfn (flush-7:1)
[  137.227750][ T6282] Call Trace:
[  137.227755][ T6282]  <TASK>
[  137.227760][ T6282]  dump_stack_lvl+0x189/0x250
[  137.227775][ T6282]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.227785][ T6282]  ? __pfx_queue_work_on+0x10/0x10
[  137.227795][ T6282]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  137.227809][ T6282]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  137.227824][ T6282]  f2fs_handle_critical_error+0x37c/0x540
[  137.227841][ T6282]  f2fs_write_end_io+0x886/0xb60
[  137.227858][ T6282]  __submit_merged_bio+0x27a/0x6a0
[  137.227873][ T6282]  __submit_merged_write_cond+0x255/0x530
[  137.227887][ T6282]  f2fs_write_data_pages+0x261d/0x3000
[  137.227914][ T6282]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  137.227932][ T6282]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  137.227955][ T6282]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  137.227966][ T6282]  ? look_up_lock_class+0x74/0x170
[  137.227982][ T6282]  ? trace_f2fs_writepages+0x7f/0x200
[  137.227993][ T6282]  ? f2fs_write_node_pages+0x478/0x6e0
[  137.228005][ T6282]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  137.228021][ T6282]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  137.228033][ T6282]  do_writepages+0x32e/0x550
[  137.228046][ T6282]  ? reacquire_held_locks+0x127/0x1d0
[  137.228055][ T6282]  ? writeback_sb_inodes+0x384/0x1010
[  137.228069][ T6282]  __writeback_single_inode+0x145/0xff0
[  137.228080][ T6282]  ? do_raw_spin_unlock+0x4d/0x240
[  137.228091][ T6282]  writeback_sb_inodes+0x6c7/0x1010
[  137.228112][ T6282]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  137.228145][ T6282]  ? rcu_is_watching+0x15/0xb0
[  137.228159][ T6282]  wb_writeback+0x43b/0xaf0
[  137.228173][ T6282]  ? queue_io+0x331/0x590
[  137.228184][ T6282]  ? __pfx_wb_writeback+0x10/0x10
[  137.228198][ T6282]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.228210][ T6282]  wb_workfn+0x409/0xef0
[  137.228225][ T6282]  ? __pfx_wb_workfn+0x10/0x10
[  137.228235][ T6282]  ? __lock_acquire+0xab9/0xd20
[  137.228252][ T6282]  ? process_scheduled_works+0x9ef/0x17b0
[  137.228263][ T6282]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.228272][ T6282]  ? process_scheduled_works+0x9ef/0x17b0
[  137.228279][ T6282]  ? process_scheduled_works+0x9ef/0x17b0
[  137.228287][ T6282]  process_scheduled_works+0xae1/0x17b0
[  137.228307][ T6282]  ? __pfx_process_scheduled_works+0x10/0x10
[  137.228322][ T6282]  worker_thread+0x8a0/0xda0
[  137.228331][ T6282]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  137.228345][ T6282]  ? __kthread_parkme+0x7b/0x200
[  137.228358][ T6282]  kthread+0x711/0x8a0
[  137.228369][ T6282]  ? __pfx_worker_thread+0x10/0x10
[  137.228376][ T6282]  ? __pfx_kthread+0x10/0x10
[  137.228386][ T6282]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.228395][ T6282]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.228405][ T6282]  ? __pfx_kthread+0x10/0x10
[  137.228415][ T6282]  ret_from_fork+0x3fc/0x770
[  137.228425][ T6282]  ? __pfx_ret_from_fork+0x10/0x10
[  137.228436][ T6282]  ? __switch_to_asm+0x39/0x70
[  137.228445][ T6282]  ? __switch_to_asm+0x33/0x70
[  137.228454][ T6282]  ? __pfx_kthread+0x10/0x10
[  137.228463][ T6282]  ret_from_fork_asm+0x1a/0x30
[  137.228481][ T6282]  </TASK>
[  137.228530][ T6282] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  137.550935][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  137.634780][ T7731] loop1: detected capacity change from 0 to 512
[  137.644785][ T7731] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  137.656875][ T7731] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:169: inode #17: comm syz.1.639: inline data xattr refers to an external xattr inode
[  137.665325][ T7731] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.639: couldn't read orphan inode 17 (err -117)
[  137.672450][ T7731] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.690174][ T7731] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  137.704752][    T9] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  137.708026][    T9] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  137.720563][    T9] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  137.724957][    T9] usb 4-1: config 220 has no interface number 2
[  137.727577][    T9] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  137.739880][    T9] usb 4-1: config 220 interface 0 has no altsetting 0
[  137.746434][    T9] usb 4-1: config 220 interface 76 has no altsetting 0
[  137.748506][    T9] usb 4-1: config 220 interface 1 has no altsetting 0
[  137.756883][    T9] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  137.760090][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.765327][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.768748][    T9] usb 4-1: Product: syz
[  137.770270][    T9] usb 4-1: Manufacturer: syz
[  137.773307][    T9] usb 4-1: SerialNumber: syz
[  137.816317][  T792] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  137.826581][ T7735] loop1: detected capacity change from 0 to 128
[  137.832613][ T7735] FAT-fs (loop1): bogus number of reserved sectors
[  137.835380][ T7735] FAT-fs (loop1): This looks like a DOS 1.x volume, but isn't a recognized floppy size (128 sectors)
[  137.839827][ T7735] FAT-fs (loop1): Can't find a valid FAT filesystem
[  137.985635][ T7739] loop1: detected capacity change from 0 to 2048
[  138.003743][ T7739] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  138.022983][  T792] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  138.026538][    T9] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  138.029742][    T9] usb 4-1: No valid video chain found.
[  138.032238][  T792] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  138.039112][    T9] usb 4-1: selecting invalid altsetting 0
[  138.052799][  T792] usb 1-1: USB disconnect, device number 13
[  138.087020][    T9] usb 4-1: selecting invalid altsetting 0
[  138.089512][    T9] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  138.106968][    T9] usb 4-1: USB disconnect, device number 5
[  138.460796][ T5916] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  138.611386][ T7747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.647'.
[  138.631191][ T5916] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  138.634772][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.637860][ T5916] usb 2-1: Product: syz
[  138.639473][ T5916] usb 2-1: Manufacturer: syz
[  138.657648][ T5916] usb 2-1: SerialNumber: syz
[  138.674970][ T5916] usb 2-1: config 0 descriptor??
[  138.988165][    T9] usb 2-1: USB disconnect, device number 17
[  139.088952][ T7751] loop0: detected capacity change from 0 to 2048
[  139.098304][ T7751] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  139.111415][ T7544] udevd[7544]: incorrect nilfs2 checksum on /dev/loop0
[  139.115959][ T7752] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.335205][ T7758] netlink: 76 bytes leftover after parsing attributes in process `syz.0.651'.
[  139.456900][ T7762] unknown channel width for channel at 909000KHz?
[  139.520848][ T7764] loop3: detected capacity change from 0 to 2048
[  139.554608][ T7544]  loop3: p1 < > p2 < > p3 p4 < >
[  139.556472][ T7544] loop3: partition table partially beyond EOD, truncated
[  139.559901][ T7544] loop3: p1 start 2305 is beyond EOD, truncated
[  139.562837][ T7544] loop3: p2 start 4294902784 is beyond EOD, truncated
[  139.565234][ T7544] loop3: p3 start 3724543488 is beyond EOD, truncated
[  139.573168][ T7764]  loop3: p1 < > p2 < > p3 p4 < >
[  139.575183][ T7764] loop3: partition table partially beyond EOD, truncated
[  139.582968][ T7764] loop3: p1 start 2305 is beyond EOD, truncated
[  139.592489][ T7764] loop3: p2 start 4294902784 is beyond EOD, truncated
[  139.594922][ T7764] loop3: p3 start 3724543488 is beyond EOD, truncated
[  139.742371][ T7768] netlink: 92 bytes leftover after parsing attributes in process `syz.1.656'.
[  139.806909][ T7773] loop3: detected capacity change from 0 to 512
[  140.254136][ T7773] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.259086][ T7773] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  140.366060][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.469968][ T7786] loop3: detected capacity change from 0 to 512
[  140.474346][ T7786] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  140.491270][ T7786] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  140.496913][ T7786] EXT4-fs (loop3): 1 truncate cleaned up
[  140.502951][ T7786] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.809664][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.380795][  T792] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  141.553969][  T792] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[  141.566181][  T792] usb 1-1: config 0 has no interface number 0
[  141.569231][  T792] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  141.577420][ T7792] loop3: detected capacity change from 0 to 32768
[  141.578500][  T792] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  141.582077][ T7792] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.663 (7792)
[  141.602860][  T792] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  141.615715][  T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.617514][ T7792] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  141.625176][  T792] usb 1-1: Product: syz
[  141.632608][  T792] usb 1-1: Manufacturer: syz
[  141.641121][  T792] usb 1-1: SerialNumber: syz
[  141.645723][ T7792] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  141.669623][  T792] usb 1-1: config 0 descriptor??
[  141.689682][ T7794] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  141.727748][  T792] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  141.776608][  T792] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  141.822256][ T7792] BTRFS info (device loop3): enabling ssd optimizations
[  141.825090][ T7792] BTRFS info (device loop3): enabling free space tree
[  141.952881][    C1] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22
[  142.084593][ T7153] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  142.157328][ T5916] usb 1-1: USB disconnect, device number 14
[  142.194678][ T5916] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  142.204946][ T5916] cyberjack 1-1:0.69: device disconnected
[  142.334562][ T7820] ipvlan0: entered promiscuous mode
[  142.336812][ T7820] ipvlan0: entered allmulticast mode
[  142.339043][ T7820] veth0_vlan: entered allmulticast mode
[  142.589824][ T7824] loop3: detected capacity change from 0 to 32768
[  142.623108][ T7824] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  142.755247][ T7153] ocfs2: Unmounting device (7,3) on (node local)
[  142.860333][ T7833] vivid-000: disconnect
[  142.864252][ T7832] vivid-000: reconnect
[  143.153432][  T792] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  143.300576][  T792] usb 4-1: Using ep0 maxpacket: 16
[  143.306932][  T792] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.311558][  T792] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  143.318498][  T792] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  143.322268][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.325137][  T792] usb 4-1: Product: syz
[  143.326525][  T792] usb 4-1: Manufacturer: syz
[  143.327984][  T792] usb 4-1: SerialNumber: syz
[  143.563296][  T792] usb 4-1: 0:2 : does not exist
[  143.629565][  T792] usb 4-1: USB disconnect, device number 6
[  143.719597][ T7544] udevd[7544]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  144.556671][ T7868] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.688'.
[  144.560892][ T7868] netlink: 104088 bytes leftover after parsing attributes in process `syz.1.688'.
[  144.564794][ T7868] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.688'.
[  144.739455][ T7875] loop0: detected capacity change from 0 to 4096
[  144.769320][ T7875] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  144.818345][  T792] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  145.003421][  T792] usb 4-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config
[  145.007758][  T792] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  145.023138][  T792] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  145.026984][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.038220][  T792] usb 4-1: Product: syz
[  145.040087][  T792] usb 4-1: Manufacturer: syz
[  145.045924][  T792] usb 4-1: SerialNumber: syz
[  145.271520][  T792] usb 4-1: 0:2 : does not exist
[  145.284143][  T792] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  145.309524][  T792] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22
[  145.326473][  T792] usb 4-1: USB disconnect, device number 7
[  145.397657][ T7544] udevd[7544]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  145.556677][ T7888] loop1: detected capacity change from 0 to 32768
[  145.581302][ T7888] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  145.632027][ T7888] XFS (loop1): Ending clean mount
[  145.642825][ T7888] XFS (loop1): Quotacheck needed: Please wait.
[  145.656548][ T7908] loop0: detected capacity change from 0 to 512
[  145.678294][ T7888] XFS (loop1): Quotacheck: Done.
[  145.701669][ T7908] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.718109][ T7908] ext4 filesystem being mounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  145.781846][ T5848] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  145.782058][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.894867][ T7915] loop0: detected capacity change from 0 to 2048
[  145.905568][ T7915] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  146.151144][  T792] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  146.304778][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.309095][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.321613][  T792] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  146.331448][  T792] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  146.335093][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.342258][  T792] usb 4-1: config 0 descriptor??
[  146.769724][  T792] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  146.961891][  T792] usb 4-1: USB disconnect, device number 8
[  147.354196][ T7955] loop1: detected capacity change from 0 to 256
[  147.369820][ T7955] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  147.407924][ T7955] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  147.414254][ T7955] FAT-fs (loop1): Filesystem has been set read-only
[  147.845849][ T7972] netlink: 'syz.1.731': attribute type 1 has an invalid length.
[  147.859115][ T7972] netlink: 16150 bytes leftover after parsing attributes in process `syz.1.731'.
[  148.551105][ T7977] loop1: detected capacity change from 0 to 131072
[  148.562073][ T7977] F2FS-fs (loop1): Test dummy encryption mode enabled
[  148.566914][ T7977] F2FS-fs (loop1): invalid crc value
[  148.621536][ T7977] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  148.638802][ T7977] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  148.715996][ T7989] netlink: 28 bytes leftover after parsing attributes in process `syz.3.737'.
[  148.719651][ T7989] netlink: 'syz.3.737': attribute type 7 has an invalid length.
[  148.723110][   T33] audit: type=1800 audit(1757071775.293:40): pid=7977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.734" name="file1" dev="loop1" ino=10 res=0 errno=0
[  148.738405][ T7989] netlink: 'syz.3.737': attribute type 8 has an invalid length.
[  148.743340][ T7989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.737'.
[  148.829361][ T7991] input: syz0 as /devices/virtual/input/input13
[  148.916785][ T7995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.741'.
[  149.688150][ T8004] block device autoloading is deprecated and will be removed.
[  150.121217][ T8025] loop1: detected capacity change from 0 to 128
[  150.125541][ T8025] FAT-fs (loop1): bogus number of reserved sectors
[  150.128032][ T8025] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  150.133238][ T8025] FAT-fs (loop1): Can't find a valid FAT filesystem
[  150.139208][ T8025] tmpfs: Bad value for 'mpol'
[  150.341306][ T8023] loop3: detected capacity change from 0 to 32768
[  150.361717][ T8023] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  150.414127][ T7153] ocfs2: Unmounting device (7,3) on (node local)
[  150.470659][ T5887] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  150.625953][ T8037] loop3: detected capacity change from 0 to 512
[  150.632998][ T5887] usb 2-1: Using ep0 maxpacket: 32
[  150.646192][ T5887] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  150.649693][ T5887] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  150.659895][ T5887] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  150.663874][ T5887] usb 2-1: config 1 has no interface number 0
[  150.666452][ T5887] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  150.671194][ T5887] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  150.680767][ T5887] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  150.685497][ T8037] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.691281][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.692995][ T8037] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.714136][ T5887] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  150.717681][ T8037] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present
[  150.727514][ T8037] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  150.733540][ T8037] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.758: Failed to acquire dquot type 0
[  150.744972][ T8037] EXT4-fs (loop3): Remounting filesystem read-only
[  150.759572][ T8042] netlink: 'syz.0.759': attribute type 7 has an invalid length.
[  150.768978][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.784156][ T8042] : entered promiscuous mode
[  150.914529][ T8029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.917868][ T8029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.933904][ T8029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.941284][ T8029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.947731][ T5887] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  151.133712][ T8054] loop3: detected capacity change from 0 to 32768
[  151.137940][ T8054] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section members_v2: device 0: not enough buckets (got 0, max 64)
[  151.137940][ T8054] members_v2 (size 152):
[  151.137940][ T8054] nr_devices mismatch: have 17 entries, should be 1Device:0
[  151.137940][ T8054]   Label:                       (none)
[  151.137940][ T8054]   UUID:                        7af6772b-00de-4159-0000-000000000000
[  151.137940][ T8054]   Size:                        0
[  151.137940][ T8054]   read errors:                 0
[  151.137940][ T8054]   write errors:                0
[  151.137940][ T8054]   checksum errors:             0
[  151.137940][ T8054]   seqread iops:                0
[  151.137940][ T8054]   seqwrite iops:               0
[  151.137940][ T8054]   randread iops:               0
[  151.137940][ T8054]   randwrite iops:              0
[  151.137940][ T8054]   Bucket size:                 0
[  151.137940][ T8054]   First bucket:                0
[  151.137940][ T8054]   Buckets:                     0
[  151.137940][ T8054]   Last mount:                  (never)
[  151.137940][ T8054]   Last superblock write:       0
[  151.137940][ T8054]   State:                       rw
[  151.137940][ T8054]   Data allowed:                (none)
[  151.137940][ T8054]   Has data:                    btree,user
[  151.137940][ T8054]   Btree allocated bitmap blocksize:1
[  151.137940][ T8054]   Btree allocated bitmap:      0000000000000000000000000000000000000000000000000000000000000000
[  151.137940][ T8054]   Durability:   
[  151.138081][ T8054] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  151.383109][ T6354] usb 2-1: USB disconnect, device number 18
[  151.386780][ T6354] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  152.282929][ T8080] loop1: detected capacity change from 0 to 32768
[  152.306162][ T8080] (syz.1.777,8080,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  152.312070][ T8080] (syz.1.777,8080,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  152.346876][ T8080] (syz.1.777,8080,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  152.358897][ T8080] JBD2: Ignoring recovery information on journal
[  152.404047][ T8080] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  152.470582][ T5887] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  152.524768][ T5848] ocfs2: Unmounting device (7,1) on (node local)
[  152.640860][ T5887] usb 4-1: Using ep0 maxpacket: 16
[  152.652582][ T5887] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  152.655903][ T5887] usb 4-1: config 0 has no interface number 0
[  152.658397][ T5887] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  152.671490][ T5887] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  152.684325][ T5887] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  152.688312][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.692803][ T5887] usb 4-1: Product: syz
[  152.694703][ T5887] usb 4-1: Manufacturer: syz
[  152.696938][ T5887] usb 4-1: SerialNumber: syz
[  152.702781][ T5887] usb 4-1: config 0 descriptor??
[  152.705847][ T8082] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  152.708954][ T8082] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  152.922969][ T8082] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  152.939710][ T8082] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  153.132666][ T8102] loop1: detected capacity change from 0 to 32768
[  153.151916][ T8102] JBD2: Ignoring recovery information on journal
[  153.227119][ T8102] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  153.310253][ T5848] ocfs2: Unmounting device (7,1) on (node local)
[  153.346960][ T5887] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  153.378364][ T5887] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -71
[  153.380742][ T5852] Bluetooth: hci1: command 0x0405 tx timeout
[  153.384672][ T5887] asix 4-1:0.251: probe with driver asix failed with error -71
[  153.393610][ T5887] usb 4-1: USB disconnect, device number 9
[  154.079319][ T8132] loop1: detected capacity change from 0 to 32768
[  154.085564][ T8132] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop1: erofs_nochanges
[  154.090994][ T8132] bcachefs: bch2_fs_get_tree() error: erofs_nochanges
[  154.226457][ T8152] Zero length message leads to an empty skb
[  154.250757][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  154.408736][ T8163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.815'.
[  154.412258][    T9] usb 4-1: Using ep0 maxpacket: 8
[  154.417276][    T9] usb 4-1: config 0 has an invalid interface number: 78 but max is 0
[  154.424010][    T9] usb 4-1: config 0 has no interface number 0
[  154.433003][    T9] usb 4-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=f0.21
[  154.436115][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.444827][    T9] usb 4-1: Product: syz
[  154.446748][    T9] usb 4-1: Manufacturer: syz
[  154.448531][    T9] usb 4-1: SerialNumber: syz
[  154.459956][    T9] usb 4-1: config 0 descriptor??
[  154.552254][ T8170] loop6: detected capacity change from 0 to 7
[  154.565141][ T8170] Dev loop6: unable to read RDB block 7
[  154.567509][ T8170]  loop6: AHDI p3 p4
[  154.569179][ T8170] loop6: partition table partially beyond EOD, truncated
[  154.574241][ T8170] loop6: p3 start 1886353253 is beyond EOD, truncated
[  154.593066][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.820'.
[  154.672190][    T9] usbhid 4-1:0.78: couldn't find an input interrupt endpoint
[  154.685878][    T9] usb 4-1: USB disconnect, device number 10
[  154.687818][ T8176] netlink: 'syz.1.822': attribute type 11 has an invalid length.
[  154.744418][ T8178] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  154.761630][ T8178] CIFS mount error: No usable UNC path provided in device string!
[  154.761630][ T8178] 
[  154.769491][ T8178] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  154.799030][ T8180] loop1: detected capacity change from 0 to 4096
[  154.810877][ T8180] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  154.849470][ T8180] ntfs3(loop1): ino=0, attr_set_size
[  154.852074][ T8180] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  155.321364][ T8206] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  155.818143][ T8233] syz_tun: entered allmulticast mode
[  155.829166][ T8231] syz_tun: left allmulticast mode
[  156.040659][ T6354] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  156.190863][ T6354] usb 2-1: Using ep0 maxpacket: 16
[  156.218624][ T6354] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  156.222158][ T6354] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.225121][ T6354] usb 2-1: Product: syz
[  156.226810][ T6354] usb 2-1: Manufacturer: syz
[  156.244398][ T6354] usb 2-1: SerialNumber: syz
[  156.252660][ T6354] r8152-cfgselector 2-1: Unknown version 0x0000
[  156.255340][ T6354] r8152-cfgselector 2-1: config 0 descriptor??
[  156.758381][   T24] r8152-cfgselector 2-1: USB disconnect, device number 19
[  157.136998][ T8277] loop3: detected capacity change from 0 to 40427
[  157.148895][ T8277] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  157.159888][ T8277] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  157.235249][ T8277] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  157.243099][ T8277] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  157.246159][ T8277] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  157.548855][ T5852] Bluetooth: hci0: command tx timeout
[  158.398373][ T8298] macsec0: entered promiscuous mode
[  158.400773][ T8298] macsec0: entered allmulticast mode
[  158.402865][ T8298] veth1_macvtap: entered allmulticast mode
[  158.522930][ T8302] loop1: detected capacity change from 0 to 4096
[  158.526912][ T8302] ntfs3(loop1): It is recommened to use chkdsk.
[  158.529975][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  158.534954][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  158.537871][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  158.541738][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  158.544436][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc1c00
[  158.547024][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc2c00
[  158.549823][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc4c00
[  158.554039][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffc8c00
[  158.556674][ T8302] ntfs3(loop1): try to read out of volume at offset 0x3fffffd0c00
[  158.653480][ T8306] mmap: syz.1.881 (8306) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  159.094541][ T8322] loop1: detected capacity change from 0 to 32768
[  159.124002][ T8322] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  159.138780][ T5913] (kworker/u8:4,5913,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=648518346341351496, rec_len=0, name_len=0
[  159.213612][ T8336] loop3: detected capacity change from 0 to 8
[  159.315473][ T5848] ocfs2: Unmounting device (7,1) on (node local)
[  160.249560][ T8362] netlink: 'syz.1.898': attribute type 3 has an invalid length.
[  161.619689][ T8396] netlink: 16 bytes leftover after parsing attributes in process `syz.0.913'.
[  161.964191][    C1] vcan0: j1939_tp_rxtimer: 0xffff888114bbac00: rx timeout, send abort
[  161.971344][    C1] vcan0: j1939_tp_rxtimer: 0xffff888114bba000: rx timeout, send abort
[  161.975298][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888114bbac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  161.984067][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888114bba000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  162.128699][ T8405] loop3: detected capacity change from 0 to 512
[  162.293767][ T8411] loop3: detected capacity change from 0 to 2048
[  162.299381][ T8411] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  163.210752][ T5916] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  163.385557][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.390034][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.398898][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  163.410521][ T5916] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  163.414164][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.431270][ T5916] usb 2-1: config 0 descriptor??
[  163.677330][ T8431] loop3: detected capacity change from 0 to 32768
[  163.695389][ T8431] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.736926][ T8431] XFS (loop3): Ending clean mount
[  163.786030][ T7153] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.852410][ T5916] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd
[  163.878025][ T5916] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  164.436592][   T24] usb 2-1: USB disconnect, device number 20
[  164.755690][ T8465] netlink: 8 bytes leftover after parsing attributes in process `syz.0.939'.
[  165.064424][ T5916] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  165.155982][ T8484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.220589][ T5916] usb 4-1: Using ep0 maxpacket: 16
[  165.235071][ T5916] usb 4-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01
[  165.240115][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.247447][ T5916] usb 4-1: Product: syz
[  165.249857][ T5916] usb 4-1: Manufacturer: syz
[  165.253293][ T5916] usb 4-1: SerialNumber: syz
[  165.272022][ T5916] usb 4-1: config 0 descriptor??
[  165.283456][ T5916] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected.
[  165.485923][ T5916] pwc: Warning: more than 1 configuration available.
[  165.491298][ T5916] pwc: Failed to set LED on/off time (-71)
[  165.494929][ T5916] pwc: send_video_command error -71
[  165.497181][ T5916] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  165.502476][ T5916] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  165.514210][ T5916] usb 4-1: USB disconnect, device number 11
[  165.704964][ T8487] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  166.150642][ T5916] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  166.311216][ T5916] usb 2-1: Using ep0 maxpacket: 8
[  166.316945][ T5916] usb 2-1: config 11 has an invalid interface number: 95 but max is 0
[  166.319872][ T5916] usb 2-1: config 11 has no interface number 0
[  166.323102][ T5916] usb 2-1: config 11 interface 95 altsetting 64 endpoint 0x82 has invalid wMaxPacketSize 0
[  166.326769][ T5916] usb 2-1: config 11 interface 95 has no altsetting 0
[  166.334871][ T5916] usb 2-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  166.338447][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.342203][ T5916] usb 2-1: Product: syz
[  166.343457][ T5916] usb 2-1: Manufacturer: syz
[  166.345075][ T5916] usb 2-1: SerialNumber: syz
[  166.518569][ T8532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.969'.
[  166.572062][ T5916] usbtouchscreen 2-1:11.95: probe with driver usbtouchscreen failed with error -8
[  166.583122][ T5916] usb 2-1: USB disconnect, device number 21
[  167.147742][ T8557] loop3: detected capacity change from 0 to 4096
[  167.289412][ T8564] ntfs3(loop3): ino=0, "file0" failed to extend initialized size to 8fecc.
[  167.392027][ T8569] batadv_slave_1: entered promiscuous mode
[  167.411279][ T8568] batadv_slave_1: left promiscuous mode
[  167.621463][ T8575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.988'.
[  167.625049][ T8575] netlink: 28 bytes leftover after parsing attributes in process `syz.1.988'.
[  167.639769][ T8575] geneve2: entered promiscuous mode
[  167.643854][ T8575] geneve2: entered allmulticast mode
[  167.963055][ T8575] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.988'.
[  168.749086][ T8582] sctp: [Deprecated]: syz.0.990 (pid 8582) Use of int in max_burst socket option deprecated.
[  168.749086][ T8582] Use struct sctp_assoc_value instead
[  169.191991][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  169.354812][    T9] usb 4-1: Using ep0 maxpacket: 32
[  169.360140][    T9] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  169.364651][    T9] usb 4-1: config 0 has no interface number 0
[  169.366795][    T9] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  169.373166][    T9] usb 4-1: config 0 interface 85 has no altsetting 0
[  169.385050][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  169.391650][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.397812][    T9] usb 4-1: Product: syz
[  169.400730][    T9] usb 4-1: Manufacturer: syz
[  169.405743][    T9] usb 4-1: SerialNumber: syz
[  169.428495][    T9] usb 4-1: config 0 descriptor??
[  170.041024][ T8631] overlayfs: failed to clone upperpath
[  170.048398][ T8631] overlayfs: failed to clone lowerpath
[  170.283922][    T9] appletouch 4-1:0.85: Geyser mode initialized.
[  170.289687][    T9] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input16
[  170.300634][    C0] appletouch 4-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64
[  170.487888][ T8640] loop1: detected capacity change from 0 to 256
[  170.515840][ T5900] usb 4-1: USB disconnect, device number 12
[  170.539564][ T5900] appletouch 4-1:0.85: input: appletouch disconnected
[  170.598862][ T8642] loop1: detected capacity change from 0 to 512
[  170.607611][ T8642] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.1017: corrupted in-inode xattr: e_value size too large
[  170.619772][ T8642] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1017: couldn't read orphan inode 15 (err -117)
[  170.626159][ T8642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.657867][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.713187][ T8646] comedi comedi0: rti802: I/O port conflict (0xfffffffffffffbff,4)
[  171.050571][ T5851] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  171.158636][ T8657] loop3: detected capacity change from 0 to 8192
[  171.164268][ T8657] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  171.193368][ T8657] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  171.199700][ T8657] ntfs3(loop3): ino=5, mi_enum_attr
[  171.210816][ T5851] usb 2-1: Using ep0 maxpacket: 8
[  171.234366][ T5851] usb 2-1: unable to get BOS descriptor or descriptor too short
[  171.243810][ T5851] usb 2-1: config 250 has an invalid interface number: 4 but max is 0
[  171.251041][ T5851] usb 2-1: config 250 has no interface number 0
[  171.261021][ T5851] usb 2-1: config 250 interface 4 altsetting 43 endpoint 0x6 has invalid wMaxPacketSize 0
[  171.268186][ T5851] usb 2-1: config 250 interface 4 has no altsetting 0
[  171.277516][ T5851] usb 2-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=1b.8a
[  171.284701][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.287485][ T5851] usb 2-1: Product: syz
[  171.288958][ T5851] usb 2-1: Manufacturer: syz
[  171.299456][ T5851] usb 2-1: SerialNumber: syz
[  171.351460][ T8669] loop3: detected capacity change from 0 to 512
[  171.357156][ T8669] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  171.364315][ T8669] EXT4-fs (loop3): 1 truncate cleaned up
[  171.367060][ T8669] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.403721][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.517651][ T5851] powermate 2-1:250.4: probe with driver powermate failed with error -5
[  171.526955][ T5851] usb 2-1: USB disconnect, device number 22
[  171.664872][ T8672] loop3: detected capacity change from 0 to 40427
[  171.668821][ T8672] F2FS-fs: heap/no_heap options were deprecated
[  171.672003][ T8672] F2FS-fs: heap/no_heap options were deprecated
[  171.682366][ T8672] F2FS-fs (loop3): FLUSH_MERGE not compatible with readonly mode
[  172.067341][ T8687] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.1033'.
[  172.074689][ T8687] openvswitch: netlink: Port -8 exceeds max allowable 65535
[  172.091421][   T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  172.241078][   T24] usb 4-1: Using ep0 maxpacket: 8
[  172.244756][   T24] usb 4-1: config index 0 descriptor too short (expected 548, got 36)
[  172.247638][   T24] usb 4-1: config 250 has no interfaces?
[  172.254506][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  172.259021][   T24] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  172.262641][   T24] usb 4-1: Product: syz
[  172.264431][   T24] usb 4-1: SerialNumber: syz
[  172.370598][ T5887] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  172.473162][   T24] usb 4-1: USB disconnect, device number 13
[  172.523517][ T5887] usb 2-1: config 0 has an invalid interface number: 20 but max is 0
[  172.526740][ T5887] usb 2-1: config 0 has no interface number 0
[  172.531280][ T5887] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  172.537945][ T5887] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  172.542296][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.545337][ T5887] usb 2-1: Product: syz
[  172.546886][ T5887] usb 2-1: Manufacturer: syz
[  172.548684][ T5887] usb 2-1: SerialNumber: syz
[  172.555468][ T5887] usb 2-1: config 0 descriptor??
[  172.558177][ T8689] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  172.562957][ T5887] usb-storage 2-1:0.20: USB Mass Storage device detected
[  172.571623][ T5887] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  172.767918][ T5887] scsi host6: usb-storage 2-1:0.20
[  172.776260][ T5887] usb 2-1: USB disconnect, device number 23
[  172.842213][ T8698] CIFS: VFS: Malformed UNC in devname
[  172.922217][ T8702] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  172.925832][ T8702] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  173.020334][ T8706] loop3: detected capacity change from 0 to 256
[  173.046729][ T8706] FAT-fs (loop3): Directory bread(block 64) failed
[  173.048897][ T8706] FAT-fs (loop3): Directory bread(block 65) failed
[  173.052461][ T8706] FAT-fs (loop3): Directory bread(block 66) failed
[  173.054551][ T8706] FAT-fs (loop3): Directory bread(block 67) failed
[  173.056910][ T8706] FAT-fs (loop3): Directory bread(block 68) failed
[  173.059109][ T8706] FAT-fs (loop3): Directory bread(block 69) failed
[  173.062942][ T8706] FAT-fs (loop3): Directory bread(block 70) failed
[  173.065011][ T8706] FAT-fs (loop3): Directory bread(block 71) failed
[  173.067154][ T8706] FAT-fs (loop3): Directory bread(block 72) failed
[  173.069559][ T8706] FAT-fs (loop3): Directory bread(block 73) failed
[  173.150189][ T8708] loop3: detected capacity change from 0 to 4096
[  173.160224][ T8708] EXT4-fs (loop3): Test dummy encryption mode enabled
[  173.164863][ T8708] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  173.168242][ T8708] System zones: 0-5
[  173.175543][ T8708] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.254634][ T8708] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  173.296596][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.485959][ T8717] tipc: Started in network mode
[  173.488070][ T8717] tipc: Node identity 4, cluster identity 4711
[  173.496412][ T8717] tipc: Node number set to 4
[  173.605224][ T8730] fuse: Bad value for 'fd'
[  173.667029][ T8732] loop1: detected capacity change from 0 to 164
[  173.725077][ T8732] ISOFS: unable to read i-node block
[  173.727301][ T8732] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  173.739749][ T8732] isofs_fill_super: get root inode failed
[  173.857172][ T8741] vivid-000: =================  START STATUS  =================
[  173.870978][ T8741] vivid-000: Test Pattern: 75% Colorbar
[  173.878122][ T8741] vivid-000: Fill Percentage of Frame: 100
[  173.885737][ T8741] vivid-000: Horizontal Movement: No Movement
[  173.888378][ T8741] vivid-000: Vertical Movement: No Movement
[  173.892356][ T8741] vivid-000: OSD Text Mode: All
[  173.894532][ T8741] vivid-000: Show Border: false
[  173.896478][ T8741] vivid-000: Show Square: false
[  173.898220][ T8741] vivid-000: Sensor Flipped Horizontally: false
[  173.902073][ T8741] vivid-000: Sensor Flipped Vertically: false
[  173.904497][ T8741] vivid-000: Insert SAV Code in Image: false
[  173.906965][ T8741] vivid-000: Insert EAV Code in Image: false
[  173.909421][ T8741] vivid-000: Insert Video Guard Band: false
[  173.913122][ T8741] vivid-000: Reduced Framerate: false
[  173.914874][ T8741] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  173.917391][ T8741] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  173.920290][ T8741] vivid-000: Enable Capture Cropping: true
[  173.924883][ T8741] vivid-000: Enable Capture Composing: true
[  173.927330][ T8741] vivid-000: Enable Capture Scaler: true
[  173.929836][ T8741] vivid-000: Timestamp Source: End of Frame
[  173.934036][ T8741] vivid-000: Colorspace: sRGB
[  173.936171][ T8741] vivid-000: Transfer Function: Default
[  173.938586][ T8741] vivid-000: Y'CbCr Encoding: Default
[  173.943622][ T8741] vivid-000: HSV Encoding: Hue 0-179
[  173.946001][ T8741] vivid-000: Quantization: Default
[  173.948356][ T8741] vivid-000: Apply Alpha To Red Only: false
[  173.958537][ T8741] vivid-000: Standard Aspect Ratio: 4x3
[  173.965490][ T8741] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  173.973233][ T8741] vivid-000: DV Timings: 640x480p59 inactive
[  173.978256][ T8741] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  173.988242][ T8741] vivid-000: Maximum EDID Blocks: 2
[  173.993774][ T8741] vivid-000: Limited RGB Range (16-235): false
[  173.998362][ T8741] vivid-000: Rx RGB Quantization Range: Automatic
[  174.005701][ T8741] vivid-000: Power Present: 0x00000001
[  174.013311][ T8741] tpg source WxH: 3840x2160 (Luma)
[  174.019316][ T8741] tpg field: 1
[  174.022761][ T8741] tpg crop: (0,0)/3840x2160
[  174.025445][ T8741] tpg compose: (0,0)/3840x2160
[  174.029549][ T8741] tpg colorspace: 8
[  174.064001][ T8741] tpg transfer function: 0/0
[  174.068383][ T8741] tpg quantization: 0/0
[  174.071091][ T8741] tpg RGB range: 0/2
[  174.072749][ T8741] vivid-000: ==================  END STATUS  ==================
[  175.340981][ T5887] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  175.612796][ T5887] usb 4-1: config 0 has an invalid interface number: 110 but max is 0
[  175.616132][ T5887] usb 4-1: config 0 has no interface number 0
[  175.618621][ T5887] usb 4-1: config 0 interface 110 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0
[  175.625948][ T5887] usb 4-1: config 0 interface 110 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  175.630273][ T5887] usb 4-1: config 0 interface 110 has no altsetting 0
[  175.649082][ T5887] usb 4-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55
[  175.652592][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.655186][ T5887] usb 4-1: Product: syz
[  175.656497][ T5887] usb 4-1: Manufacturer: syz
[  175.658287][ T5887] usb 4-1: SerialNumber: syz
[  175.668419][ T5887] usb 4-1: config 0 descriptor??
[  176.098391][ T5900] usb 4-1: USB disconnect, device number 14
[  176.300634][ T5887] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  176.450539][ T5887] usb 2-1: Using ep0 maxpacket: 32
[  176.454585][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.458862][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.463578][ T5887] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  176.466952][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.472628][ T5887] usb 2-1: config 0 descriptor??
[  176.888903][ T5887] koneplus 0003:1E7D:2D51.0007: unknown main item tag 0x0
[  176.891809][ T5887] koneplus 0003:1E7D:2D51.0007: item fetching failed at offset 3/5
[  176.895998][ T5887] koneplus 0003:1E7D:2D51.0007: parse failed
[  176.901152][ T5916] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  176.905510][ T5887] koneplus 0003:1E7D:2D51.0007: probe with driver koneplus failed with error -22
[  177.090544][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  177.093422][ T5887] usb 2-1: USB disconnect, device number 24
[  177.097837][ T5916] usb 4-1: config 2 has an invalid interface number: 121 but max is 0
[  177.102359][ T5916] usb 4-1: config 2 has no interface number 0
[  177.104944][ T5916] usb 4-1: config 2 interface 121 altsetting 35 bulk endpoint 0xD has invalid maxpacket 32
[  177.108920][ T5916] usb 4-1: config 2 interface 121 altsetting 35 bulk endpoint 0x5 has invalid maxpacket 1024
[  177.112949][ T5916] usb 4-1: config 2 interface 121 altsetting 35 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  177.117125][ T5916] usb 4-1: config 2 interface 121 has no altsetting 0
[  177.121881][ T5916] usb 4-1: New USB device found, idVendor=1bc7, idProduct=3000, bcdDevice=1a.9c
[  177.124841][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.127572][ T5916] usb 4-1: Product: syz
[  177.128947][ T5916] usb 4-1: Manufacturer: syz
[  177.131236][ T5916] usb 4-1: SerialNumber: syz
[  177.136601][ T8803] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  177.139181][ T8803] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  177.357167][ T5916] option 4-1:2.121: GSM modem (1-port) converter detected
[  177.363992][ T5916] usb 4-1: USB disconnect, device number 15
[  177.369962][ T5916] option 4-1:2.121: device disconnected
[  177.509615][ T8809] siw: device registration error -23
[  177.776126][ T8819] loop1: detected capacity change from 0 to 8
[  177.794027][ T8819] SQUASHFS error: zlib decompression failed, data probably corrupt
[  177.797349][ T8819] SQUASHFS error: Failed to read block 0x9b: -5
[  177.799775][ T8819] SQUASHFS error: Unable to read metadata cache entry [99]
[  177.802368][ T8819] SQUASHFS error: Unable to read inode 0x104
[  178.050621][ T8793] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  178.150768][ T5916] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  178.202567][ T8793] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  178.205402][ T8793] usb 2-1: config 0 has no interface number 0
[  178.207691][ T8793] usb 2-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  178.211363][ T8793] usb 2-1: config 0 interface 2 altsetting 2 has an endpoint descriptor with address 0x6D, changing to 0xD
[  178.215296][ T8793] usb 2-1: config 0 interface 2 altsetting 2 endpoint 0xD has invalid maxpacket 14309, setting to 64
[  178.218876][ T8793] usb 2-1: config 0 interface 2 has no altsetting 0
[  178.223632][ T8793] usb 2-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  178.226678][ T8793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.229466][ T8793] usb 2-1: Product: syz
[  178.231100][ T8793] usb 2-1: Manufacturer: syz
[  178.232619][ T8793] usb 2-1: SerialNumber: syz
[  178.235868][ T8793] usb 2-1: config 0 descriptor??
[  178.238021][ T8819] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  178.241796][ T8819] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  178.302952][ T5916] usb 4-1: not running at top speed; connect to a high speed hub
[  178.309081][ T5916] usb 4-1: config 95 has an invalid interface number: 1 but max is 0
[  178.311999][ T5916] usb 4-1: config 95 has no interface number 0
[  178.314847][ T5916] usb 4-1: config 95 interface 1 has no altsetting 0
[  178.319865][ T5916] usb 4-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[  178.323112][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.326689][ T5916] usb 4-1: Product: syz
[  178.328361][ T5916] usb 4-1: Manufacturer: syz
[  178.330210][ T5916] usb 4-1: SerialNumber: syz
[  178.385900][ T8823] netlink: 'syz.0.1091': attribute type 3 has an invalid length.
[  178.447075][ T8793] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  178.463690][ T8793] usb 2-1: invalid MIDI in EP 0
[  178.507989][ T8793] snd-usb-audio 2-1:0.2: probe with driver snd-usb-audio failed with error -22
[  178.516221][ T8793] usb 2-1: USB disconnect, device number 25
[  178.534733][ T6237] udevd[6237]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  178.601344][ T5916] usb 4-1: USB disconnect, device number 16
[  178.634303][ T7544] udevd[7544]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  179.195041][ T8842] netlink: 'syz.3.1100': attribute type 1 has an invalid length.
[  179.198240][ T8842] netlink: 'syz.3.1100': attribute type 11 has an invalid length.
[  179.201330][ T8842] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1100'.
[  179.310678][ T5851] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  179.462625][ T5851] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  179.466728][ T5851] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  179.470560][ T8793] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  179.471123][ T5851] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  179.478652][ T5851] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  179.485326][ T5851] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  179.488771][ T5851] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  179.491420][ T5851] usb 2-1: Manufacturer: syz
[  179.494343][ T5851] usb 2-1: config 0 descriptor??
[  179.627169][ T8793] usb 4-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08
[  179.632705][ T8793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.636152][ T8793] usb 4-1: Product: syz
[  179.637864][ T8793] usb 4-1: Manufacturer: syz
[  179.639725][ T8793] usb 4-1: SerialNumber: syz
[  179.644999][ T8793] usb 4-1: config 0 descriptor??
[  179.659108][ T8793] gm12u320 4-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -22
[  179.662816][ T8793] gm12u320 4-1:0.0: probe with driver gm12u320 failed with error -5
[  179.669275][ T8793] usb-storage 4-1:0.0: USB Mass Storage device detected
[  179.677012][ T8793] usb-storage 4-1:0.0: device ignored
[  179.780623][ T5851] rc_core: IR keymap rc-hauppauge not found
[  179.784082][ T5851] Registered IR keymap rc-empty
[  179.786320][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.800567][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.825335][ T5851] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  179.834037][ T5851] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input17
[  179.845658][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.860982][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.864047][ T8793] usb 4-1: USB disconnect, device number 17
[  179.882739][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.901512][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.920620][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.944455][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.960494][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.980559][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  180.000564][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  180.020536][ T5851] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  180.043439][ T5851] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  180.047756][ T5851] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  180.085944][ T8853] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  180.165062][ T8793] usb 2-1: USB disconnect, device number 26
[  180.198042][ T8857] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  180.279810][ T8861] tmpfs: Bad value for 'mpol'
[  180.647032][ T8867] loop3: detected capacity change from 0 to 32768
[  180.688798][ T8867] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  180.752115][ T8867] XFS (loop3): Ending clean mount
[  180.811513][ T7153] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  181.111757][ T8897] loop3: detected capacity change from 0 to 1024
[  181.121009][ T8897] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  181.292260][ T5900] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  181.465623][ T5900] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  181.480838][ T5900] usb 2-1: config 0 interface 0 has no altsetting 0
[  181.484480][ T5900] usb 2-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00
[  181.489258][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.542987][ T5900] usb 2-1: config 0 descriptor??
[  181.549413][ T8895] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  181.990825][ T5900] thrustmaster 0003:044F:B323.0008: hidraw0: USB HID v0.00 Device [HID 044f:b323] on usb-dummy_hcd.1-1/input0
[  181.994555][ T5900] thrustmaster 0003:044F:B323.0008: no inputs found
[  182.185027][ T8793] usb 2-1: USB disconnect, device number 27
[  182.610289][ T8924] loop3: detected capacity change from 0 to 1024
[  182.631148][ T8924] EXT4-fs: Ignoring removed orlov option
[  182.633029][ T8924] EXT4-fs: Ignoring removed nomblk_io_submit option
[  182.657711][ T8924] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.656605][ T8946] loop1: detected capacity change from 0 to 2048
[  183.680062][ T8946] NILFS (loop1): invalid segment: Magic number mismatch
[  183.690594][ T8946] NILFS (loop1): trying rollback from an earlier position
[  183.706556][ T8946] NILFS (loop1): recovery complete
[  183.717031][ T8947] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  184.855911][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.549744][ T8957] loop3: detected capacity change from 0 to 32768
[  185.562516][ T8957] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  185.579966][ T8957] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  185.625322][ T7153] ocfs2: Unmounting device (7,3) on (node local)
[  185.953363][ T8979] loop3: detected capacity change from 0 to 32768
[  185.963145][ T8979] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1152 (8979)
[  185.980910][ T8979] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  185.985149][ T8979] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  186.007084][ T5916] kernel read not supported for file /dsp (pid: 5916 comm: kworker/0:5)
[  186.055587][ T8979] BTRFS info (device loop3): enabling ssd optimizations
[  186.059963][ T8979] BTRFS info (device loop3): enabling free space tree
[  186.074892][ T8979] BTRFS info (device loop3): resizing devid 73709551615
[  186.079960][ T8979] BTRFS info (device loop3): resizer unable to find device 73709551615
[  186.103477][ T7153] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  186.128070][ T9007] loop1: detected capacity change from 0 to 64
[  186.763493][ T9013] loop1: detected capacity change from 0 to 40427
[  186.784513][ T9013] F2FS-fs (loop1): build fault injection rate: 14
[  186.788171][ T9013] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  186.809811][ T9013] F2FS-fs (loop1): invalid crc value
[  186.825139][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  186.856630][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  187.053100][ T9013] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  187.067331][ T9013] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  187.081708][ T9011] loop3: detected capacity change from 0 to 131072
[  187.088149][ T9011] F2FS-fs (loop3): QUOTA feature is enabled, so ignore qf_name
[  187.091503][ T9011] F2FS-fs (loop3): QUOTA feature is enabled, so ignore qf_name
[  187.091773][ T9013] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  187.102885][ T9011] F2FS-fs (loop3): invalid crc value
[  187.158360][ T9011] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  187.167099][ T9011] F2FS-fs (loop3): Mounted with checkpoint version = 1b41e955
[  187.262655][    C1] F2FS-fs (loop1): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  187.266006][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  187.266026][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.266035][    C1] Call Trace:
[  187.266041][    C1]  <TASK>
[  187.266048][    C1]  dump_stack_lvl+0x189/0x250
[  187.266071][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.266085][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  187.266097][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.266115][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.266135][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  187.266158][    C1]  f2fs_write_end_io+0x886/0xb60
[  187.266179][    C1]  blk_update_request+0x57e/0xe60
[  187.266201][    C1]  blk_mq_end_request+0x3e/0x70
[  187.266214][    C1]  blk_done_softirq+0x10a/0x160
[  187.266231][    C1]  handle_softirqs+0x286/0x870
[  187.266247][    C1]  ? run_ksoftirqd+0x9b/0x100
[  187.266266][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  187.266282][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.266298][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.266311][    C1]  run_ksoftirqd+0x9b/0x100
[  187.266327][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  187.266349][    C1]  smpboot_thread_fn+0x542/0xa60
[  187.266364][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.266385][    C1]  kthread+0x711/0x8a0
[  187.266406][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  187.266419][    C1]  ? __pfx_kthread+0x10/0x10
[  187.266438][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.266456][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.266476][    C1]  ? __pfx_kthread+0x10/0x10
[  187.266493][    C1]  ret_from_fork+0x3fc/0x770
[  187.266511][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  187.266530][    C1]  ? __switch_to_asm+0x39/0x70
[  187.266547][    C1]  ? __switch_to_asm+0x33/0x70
[  187.266564][    C1]  ? __pfx_kthread+0x10/0x10
[  187.266582][    C1]  ret_from_fork_asm+0x1a/0x30
[  187.266609][    C1]  </TASK>
[  187.266645][    C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  187.340275][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  187.340297][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.340304][    C1] Call Trace:
[  187.340309][    C1]  <TASK>
[  187.340315][    C1]  dump_stack_lvl+0x189/0x250
[  187.340333][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.340342][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  187.340351][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.340382][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.340397][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  187.340414][    C1]  f2fs_write_end_io+0x886/0xb60
[  187.340429][    C1]  blk_update_request+0x57e/0xe60
[  187.340445][    C1]  blk_mq_end_request+0x3e/0x70
[  187.340455][    C1]  blk_done_softirq+0x10a/0x160
[  187.340466][    C1]  handle_softirqs+0x286/0x870
[  187.340477][    C1]  ? run_ksoftirqd+0x9b/0x100
[  187.340488][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  187.340497][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.340507][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.340513][    C1]  run_ksoftirqd+0x9b/0x100
[  187.340522][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  187.340533][    C1]  smpboot_thread_fn+0x542/0xa60
[  187.340542][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.340552][    C1]  kthread+0x711/0x8a0
[  187.340564][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  187.340571][    C1]  ? __pfx_kthread+0x10/0x10
[  187.340581][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.340591][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.340603][    C1]  ? __pfx_kthread+0x10/0x10
[  187.340637][    C1]  ret_from_fork+0x3fc/0x770
[  187.340648][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  187.340658][    C1]  ? __switch_to_asm+0x39/0x70
[  187.340667][    C1]  ? __switch_to_asm+0x33/0x70
[  187.340676][    C1]  ? __pfx_kthread+0x10/0x10
[  187.340686][    C1]  ret_from_fork_asm+0x1a/0x30
[  187.340702][    C1]  </TASK>
[  187.407758][    C1] vkms_vblank_simulate: vblank timer overrun
[  187.409949][    C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  187.412426][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  187.412438][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.412444][    C1] Call Trace:
[  187.412450][    C1]  <TASK>
[  187.412456][    C1]  dump_stack_lvl+0x189/0x250
[  187.412473][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.412483][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  187.412493][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.412506][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.412521][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  187.412538][    C1]  f2fs_write_end_io+0x886/0xb60
[  187.412553][    C1]  blk_update_request+0x57e/0xe60
[  187.412569][    C1]  blk_mq_end_request+0x3e/0x70
[  187.412579][    C1]  blk_done_softirq+0x10a/0x160
[  187.412590][    C1]  handle_softirqs+0x286/0x870
[  187.412626][    C1]  ? run_ksoftirqd+0x9b/0x100
[  187.412643][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  187.412656][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.412666][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.412672][    C1]  run_ksoftirqd+0x9b/0x100
[  187.412682][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  187.412693][    C1]  smpboot_thread_fn+0x542/0xa60
[  187.412701][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.412729][    C1]  kthread+0x711/0x8a0
[  187.412741][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  187.412749][    C1]  ? __pfx_kthread+0x10/0x10
[  187.412759][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.412768][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.412780][    C1]  ? __pfx_kthread+0x10/0x10
[  187.412789][    C1]  ret_from_fork+0x3fc/0x770
[  187.412800][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  187.412811][    C1]  ? __switch_to_asm+0x39/0x70
[  187.412820][    C1]  ? __switch_to_asm+0x33/0x70
[  187.412829][    C1]  ? __pfx_kthread+0x10/0x10
[  187.412838][    C1]  ret_from_fork_asm+0x1a/0x30
[  187.412854][    C1]  </TASK>
[  187.412859][    C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  187.489476][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  187.489501][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.489510][    C1] Call Trace:
[  187.489518][    C1]  <TASK>
[  187.489525][    C1]  dump_stack_lvl+0x189/0x250
[  187.489553][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.489572][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  187.489588][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.489636][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.489664][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  187.489692][    C1]  f2fs_write_end_io+0x886/0xb60
[  187.489718][    C1]  blk_update_request+0x57e/0xe60
[  187.489749][    C1]  blk_mq_end_request+0x3e/0x70
[  187.489768][    C1]  blk_done_softirq+0x10a/0x160
[  187.489785][    C1]  handle_softirqs+0x286/0x870
[  187.489804][    C1]  ? run_ksoftirqd+0x9b/0x100
[  187.489824][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  187.489841][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.489857][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.489870][    C1]  run_ksoftirqd+0x9b/0x100
[  187.489886][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  187.489908][    C1]  smpboot_thread_fn+0x542/0xa60
[  187.489929][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.489950][    C1]  kthread+0x711/0x8a0
[  187.489970][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  187.489984][    C1]  ? __pfx_kthread+0x10/0x10
[  187.490002][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.490020][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.490040][    C1]  ? __pfx_kthread+0x10/0x10
[  187.490057][    C1]  ret_from_fork+0x3fc/0x770
[  187.490076][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  187.490095][    C1]  ? __switch_to_asm+0x39/0x70
[  187.490112][    C1]  ? __switch_to_asm+0x33/0x70
[  187.490129][    C1]  ? __pfx_kthread+0x10/0x10
[  187.490146][    C1]  ret_from_fork_asm+0x1a/0x30
[  187.490175][    C1]  </TASK>
[  187.490181][    C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  187.567280][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  187.567302][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.567313][    C1] Call Trace:
[  187.567322][    C1]  <TASK>
[  187.567331][    C1]  dump_stack_lvl+0x189/0x250
[  187.567357][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.567376][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  187.567391][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.567412][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.567440][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  187.567468][    C1]  f2fs_write_end_io+0x886/0xb60
[  187.567492][    C1]  blk_update_request+0x57e/0xe60
[  187.567519][    C1]  blk_mq_end_request+0x3e/0x70
[  187.567537][    C1]  blk_done_softirq+0x10a/0x160
[  187.567556][    C1]  handle_softirqs+0x286/0x870
[  187.567574][    C1]  ? run_ksoftirqd+0x9b/0x100
[  187.567620][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  187.567636][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.567652][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.567665][    C1]  run_ksoftirqd+0x9b/0x100
[  187.567681][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  187.567702][    C1]  smpboot_thread_fn+0x542/0xa60
[  187.567718][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  187.567738][    C1]  kthread+0x711/0x8a0
[  187.567759][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  187.567772][    C1]  ? __pfx_kthread+0x10/0x10
[  187.567790][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.567809][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.567829][    C1]  ? __pfx_kthread+0x10/0x10
[  187.567846][    C1]  ret_from_fork+0x3fc/0x770
[  187.567865][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  187.567884][    C1]  ? __switch_to_asm+0x39/0x70
[  187.567901][    C1]  ? __switch_to_asm+0x33/0x70
[  187.567923][    C1]  ? __pfx_kthread+0x10/0x10
[  187.567942][    C1]  ret_from_fork_asm+0x1a/0x30
[  187.567971][    C1]  </TASK>
[  187.567978][    C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  187.643332][ T5848] F2FS-fs (loop1): do_checkpoint failed err:-5, stop checkpoint
[  188.235652][ T9042] loop1: detected capacity change from 0 to 4096
[  188.247023][ T9042] ntfs3(loop1): ino=3, Correct links count -> 2.
[  189.216147][ T9055] loop3: detected capacity change from 0 to 512
[  189.331798][ T9055] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  189.349367][ T9055] EXT4-fs (loop3): mount failed
[  189.650890][ T5851] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  189.800574][ T5851] usb 4-1: Using ep0 maxpacket: 32
[  189.804206][ T5851] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.807530][ T5851] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.842802][ T5851] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  189.852789][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1185'.
[  189.856443][ T5851] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  189.865504][ T5851] usb 4-1: Product: syz
[  189.867262][ T5851] usb 4-1: Manufacturer: syz
[  189.901978][ T5851] hub 4-1:4.0: USB hub found
[  190.029291][ T9086] loop1: detected capacity change from 0 to 256
[  190.042162][ T9086] exfat: Deprecated parameter 'utf8'
[  190.051650][ T9086] exfat: Deprecated parameter 'namecase'
[  190.054071][ T9086] exfat: Deprecated parameter 'namecase'
[  190.056388][ T9086] exfat: Deprecated parameter 'utf8'
[  190.091156][ T9086] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0x9270b71c, utbl_chksum : 0xe619d30d)
[  190.104359][ T5851] hub 4-1:4.0: 2 ports detected
[  190.307642][ T5851] hub 4-1:4.0: hub_hub_status failed (err = -71)
[  190.313424][ T5851] hub 4-1:4.0: config failed, can't get hub status (err -71)
[  190.341276][ T5851] usb 4-1: USB disconnect, device number 18
[  190.814115][ T9111] loop1: detected capacity change from 0 to 32768
[  190.818451][ T9111] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1201 (9111)
[  190.839529][ T9111] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  190.845616][ T9111] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  190.913571][ T9111] BTRFS info (device loop1): enabling ssd optimizations
[  190.916474][ T9111] BTRFS info (device loop1): enabling free space tree
[  191.014093][ T5848] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  191.680156][ T9159] loop3: detected capacity change from 0 to 32768
[  191.762532][ T9159] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  191.803841][ T9159] ocfs2: Unmounting device (7,3) on (node local)
[  192.230645][ T8793] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  192.400042][ T8793] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  192.407011][ T8793] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  192.411287][ T8793] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  192.414030][ T8793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.420020][ T9166] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  192.430032][ T8793] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  192.683984][ T5916] usb 4-1: USB disconnect, device number 19
[  192.780837][ T5851] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  192.947128][ T5851] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  192.951793][ T5851] usb 2-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  192.955354][ T5851] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.963042][ T5851] usb 2-1: config 0 descriptor??
[  193.376765][ T5851] hid_mf 0003:0079:1846.0009: unknown main item tag 0x4
[  193.379245][ T5851] hid_mf 0003:0079:1846.0009: item fetching failed at offset 6/7
[  193.383579][ T5851] hid_mf 0003:0079:1846.0009: HID parse failed.
[  193.386159][ T5851] hid_mf 0003:0079:1846.0009: probe with driver hid_mf failed with error -22
[  193.428092][ T9197] loop3: detected capacity change from 0 to 32768
[  193.480231][ T9197] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  193.480251][ T9197]   allowing incompatible features above 0.0: (unknown version)
[  193.480257][ T9197]   features: lz4
[  193.491690][ T9197] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  193.494861][ T9197] bcachefs (loop3): initializing new filesystem
[  193.505508][ T9197] bcachefs (loop3): going read-write
[  193.514223][ T9197] bcachefs (loop3): marking superblocks
[  193.543454][ T9197] bcachefs (loop3): initializing freespace
[  193.554693][ T9197] bcachefs (loop3): done initializing freespace
[  193.564166][ T9197] bcachefs (loop3): reading snapshots table
[  193.566672][ T9197] bcachefs (loop3): reading snapshots done
[  193.581150][ T8793] usb 2-1: USB disconnect, device number 28
[  193.588270][ T9197] bcachefs (loop3): done starting filesystem
[  193.626694][ T9197] bcachefs (loop3): going read-only
[  193.629055][ T9197] bcachefs (loop3): finished waiting for writes to stop
[  193.633764][ T9197] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  193.664725][ T9197] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 2
[  193.669403][ T9197] bcachefs (loop3): clean shutdown complete, journal seq 3
[  193.675824][ T9197] bcachefs (loop3): marking filesystem clean
[  193.710801][ T7153] bcachefs (loop3): shutting down
[  193.712131][ T9197] syz.3.1235 (9197) used greatest stack depth: 15896 bytes left
[  193.731625][ T7153] bcachefs (loop3): shutdown complete
[  194.172971][ T9213] loop1: detected capacity change from 0 to 512
[  194.186194][ T9213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  194.229438][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.264851][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.267436][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  194.326084][ T9221] loop1: detected capacity change from 0 to 16
[  194.329715][ T9221] erofs (device loop1): mounted with root inode @ nid 36.
[  194.357735][ T9221] syz.1.1241: attempt to access beyond end of device
[  194.357735][ T9221] loop1: rw=524288, sector=128, nr_sectors = 8 limit=16
[  194.375310][ T9221] syz.1.1241: attempt to access beyond end of device
[  194.375310][ T9221] loop1: rw=524288, sector=0, nr_sectors = 1024 limit=16
[  194.409141][ T9221] erofs (device loop1): read error -95 @ 0 of nid 89
[  194.414030][   T33] audit: type=1800 audit(1757071820.983:41): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1241" name="file2" dev="loop1" ino=89 res=0 errno=0
[  194.492634][ T9223] loop1: detected capacity change from 0 to 65
[  194.515270][ T9223] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  194.769673][ T9227] loop1: detected capacity change from 0 to 4096
[  194.779154][ T9227] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  194.807692][ T9227] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.857138][ T9227] EXT4-fs (loop1): shut down requested (2)
[  194.925657][ T5848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.082639][ T9236] loop3: detected capacity change from 0 to 128
[  195.271175][    T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  195.410950][ T5851] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  195.430493][    T9] usb 2-1: Using ep0 maxpacket: 8
[  195.439693][    T9] usb 2-1: config 4 has an invalid interface number: 8 but max is 0
[  195.443135][    T9] usb 2-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  195.447863][    T9] usb 2-1: config 4 has an invalid interface descriptor of length 2, skipping
[  195.454130][    T9] usb 2-1: config 4 has no interface number 0
[  195.456639][    T9] usb 2-1: config 4 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  195.468206][    T9] usb 2-1: New USB device found, idVendor=1199, idProduct=9091, bcdDevice=31.d6
[  195.473032][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.477467][    T9] usb 2-1: Product: syz
[  195.479249][    T9] usb 2-1: Manufacturer: syz
[  195.482021][    T9] usb 2-1: SerialNumber: syz
[  195.563717][ T5851] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.567946][ T5851] usb 4-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00
[  195.572150][ T5851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.578514][ T5851] usb 4-1: config 0 descriptor??
[  195.710922][    T9] usb 2-1: USB disconnect, device number 29
[  196.011677][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.014598][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.017472][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.020792][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.023166][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.025659][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.028281][ T5851] hid-alps 0003:044E:121E.000A: unknown main item tag 0x0
[  196.032975][ T5851] hid-alps 0003:044E:121E.000A: hidraw0: USB HID v0.05 Device [HID 044e:121e] on usb-dummy_hcd.3-1/input0
[  196.212902][ T5851] usb 4-1: USB disconnect, device number 20
[  196.476916][ T9263] loop1: detected capacity change from 0 to 32768
[  196.522731][ T9263] ERROR: (device loop1): dbAllocNext: Corrupt dmap page
[  196.522731][ T9263] 
[  196.532017][ T9263] ERROR: (device loop1): remounting filesystem as read-only
[  196.535195][ T9263] ialloc: diAlloc returned -5!
[  196.550888][ T9263] ERROR: (device loop1): dbAllocAG: unable to allocate blocks
[  196.550888][ T9263] 
[  196.555761][ T9263] ERROR: (device loop1): dbDiscardAG: -EIO
[  196.555761][ T9263] 
[  196.789707][ T9277] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  196.883114][ T9283] program syz.1.1270 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  197.007269][ T9294] 9pnet_fd: Insufficient options for proto=fd
[  197.212392][ T9308] netlink: 'syz.0.1282': attribute type 3 has an invalid length.
[  197.270672][ T8793] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  197.420587][ T8793] usb 2-1: Using ep0 maxpacket: 32
[  197.427717][ T8793] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  197.432192][ T8793] usb 2-1: config 0 has no interface number 0
[  197.434751][ T8793] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  197.438803][ T8793] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  197.444443][ T8793] usb 2-1: config 0 interface 126 has no altsetting 0
[  197.449914][ T8793] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  197.453651][ T8793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.456704][ T8793] usb 2-1: Product: syz
[  197.458352][ T8793] usb 2-1: Manufacturer: syz
[  197.460183][ T8793] usb 2-1: SerialNumber: syz
[  197.466389][ T8793] usb 2-1: config 0 descriptor??
[  197.469124][ T9296] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  197.472458][ T9296] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  197.858743][ T9318] comedi comedi1: dt2801: I/O port conflict (0x5,2)
[  197.884709][ T8793] ir_usb 2-1:0.126: IR Dongle converter detected
[  198.002402][ T9324] overlayfs: failed to clone upperpath
[  198.087296][ T8793] usb 2-1: IR Dongle converter now attached to ttyUSB0
[  198.192145][ T5851] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  198.289480][ T5900] usb 2-1: USB disconnect, device number 30
[  198.309728][ T5900] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0
[  198.319955][ T5900] ir_usb 2-1:0.126: device disconnected
[  198.352377][ T5851] usb 4-1: config 11 has an invalid interface number: 62 but max is 0
[  198.358922][ T5851] usb 4-1: config 11 has no interface number 0
[  198.364335][ T5851] usb 4-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=bf.dc
[  198.367551][ T5851] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.370237][ T5851] usb 4-1: Product: syz
[  198.381009][ T5851] usb 4-1: Manufacturer: syz
[  198.383184][ T5851] usb 4-1: SerialNumber: syz
[  198.603024][ T5851] hub 4-1:11.62: bad descriptor, ignoring hub
[  198.605013][ T5851] hub 4-1:11.62: probe with driver hub failed with error -5
[  198.644358][ T5851] usb 4-1: USB disconnect, device number 21
[  199.103227][ T5900] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  199.254495][ T5900] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  199.258183][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.265364][ T5900] usb 2-1: config 0 descriptor??
[  199.271954][ T5900] gspca_main: cpia1-2.14.0 probing 0813:0001
[  199.673271][ T5900] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  200.075740][ T5900] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  200.265633][ T9358] loop3: detected capacity change from 0 to 32768
[  200.276548][ T9358] JBD2: Ignoring recovery information on journal
[  200.285995][ T5851] usb 2-1: USB disconnect, device number 31
[  200.328156][ T9358] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  200.366694][ T7153] ocfs2: Unmounting device (7,3) on (node local)
[  200.466107][ T9376] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303
[  200.851523][ T5916] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  201.030498][ T5916] usb 4-1: Using ep0 maxpacket: 16
[  201.038742][ T5916] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  201.046018][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.049279][ T5916] usb 4-1: Product: syz
[  201.056173][ T5916] usb 4-1: Manufacturer: syz
[  201.058123][ T5916] usb 4-1: SerialNumber: syz
[  201.071617][ T5916] r8152-cfgselector 4-1: Unknown version 0x0000
[  201.074325][ T5916] r8152-cfgselector 4-1: config 0 descriptor??
[  201.107103][ T9388] loop1: detected capacity change from 0 to 32768
[  201.122453][ T9388] bcachefs (/dev/loop1): error reading default superblock: Unsupported superblock version_min 32.24: (unknown version) (min 0.9: (unknown version), max 1.28: inode_has_case_insensitive)
[  201.152275][ T9388] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section members_v2: device 0: not enough buckets (got 0, max 64)
[  201.152275][ T9388] members_v2 (size 96):
[  201.152275][ T9388] member_bytes 0
[  201.159124][ T9388] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  201.221653][ T5852] Bluetooth: hci1: command 0x0405 tx timeout
[  201.291785][ T5916] r8152-cfgselector 4-1: Needed 2 retries to read version
[  201.294206][ T5916] r8152-cfgselector 4-1: Unknown version 0x0000
[  201.310877][ T5916] r8152-cfgselector 4-1: bad CDC descriptors
[  201.395266][ T9401] loop1: detected capacity change from 0 to 4096
[  201.401667][ T9401] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  201.430758][ T9401] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  201.515199][ T5916] r8152-cfgselector 4-1: USB disconnect, device number 22
[  202.608182][ T9423] loop3: detected capacity change from 0 to 512
[  202.616671][ T9423] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  202.772626][ T9423] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1333: invalid indirect mapped block 4294967295 (level 1)
[  202.806816][ T9423] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1333: invalid indirect mapped block 4294967295 (level 1)
[  202.813857][ T9423] EXT4-fs (loop3): 2 truncates cleaned up
[  202.817117][ T9423] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.819867][ T9418] loop1: detected capacity change from 0 to 32768
[  202.833545][ T9418] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  203.197821][ T9418] XFS (loop1): Ending clean mount
[  203.203998][ T9418] XFS (loop1): Quotacheck needed: Please wait.
[  203.214501][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.268877][ T9418] XFS (loop1): Quotacheck: Done.
[  203.325719][ T5848] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  203.723154][ T9454] loop3: detected capacity change from 0 to 512
[  203.742685][ T9454] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  203.771332][ T9454] EXT4-fs (loop3): 1 truncate cleaned up
[  203.775090][ T9454] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.794951][ T9454] syz.3.1342 (pid 9454) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  203.808827][ T9454] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  203.865471][ T7153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.219678][ T5916] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  204.360661][   T33] audit: type=1326 audit(1757071830.923:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9468 comm="syz.3.1350" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7bd18ebe9 code=0x0
[  204.400871][ T5916] usb 2-1: Using ep0 maxpacket: 32
[  204.424901][ T5916] usb 2-1: config 0 has an invalid interface number: 66 but max is 0
[  204.435032][ T5916] usb 2-1: config 0 has no interface number 0
[  204.493471][ T5916] usb 2-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=3d.a2
[  204.515762][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.536820][ T5916] usb 2-1: Product: syz
[  204.544480][ T5916] usb 2-1: Manufacturer: syz
[  204.555968][ T5916] usb 2-1: SerialNumber: syz
[  204.612642][ T5916] usb 2-1: config 0 descriptor??
[  204.627612][ T5916] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  204.630344][ T5916] command write [95] error -22
[  204.839264][ T5900] usb 2-1: USB disconnect, device number 32
[  205.240637][ T8793] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  205.390576][ T8793] usb 4-1: Using ep0 maxpacket: 8
[  205.414791][ T8793] usb 4-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=d3.6c
[  205.418660][ T8793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.421731][ T8793] usb 4-1: Product: syz
[  205.423299][ T8793] usb 4-1: Manufacturer: syz
[  205.425054][ T8793] usb 4-1: SerialNumber: syz
[  205.428822][ T8793] usb 4-1: config 0 descriptor??
[  205.443173][ T8793] usb 4-1: bad CDC descriptors
[  205.446194][ T8793] usb 4-1: unsupported MDLM descriptors
[  205.498433][ T9498] capability: warning: `syz.1.1362' uses 32-bit capabilities (legacy support in use)
[  205.641886][ T5916] usb 4-1: USB disconnect, device number 23
[  205.820677][ T8793] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  205.980830][ T8793] usb 2-1: Using ep0 maxpacket: 16
[  205.992262][ T8793] usb 2-1: config 0 has an invalid interface number: 68 but max is 0
[  205.995515][ T8793] usb 2-1: config 0 has no interface number 0
[  205.997887][ T8793] usb 2-1: config 0 interface 68 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.009578][ T8793] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  206.013680][ T8793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.016753][ T8793] usb 2-1: Product: syz
[  206.018319][ T8793] usb 2-1: Manufacturer: syz
[  206.021238][ T8793] usb 2-1: SerialNumber: syz
[  206.028143][ T8793] usb 2-1: config 0 descriptor??
[  206.066622][ T8793] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  206.241929][ T5916] usb 2-1: USB disconnect, device number 33
[  206.250599][ T5913] usb 2-1: Failed to submit usb control message: -71
[  206.254189][ T5913] usb 2-1: unable to send the bmi data to the device: -71
[  206.257075][ T5913] usb 2-1: unable to get target info from device
[  206.259619][ T5913] usb 2-1: could not get target info (-71)
[  206.267222][ T5913] usb 2-1: could not probe fw (-71)
[  206.324591][ T9515] loop3: detected capacity change from 0 to 1024
[  206.367787][ T6164] hfsplus: b-tree write err: -5, ino 4
[  206.642921][ T5851] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  206.792238][ T5851] usb 4-1: config 0 interface 0 has no altsetting 0
[  206.794602][ T5851] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  206.797941][ T5851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.812552][ T5851] usb 4-1: config 0 descriptor??
[  207.019618][ T5851]  (null): keene_cmd_main failed (-71)
[  207.020513][ T9530] loop1: detected capacity change from 0 to 32768
[  207.028278][ T5851] video4linux radio48: keene_cmd_main failed (-71)
[  207.032220][ T9530] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1376 (9530)
[  207.049634][ T5851] radio-keene 4-1:0.0: V4L2 device registered as radio48
[  207.064213][ T5851] usb 4-1: USB disconnect, device number 24
[  207.103243][ T9530] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  207.106968][ T9530] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  207.135182][ T9530] workqueue: max_active 59106 requested for btrfs-worker is out of range, clamping between 1 and 2048
[  207.153604][ T9530] workqueue: max_active 59106 requested for btrfs-delalloc is out of range, clamping between 1 and 2048
[  207.190650][ T9530] workqueue: max_active 59106 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  207.201064][ T9530] workqueue: max_active 59106 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  207.214812][ T9530] workqueue: max_active 59106 requested for btrfs-rmw is out of range, clamping between 1 and 2048
[  207.226573][ T9530] workqueue: max_active 59106 requested for btrfs-endio-write is out of range, clamping between 1 and 2048
[  207.241691][ T9530] workqueue: max_active 59106 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048
[  207.273608][ T9530] BTRFS info (device loop1): setting nodatasum
[  207.276234][ T9530] BTRFS info (device loop1): turning on async discard
[  207.279132][ T9530] BTRFS info (device loop1): enabling free space tree
[  207.286619][ T9530] BTRFS info (device loop1): max_inline set to 4096
[  207.294688][ T9530] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  208.209691][ T9575] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
[  208.213509][ T9575] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[  208.216535][ T9575] CPU: 0 UID: 0 PID: 9575 Comm: syz.1.1389 Not tainted syzkaller #0 PREEMPT(full) 
[  208.222051][ T9575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  208.226156][ T9575] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  208.228367][ T9575] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 13 36 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 d8 13 36 f9 4d 8b 24 24 48 83 c3
[  208.235780][ T9575] RSP: 0018:ffffc9000348fa60 EFLAGS: 00010206
[  208.238157][ T9575] RAX: 0000000000000005 RBX: ffff8881155b6900 RCX: 0000000000080000
[  208.241256][ T9575] RDX: ffffc900035d1000 RSI: 00000000000003b4 RDI: 00000000000003b5
[  208.244589][ T9575] RBP: 0000000000000001 R08: ffff888020e6a92f R09: 1ffff110041cd525
[  208.247326][ T9575] R10: dffffc0000000000 R11: ffffffff88ece2a0 R12: 0000000000000028
[  208.250025][ T9575] R13: dffffc0000000000 R14: ffff888020e6a800 R15: dffffc0000000000
[  208.252864][ T9575] FS:  00007fc6301ee6c0(0000) GS:ffff8880b8618000(0000) knlGS:0000000000000000
[  208.256317][ T9575] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.258842][ T9575] CR2: 0000001b32623ffc CR3: 0000000114a90000 CR4: 00000000000006f0
[  208.262253][ T9575] Call Trace:
[  208.263589][ T9575]  <TASK>
[  208.264772][ T9575]  pcl818_detach+0x66/0xd0
[  208.266628][ T9575]  comedi_device_detach_locked+0x178/0x750
[  208.268976][ T9575]  comedi_unlocked_ioctl+0xcde/0x1020
[  208.271612][ T9575]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  208.274170][ T9575]  ? __lock_acquire+0xab9/0xd20
[  208.275997][ T9575]  ? __fget_files+0x2a/0x420
[  208.277428][ T9575]  ? __fget_files+0x2a/0x420
[  208.278846][ T9575]  ? __fget_files+0x3a0/0x420
[  208.280535][ T9575]  ? __fget_files+0x2a/0x420
[  208.282266][ T9575]  ? bpf_lsm_file_ioctl+0x9/0x20
[  208.283922][ T9575]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  208.286287][ T9575]  __se_sys_ioctl+0xfc/0x170
[  208.287804][ T9575]  do_syscall_64+0xfa/0x3b0
[  208.289280][ T9575]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.290915][ T9575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.292994][ T9575]  ? exc_page_fault+0x9f/0xf0
[  208.294994][ T9575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.297722][ T9575] RIP: 0033:0x7fc631f8ebe9
[  208.299533][ T9575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.306302][ T9575] RSP: 002b:00007fc6301ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  208.309108][ T9575] RAX: ffffffffffffffda RBX: 00007fc6321c5fa0 RCX: 00007fc631f8ebe9
[  208.311496][ T9575] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
[  208.314395][ T9575] RBP: 00007fc632011e19 R08: 0000000000000000 R09: 0000000000000000
[  208.317422][ T9575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  208.320780][ T9575] R13: 00007fc6321c6038 R14: 00007fc6321c5fa0 R15: 00007ffcebbcbca8
[  208.323287][ T9575]  </TASK>
[  208.324634][ T9575] Modules linked in:
[  208.326883][ T9575] ---[ end trace 0000000000000000 ]---
[  208.336037][ T9575] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  208.337993][ T9575] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 13 36 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 d8 13 36 f9 4d 8b 24 24 48 83 c3
[  208.346930][ T9575] RSP: 0018:ffffc9000348fa60 EFLAGS: 00010206
[  208.349564][ T9575] RAX: 0000000000000005 RBX: ffff8881155b6900 RCX: 0000000000080000
[  208.353347][ T9575] RDX: ffffc900035d1000 RSI: 00000000000003b4 RDI: 00000000000003b5
[  208.356005][ T9575] RBP: 0000000000000001 R08: ffff888020e6a92f R09: 1ffff110041cd525
[  208.358663][ T9575] R10: dffffc0000000000 R11: ffffffff88ece2a0 R12: 0000000000000028
[  208.361661][ T9575] R13: dffffc0000000000 R14: ffff888020e6a800 R15: dffffc0000000000
[  208.364470][ T9575] FS:  00007fc6301ee6c0(0000) GS:ffff8880b8618000(0000) knlGS:0000000000000000
[  208.368104][ T9575] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.371151][ T9575] CR2: 00007ffdb3cd4ff8 CR3: 0000000114a90000 CR4: 00000000000006f0
[  208.374006][ T9575] Kernel panic - not syncing: Fatal exception
[  208.377295][ T9575] Kernel Offset: disabled
[  208.379102][ T9575] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:30:34  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000073 RBX=0000000000000073 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000015cb RDI=00000000000015cc RBP=00000000000003f8 RSP=ffffc9000348f1f0
R8 =ffff888106558237 R9 =1ffff11020cab046 R10=dffffc0000000000 R11=ffffffff854f3b00
R12=dffffc0000000000 R13=ffffffff99afd8f6 R14=ffffffff99df2420 R15=0000000000000000
RIP=ffffffff854f3b7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc6301ee6c0 ffffffff 00c00000
GS =0000 ffff8880b8618000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32623ffc CR3=0000000114a90000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fc632197498 00007fc632197470 XMM03=00007fc6321974a8 00007fc6321974a0
XMM04=00007fc632cfd100 00007fc632197460 XMM05=00007fc632197478 00007fc6321974c0
XMM06=00007fc6321974b8 00007fc6321974b0 XMM07=00007fc6321974a8 00007fc6321974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fc632012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b88da6 RBX=ffff88801fbe4000 RCX=ffff8881074f0000 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffc9000307f010 RSP=ffffc9000307ef40
R8 =0000000000000000 R9 =0000000000000000 R10=dffffc0000000000 R11=fffff940008f17a9
R12=0000000000000000 R13=dffffc0000000000 R14=ffff8881066f9a20 R15=1ffff11020cdf344
RIP=ffffffff81b88e07 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c18000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c2a4ec2 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fa7bd212e53
XMM06=0000000000000000 00007fa7bd212e4d XMM07=0000000000000000 00007fa7bd212e61
XMM08=0000000000000000 00007fa7bd212ee7 XMM09=0000000000000000 00007fa7bd212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
