last executing test programs:

12.530425473s ago: executing program 2 (id=475):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0ae0"], 0x40}], 0x1, 0x0, 0x0, 0x40065}, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29428f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae11a973735b36d5b1b63e91c00305d9be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c580263093ca9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6fa94fc488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c766000a5e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1386abdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060fb30e900caab415db6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3c901cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ffffff7f000000007f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca405d8c5f64fdb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb40800000077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e5e2c664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53dc10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fa6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c02b5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadbb25c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d060000008926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000340)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x3, 0x2, 0x7})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @hoplimit={{0x14}}, @hopopts={{0x68, 0x29, 0x36, {0x5e, 0x9, '\x00', [@generic={0xff, 0x38, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0"}, @pad1, @pad1, @calipso={0x7, 0x8, {0x3, 0x0, 0x0, 0xfff}}]}}}, @rthdr={{0x18}}], 0xc8}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

12.10286184s ago: executing program 2 (id=478):
syz_usb_connect$sierra_net(0x4, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0xd, 0x2, 0x10, 0x10, 0x0, 0x7}, {0x9, 0x5, 0x6, 0x2, 0x8, 0x7, 0x5, 0x1}, {0x9, 0x5, 0xd, 0x3, 0x200, 0x65, 0x4, 0x2}}}}}}]}}, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920001000109021b1901000000f30904150001da40df000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

11.931177667s ago: executing program 0 (id=479):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6(0xa, 0x3, 0x7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x10, 0x701, 0x0, 0xffffffff, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x14\x00'}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r3}]}, 0x24}}, 0x20008080)

11.322132839s ago: executing program 4 (id=481):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000940), 0x82400, 0x0)
mkdir(&(0x7f0000000140)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000900, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x80000000, 0x0, 0x0, 0x6, 0x0, 0x3ff, 0x4})
poll(&(0x7f0000002100)=[{0xffffffffffffffff, 0x40}, {r0, 0x40}], 0x2, 0x1)

11.159737889s ago: executing program 4 (id=483):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_open_dev$tty20(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x8000, 0x0)
acct(&(0x7f0000000180)='./file0/file0\x00')
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r3, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000040))
r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0x4112, 0x0)
socket$netlink(0x10, 0x3, 0x15)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)

10.033211041s ago: executing program 2 (id=486):
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008010bd40820514009dbb00000001090224"], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@multicast2, @dev={0xac, 0x14, 0x14, 0x3b}}, 0xc)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x8, 0xa002)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
close(0x3)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c1)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
dup(r4)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDDELIO(r5, 0x4b34, 0x3bf)
socket$inet6_tcp(0xa, 0x1, 0x0)

9.847195179s ago: executing program 0 (id=488):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000380)={r6, 0x0, 0x1ff, 0x0, 0x0, [<r7=>0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r7, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r8})
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000400), 0x3)
r9 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r9, &(0x7f0000002440)=""/116, 0x74)
r10 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x15}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x20}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x100b}}}, 0x108)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000841}, 0x20040000)

6.586388409s ago: executing program 3 (id=490):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
copy_file_range(0xffffffffffffffff, &(0x7f0000000100)=0x100, r2, &(0x7f0000000180)=0x5, 0x5, 0x0)
fcntl$setstatus(r0, 0x4, 0x800)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'virt_wifi0\x00', @local})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/fib_triestat\x00')
r5 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x1)
fsmount(r5, 0x0, 0x1)
ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8941, &(0x7f0000000080)=@add_del={0x3, &(0x7f0000000100)='ip6erspan0\x00', 0x2a0ffffffff})
read$FUSE(r4, &(0x7f00000008c0)={0x2020}, 0x2020)

6.509692268s ago: executing program 0 (id=491):
syz_open_dev$hiddev(&(0x7f0000000000), 0x7, 0xc2)
r0 = syz_open_dev$hiddev(&(0x7f0000000140), 0x6, 0x109880)
ioctl$HIDIOCSREPORT(r0, 0x400c4808, &(0x7f0000001180)={0x3, 0x2, 0xf})
ioctl$HIDIOCGNAME(0xffffffffffffffff, 0x80404806, &(0x7f00000011c0))
ioctl$HIDIOCGREPORT(r0, 0x400c4807, &(0x7f0000001200)={0x1, 0xffffffff, 0xffff})
syz_usb_connect(0x5, 0x2d, &(0x7f0000001580)={{0x12, 0x1, 0x200, 0x66, 0x65, 0xd3, 0x8, 0x2058, 0x1005, 0x266d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x3, 0xd, 0x80, 0x2, [{{0x9, 0x4, 0x74, 0x9, 0x1, 0x97, 0x49, 0x80, 0x7f, [], [{{0x9, 0x5, 0x9, 0x8, 0x10, 0xff, 0x9, 0x2}}]}}]}}]}}, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x0, 0x80100)
ioctl$EVIOCGMASK(r1, 0x80104592, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x4)
write$char_usb(r2, 0x0, 0x0)
read$char_usb(r2, 0x0, 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)

6.456850729s ago: executing program 2 (id=492):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa10102030109021200"], 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x4000)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000140)=ANY=[], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f00000002c0)={0x60, 0x5}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000540)={0x40, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000500)={0x40, 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x40, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f00000000c0)={0x0, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000980)={0x2c, &(0x7f0000000840)={0x0, 0x13}, 0x0, 0x0, 0x0, 0x0})

5.863464899s ago: executing program 3 (id=494):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000800)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xfffffffffffffebe, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x1}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000001ffedbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a00180003030303030300004400238006001800aeff000008"], 0x74}}, 0x0)

5.473225222s ago: executing program 3 (id=495):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f00000000c0)={0x40, 0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f00000001c0)={0x40, 0xb, 0x4, "289af39e"}, 0x0, 0x0})

5.186123318s ago: executing program 4 (id=496):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ptrace$setregset(0x4205, 0x0, 0x2, &(0x7f0000000040)={&(0x7f0000000340)="e5a82dced95927ba0688e2fcca2134962612c5a932aaf64858297f795280f0e55e166aa168b31d5b3ff0f7ad8035b1b7ea7957c5df0be20ae7168e2807d446aa0ec3d324c5531f602845855d659a54a1691465838152254431ccfb26174ecdd3f52167974d5a5b841afbe7", 0x6b})
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x86a)

4.744874974s ago: executing program 4 (id=498):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2$9p(0x0, 0x80)

4.672476608s ago: executing program 0 (id=499):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x18, 0x4, "f39d9ba6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.472363205s ago: executing program 1 (id=500):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x2008098, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x1d3, &(0x7f00000004c0)="$eJzs3L1qFFEUB/CbGE2MJKQStPGijTaDprZQJIK4oKgrfoAwIRNddt0NO1PsisXWVj6HiDZ2gvgCeQu7IIRUqRzRzYeJIY26G8zv18yZ+TNwDgOX4Q7MyuXXz+uLebKYFmF0YiSMXgm9sD4SZsJo2NQLF94/WHt19+Gjm1crlbnxjcsxxukznx6/fHv2c3Hi/ofpj+NheebJyursl+WTy6dWvt17VstjLY/NVhHTON9qFel8I4sLtbyexHi7kaV5FmvNPGvvyBcbraWlbkybC1OTS+0sz2Pa7MZ61o1FKxbtbkyfprVmTJIkTk0G/kT1zXpZhtWyLMvxXijLctgNMWCe/+G2uajfiXEihK+9TrVT7R/7+fUblbmL8aeZ7bvWOp3qka38Uj+PO/OjYXIjn90zPxbOn+vnP7Jrtyq78uNh4d+PDwAAAAAA/6Ukbvl9f39k43TPvF/98n1g1/79WDg9NqAhAAAAgH3l3Rf1tNHI2getGAsHog2FYiDFu3Ag2tguhr0yAQAAf9v2S/+wOwEAAAAAAAAAAAAAAAAAAIDDaxC/Exv2jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+/keAAD///dtbTI=")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xc, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd5cd7000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
r5 = inotify_init1(0x80800)
inotify_add_watch(r5, &(0x7f00000000c0)='./file0\x00', 0x6400000c)

3.505875426s ago: executing program 4 (id=501):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0x2000000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
sendto$inet6(r2, &(0x7f0000000080)='%[', 0x2, 0x800, 0x0, 0x0)
io_submit(0x0, 0xfffffffffffffcf9, 0x0)

3.268983141s ago: executing program 2 (id=502):
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008010bd40820514009dbb00000001090224"], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@multicast2, @dev={0xac, 0x14, 0x14, 0x3b}}, 0xc)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x8, 0xa002)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
close(0x3)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c1)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
dup(r4)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDDELIO(r5, 0x4b34, 0x3bf)
socket$inet6_tcp(0xa, 0x1, 0x0)

1.350868402s ago: executing program 1 (id=503):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0xd, 0x3a, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7, 0x80, 0xfffffffc, 0xdc67}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
syz_emit_vhci(0x0, 0x1004)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1.264355029s ago: executing program 0 (id=504):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYRES64=0x0, @ANYRES32], 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r2=>0x0})
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000003c0), 0x20840, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r3, 0x80064d12, &(0x7f0000000000))
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r5, &(0x7f0000000180)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r6, &(0x7f0000000180)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

1.236756408s ago: executing program 3 (id=505):
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, 0x0, 0x0}, 0x94)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x280008a, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030322c726f6469722c73686f72866e616d653d6d697865642c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=0,shortname=mixed,uni_xlate=0,shortname=winnt,\x00'], 0x96, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
io_setup(0x281, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, r4, 0x701, 0x0, 0x0, {0x26}}, 0x14}}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)

1.194627237s ago: executing program 1 (id=506):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3)
ioctl$TIOCGPTPEER(r2, 0x922, 0x200000000005)

1.052456685s ago: executing program 3 (id=507):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)

1.037518564s ago: executing program 4 (id=508):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x200008, &(0x7f00000059c0)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303235362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0002d1c71f8348abae1fff96ec907a723dca530cf5aea9622c1169c27c91b4d703f02da55a70e4108d30dd0a1b6e467d05c6c0237e3772dfb37da0e9705c62c7f6dc21ef782f52303a65f3196af86a3d58c8bfb0ef60c974b0e0b44af5ce33f407facb3838bd4bf9b7a99d612518ac3ddddf95b10ead9f78580da79051b5011a94bc44336ebf9378b479860af435366b6d4cdb9c5ffd949b52f82ac9c92de853"], 0x5, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r3, 0xf501, 0x0)
write$binfmt_elf64(r3, &(0x7f0000005b40)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x8, 0x5, 0x3, 0x72, 0x2, 0x3, 0x1, 0x3a7, 0x40, 0x2ce, 0x2, 0x4, 0x38, 0x1, 0x200, 0x5, 0x1}, [{0x60000000, 0x0, 0xffffffff, 0xffff, 0xb52a, 0x9, 0x579f, 0x1}]}, 0x78)
write$P9_RREMOVE(r3, &(0x7f0000005880)={0x7, 0x7b, 0x2}, 0x7)

961.800696ms ago: executing program 0 (id=509):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000000)={0x80000, 0x0, {[0x1, 0x3, 0x1, 0x8, 0x6, 0xfffffffffffffff7, 0x7, 0xffffffffffffff9b]}})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB])

950.161528ms ago: executing program 1 (id=510):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x2)
ioctl$UI_DEV_CREATE(r1, 0x5501)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x100008b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
fchmod(0xffffffffffffffff, 0x101)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x6, 0x0, 0x7fff0000}]})
close_range(r3, r3, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = fanotify_init(0x200, 0x0)
socket(0xa, 0x3, 0x87)
fanotify_mark(r5, 0x1, 0x4800003e, r4, 0x0)
r6 = io_uring_setup(0x7d76, 0x0)
r7 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r6}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x140)

870.129603ms ago: executing program 3 (id=511):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2$9p(0x0, 0x80)

542.65068ms ago: executing program 1 (id=512):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
openat$rdma_cm(0xffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x2b, 0xa, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x840, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000004c0)={0x6, 0x0, [{0x7, 0x7, 0x5, 0x6, 0x5, 0x9, 0x9}, {0x80000001, 0xb, 0x1, 0xbed0, 0xfe, 0xfff, 0x6}, {0x80000008, 0x33e1, 0x0, 0x110f0d5f, 0x81, 0x4, 0x80000001}, {0x80000000, 0x7f, 0x0, 0xb, 0x7, 0x7e, 0x9}, {0x80000019, 0x4, 0x3, 0x81, 0x8001, 0x4, 0xfffffff7}, {0x40000000, 0x8, 0x2, 0x9, 0x6, 0xa, 0x9}]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

348.072173ms ago: executing program 1 (id=513):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x2008098, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x1d3, &(0x7f00000004c0)="$eJzs3L1qFFEUB/CbGE2MJKQStPGijTaDprZQJIK4oKgrfoAwIRNddt0NO1PsisXWVj6HiDZ2gvgCeQu7IIRUqRzRzYeJIY26G8zv18yZ+TNwDgOX4Q7MyuXXz+uLebKYFmF0YiSMXgm9sD4SZsJo2NQLF94/WHt19+Gjm1crlbnxjcsxxukznx6/fHv2c3Hi/ofpj+NheebJyursl+WTy6dWvt17VstjLY/NVhHTON9qFel8I4sLtbyexHi7kaV5FmvNPGvvyBcbraWlbkybC1OTS+0sz2Pa7MZ61o1FKxbtbkyfprVmTJIkTk0G/kT1zXpZhtWyLMvxXijLctgNMWCe/+G2uajfiXEihK+9TrVT7R/7+fUblbmL8aeZ7bvWOp3qka38Uj+PO/OjYXIjn90zPxbOn+vnP7Jrtyq78uNh4d+PDwAAAAAA/6Ukbvl9f39k43TPvF/98n1g1/79WDg9NqAhAAAAgH3l3Rf1tNHI2getGAsHog2FYiDFu3Ag2tguhr0yAQAAf9v2S/+wOwEAAAAAAAAAAAAAAAAAAIDDaxC/Exv2jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+/keAAD///dtbTI=")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xc, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd5cd7000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
sendmmsg$inet(r4, &(0x7f0000001380)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000003c0)="0f", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000005c40)=[{&(0x7f00000000c0)='_', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000100)="19", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="b9", 0x1}], 0x1}}], 0x4, 0x608d8d0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
r5 = inotify_init1(0x80800)
inotify_add_watch(r5, &(0x7f00000000c0)='./file0\x00', 0x6400000c)

0s ago: executing program 2 (id=514):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x18, 0x4, "f39d9ba6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

g list
[  165.755043][    T9] usb 3-1: Using ep0 maxpacket: 32
[  165.766113][    T9] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  165.775947][    T9] usb 3-1: config 0 has no interface number 0
[  165.782112][    T9] usb 3-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  165.792097][    T9] usb 3-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  166.146225][ T6663] loop3: detected capacity change from 0 to 40427
[  166.196400][ T6663] F2FS-fs (loop3): build fault injection rate: 174
[  166.220342][ T6663] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  166.262816][ T6663] F2FS-fs (loop3): invalid crc value
[  166.308156][ T5849] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  166.538633][ T6663] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  166.567015][ T6663] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  166.617490][    T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  166.626931][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.644953][    T9] usb 3-1: Product: syz
[  166.649182][    T9] usb 3-1: Manufacturer: syz
[  166.653810][    T9] usb 3-1: SerialNumber: syz
[  166.782224][    T9] usb 3-1: config 0 descriptor??
[  166.824087][    T9] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  166.969179][ T6686] syz.3.207: attempt to access beyond end of device
[  166.969179][ T6686] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  166.988047][ T6686] syz.3.207: attempt to access beyond end of device
[  166.988047][ T6686] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  167.842641][ T5840] syz-executor: attempt to access beyond end of device
[  167.842641][ T5840] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  167.864608][    T9] usb 3-1: qt2_setup_urbs - submit read urb failed -90
[  167.874787][    T9] quatech2 3-1:0.51: probe with driver quatech2 failed with error -90
[  167.884488][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  167.884518][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  167.884531][ T5840] Call Trace:
[  167.884540][ T5840]  <TASK>
[  167.884549][ T5840]  dump_stack_lvl+0xe8/0x150
[  167.884587][ T5840]  f2fs_handle_critical_error+0x37c/0x540
[  167.884630][ T5840]  f2fs_write_end_io+0xcdb/0xff0
[  167.884653][ T5840]  ? __submit_merged_bio+0x256/0x650
[  167.884706][ T5840]  __submit_merged_bio+0x256/0x650
[  167.884747][ T5840]  __submit_merged_write_cond+0x3c3/0x4e0
[  167.884791][ T5840]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  167.884860][ T5840]  f2fs_write_data_pages+0x2970/0x35e0
[  167.884928][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.884967][ T5840]  ? rcu_is_watching+0x15/0xb0
[  167.885041][ T5840]  ? __pfx___schedule+0x10/0x10
[  167.885082][ T5840]  ? irqentry_exit+0x59e/0x620
[  167.885107][ T5840]  ? lockdep_hardirqs_on+0x7a/0x110
[  167.885134][ T5840]  ? rcu_is_watching+0x15/0xb0
[  167.885178][ T5840]  ? do_writepages+0x1ad/0x550
[  167.885208][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.885231][ T5840]  do_writepages+0x32e/0x550
[  167.885268][ T5840]  ? do_raw_spin_unlock+0xf5/0x210
[  167.885307][ T5840]  filemap_fdatawrite+0x1e9/0x2f0
[  167.885338][ T5840]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  167.885421][ T5840]  ? preempt_schedule_common+0x82/0xd0
[  167.885447][ T5840]  ? preempt_schedule_thunk+0x16/0x30
[  167.885481][ T5840]  f2fs_sync_dirty_inodes+0x30e/0x810
[  167.885525][ T5840]  f2fs_write_checkpoint+0x9cf/0x2680
[  167.885561][ T5840]  ? __lock_acquire+0x6b5/0x2cf0
[  167.885624][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  167.885711][ T5840]  kill_f2fs_super+0x314/0x720
[  167.885744][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  167.885788][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  167.885823][ T5840]  deactivate_locked_super+0xbc/0x130
[  167.885855][ T5840]  cleanup_mnt+0x437/0x4d0
[  167.885885][ T5840]  ? _raw_spin_unlock_irq+0x23/0x50
[  167.885912][ T5840]  task_work_run+0x1d9/0x270
[  167.885938][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  167.885972][ T5840]  exit_to_user_mode_loop+0xed/0x480
[  167.885996][ T5840]  ? rcu_is_watching+0x15/0xb0
[  167.886027][ T5840]  do_syscall_64+0x2b7/0xf80
[  167.886051][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.886072][ T5840]  ? trace_irq_disable+0x37/0x100
[  167.886099][ T5840]  ? clear_bhb_loop+0x40/0x90
[  167.886125][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.886146][ T5840] RIP: 0033:0x7f097bf9c117
[  167.886166][ T5840] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  167.886183][ T5840] RSP: 002b:00007ffc1ad93248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  167.886205][ T5840] RAX: 0000000000000000 RBX: 00007f097c00471f RCX: 00007f097bf9c117
[  167.886220][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1ad93300
[  167.886232][ T5840] RBP: 00007ffc1ad93300 R08: 00007ffc1ad94300 R09: 00000000ffffffff
[  167.886246][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1ad94390
[  167.886259][ T5840] R13: 00007f097c00471f R14: 0000000000028cfc R15: 00007ffc1ad943d0
[  167.886297][ T5840]  </TASK>
[  168.236058][ T5840] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  169.288621][ T6697] netlink: 'syz.1.215': attribute type 4 has an invalid length.
[  169.296401][ T6697] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.215'.
[  169.307555][    T9] usb 3-1: USB disconnect, device number 6
[  169.707831][ T6707] netlink: 'syz.0.217': attribute type 4 has an invalid length.
[  169.715702][ T6707] netlink: 1601 bytes leftover after parsing attributes in process `syz.0.217'.
[  170.234999][ T5892] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  170.657349][ T5892] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  170.688781][ T5892] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  170.735977][ T6717] loop0: detected capacity change from 0 to 256
[  170.742613][ T5892] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  170.776751][ T6717] vfat: Unknown parameter 'shor†name'
[  170.784467][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.032100][ T5892] usb 5-1: config 0 descriptor??
[  173.234150][ T5917] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  174.220871][ T5836] usb 5-1: USB disconnect, device number 10
[  174.378307][ T5917] usb 3-1: device descriptor read/all, error -71
[  174.529118][   T30] audit: type=1326 audit(2000000035.570:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.2.231" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x0
[  174.555745][  T799] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  175.083840][ T6745] netlink: 'syz.1.229': attribute type 4 has an invalid length.
[  175.092763][ T6745] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.229'.
[  175.416824][  T799] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.429601][  T799] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.444427][  T799] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  175.456081][  T799] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.750634][  T799] usb 4-1: config 0 descriptor??
[  176.054236][ T5836] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  176.229118][ T5836] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.239624][ T5836] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  176.248945][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.260516][ T5836] usb 5-1: config 0 descriptor??
[  176.893761][  T799] usbhid 4-1:0.0: can't add hid device: -71
[  176.950860][ T6760] netlink: 'syz.2.235': attribute type 4 has an invalid length.
[  176.958741][ T6760] netlink: 1601 bytes leftover after parsing attributes in process `syz.2.235'.
[  176.994837][ T5836] pwc: Askey VC010 type 2 USB webcam detected.
[  177.019520][  T799] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  177.046671][  T799] usb 4-1: USB disconnect, device number 11
[  177.425684][ T5836] pwc: recv_control_msg error -32 req 02 val 2b00
[  177.442755][ T5836] pwc: recv_control_msg error -32 req 02 val 2700
[  177.579270][ T5836] pwc: recv_control_msg error -32 req 02 val 2c00
[  177.601635][ T5836] pwc: recv_control_msg error -32 req 04 val 1000
[  177.855069][  T799] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  178.339202][  T799] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.559122][ T5835] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  178.584504][ T5836] pwc: recv_control_msg error -32 req 04 val 1300
[  179.310492][  T799] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=10.85
[  179.330053][  T799] usb 4-1: New USB device strings: Mfr=153, Product=195, SerialNumber=0
[  179.591923][ T5836] pwc: recv_control_msg error -71 req 04 val 1400
[  179.625453][ T5836] pwc: recv_control_msg error -71 req 02 val 2000
[  179.730189][  T799] usb 4-1: Product: syz
[  179.752529][  T799] usb 4-1: Manufacturer: syz
[  179.941654][  T799] usb 4-1: config 0 descriptor??
[  179.989061][  T799] pwc: Askey VC010 type 2 USB webcam detected.
[  180.015176][ T5836] pwc: recv_control_msg error -71 req 02 val 2100
[  180.022640][ T5836] pwc: recv_control_msg error -71 req 04 val 1500
[  180.036241][ T5836] pwc: recv_control_msg error -71 req 02 val 2500
[  180.055036][ T5836] pwc: recv_control_msg error -71 req 02 val 2400
[  180.061956][ T5835] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  180.077820][ T5836] pwc: recv_control_msg error -71 req 02 val 2600
[  180.084968][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.093199][ T5835] usb 3-1: Product: syz
[  180.103467][ T5836] pwc: recv_control_msg error -71 req 02 val 2900
[  180.118280][ T5836] pwc: recv_control_msg error -71 req 02 val 2800
[  180.126676][ T5835] usb 3-1: Manufacturer: syz
[  180.131343][ T5835] usb 3-1: SerialNumber: syz
[  180.137464][ T5836] pwc: recv_control_msg error -71 req 04 val 1100
[  180.147113][ T5836] pwc: recv_control_msg error -71 req 04 val 1200
[  180.159982][ T5835] usb 3-1: config 0 descriptor??
[  180.167658][ T5836] pwc: Registered as video103.
[  180.187166][ T5836] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input8
[  180.242961][ T5836] usb 5-1: USB disconnect, device number 11
[  180.377843][ T5835] dvb_usb_rtl28xxu 3-1:0.0: chip type detection failed -71
[  180.398101][ T5835] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  180.408223][  T799] pwc: recv_control_msg error -32 req 02 val 2b00
[  180.428509][  T799] pwc: recv_control_msg error -32 req 02 val 2700
[  180.446809][  T799] pwc: recv_control_msg error -32 req 02 val 2c00
[  180.456705][ T5835] usb 3-1: USB disconnect, device number 9
[  180.477920][  T799] pwc: recv_control_msg error -32 req 04 val 1000
[  180.496145][  T799] pwc: recv_control_msg error -32 req 04 val 1300
[  180.607969][ T5836] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  180.727110][  T799] pwc: recv_control_msg error -32 req 04 val 1400
[  180.735163][  T799] pwc: recv_control_msg error -32 req 02 val 2000
[  180.742564][  T799] pwc: recv_control_msg error -32 req 02 val 2100
[  180.750091][  T799] pwc: recv_control_msg error -32 req 04 val 1500
[  180.757828][  T799] pwc: recv_control_msg error -32 req 02 val 2500
[  180.766740][  T799] pwc: recv_control_msg error -32 req 02 val 2400
[  180.774050][  T799] pwc: recv_control_msg error -32 req 02 val 2600
[  180.780043][ T5836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.782781][  T799] pwc: recv_control_msg error -32 req 02 val 2900
[  180.795262][ T5836] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  180.802652][  T799] pwc: recv_control_msg error -32 req 02 val 2800
[  180.860148][ T5836] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  180.894711][ T6786] loop0: detected capacity change from 0 to 40427
[  180.906732][ T6786] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  180.915372][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.921410][ T6786] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  180.942095][ T6786] F2FS-fs (loop0): invalid crc value
[  180.951791][   T30] audit: type=1326 audit(2000000042.000:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6790 comm="syz.1.245" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8c479aeb9 code=0x0
[  181.036710][  T799] pwc: recv_control_msg error -71 req 04 val 1200
[  181.042951][ T5836] usb 5-1: config 0 descriptor??
[  181.255475][ T6786] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  181.273075][  T799] pwc: Registered as video103.
[  181.280797][  T799] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9
[  181.299482][  T799] usb 4-1: USB disconnect, device number 12
[  181.321739][ T6786] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  181.922933][ T6786] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  182.258804][ T5836] kovaplus 0003:1E7D:2D50.0002: item fetching failed at offset 2/5
[  182.296439][ T5836] kovaplus 0003:1E7D:2D50.0002: parse failed
[  182.302660][ T5836] kovaplus 0003:1E7D:2D50.0002: probe with driver kovaplus failed with error -22
[  182.376025][ T5836] usb 5-1: USB disconnect, device number 12
[  183.000163][ T6816] netlink: 'syz.3.248': attribute type 4 has an invalid length.
[  183.007974][ T6816] netlink: 1601 bytes leftover after parsing attributes in process `syz.3.248'.
[  183.175376][  T799] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  183.565737][ T5833] syz-executor: attempt to access beyond end of device
[  183.565737][ T5833] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  184.379189][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  184.379220][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  184.379233][ T5833] Call Trace:
[  184.379242][ T5833]  <TASK>
[  184.379252][ T5833]  dump_stack_lvl+0xe8/0x150
[  184.379290][ T5833]  f2fs_handle_critical_error+0x37c/0x540
[  184.379340][ T5833]  f2fs_write_end_io+0xcdb/0xff0
[  184.379384][ T5833]  __submit_merged_bio+0x256/0x650
[  184.379424][ T5833]  __submit_merged_write_cond+0x3c3/0x4e0
[  184.379467][ T5833]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  184.379531][ T5833]  f2fs_write_data_pages+0x2970/0x35e0
[  184.379553][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  184.379618][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  184.379657][ T5833]  ? css_rstat_updated+0x23a/0x530
[  184.379725][ T5833]  ? rcu_is_watching+0x15/0xb0
[  184.379754][ T5833]  ? mod_memcg_lruvec_state+0x1b8/0x320
[  184.379785][ T5833]  ? lru_gen_update_size+0x7c9/0xd10
[  184.379824][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  184.379888][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  184.379912][ T5833]  do_writepages+0x32e/0x550
[  184.379950][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  184.379988][ T5833]  filemap_fdatawrite+0x1e9/0x2f0
[  184.380019][ T5833]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  184.380098][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  184.380136][ T5833]  f2fs_sync_dirty_inodes+0x30e/0x810
[  184.380177][ T5833]  f2fs_write_checkpoint+0x9cf/0x2680
[  184.380201][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  184.380261][ T5833]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  184.380347][ T5833]  kill_f2fs_super+0x314/0x720
[  184.380378][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  184.380417][ T5833]  ? lockdep_hardirqs_on+0x7a/0x110
[  184.380458][ T5833]  deactivate_locked_super+0xbc/0x130
[  184.380489][ T5833]  cleanup_mnt+0x437/0x4d0
[  184.380519][ T5833]  ? _raw_spin_unlock_irq+0x23/0x50
[  184.380546][ T5833]  task_work_run+0x1d9/0x270
[  184.380571][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  184.380604][ T5833]  exit_to_user_mode_loop+0xed/0x480
[  184.380628][ T5833]  ? rcu_is_watching+0x15/0xb0
[  184.380658][ T5833]  do_syscall_64+0x2b7/0xf80
[  184.380683][ T5833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.380704][ T5833]  ? trace_irq_disable+0x37/0x100
[  184.380732][ T5833]  ? clear_bhb_loop+0x40/0x90
[  184.380759][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.380780][ T5833] RIP: 0033:0x7f5c49d9c117
[  184.380800][ T5833] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  184.380818][ T5833] RSP: 002b:00007fffb6656088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  184.380841][ T5833] RAX: 0000000000000000 RBX: 00007f5c49e0471f RCX: 00007f5c49d9c117
[  184.380856][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb6656140
[  184.380868][ T5833] RBP: 00007fffb6656140 R08: 00007fffb6657140 R09: 00000000ffffffff
[  184.380891][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb66571d0
[  184.380904][ T5833] R13: 00007f5c49e0471f R14: 000000000002c899 R15: 00007fffb6657210
[  184.380940][ T5833]  </TASK>
[  184.380948][ T5833] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  187.195102][  T799] usb 3-1: device descriptor read/all, error -71
[  187.239427][ T6840] loop2: detected capacity change from 0 to 128
[  187.588423][ T6846] overlay: Unknown parameter 'subj_user'
[  188.147640][   T30] audit: type=1326 audit(2000000049.190:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6845 comm="syz.3.258" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f097bf9aeb9 code=0x0
[  189.327246][   T30] audit: type=1804 audit(2000000050.370:5): pid=6867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.257" name="/newroot/49/file0/bus" dev="loop2" ino=1048615 res=1 errno=0
[  189.349292][ T5892] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  189.719108][ T5892] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.755883][ T5892] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  189.798326][ T5892] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  189.814698][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  191.178003][ T5892] usb 4-1: SerialNumber: syz
[  191.192225][ T6875] netlink: 'syz.1.263': attribute type 4 has an invalid length.
[  191.200058][ T6875] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.263'.
[  191.501958][ T6881] netlink: 148 bytes leftover after parsing attributes in process `syz.2.265'.
[  191.608764][ T5892] usb 4-1: 0:2 : does not exist
[  192.374842][ T5892] usb 4-1: USB disconnect, device number 13
[  193.161058][ T6894] netlink: 'syz.1.268': attribute type 4 has an invalid length.
[  193.168984][ T6894] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.268'.
[  193.226203][ T5836] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  193.284022][ T6897] udevd[6897]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  193.409795][ T5836] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.432106][ T5836] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  193.455496][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.470300][ T5836] usb 3-1: config 0 descriptor??
[  193.498626][ T5836] pwc: Askey VC010 type 2 USB webcam detected.
[  193.518278][ T6905] fuse: Bad value for 'fd'
[  193.555142][ T5929] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  193.589484][ T6909] loop0: detected capacity change from 0 to 128
[  193.605947][ T5892] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  193.912455][ T5836] pwc: recv_control_msg error -32 req 02 val 2b00
[  193.921888][ T5836] pwc: recv_control_msg error -32 req 02 val 2700
[  193.948967][ T5836] pwc: recv_control_msg error -71 req 02 val 2c00
[  194.015434][ T5836] pwc: recv_control_msg error -71 req 04 val 1000
[  194.022480][ T5836] pwc: recv_control_msg error -71 req 04 val 1300
[  194.045436][ T5836] pwc: recv_control_msg error -71 req 04 val 1400
[  194.055058][ T5836] pwc: recv_control_msg error -71 req 02 val 2000
[  194.065433][ T5836] pwc: recv_control_msg error -71 req 02 val 2100
[  194.075386][ T5836] pwc: recv_control_msg error -71 req 04 val 1500
[  194.095652][ T5836] pwc: recv_control_msg error -71 req 02 val 2500
[  194.102204][ T5892] usb 4-1: device descriptor read/64, error -71
[  194.103016][ T5836] pwc: recv_control_msg error -71 req 02 val 2400
[  194.125419][ T5836] pwc: recv_control_msg error -71 req 02 val 2600
[  194.134211][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.143309][ T5836] pwc: recv_control_msg error -71 req 02 val 2900
[  194.154947][ T5929] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  194.162932][ T5836] pwc: recv_control_msg error -71 req 02 val 2800
[  194.183500][ T5929] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  194.193182][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.202856][ T5836] pwc: recv_control_msg error -71 req 04 val 1100
[  194.209955][ T5929] usb 5-1: config 0 descriptor??
[  194.224171][ T5836] pwc: recv_control_msg error -71 req 04 val 1200
[  194.243525][ T5836] pwc: Registered as video103.
[  194.271460][ T5836] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10
[  194.302538][ T5836] usb 3-1: USB disconnect, device number 12
[  194.324499][ T6914] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  194.332239][ T6914] FAT-fs (loop0): Filesystem has been set read-only
[  194.359134][ T5892] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  194.558675][ T5892] usb 4-1: device descriptor read/64, error -71
[  194.656848][ T5929] kovaplus 0003:1E7D:2D50.0003: item fetching failed at offset 2/5
[  194.675787][ T5892] usb usb4-port1: attempt power cycle
[  194.683834][ T5929] kovaplus 0003:1E7D:2D50.0003: parse failed
[  194.702089][ T5929] kovaplus 0003:1E7D:2D50.0003: probe with driver kovaplus failed with error -22
[  194.837156][ T5929] usb 5-1: USB disconnect, device number 13
[  195.046986][ T5892] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  195.095803][ T5892] usb 4-1: device descriptor read/8, error -71
[  195.368217][ T5892] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  195.425252][ T5892] usb 4-1: device descriptor read/8, error -71
[  195.575296][ T5892] usb usb4-port1: unable to enumerate USB device
[  195.844992][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  196.033848][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  196.056989][   T24] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=10.85
[  196.072133][   T24] usb 5-1: New USB device strings: Mfr=153, Product=195, SerialNumber=0
[  196.093078][   T24] usb 5-1: Product: syz
[  196.104931][   T24] usb 5-1: Manufacturer: syz
[  196.125338][   T24] usb 5-1: config 0 descriptor??
[  196.148552][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[  196.601839][   T24] pwc: recv_control_msg error -32 req 02 val 2b00
[  196.611898][   T24] pwc: recv_control_msg error -32 req 02 val 2700
[  196.619384][   T24] pwc: recv_control_msg error -32 req 02 val 2c00
[  196.630151][   T24] pwc: recv_control_msg error -32 req 04 val 1000
[  196.637550][   T24] pwc: recv_control_msg error -32 req 04 val 1300
[  196.649095][   T24] pwc: recv_control_msg error -32 req 04 val 1400
[  196.974284][ T6940] netlink: 'syz.2.284': attribute type 4 has an invalid length.
[  196.982122][ T6940] netlink: 1601 bytes leftover after parsing attributes in process `syz.2.284'.
[  197.010410][   T24] pwc: recv_control_msg error -32 req 02 val 2000
[  197.118036][   T24] pwc: recv_control_msg error -32 req 02 val 2100
[  197.223899][   T24] pwc: recv_control_msg error -32 req 04 val 1500
[  197.316697][   T24] pwc: recv_control_msg error -32 req 02 val 2500
[  197.559766][   T24] pwc: recv_control_msg error -32 req 02 val 2400
[  197.571169][   T24] pwc: recv_control_msg error -32 req 02 val 2600
[  197.585045][   T24] pwc: recv_control_msg error -32 req 02 val 2900
[  197.595077][   T24] pwc: recv_control_msg error -32 req 02 val 2800
[  198.081998][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[  198.099899][   T24] pwc: Registered as video103.
[  198.134275][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input11
[  198.187766][ T6952] loop3: detected capacity change from 0 to 512
[  198.234456][ T6952] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.288: bg 0: block 393: padding at end of block bitmap is not set
[  198.249131][ T6952] loop3: lost filesystem error report for type 5 error -117
[  198.254924][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  198.268830][    C1] EXT4-fs (loop3): initial error at time 2000000059: ext4_validate_block_bitmap:441
[  198.278312][    C1] EXT4-fs (loop3): last error at time 2000000059: ext4_validate_block_bitmap:441
[  198.288863][ T6952] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6687: Corrupt filesystem
[  198.301679][ T6952] loop3: lost filesystem error report for type 5 error -117
[  198.302628][ T6952] EXT4-fs (loop3): 2 truncates cleaned up
[  198.331778][   T24] usb 5-1: USB disconnect, device number 14
[  198.332539][ T6952] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.384993][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  198.590435][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.616466][    T9] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  198.645183][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.671960][    T9] usb 3-1: config 0 descriptor??
[  198.693496][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  198.975007][   T24] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  199.097365][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  199.112931][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  199.125673][   T24] usb 5-1: device descriptor read/64, error -71
[  199.135960][    T9] pwc: recv_control_msg error -71 req 02 val 2c00
[  199.358330][    T9] pwc: recv_control_msg error -71 req 04 val 1000
[  199.365114][   T24] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  199.375308][    T9] pwc: recv_control_msg error -71 req 04 val 1300
[  199.382278][    T9] pwc: recv_control_msg error -71 req 04 val 1400
[  199.389808][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  199.397129][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  199.404239][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  199.412311][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  199.419701][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  199.427827][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  199.435293][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  199.442382][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  199.451294][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  199.461789][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  199.479507][    T9] pwc: Registered as video103.
[  199.498164][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input12
[  199.533788][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  199.542026][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  199.630988][    T9] usb 3-1: USB disconnect, device number 13
[  199.816179][   T24] usb 5-1: device descriptor read/64, error -71
[  199.927785][   T24] usb usb5-port1: attempt power cycle
[  200.296207][   T24] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  200.347463][   T24] usb 5-1: device descriptor read/8, error -71
[  200.444954][ T5892] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  200.605448][   T24] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  200.626885][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.639234][   T24] usb 5-1: device descriptor read/8, error -71
[  200.648754][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.616308][   T24] usb usb5-port1: unable to enumerate USB device
[  201.626327][ T5892] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  201.646489][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.440155][ T6980] loop0: detected capacity change from 0 to 40427
[  202.562842][ T6980] F2FS-fs (loop0): build fault injection rate: 771
[  202.578761][ T6980] F2FS-fs (loop0): invalid crc value
[  202.709891][ T6980] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  202.754790][ T6980] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  202.895728][ T5892] usb 3-1: config 0 descriptor??
[  203.671645][ T5892] usbhid 3-1:0.0: can't add hid device: -71
[  203.696732][ T5892] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  204.695629][ T5892] usb 3-1: USB disconnect, device number 14
[  204.749138][ T6988] netlink: 'syz.1.298': attribute type 4 has an invalid length.
[  204.756905][ T6988] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.298'.
[  204.849769][ T5833] syz-executor: attempt to access beyond end of device
[  204.849769][ T5833] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  204.915046][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  204.915078][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  204.915092][ T5833] Call Trace:
[  204.915101][ T5833]  <TASK>
[  204.915111][ T5833]  dump_stack_lvl+0xe8/0x150
[  204.915151][ T5833]  f2fs_handle_critical_error+0x37c/0x540
[  204.915195][ T5833]  f2fs_write_end_io+0xcdb/0xff0
[  204.915243][ T5833]  __submit_merged_bio+0x256/0x650
[  204.915286][ T5833]  __submit_merged_write_cond+0x3c3/0x4e0
[  204.915330][ T5833]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  204.915393][ T5833]  f2fs_write_data_pages+0x2970/0x35e0
[  204.915416][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  204.915487][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  204.915526][ T5833]  ? unwind_next_frame+0xa5/0x23c0
[  204.915602][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  204.915647][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  204.915685][ T5833]  ? do_raw_spin_lock+0x12b/0x2f0
[  204.915733][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  204.915767][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  204.915791][ T5833]  do_writepages+0x32e/0x550
[  204.915833][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  204.915872][ T5833]  filemap_fdatawrite+0x1e9/0x2f0
[  204.915904][ T5833]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  204.916002][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  204.916042][ T5833]  f2fs_sync_dirty_inodes+0x30e/0x810
[  204.916087][ T5833]  f2fs_write_checkpoint+0x9cf/0x2680
[  204.916155][ T5833]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  204.916233][ T5833]  ? kfree+0x1c1/0x610
[  204.916261][ T5833]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  204.916300][ T5833]  kill_f2fs_super+0x314/0x720
[  204.916332][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  204.916373][ T5833]  ? lockdep_hardirqs_on+0x7a/0x110
[  204.916417][ T5833]  deactivate_locked_super+0xbc/0x130
[  204.916450][ T5833]  cleanup_mnt+0x437/0x4d0
[  204.916480][ T5833]  ? _raw_spin_unlock_irq+0x23/0x50
[  204.916508][ T5833]  task_work_run+0x1d9/0x270
[  204.916534][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  204.916570][ T5833]  exit_to_user_mode_loop+0xed/0x480
[  204.916594][ T5833]  ? rcu_is_watching+0x15/0xb0
[  204.916626][ T5833]  do_syscall_64+0x2b7/0xf80
[  204.916651][ T5833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.916672][ T5833]  ? trace_irq_disable+0x37/0x100
[  204.916701][ T5833]  ? clear_bhb_loop+0x40/0x90
[  204.916729][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.916750][ T5833] RIP: 0033:0x7f5c49d9c117
[  204.916772][ T5833] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  204.916790][ T5833] RSP: 002b:00007fffb6656088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  204.916814][ T5833] RAX: 0000000000000000 RBX: 00007f5c49e0471f RCX: 00007f5c49d9c117
[  204.916828][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb6656140
[  204.916841][ T5833] RBP: 00007fffb6656140 R08: 00007fffb6657140 R09: 00000000ffffffff
[  204.916855][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb66571d0
[  204.916868][ T5833] R13: 00007f5c49e0471f R14: 0000000000031ad9 R15: 00007fffb6657210
[  204.916907][ T5833]  </TASK>
[  204.916916][ T5833] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  205.354409][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  205.354441][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  205.354453][ T5833] Call Trace:
[  205.354461][ T5833]  <TASK>
[  205.354470][ T5833]  dump_stack_lvl+0xe8/0x150
[  205.354510][ T5833]  f2fs_handle_critical_error+0x37c/0x540
[  205.354553][ T5833]  f2fs_write_end_io+0xcdb/0xff0
[  205.354600][ T5833]  __submit_merged_bio+0x256/0x650
[  205.354641][ T5833]  __submit_merged_write_cond+0x3c3/0x4e0
[  205.354684][ T5833]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  205.354745][ T5833]  f2fs_write_data_pages+0x2970/0x35e0
[  205.354766][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  205.354834][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.354874][ T5833]  ? unwind_next_frame+0xa5/0x23c0
[  205.354942][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  205.354991][ T5833]  ? __lock_acquire+0x6b5/0x2cf0
[  205.355027][ T5833]  ? do_raw_spin_lock+0x12b/0x2f0
[  205.355072][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  205.355103][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.355125][ T5833]  do_writepages+0x32e/0x550
[  205.355164][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  205.355201][ T5833]  filemap_fdatawrite+0x1e9/0x2f0
[  205.355232][ T5833]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  205.355308][ T5833]  ? do_raw_spin_unlock+0xf5/0x210
[  205.355346][ T5833]  f2fs_sync_dirty_inodes+0x30e/0x810
[  205.355389][ T5833]  f2fs_write_checkpoint+0x9cf/0x2680
[  205.355452][ T5833]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  205.355521][ T5833]  ? kfree+0x1c1/0x610
[  205.355548][ T5833]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  205.355584][ T5833]  kill_f2fs_super+0x314/0x720
[  205.355616][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  205.355655][ T5833]  ? lockdep_hardirqs_on+0x7a/0x110
[  205.355697][ T5833]  deactivate_locked_super+0xbc/0x130
[  205.355729][ T5833]  cleanup_mnt+0x437/0x4d0
[  205.355758][ T5833]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.355785][ T5833]  task_work_run+0x1d9/0x270
[  205.355810][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  205.355844][ T5833]  exit_to_user_mode_loop+0xed/0x480
[  205.355868][ T5833]  ? rcu_is_watching+0x15/0xb0
[  205.355899][ T5833]  do_syscall_64+0x2b7/0xf80
[  205.355924][ T5833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.355944][ T5833]  ? trace_irq_disable+0x37/0x100
[  205.355979][ T5833]  ? clear_bhb_loop+0x40/0x90
[  205.356006][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.356027][ T5833] RIP: 0033:0x7f5c49d9c117
[  205.356048][ T5833] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  205.356065][ T5833] RSP: 002b:00007fffb6656088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  205.356087][ T5833] RAX: 0000000000000000 RBX: 00007f5c49e0471f RCX: 00007f5c49d9c117
[  205.356101][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb6656140
[  205.356113][ T5833] RBP: 00007fffb6656140 R08: 00007fffb6657140 R09: 00000000ffffffff
[  205.356127][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb66571d0
[  205.356140][ T5833] R13: 00007f5c49e0471f R14: 0000000000031ad9 R15: 00007fffb6657210
[  205.356177][ T5833]  </TASK>
[  205.718710][ T5833] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  205.834970][ T5836] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  206.634985][ T5836] usb 5-1: Using ep0 maxpacket: 32
[  206.642123][ T5836] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  206.651345][ T5836] usb 5-1: config 0 has no interface number 0
[  206.662042][ T5836] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  206.671503][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.679899][ T5836] usb 5-1: Product: syz
[  206.684106][ T5836] usb 5-1: Manufacturer: syz
[  207.674952][ T5836] usb 5-1: SerialNumber: syz
[  208.642305][ T5836] usb 5-1: config 0 descriptor??
[  208.649472][ T5836] usb 5-1: can't set config #0, error -71
[  208.657252][ T5836] usb 5-1: USB disconnect, device number 19
[  208.702930][  T799] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  208.874956][  T799] usb 3-1: Using ep0 maxpacket: 32
[  208.885912][  T799] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  208.898635][  T799] usb 3-1: config 0 has no interface number 0
[  209.867957][  T799] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  209.894650][  T799] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.543335][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.555342][  T799] usb 3-1: Product: syz
[  210.580268][ T5835] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  210.891742][  T799] usb 3-1: Manufacturer: syz
[  210.900579][  T799] usb 3-1: SerialNumber: syz
[  210.946486][  T799] usb 3-1: config 0 descriptor??
[  211.621278][ T7026] netlink: 'syz.0.313': attribute type 4 has an invalid length.
[  211.629208][ T7026] netlink: 1601 bytes leftover after parsing attributes in process `syz.0.313'.
[  211.642485][  T799] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  211.677775][  T799] usb 3-1: qt2_attach - failed to power on unit: -71
[  211.692376][  T799] quatech2 3-1:0.51: probe with driver quatech2 failed with error -71
[  211.739749][  T799] usb 3-1: USB disconnect, device number 15
[  211.765037][ T5835] usb 5-1: device descriptor read/64, error -71
[  211.897603][   T30] audit: type=1326 audit(2000000072.950:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  211.937264][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  211.943420][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  211.951107][ T5847] Bluetooth: hci3: command 0x0406 tx timeout
[  211.957270][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  211.957308][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  212.007701][   T30] audit: type=1326 audit(2000000072.950:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  212.036086][ T7038] loop0: detected capacity change from 0 to 128
[  212.043485][ T7038] EXT4-fs: Ignoring removed nobh option
[  212.075094][   T30] audit: type=1326 audit(2000000073.020:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  212.099190][   T30] audit: type=1326 audit(2000000073.020:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  212.127306][   T30] audit: type=1326 audit(2000000073.020:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  212.149887][   T30] audit: type=1326 audit(2000000073.020:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  212.281774][ T7038] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  212.854531][ T7038] ext4 filesystem being mounted at /56/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  212.908664][   T30] audit: type=1326 audit(2000000073.020:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  212.965144][   T30] audit: type=1326 audit(2000000073.020:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  213.035047][   T30] audit: type=1326 audit(2000000073.020:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  213.115694][   T30] audit: type=1326 audit(2000000073.030:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f09d7f9aeb9 code=0x7ffc0000
[  213.165000][ T5892] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  213.368325][ T5833] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  213.391447][ T5892] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  213.432194][ T5892] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  213.475764][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.536480][ T5892] usb 3-1: config 0 descriptor??
[  213.567900][ T5892] pwc: Askey VC010 type 2 USB webcam detected.
[  213.948892][ T5892] pwc: recv_control_msg error -32 req 02 val 2b00
[  214.001530][ T7053] loop4: detected capacity change from 0 to 40427
[  214.017676][ T7053] F2FS-fs (loop4): build fault injection rate: 174
[  214.024526][ T7053] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  214.035392][ T5835] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  214.047680][ T7053] F2FS-fs (loop4): invalid crc value
[  214.087788][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  214.133190][ T7053] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  214.145347][ T7053] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  214.158970][ T5892] pwc: recv_control_msg error -71 req 02 val 2c00
[  214.171757][ T5892] pwc: recv_control_msg error -71 req 04 val 1000
[  214.179520][ T5892] pwc: recv_control_msg error -71 req 04 val 1300
[  214.208303][ T5835] usb 4-1: unable to get BOS descriptor or descriptor too short
[  214.226373][ T5835] usb 4-1: config 6 has an invalid interface number: 200 but max is 0
[  214.234614][ T5835] usb 4-1: config 6 has no interface number 0
[  214.265155][ T5835] usb 4-1: config 6 interface 200 has no altsetting 0
[  214.288005][ T5835] usb 4-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[  214.315210][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.350702][ T5835] usb 4-1: Product: syz
[  214.367330][ T5835] usb 4-1: Manufacturer: syz
[  214.372019][ T5835] usb 4-1: SerialNumber: syz
[  214.429946][ T5892] pwc: recv_control_msg error -71 req 04 val 1400
[  214.437013][ T5892] pwc: recv_control_msg error -71 req 02 val 2000
[  214.444046][ T5892] pwc: recv_control_msg error -71 req 02 val 2100
[  214.451277][ T5892] pwc: recv_control_msg error -71 req 04 val 1500
[  214.458462][ T5892] pwc: recv_control_msg error -71 req 02 val 2500
[  214.465858][ T5892] pwc: recv_control_msg error -71 req 02 val 2400
[  214.473173][   T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  214.484739][ T5892] pwc: recv_control_msg error -71 req 02 val 2600
[  214.493113][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  214.502212][ T5892] pwc: recv_control_msg error -71 req 02 val 2900
[  214.514824][   T24] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  214.524597][ T7065] syz.4.321: attempt to access beyond end of device
[  214.524597][ T7065] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  214.538867][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  214.547446][ T7065] syz.4.321: attempt to access beyond end of device
[  214.547446][ T7065] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  214.561563][ T5892] pwc: recv_control_msg error -71 req 02 val 2800
[  214.568508][   T24] usb 1-1: SerialNumber: syz
[  214.575577][ T5892] pwc: recv_control_msg error -71 req 04 val 1100
[  214.582493][ T5892] pwc: recv_control_msg error -71 req 04 val 1200
[  214.602113][ T5892] pwc: Registered as video103.
[  214.609550][ T7057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.627650][ T5892] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13
[  214.629382][ T7057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.665552][ T7057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.674624][ T7057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.685999][ T5892] usb 3-1: USB disconnect, device number 16
[  214.782575][ T7057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.814486][   T24] usb 1-1: 0:2 : does not exist
[  214.843107][ T7057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.851756][ T5849] syz-executor: attempt to access beyond end of device
[  214.851756][ T5849] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  214.909364][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  214.909395][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  214.909409][ T5849] Call Trace:
[  214.909417][ T5849]  <TASK>
[  214.909427][ T5849]  dump_stack_lvl+0xe8/0x150
[  214.909465][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  214.909506][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  214.909529][ T5849]  ? __submit_merged_bio+0x256/0x650
[  214.909578][ T5849]  __submit_merged_bio+0x256/0x650
[  214.909615][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  214.909656][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  214.909711][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  214.909751][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  214.909816][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  214.909854][ T5849]  ? css_rstat_updated+0x23a/0x530
[  214.909918][ T5849]  ? rcu_is_watching+0x15/0xb0
[  214.909946][ T5849]  ? mod_memcg_lruvec_state+0x1b8/0x320
[  214.909976][ T5849]  ? lru_gen_update_size+0x7c9/0xd10
[  214.910013][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  214.910069][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  214.910093][ T5849]  do_writepages+0x32e/0x550
[  214.910131][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  214.910168][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  214.910200][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  214.910294][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  214.910331][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  214.910371][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  214.910393][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  214.910451][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  214.910533][ T5849]  kill_f2fs_super+0x314/0x720
[  214.910563][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  214.910600][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  214.910639][ T5849]  deactivate_locked_super+0xbc/0x130
[  214.910669][ T5849]  cleanup_mnt+0x437/0x4d0
[  214.910698][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  214.910724][ T5849]  task_work_run+0x1d9/0x270
[  214.910747][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  214.910780][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  214.910803][ T5849]  ? rcu_is_watching+0x15/0xb0
[  214.910832][ T5849]  do_syscall_64+0x2b7/0xf80
[  214.910856][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.910876][ T5849]  ? trace_irq_disable+0x37/0x100
[  214.910902][ T5849]  ? clear_bhb_loop+0x40/0x90
[  214.910927][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.910947][ T5849] RIP: 0033:0x7f753079c117
[  214.910967][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  214.910984][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  214.911005][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  214.911018][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  214.911031][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  214.911044][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  214.911055][ T5849] R13: 00007f753080471f R14: 0000000000034688 R15: 00007ffc92f79050
[  214.911087][ T5849]  </TASK>
[  214.911095][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  215.254550][ T5835] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[  215.265282][ T5835] dvb-usb: bulk message failed: -22 (3/0)
[  215.293720][   T24] usb 1-1: USB disconnect, device number 9
[  215.358691][ T5835] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  215.394286][ T7045] udevd[7045]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  215.435756][ T5835] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[  215.443959][ T5835] usb 4-1: media controller created
[  215.450878][ T7057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.482964][ T7057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.494497][ T5835] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  215.556863][ T5835] dvb-usb: bulk message failed: -22 (6/0)
[  215.563224][ T5835] dvb-usb: bulk message failed: -22 (6/0)
[  215.578928][ T5892] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  215.585746][ T5835] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[  215.625571][ T5835] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14
[  215.667995][ T5835] dvb-usb: schedule remote query interval to 150 msecs.
[  215.695249][ T5835] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[  215.738893][ T5835] usb 4-1: USB disconnect, device number 18
[  215.766616][ T5892] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  215.786381][ T5892] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  215.835063][ T5892] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  215.853764][ T5892] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.881139][ T5892] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  215.890937][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  215.909722][ T5892] usb 3-1: Product: syz
[  215.914213][ T5892] usb 3-1: Manufacturer: syz
[  215.993883][ T5835] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[  216.139178][ T5892] cdc_wdm 3-1:1.0: skipping garbage
[  216.144562][ T5892] cdc_wdm 3-1:1.0: skipping garbage
[  216.193620][ T5892] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  216.222463][ T5892] cdc_wdm 3-1:1.0: Unknown control protocol
[  216.647871][ T5892] usb 3-1: USB disconnect, device number 17
[  216.830641][ T7078] loop3: detected capacity change from 0 to 128
[  216.890495][ T7078] EXT4-fs: Ignoring removed nobh option
[  216.978255][ T7078] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  217.069247][ T7078] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  217.319094][   T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  217.384973][ T5892] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  217.485800][   T24] usb 1-1: Using ep0 maxpacket: 32
[  217.506238][   T24] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  217.543530][   T24] usb 1-1: config 0 has no interface number 0
[  217.580615][   T24] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  217.603547][ T5892] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  217.637809][ T5840] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  217.651786][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.664678][ T5892] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  217.700274][   T24] usb 1-1: Product: syz
[  217.709555][ T5892] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  217.719937][ T7092] loop4: detected capacity change from 0 to 40427
[  217.734472][ T7092] F2FS-fs (loop4): build fault injection rate: 771
[  217.741632][   T24] usb 1-1: Manufacturer: syz
[  217.745303][ T7092] F2FS-fs (loop4): invalid crc value
[  217.762942][   T24] usb 1-1: SerialNumber: syz
[  217.827712][   T24] usb 1-1: config 0 descriptor??
[  217.844243][ T5892] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.855251][ T7092] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  217.877497][ T7092] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  217.919012][   T24] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  217.949827][ T5892] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  217.969894][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  217.993346][ T5892] usb 3-1: Product: syz
[  218.004956][ T5892] usb 3-1: Manufacturer: syz
[  218.037745][ T5892] cdc_wdm 3-1:1.0: skipping garbage
[  218.043855][ T5892] cdc_wdm 3-1:1.0: skipping garbage
[  218.103871][   T24] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  218.116594][ T5892] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  218.122612][ T5892] cdc_wdm 3-1:1.0: Unknown control protocol
[  218.210000][   T24] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  218.348086][ T5836] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  218.474758][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  218.484271][   T24] usb 1-1: USB disconnect, device number 10
[  218.514317][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  218.525172][ T5836] usb 4-1: Using ep0 maxpacket: 32
[  218.533457][ T5836] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  218.553905][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  218.562710][ T5836] usb 4-1: config 0 has no interface number 0
[  218.593151][ T5836] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  218.602349][   T24] quatech2 1-1:0.51: device disconnected
[  218.637337][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.662927][ T5836] usb 4-1: Product: syz
[  218.677647][ T5836] usb 4-1: Manufacturer: syz
[  218.682322][ T5836] usb 4-1: SerialNumber: syz
[  218.716831][ T5836] usb 4-1: config 0 descriptor??
[  218.739927][ T5836] smsc95xx v2.0.0
[  218.754693][ T5836] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  218.787791][ T5836] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -22
[  218.861996][ T7084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.892691][ T7084] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.929931][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  218.936806][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  218.944815][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  218.951642][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  218.958187][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  218.964846][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  218.971923][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  218.978574][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  218.985278][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  218.991928][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  218.998679][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  219.005343][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  219.011842][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  219.018485][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  219.025791][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  219.034732][ T5836] usb 3-1: USB disconnect, device number 18
[  219.975790][ T7110] fuse: Unknown parameter 'fd0x0000000000000003'
[  220.157426][ T5836] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  220.352781][ T5836] usb 3-1: unable to get BOS descriptor or descriptor too short
[  220.370589][ T5836] usb 3-1: config 6 has an invalid interface number: 34 but max is 0
[  220.384919][ T5836] usb 3-1: config 6 has no interface number 0
[  220.391094][ T5836] usb 3-1: config 6 interface 34 has no altsetting 0
[  220.435055][ T5836] usb 3-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  220.444269][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.484971][ T5836] usb 3-1: Product: syz
[  220.489216][ T5836] usb 3-1: Manufacturer: syz
[  220.493860][ T5836] usb 3-1: SerialNumber: syz
[  220.588340][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  220.588361][   T30] audit: type=1326 audit(2000000081.640:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.667311][   T30] audit: type=1326 audit(2000000081.670:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.715003][   T30] audit: type=1326 audit(2000000081.680:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.761338][ T5836] ums-alauda 3-1:6.34: USB Mass Storage device detected
[  220.787647][   T30] audit: type=1326 audit(2000000081.680:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.812092][   T30] audit: type=1326 audit(2000000081.680:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.835294][   T30] audit: type=1326 audit(2000000081.680:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.866690][   T30] audit: type=1326 audit(2000000081.680:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.891842][   T30] audit: type=1326 audit(2000000081.680:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  220.952965][ T5836] usb 3-1: USB disconnect, device number 19
[  220.966309][   T30] audit: type=1326 audit(2000000081.690:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  221.026300][ T5892] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  221.051991][   T30] audit: type=1326 audit(2000000081.690:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7117 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c49d9aeb9 code=0x7ffc0000
[  221.098827][   T24] usb 4-1: USB disconnect, device number 19
[  221.197368][ T5892] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.208324][ T5892] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  221.242460][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.292566][ T5892] usb 1-1: config 0 descriptor??
[  221.324341][ T5892] pwc: Askey VC010 type 2 USB webcam detected.
[  221.423395][ T7129] loop2: detected capacity change from 0 to 128
[  221.447695][ T7129] EXT4-fs: Ignoring removed nobh option
[  221.506679][ T7129] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  221.536479][ T7129] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  221.593114][ T5849] syz-executor: attempt to access beyond end of device
[  221.593114][ T5849] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  221.608710][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  221.608742][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  221.608756][ T5849] Call Trace:
[  221.608770][ T5849]  <TASK>
[  221.608779][ T5849]  dump_stack_lvl+0xe8/0x150
[  221.608818][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  221.608862][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  221.608910][ T5849]  __submit_merged_bio+0x256/0x650
[  221.608963][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  221.609005][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  221.609065][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  221.609087][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  221.609154][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  221.609238][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  221.609281][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  221.609317][ T5849]  ? do_raw_spin_lock+0x12b/0x2f0
[  221.609362][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  221.609394][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  221.609418][ T5849]  do_writepages+0x32e/0x550
[  221.609455][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  221.609492][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  221.609523][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  221.609604][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  221.609642][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  221.609684][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  221.609758][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  221.609850][ T5849]  ? kfree+0x1c1/0x610
[  221.609877][ T5849]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  221.609927][ T5849]  kill_f2fs_super+0x314/0x720
[  221.609958][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  221.609997][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  221.610038][ T5849]  deactivate_locked_super+0xbc/0x130
[  221.610069][ T5849]  cleanup_mnt+0x437/0x4d0
[  221.610099][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.610125][ T5849]  task_work_run+0x1d9/0x270
[  221.610150][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  221.610184][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  221.610208][ T5849]  ? rcu_is_watching+0x15/0xb0
[  221.610238][ T5849]  do_syscall_64+0x2b7/0xf80
[  221.610261][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.610281][ T5849]  ? trace_irq_disable+0x37/0x100
[  221.610308][ T5849]  ? clear_bhb_loop+0x40/0x90
[  221.610335][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.610355][ T5849] RIP: 0033:0x7f753079c117
[  221.610376][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  221.610395][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  221.610417][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  221.610432][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  221.610444][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  221.610460][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  221.610472][ T5849] R13: 00007f753080471f R14: 0000000000035494 R15: 00007ffc92f79050
[  221.610508][ T5849]  </TASK>
[  221.610884][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  221.933616][ T5892] pwc: recv_control_msg error -32 req 02 val 2b00
[  221.940942][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  221.940972][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  221.940985][ T5849] Call Trace:
[  221.940994][ T5849]  <TASK>
[  221.941008][ T5849]  dump_stack_lvl+0xe8/0x150
[  221.941046][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  221.941087][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  221.941131][ T5849]  __submit_merged_bio+0x256/0x650
[  221.941174][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  221.941219][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  221.941283][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  221.941305][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  221.941375][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  221.941461][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  221.941505][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  221.941541][ T5849]  ? do_raw_spin_lock+0x12b/0x2f0
[  221.941587][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  221.941620][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  221.941644][ T5849]  do_writepages+0x32e/0x550
[  221.941694][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  221.941735][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  221.941768][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  221.941858][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  221.941898][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  221.941943][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  221.942014][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  221.942093][ T5849]  ? kfree+0x1c1/0x610
[  221.942120][ T5849]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  221.942159][ T5849]  kill_f2fs_super+0x314/0x720
[  221.942193][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  221.942235][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  221.942280][ T5849]  deactivate_locked_super+0xbc/0x130
[  221.942312][ T5849]  cleanup_mnt+0x437/0x4d0
[  221.942343][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.942371][ T5849]  task_work_run+0x1d9/0x270
[  221.942397][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  221.942433][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  221.942457][ T5849]  ? rcu_is_watching+0x15/0xb0
[  221.942488][ T5849]  do_syscall_64+0x2b7/0xf80
[  221.942513][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.942534][ T5849]  ? trace_irq_disable+0x37/0x100
[  221.942561][ T5849]  ? clear_bhb_loop+0x40/0x90
[  221.942588][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.942609][ T5849] RIP: 0033:0x7f753079c117
[  221.942631][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  221.942650][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  221.942680][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  221.942695][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  221.942709][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  221.942723][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  221.942737][ T5849] R13: 00007f753080471f R14: 0000000000035494 R15: 00007ffc92f79050
[  221.942775][ T5849]  </TASK>
[  221.944208][ T5892] pwc: recv_control_msg error -32 req 02 val 2700
[  221.960594][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  222.058628][ T5892] pwc: recv_control_msg error -32 req 02 val 2c00
[  222.315953][ T5892] pwc: recv_control_msg error -32 req 04 val 1000
[  222.323380][ T5892] pwc: recv_control_msg error -32 req 04 val 1300
[  222.343981][ T5892] pwc: recv_control_msg error -32 req 04 val 1400
[  222.353932][ T5892] pwc: recv_control_msg error -32 req 02 val 2000
[  222.374325][ T5892] pwc: recv_control_msg error -32 req 02 val 2100
[  222.381674][ T5892] pwc: recv_control_msg error -32 req 04 val 1500
[  222.399295][ T5892] pwc: recv_control_msg error -32 req 02 val 2500
[  222.415709][ T5892] pwc: recv_control_msg error -32 req 02 val 2400
[  222.433319][ T5892] pwc: recv_control_msg error -32 req 02 val 2600
[  222.440681][ T5892] pwc: recv_control_msg error -32 req 02 val 2900
[  222.455860][ T5892] pwc: recv_control_msg error -32 req 02 val 2800
[  222.478924][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  222.646878][ T7139] futex_wake_op: syz.2.346 tries to shift op by -1; fix this program
[  222.664176][ T5892] pwc: recv_control_msg error -71 req 04 val 1200
[  222.672997][ T5892] pwc: Registered as video103.
[  222.697382][ T5892] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input15
[  222.755573][ T5892] usb 1-1: USB disconnect, device number 11
[  223.484965][ T5835] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  223.594982][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  223.648994][ T5835] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  223.659306][ T5835] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  223.676325][ T5835] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  223.695026][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  223.703443][ T5835] usb 5-1: SerialNumber: syz
[  223.744968][    T9] usb 1-1: Using ep0 maxpacket: 32
[  223.753011][    T9] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  223.771942][    T9] usb 1-1: config 0 has no interface number 0
[  223.784730][    T9] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  223.794615][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.803096][    T9] usb 1-1: Product: syz
[  223.807872][    T9] usb 1-1: Manufacturer: syz
[  223.812567][    T9] usb 1-1: SerialNumber: syz
[  223.826343][    T9] usb 1-1: config 0 descriptor??
[  223.846167][    T9] smsc95xx v2.0.0
[  223.849908][    T9] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  223.860955][    T9] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -22
[  223.926580][ T5835] usb 5-1: 0:2 : does not exist
[  223.982554][ T5835] usb 5-1: USB disconnect, device number 22
[  224.031068][ T6897] udevd[6897]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  224.554975][ T7160] netlink: 'syz.3.353': attribute type 21 has an invalid length.
[  224.563127][ T7160] netlink: 156 bytes leftover after parsing attributes in process `syz.3.353'.
[  226.426849][ T7163] loop4: detected capacity change from 0 to 40427
[  226.561602][ T7163] F2FS-fs (loop4): build fault injection rate: 771
[  226.570916][ T7163] F2FS-fs (loop4): invalid crc value
[  226.644644][    T9] usb 1-1: USB disconnect, device number 12
[  226.916205][ T7163] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  226.939595][ T7163] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  227.646203][ T7174] loop0: detected capacity change from 0 to 128
[  227.679915][ T7174] EXT4-fs: Ignoring removed nobh option
[  227.738398][ T7174] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  227.794330][ T7174] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  227.929093][ T7182] overlayfs: failed to clone lowerpath
[  228.674021][ T5849] syz-executor: attempt to access beyond end of device
[  228.674021][ T5849] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  228.730957][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  228.730989][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  228.731004][ T5849] Call Trace:
[  228.731012][ T5849]  <TASK>
[  228.731022][ T5849]  dump_stack_lvl+0xe8/0x150
[  228.731068][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  228.731110][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  228.731155][ T5849]  __submit_merged_bio+0x256/0x650
[  228.731195][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  228.731237][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  228.731297][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  228.731363][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  228.731401][ T5849]  ? unwind_next_frame+0xa5/0x23c0
[  228.731432][ T5849]  ? css_rstat_updated+0x23a/0x530
[  228.731495][ T5849]  ? rcu_is_watching+0x15/0xb0
[  228.731529][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  228.731572][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  228.731609][ T5849]  ? do_raw_spin_lock+0x12b/0x2f0
[  228.731654][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  228.731689][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  228.731714][ T5849]  do_writepages+0x32e/0x550
[  228.731754][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  228.731792][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  228.731824][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  228.731905][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  228.731944][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  228.731985][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  228.732055][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  228.732128][ T5849]  ? kfree+0x1c1/0x610
[  228.732156][ T5849]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  228.732192][ T5849]  kill_f2fs_super+0x314/0x720
[  228.732223][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  228.732262][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  228.732304][ T5849]  deactivate_locked_super+0xbc/0x130
[  228.732336][ T5849]  cleanup_mnt+0x437/0x4d0
[  228.732366][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  228.732393][ T5849]  task_work_run+0x1d9/0x270
[  228.732419][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  228.732453][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  228.732477][ T5849]  ? rcu_is_watching+0x15/0xb0
[  228.732509][ T5849]  do_syscall_64+0x2b7/0xf80
[  228.732533][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.732555][ T5849]  ? trace_irq_disable+0x37/0x100
[  228.732583][ T5849]  ? clear_bhb_loop+0x40/0x90
[  228.732611][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.732633][ T5849] RIP: 0033:0x7f753079c117
[  228.732654][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  228.732673][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  228.732696][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  228.732712][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  228.732725][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  228.732741][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  228.732754][ T5849] R13: 00007f753080471f R14: 00000000000378c0 R15: 00007ffc92f79050
[  228.732790][ T5849]  </TASK>
[  228.732800][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  229.069227][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  229.069258][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  229.069271][ T5849] Call Trace:
[  229.069279][ T5849]  <TASK>
[  229.069288][ T5849]  dump_stack_lvl+0xe8/0x150
[  229.069327][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  229.069372][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  229.069415][ T5849]  __submit_merged_bio+0x256/0x650
[  229.069457][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  229.069498][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  229.069555][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  229.069621][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  229.069659][ T5849]  ? unwind_next_frame+0xa5/0x23c0
[  229.069690][ T5849]  ? css_rstat_updated+0x23a/0x530
[  229.069759][ T5849]  ? rcu_is_watching+0x15/0xb0
[  229.069793][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  229.069838][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  229.069875][ T5849]  ? do_raw_spin_lock+0x12b/0x2f0
[  229.069920][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  229.069953][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  229.069977][ T5849]  do_writepages+0x32e/0x550
[  229.070026][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  229.070063][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  229.070094][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  229.070169][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  229.070201][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  229.070237][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  229.070289][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  229.070349][ T5849]  ? kfree+0x1c1/0x610
[  229.070372][ T5849]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  229.070403][ T5849]  kill_f2fs_super+0x314/0x720
[  229.070434][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  229.070467][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  229.070502][ T5849]  deactivate_locked_super+0xbc/0x130
[  229.070530][ T5849]  cleanup_mnt+0x437/0x4d0
[  229.070555][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  229.070578][ T5849]  task_work_run+0x1d9/0x270
[  229.070599][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  229.070627][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  229.070647][ T5849]  ? rcu_is_watching+0x15/0xb0
[  229.070673][ T5849]  do_syscall_64+0x2b7/0xf80
[  229.070694][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.070712][ T5849]  ? trace_irq_disable+0x37/0x100
[  229.070736][ T5849]  ? clear_bhb_loop+0x40/0x90
[  229.070758][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.070778][ T5849] RIP: 0033:0x7f753079c117
[  229.070797][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  229.070813][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  229.070835][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  229.070847][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  229.070859][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  229.070871][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  229.070882][ T5849] R13: 00007f753080471f R14: 00000000000378c0 R15: 00007ffc92f79050
[  229.070913][ T5849]  </TASK>
[  229.403817][ T5833] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  229.427321][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  231.134893][ T7198] loop3: detected capacity change from 0 to 40427
[  231.246026][ T7198] F2FS-fs (loop3): build fault injection rate: 771
[  231.256841][ T1128] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  231.271138][ T7198] F2FS-fs (loop3): invalid crc value
[  231.533603][ T7198] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  231.592043][ T7198] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  231.684801][ T1128] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  231.856701][ T1128] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  232.444954][ T1128] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  232.456231][ T1128] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  232.491677][ T1128] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  232.519999][ T7206] netlink: 28 bytes leftover after parsing attributes in process `syz.0.363'.
[  232.534959][ T1128] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.577215][ T1128] usb 3-1: config 0 descriptor??
[  232.606339][ T1128] usb 3-1: can't set config #0, error -71
[  232.629247][ T1128] usb 3-1: USB disconnect, device number 20
[  233.015469][ T5840] syz-executor: attempt to access beyond end of device
[  233.015469][ T5840] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  233.045117][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  233.045151][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  233.045165][ T5840] Call Trace:
[  233.045174][ T5840]  <TASK>
[  233.045184][ T5840]  dump_stack_lvl+0xe8/0x150
[  233.045222][ T5840]  f2fs_handle_critical_error+0x37c/0x540
[  233.045265][ T5840]  f2fs_write_end_io+0xcdb/0xff0
[  233.045309][ T5840]  __submit_merged_bio+0x256/0x650
[  233.045350][ T5840]  __submit_merged_write_cond+0x3c3/0x4e0
[  233.045401][ T5840]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  233.045459][ T5840]  f2fs_write_data_pages+0x2970/0x35e0
[  233.045482][ T5840]  ? __lock_acquire+0x6b5/0x2cf0
[  233.045547][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.045630][ T5840]  ? lockdep_hardirqs_on+0x7a/0x110
[  233.045669][ T5840]  ? __lock_acquire+0x6b5/0x2cf0
[  233.045723][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.045748][ T5840]  do_writepages+0x32e/0x550
[  233.045786][ T5840]  ? do_raw_spin_unlock+0xf5/0x210
[  233.045825][ T5840]  filemap_fdatawrite+0x1e9/0x2f0
[  233.045857][ T5840]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  233.045935][ T5840]  ? do_raw_spin_unlock+0xf5/0x210
[  233.045972][ T5840]  f2fs_sync_dirty_inodes+0x30e/0x810
[  233.046012][ T5840]  f2fs_write_checkpoint+0x9cf/0x2680
[  233.046074][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  233.046143][ T5840]  ? kfree+0x1c1/0x610
[  233.046169][ T5840]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  233.046212][ T5840]  kill_f2fs_super+0x314/0x720
[  233.046241][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  233.046278][ T5840]  ? lockdep_hardirqs_on+0x7a/0x110
[  233.046314][ T5840]  deactivate_locked_super+0xbc/0x130
[  233.046347][ T5840]  cleanup_mnt+0x437/0x4d0
[  233.046375][ T5840]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.046410][ T5840]  task_work_run+0x1d9/0x270
[  233.046434][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  233.046468][ T5840]  exit_to_user_mode_loop+0xed/0x480
[  233.046492][ T5840]  ? rcu_is_watching+0x15/0xb0
[  233.046523][ T5840]  do_syscall_64+0x2b7/0xf80
[  233.046548][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.046569][ T5840]  ? trace_irq_disable+0x37/0x100
[  233.046597][ T5840]  ? clear_bhb_loop+0x40/0x90
[  233.046624][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.046646][ T5840] RIP: 0033:0x7f097bf9c117
[  233.046668][ T5840] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  233.046686][ T5840] RSP: 002b:00007ffc1ad93248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  233.046709][ T5840] RAX: 0000000000000000 RBX: 00007f097c00471f RCX: 00007f097bf9c117
[  233.046724][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1ad93300
[  233.046737][ T5840] RBP: 00007ffc1ad93300 R08: 00007ffc1ad94300 R09: 00000000ffffffff
[  233.046752][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1ad94390
[  233.046765][ T5840] R13: 00007f097c00471f R14: 0000000000038ba0 R15: 00007ffc1ad943d0
[  233.046801][ T5840]  </TASK>
[  233.048517][ T5840] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  233.379008][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  233.379041][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  233.379054][ T5840] Call Trace:
[  233.379064][ T5840]  <TASK>
[  233.379073][ T5840]  dump_stack_lvl+0xe8/0x150
[  233.379110][ T5840]  f2fs_handle_critical_error+0x37c/0x540
[  233.379153][ T5840]  f2fs_write_end_io+0xcdb/0xff0
[  233.379197][ T5840]  __submit_merged_bio+0x256/0x650
[  233.379237][ T5840]  __submit_merged_write_cond+0x3c3/0x4e0
[  233.379279][ T5840]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  233.379337][ T5840]  f2fs_write_data_pages+0x2970/0x35e0
[  233.379358][ T5840]  ? __lock_acquire+0x6b5/0x2cf0
[  233.379421][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.379504][ T5840]  ? lockdep_hardirqs_on+0x7a/0x110
[  233.379541][ T5840]  ? __lock_acquire+0x6b5/0x2cf0
[  233.379595][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.379619][ T5840]  do_writepages+0x32e/0x550
[  233.379665][ T5840]  ? do_raw_spin_unlock+0xf5/0x210
[  233.379701][ T5840]  filemap_fdatawrite+0x1e9/0x2f0
[  233.379734][ T5840]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  233.379812][ T5840]  ? do_raw_spin_unlock+0xf5/0x210
[  233.379850][ T5840]  f2fs_sync_dirty_inodes+0x30e/0x810
[  233.379892][ T5840]  f2fs_write_checkpoint+0x9cf/0x2680
[  233.379955][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  233.380025][ T5840]  ? kfree+0x1c1/0x610
[  233.380051][ T5840]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  233.380088][ T5840]  kill_f2fs_super+0x314/0x720
[  233.380119][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  233.380157][ T5840]  ? lockdep_hardirqs_on+0x7a/0x110
[  233.380197][ T5840]  deactivate_locked_super+0xbc/0x130
[  233.380229][ T5840]  cleanup_mnt+0x437/0x4d0
[  233.380258][ T5840]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.380285][ T5840]  task_work_run+0x1d9/0x270
[  233.380310][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  233.380344][ T5840]  exit_to_user_mode_loop+0xed/0x480
[  233.380367][ T5840]  ? rcu_is_watching+0x15/0xb0
[  233.380398][ T5840]  do_syscall_64+0x2b7/0xf80
[  233.380423][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.380444][ T5840]  ? trace_irq_disable+0x37/0x100
[  233.380471][ T5840]  ? clear_bhb_loop+0x40/0x90
[  233.380498][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.380520][ T5840] RIP: 0033:0x7f097bf9c117
[  233.380541][ T5840] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  233.380560][ T5840] RSP: 002b:00007ffc1ad93248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  233.380584][ T5840] RAX: 0000000000000000 RBX: 00007f097c00471f RCX: 00007f097bf9c117
[  233.380599][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1ad93300
[  233.380613][ T5840] RBP: 00007ffc1ad93300 R08: 00007ffc1ad94300 R09: 00000000ffffffff
[  233.380628][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1ad94390
[  233.380647][ T5840] R13: 00007f097c00471f R14: 0000000000038ba0 R15: 00007ffc1ad943d0
[  233.380683][ T5840]  </TASK>
[  233.380692][ T5840] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  234.718994][ T7237] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  235.521563][ T7236] syzkaller0: entered promiscuous mode
[  235.536780][ T7236] syzkaller0: entered allmulticast mode
[  235.745945][ T1128] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  235.986884][ T1128] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  236.024396][ T1128] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  236.037653][ T1128] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  236.061751][ T1128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  236.071908][ T1128] usb 1-1: SerialNumber: syz
[  236.321740][ T1128] usb 1-1: 0:2 : does not exist
[  236.399088][ T1128] usb 1-1: USB disconnect, device number 13
[  236.477967][ T6897] udevd[6897]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  236.676000][ T7262] overlayfs: failed to clone upperpath
[  236.741602][ T7258] netlink: 28 bytes leftover after parsing attributes in process `syz.4.383'.
[  237.075503][ T5892] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  237.246501][ T5892] usb 4-1: Using ep0 maxpacket: 32
[  237.254001][ T5892] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  237.264117][ T5892] usb 4-1: config 0 has no interface number 0
[  237.276876][ T5892] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  237.467803][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.476323][ T5892] usb 4-1: Product: syz
[  237.480604][ T5892] usb 4-1: Manufacturer: syz
[  237.485361][ T5892] usb 4-1: SerialNumber: syz
[  237.503527][ T7276] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  237.512808][ T5892] usb 4-1: config 0 descriptor??
[  237.536309][ T5892] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  237.746535][ T5892] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  237.795235][ T5892] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  237.947263][    T9] usb 4-1: USB disconnect, device number 20
[  237.955053][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  237.965573][   T24] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  237.984399][    T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  238.022781][    T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  238.040620][    T9] quatech2 4-1:0.51: device disconnected
[  238.135996][   T24] usb 1-1: no configurations
[  238.141274][   T24] usb 1-1: can't read configurations, error -22
[  238.285239][   T24] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  238.483283][   T24] usb 1-1: no configurations
[  238.488194][   T24] usb 1-1: can't read configurations, error -22
[  238.495371][   T24] usb usb1-port1: attempt power cycle
[  238.849595][   T24] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  238.893302][   T24] usb 1-1: no configurations
[  238.901162][   T24] usb 1-1: can't read configurations, error -22
[  239.065000][   T24] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  239.096590][   T24] usb 1-1: no configurations
[  239.102438][   T24] usb 1-1: can't read configurations, error -22
[  239.130143][   T24] usb usb1-port1: unable to enumerate USB device
[  239.207904][ T7293] overlayfs: failed to clone upperpath
[  240.168398][ T7299] netlink: 'syz.1.399': attribute type 4 has an invalid length.
[  240.176272][ T7299] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.399'.
[  240.501218][ T7303] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  240.540245][ T5892] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  240.759397][ T7307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.402'.
[  240.786570][ T5892] usb 4-1: Using ep0 maxpacket: 32
[  240.810351][ T5892] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  240.819301][ T5892] usb 4-1: config 0 has no interface number 0
[  240.847371][ T5892] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  240.867381][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.884969][ T5892] usb 4-1: Product: syz
[  240.894229][ T5892] usb 4-1: Manufacturer: syz
[  240.913485][ T5892] usb 4-1: SerialNumber: syz
[  240.933028][ T5892] usb 4-1: config 0 descriptor??
[  240.959028][ T5892] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  241.076705][   T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  241.159555][ T5892] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  241.207147][ T5892] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  241.264982][   T24] usb 5-1: Using ep0 maxpacket: 32
[  241.281001][   T24] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  241.300308][   T24] usb 5-1: config 0 has no interface number 0
[  241.323619][   T24] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  241.344563][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.360168][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  241.368350][ T5929] usb 4-1: USB disconnect, device number 21
[  241.385273][   T24] usb 5-1: Product: syz
[  241.389518][   T24] usb 5-1: Manufacturer: syz
[  241.409419][   T24] usb 5-1: SerialNumber: syz
[  241.420381][ T5929] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  241.433183][   T24] usb 5-1: config 0 descriptor??
[  241.456519][ T5929] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  241.477060][   T24] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  241.487985][ T5929] quatech2 4-1:0.51: device disconnected
[  241.593338][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.0.405'.
[  241.660293][   T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  241.828484][   T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  241.965578][ T7322] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  241.972190][ T7322] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  242.017218][ T7322] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  242.023357][ T7322] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  242.068111][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  242.079935][ T7322] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  242.086022][ T7322] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  242.092583][   T24] usb 5-1: USB disconnect, device number 23
[  242.137832][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  242.152267][ T7322] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  242.162703][ T7322] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  242.199867][ T7322] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  242.206055][ T7322] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  242.217132][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  242.346840][   T24] quatech2 5-1:0.51: device disconnected
[  242.780303][ T7333] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  242.867592][ T7329] overlay: Unknown parameter 'subj_user'
[  243.145750][ T7339] 8021q: adding VLAN 0 to HW filter on device batadv1
[  243.199008][ T7339] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  243.717892][ T5892] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  243.916699][ T5892] usb 5-1: no configurations
[  243.921390][ T5892] usb 5-1: can't read configurations, error -22
[  243.930959][ T5846] Bluetooth: hci0: command 0x0406 tx timeout
[  244.065958][ T5892] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  244.085279][ T5846] Bluetooth: hci1: command 0x0406 tx timeout
[  244.104955][ T5836] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  244.165414][ T5846] Bluetooth: hci2: command 0x0406 tx timeout
[  244.235718][ T5892] usb 5-1: no configurations
[  244.235744][ T5892] usb 5-1: can't read configurations, error -22
[  244.236554][ T5892] usb usb5-port1: attempt power cycle
[  244.244983][ T5846] Bluetooth: hci4: command 0x0406 tx timeout
[  244.245029][ T5846] Bluetooth: hci3: command 0x0406 tx timeout
[  244.303138][ T5836] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  244.303177][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  244.303206][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  244.303232][ T5836] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  244.303278][ T5836] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  244.303305][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.306620][ T5836] usb 3-1: config 0 descriptor??
[  244.574975][ T5892] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  244.596277][ T5892] usb 5-1: no configurations
[  244.596312][ T5892] usb 5-1: can't read configurations, error -22
[  244.723727][ T5836] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max
[  244.735000][ T5892] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  244.756120][ T5892] usb 5-1: no configurations
[  244.756144][ T5892] usb 5-1: can't read configurations, error -22
[  244.756449][ T5892] usb usb5-port1: unable to enumerate USB device
[  244.783903][ T5836] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  245.184542][ T7362] netlink: 28 bytes leftover after parsing attributes in process `syz.1.423'.
[  245.219676][ T7368] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  245.837186][ T7378] loop3: detected capacity change from 0 to 128
[  245.854515][ T7378] EXT4-fs: Ignoring removed nobh option
[  245.879086][ T7379] overlay: Unknown parameter 'subj_user'
[  245.975121][ T7378] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  246.005621][ T5156] Bluetooth: hci0: command 0x0406 tx timeout
[  246.043346][ T7378] ext4 filesystem being mounted at /68/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  246.165825][ T5156] Bluetooth: hci1: command 0x0406 tx timeout
[  246.244961][ T5156] Bluetooth: hci2: command 0x0406 tx timeout
[  246.354260][ T5156] Bluetooth: hci3: command 0x0406 tx timeout
[  246.361249][ T5156] Bluetooth: hci4: command 0x0406 tx timeout
[  248.262372][ T7394] loop4: detected capacity change from 0 to 40427
[  248.347425][ T7394] F2FS-fs (loop4): build fault injection rate: 771
[  248.358735][ T7394] F2FS-fs (loop4): invalid crc value
[  248.535601][ T7394] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  248.678452][ T7394] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  248.781782][ T5892] usb 3-1: USB disconnect, device number 21
[  249.581597][ T5840] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  250.007696][ T7408] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  250.111408][ T5849] syz-executor: attempt to access beyond end of device
[  250.111408][ T5849] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  250.137442][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  250.137485][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  250.137505][ T5849] Call Trace:
[  250.137513][ T5849]  <TASK>
[  250.137523][ T5849]  dump_stack_lvl+0xe8/0x150
[  250.137560][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  250.137603][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  250.137647][ T5849]  __submit_merged_bio+0x256/0x650
[  250.137688][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  250.137731][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  250.137789][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  250.137821][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  250.137886][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.137930][ T5849]  ? unwind_next_frame+0xa5/0x23c0
[  250.137961][ T5849]  ? css_rstat_updated+0x23a/0x530
[  250.138025][ T5849]  ? rcu_is_watching+0x15/0xb0
[  250.138057][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  250.138099][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  250.138135][ T5849]  ? do_raw_spin_lock+0x12b/0x2f0
[  250.138180][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  250.138214][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.138239][ T5849]  do_writepages+0x32e/0x550
[  250.138278][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  250.138327][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  250.138358][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  250.138439][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  250.138475][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  250.138514][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  250.138574][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  250.138642][ T5849]  ? kfree+0x1c1/0x610
[  250.138667][ T5849]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  250.138720][ T5849]  kill_f2fs_super+0x314/0x720
[  250.138751][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  250.138790][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  250.138839][ T5849]  deactivate_locked_super+0xbc/0x130
[  250.138871][ T5849]  cleanup_mnt+0x437/0x4d0
[  250.138901][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  250.138929][ T5849]  task_work_run+0x1d9/0x270
[  250.138954][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  250.138987][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  250.139011][ T5849]  ? rcu_is_watching+0x15/0xb0
[  250.139042][ T5849]  do_syscall_64+0x2b7/0xf80
[  250.139067][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.139088][ T5849]  ? trace_irq_disable+0x37/0x100
[  250.139116][ T5849]  ? clear_bhb_loop+0x40/0x90
[  250.139143][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.139165][ T5849] RIP: 0033:0x7f753079c117
[  250.139186][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  250.139205][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  250.139228][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  250.139243][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  250.139257][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  250.139272][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  250.139286][ T5849] R13: 00007f753080471f R14: 000000000003ce00 R15: 00007ffc92f79050
[  250.139322][ T5849]  </TASK>
[  250.143596][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  250.664291][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  250.664325][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  250.664338][ T5849] Call Trace:
[  250.664347][ T5849]  <TASK>
[  250.664355][ T5849]  dump_stack_lvl+0xe8/0x150
[  250.664394][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[  250.664437][ T5849]  f2fs_write_end_io+0xcdb/0xff0
[  250.664479][ T5849]  __submit_merged_bio+0x256/0x650
[  250.664519][ T5849]  __submit_merged_write_cond+0x3c3/0x4e0
[  250.664561][ T5849]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  250.664621][ T5849]  f2fs_write_data_pages+0x2970/0x35e0
[  250.664644][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  250.664712][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.664750][ T5849]  ? unwind_next_frame+0xa5/0x23c0
[  250.664816][ T5849]  ? css_rstat_updated+0x23a/0x530
[  250.664881][ T5849]  ? rcu_is_watching+0x15/0xb0
[  250.664914][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  250.664957][ T5849]  ? __lock_acquire+0x6b5/0x2cf0
[  250.664995][ T5849]  ? do_raw_spin_lock+0x12b/0x2f0
[  250.665043][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  250.665077][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.665102][ T5849]  do_writepages+0x32e/0x550
[  250.665145][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  250.665185][ T5849]  filemap_fdatawrite+0x1e9/0x2f0
[  250.665217][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  250.665305][ T5849]  ? do_raw_spin_unlock+0xf5/0x210
[  250.665345][ T5849]  f2fs_sync_dirty_inodes+0x30e/0x810
[  250.665390][ T5849]  f2fs_write_checkpoint+0x9cf/0x2680
[  250.665457][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  250.665534][ T5849]  ? kfree+0x1c1/0x610
[  250.665561][ T5849]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  250.665599][ T5849]  kill_f2fs_super+0x314/0x720
[  250.665629][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[  250.665667][ T5849]  ? lockdep_hardirqs_on+0x7a/0x110
[  250.665710][ T5849]  deactivate_locked_super+0xbc/0x130
[  250.665743][ T5849]  cleanup_mnt+0x437/0x4d0
[  250.665780][ T5849]  ? _raw_spin_unlock_irq+0x23/0x50
[  250.665808][ T5849]  task_work_run+0x1d9/0x270
[  250.665835][ T5849]  ? __pfx_task_work_run+0x10/0x10
[  250.665869][ T5849]  exit_to_user_mode_loop+0xed/0x480
[  250.665894][ T5849]  ? rcu_is_watching+0x15/0xb0
[  250.665926][ T5849]  do_syscall_64+0x2b7/0xf80
[  250.665951][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.665973][ T5849]  ? trace_irq_disable+0x37/0x100
[  250.666000][ T5849]  ? clear_bhb_loop+0x40/0x90
[  250.666029][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.666050][ T5849] RIP: 0033:0x7f753079c117
[  250.666072][ T5849] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  250.666091][ T5849] RSP: 002b:00007ffc92f77ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  250.666115][ T5849] RAX: 0000000000000000 RBX: 00007f753080471f RCX: 00007f753079c117
[  250.666131][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc92f77f80
[  250.666144][ T5849] RBP: 00007ffc92f77f80 R08: 00007ffc92f78f80 R09: 00000000ffffffff
[  250.666159][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc92f79010
[  250.666173][ T5849] R13: 00007f753080471f R14: 000000000003ce00 R15: 00007ffc92f79050
[  250.666213][ T5849]  </TASK>
[  251.006605][ T7404] netlink: 28 bytes leftover after parsing attributes in process `syz.0.438'.
[  251.027585][ T5849] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  251.103676][ T7416] overlay: Unknown parameter 'subj_user'
[  251.365244][    T9] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  251.546866][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  251.565760][    T9] usb 4-1: config 0 has no interfaces?
[  251.589824][    T9] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  251.617160][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.627638][    T9] usb 4-1: Product: syz
[  251.631897][    T9] usb 4-1: Manufacturer: syz
[  251.637901][    T9] usb 4-1: SerialNumber: syz
[  251.655045][ T5921] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  251.677928][    T9] usb 4-1: config 0 descriptor??
[  251.815171][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  251.827253][ T5921] usb 1-1: config 3 has an invalid interface number: 116 but max is 0
[  251.835938][ T5921] usb 1-1: config 3 has no interface number 0
[  251.842222][ T5921] usb 1-1: config 3 interface 116 has no altsetting 0
[  251.852409][ T5921] usb 1-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=26.6d
[  251.862156][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.870591][ T5921] usb 1-1: Product: syz
[  251.875708][ T5921] usb 1-1: Manufacturer: syz
[  251.880355][ T5921] usb 1-1: SerialNumber: syz
[  251.968199][ T5917] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  252.105946][ T5921] viperboard 1-1:3.116: version 0.00 found at bus 001 address 018
[  252.125676][ T5921] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  252.135829][ T5921] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  252.146288][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.146322][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  252.146367][ T5917] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  252.146393][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.188976][ T5917] usb 3-1: config 0 descriptor??
[  252.210610][ T5921] usb 1-1: USB disconnect, device number 18
[  252.368318][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  252.368338][   T30] audit: type=1326 audit(2000000113.420:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.448" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8c479aeb9 code=0x0
[  252.805186][ T5917] usbhid 3-1:0.0: can't add hid device: -71
[  252.822144][ T5917] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  252.856483][ T5917] usb 3-1: USB disconnect, device number 22
[  253.025143][   T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  253.232099][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  253.273051][   T24] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  253.317542][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.380626][   T24] usb 5-1: config 0 descriptor??
[  253.404547][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[  253.561881][ T7452] netlink: 20 bytes leftover after parsing attributes in process `syz.2.453'.
[  253.608187][ T7452] geneve2: entered promiscuous mode
[  253.844168][   T24] pwc: recv_control_msg error -32 req 02 val 2b00
[  253.860529][   T24] pwc: recv_control_msg error -32 req 02 val 2700
[  253.874260][ T7457] loop0: detected capacity change from 0 to 128
[  253.884663][   T24] pwc: recv_control_msg error -32 req 02 val 2c00
[  253.896577][   T24] pwc: recv_control_msg error -32 req 04 val 1000
[  253.912672][ T7457] EXT4-fs: Ignoring removed nobh option
[  253.918115][   T24] pwc: recv_control_msg error -32 req 04 val 1300
[  253.939198][   T24] pwc: recv_control_msg error -32 req 04 val 1400
[  253.958009][   T24] pwc: recv_control_msg error -32 req 02 val 2000
[  254.817986][ T7457] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  254.862466][   T24] pwc: recv_control_msg error -32 req 04 val 1500
[  254.882863][   T24] pwc: recv_control_msg error -32 req 02 val 2500
[  254.902737][   T24] pwc: recv_control_msg error -32 req 02 val 2400
[  254.911943][ T7457] ext4 filesystem being mounted at /86/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  254.981347][   T24] pwc: recv_control_msg error -32 req 02 val 2600
[  255.009505][   T30] audit: type=1800 audit(2000000116.060:55): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.456" name="nullb0" dev="tmpfs" ino=783 res=0 errno=0
[  255.048144][   T24] pwc: recv_control_msg error -32 req 02 val 2900
[  255.074216][   T24] pwc: recv_control_msg error -32 req 02 val 2800
[  255.100731][    T9] usb 4-1: USB disconnect, device number 22
[  255.299944][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[  255.327960][   T24] pwc: Registered as video103.
[  255.345588][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input16
[  255.404089][   T24] usb 5-1: USB disconnect, device number 28
[  255.523393][ T5833] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  255.577537][    T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  255.770657][ T7485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.461'.
[  255.946555][    T9] usb 4-1: Using ep0 maxpacket: 32
[  256.095246][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  256.115243][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  256.189316][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  256.265194][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  256.557243][    T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  256.565740][    T9] usb 4-1: config 0 has no interface number 0
[  256.574314][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  256.583893][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.592314][    T9] usb 4-1: Product: syz
[  256.596988][    T9] usb 4-1: Manufacturer: syz
[  256.602595][    T9] usb 4-1: SerialNumber: syz
[  256.619806][    T9] usb 4-1: config 0 descriptor??
[  256.632647][    T9] smsc95xx v2.0.0
[  256.658812][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  256.667690][    T0] NOHZ tick-stop error: local softirq work is pending, handler #308!!!
[  256.676805][    T0] NOHZ tick-stop error: local softirq work is pending, handler #308!!!
[  256.844117][ T7489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.462'.
[  256.925585][ T7492] overlayfs: failed to clone upperpath
[  256.931270][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[  256.940213][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[  256.965453][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[  257.191648][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  257.221031][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  257.628822][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  257.641047][ T5921] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  257.682238][    T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -32
[  258.383287][ T5917] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  258.785398][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.794067][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  258.814925][ T5917] usb 1-1: config 0 has no interfaces?
[  258.820545][ T5917] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  258.834432][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.861730][ T5917] usb 1-1: config 0 descriptor??
[  258.880476][   T24] usb 4-1: USB disconnect, device number 23
[  258.950038][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  258.966955][ T5921] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  258.980205][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.993793][ T5921] usb 3-1: config 0 descriptor??
[  259.313838][ T7515] netlink: 'syz.3.470': attribute type 4 has an invalid length.
[  259.321608][ T7515] netlink: 1601 bytes leftover after parsing attributes in process `syz.3.470'.
[  259.332844][ T5917] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  259.992063][ T5892] usb 1-1: USB disconnect, device number 19
[  260.078784][ T5917] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  260.136094][ T5917] usb 5-1: config 0 has no interfaces?
[  260.160572][ T5917] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  260.191432][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.237309][ T5917] usb 5-1: Product: syz
[  260.256418][ T5917] usb 5-1: Manufacturer: syz
[  260.275905][ T5917] usb 5-1: SerialNumber: syz
[  260.281999][ T5921] usbhid 3-1:0.0: can't add hid device: -71
[  260.295389][ T5921] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  260.320676][ T5917] usb 5-1: config 0 descriptor??
[  260.364984][ T5921] usb 3-1: USB disconnect, device number 23
[  260.594974][    T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  260.775863][    T9] usb 4-1: Using ep0 maxpacket: 32
[  260.783714][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  260.793396][    T9] usb 4-1: config 0 has no interfaces?
[  260.809090][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  260.828924][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.845612][    T9] usb 4-1: Product: syz
[  260.852067][    T9] usb 4-1: Manufacturer: syz
[  260.859215][    T9] usb 4-1: SerialNumber: syz
[  260.869560][    T9] usb 4-1: config 0 descriptor??
[  260.973849][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  260.980867][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  261.142482][ T7521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.195044][ T5156] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  261.208675][ T7521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.285982][ T5917] usb 4-1: USB disconnect, device number 24
[  261.645032][ T5921] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  261.805641][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  261.816278][ T5921] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  261.833489][ T5921] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  261.842186][ T5921] usb 3-1: config 0 has no interface number 0
[  261.862750][ T5921] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  261.910789][ T5921] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  261.940729][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  262.047611][ T5892] usb 5-1: USB disconnect, device number 29
[  262.099039][ T5921] usb 3-1: Product: syz
[  262.147600][ T5921] usb 3-1: config 0 descriptor??
[  262.442228][ T7558] netlink: 'syz.3.484': attribute type 4 has an invalid length.
[  262.450087][ T7558] netlink: 1601 bytes leftover after parsing attributes in process `syz.3.484'.
[  262.776730][ T5921] usb 3-1: USB disconnect, device number 24
[  263.185038][ T7562] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  263.191920][ T7562] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  263.261144][ T7562] vhci_hcd vhci_hcd.0: Device attached
[  263.504370][ T7563] vhci_hcd: connection closed
[  263.507230][   T70] vhci_hcd vhci_hcd.4: stop threads
[  263.519875][ T7568] loop3: detected capacity change from 0 to 128
[  263.529490][   T70] vhci_hcd vhci_hcd.4: release socket
[  263.576115][   T70] vhci_hcd vhci_hcd.4: disconnect device
[  263.619050][ T5921] usb 42-1: enqueue for inactive port 0
[  263.737747][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  264.735053][ T7574] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  264.742687][ T7574] FAT-fs (loop3): Filesystem has been set read-only
[  265.796829][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.337593][ T7578] netlink: 'syz.0.488': attribute type 4 has an invalid length.
[  266.766743][ T5921] usb usb42-port1: attempt power cycle
[  266.787705][    T9] usb 3-1: config 0 has no interfaces?
[  266.793325][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  266.888308][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.016031][    T9] usb 3-1: config 0 descriptor??
[  267.030268][    T9] usb 3-1: can't set config #0, error -71
[  267.371233][ T5921] usb usb42-port1: unable to enumerate USB device
[  267.515082][ T5892] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  267.539644][    T9] usb 3-1: USB disconnect, device number 25
[  267.675158][ T5892] usb 1-1: Using ep0 maxpacket: 8
[  267.683080][ T7590] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'.
[  267.701659][ T5892] usb 1-1: config 3 has an invalid interface number: 116 but max is 0
[  267.720530][ T5892] usb 1-1: config 3 has no interface number 0
[  267.733605][ T5892] usb 1-1: config 3 interface 116 has no altsetting 0
[  267.737639][ T7590] netlink: 'syz.3.494': attribute type 25 has an invalid length.
[  267.769382][ T5892] usb 1-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=26.6d
[  267.785078][ T7590] netlink: 'syz.3.494': attribute type 23 has an invalid length.
[  267.794918][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.810308][ T5892] usb 1-1: Product: syz
[  267.832239][ T5892] usb 1-1: Manufacturer: syz
[  267.842385][ T5892] usb 1-1: SerialNumber: syz
[  267.855265][    T9] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  268.058109][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  268.085682][    T9] usb 3-1: config 0 has no interfaces?
[  268.104351][    T9] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  268.130608][ T5892] viperboard 1-1:3.116: version 0.00 found at bus 001 address 020
[  268.134197][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.175552][    T9] usb 3-1: Product: syz
[  268.197445][    T9] usb 3-1: Manufacturer: syz
[  268.203330][    T9] usb 3-1: SerialNumber: syz
[  268.220675][    T9] usb 3-1: config 0 descriptor??
[  268.227851][ T5892] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  268.251427][ T5892] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  268.290567][ T5892] usb 1-1: USB disconnect, device number 20
[  268.699244][ T5929] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  269.865044][ T5929] usb 4-1: Using ep0 maxpacket: 32
[  269.899190][ T5929] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  269.915968][ T5929] usb 4-1: config 0 has no interface number 0
[  269.928255][ T5929] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  269.940815][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.985790][ T5929] usb 4-1: Product: syz
[  269.990025][ T5929] usb 4-1: Manufacturer: syz
[  269.994690][ T5929] usb 4-1: SerialNumber: syz
[  270.003241][ T5929] usb 4-1: config 0 descriptor??
[  270.032326][ T5929] smsc95xx v2.0.0
[  270.044976][ T5892] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  270.091586][   T24] usb 3-1: USB disconnect, device number 26
[  270.185478][ T5892] usb 1-1: device descriptor read/64, error -71
[  270.449112][ T5929] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  270.465009][ T5892] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  270.485692][ T5929] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  270.605102][   T24] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  270.625192][ T5892] usb 1-1: device descriptor read/64, error -71
[  270.709106][ T5929] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  270.726347][ T5929] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61
[  270.747207][ T5892] usb usb1-port1: attempt power cycle
[  270.778186][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  270.813435][   T24] usb 3-1: config 0 has no interfaces?
[  270.830265][   T24] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  270.856573][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.888696][   T24] usb 3-1: config 0 descriptor??
[  271.307518][ T5892] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  271.355988][ T5892] usb 1-1: device descriptor read/8, error -71
[  272.003018][   T24] usb 3-1: USB disconnect, device number 27
[  272.104479][ T5921] usb 4-1: USB disconnect, device number 25
[  272.125013][ T5892] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  272.231789][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.504'.
[  272.251938][ T7633] loop3: detected capacity change from 0 to 256
[  272.271697][ T7633] vfat: Unknown parameter 'shor†name'
[  272.287179][ T7631] netlink: 'syz.0.504': attribute type 10 has an invalid length.
[  272.354935][ T5892] usb 1-1: device not accepting address 24, error -71
[  272.363632][ T7631] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  272.393104][ T5892] usb usb1-port1: unable to enumerate USB device
[  272.884941][ T5892] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  273.045012][ T5892] usb 1-1: Using ep0 maxpacket: 32
[  273.067083][ T5892] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  273.078405][ T5892] usb 1-1: config 0 has no interface number 0
[  273.093464][ T5892] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  273.103363][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.111897][ T5892] usb 1-1: Product: syz
[  273.133874][ T5892] usb 1-1: Manufacturer: syz
[  273.143897][ T5892] usb 1-1: SerialNumber: syz
[  273.378215][ T5892] usb 1-1: config 0 descriptor??
[  273.407320][ T7641] loop4: detected capacity change from 0 to 40427
[  273.416775][ T5892] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  273.628262][ T7641] F2FS-fs (loop4): build fault injection rate: 174
[  273.827231][ T7641] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  274.105713][    C1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
[  274.117704][    C1] KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
[  274.126294][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  274.135586][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  274.145726][    C1] RIP: 0010:__queue_work+0xa2/0xf90
[  274.151214][    C1] Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
[  274.170923][    C1] RSP: 0018:ffffc900001d7598 EFLAGS: 00010002
[  274.177124][    C1] RAX: 0000000000000038 RBX: 0000000000000008 RCX: 0000000000040000
[  274.185173][    C1] RDX: ffffc90002352000 RSI: 000000000000020a RDI: 000000000000020b
[  274.193223][    C1] RBP: 0000000000000000 R08: ffff88804e90201f R09: 1ffff11009d20403
[  274.201374][    C1] R10: dffffc0000000000 R11: ffffed1009d20404 R12: dffffc0000000000
[  274.209440][    C1] R13: ffff88804e902018 R14: 00000000000001c0 R15: 0000000000000000
[  274.217512][    C1] FS:  0000000000000000(0000) GS:ffff8881253b4000(0000) knlGS:0000000000000000
[  274.226601][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  274.233237][    C1] CR2: 0000001b30f24220 CR3: 0000000033ff2000 CR4: 00000000003526f0
[  274.241313][    C1] Call Trace:
[  274.244644][    C1]  <TASK>
[  274.247620][    C1]  ? __asan_memcpy+0x40/0x70
[  274.252404][    C1]  ? __tty_insert_flip_string_flags+0x3e9/0x430
[  274.258760][    C1]  queue_work_on+0x106/0x1d0
[  274.263466][    C1]  qt2_read_bulk_callback+0xe96/0x1030
[  274.269033][    C1]  ? __pfx_qt2_read_bulk_callback+0x10/0x10
[  274.275107][    C1]  ? kcov_remote_start+0x88/0x7a0
[  274.280233][    C1]  ? kcov_remote_start+0x88/0x7a0
[  274.285363][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[  274.290825][    C1]  dummy_timer+0xbbd/0x45d0
[  274.295454][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  274.300473][    C1]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  274.306365][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  274.311376][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  274.316409][    C1]  __hrtimer_run_queues+0x529/0xc30
[  274.321731][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  274.327543][    C1]  ? read_tsc+0x9/0x20
[  274.331720][    C1]  hrtimer_run_softirq+0x182/0x5a0
[  274.336930][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  274.342050][    C1]  handle_softirqs+0x22a/0x7c0
[  274.346906][    C1]  ? run_ksoftirqd+0x36/0x60
[  274.351618][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  274.356733][    C1]  run_ksoftirqd+0x36/0x60
[  274.361253][    C1]  smpboot_thread_fn+0x541/0xa50
[  274.366304][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  274.371441][    C1]  kthread+0x388/0x470
[  274.375618][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  274.381181][    C1]  ? __pfx_kthread+0x10/0x10
[  274.385887][    C1]  ret_from_fork+0x51b/0xa40
[  274.390592][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  274.395829][    C1]  ? __switch_to+0xc7d/0x1400
[  274.400575][    C1]  ? __pfx_kthread+0x10/0x10
[  274.405260][    C1]  ret_from_fork_asm+0x1a/0x30
[  274.410084][    C1]  </TASK>
[  274.413123][    C1] Modules linked in:
[  274.417071][    C1] ---[ end trace 0000000000000000 ]---
[  274.422554][    C1] RIP: 0010:__queue_work+0xa2/0xf90
[  274.427804][    C1] Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
[  274.447968][    C1] RSP: 0018:ffffc900001d7598 EFLAGS: 00010002
[  274.454071][    C1] RAX: 0000000000000038 RBX: 0000000000000008 RCX: 0000000000040000
[  274.462069][    C1] RDX: ffffc90002352000 RSI: 000000000000020a RDI: 000000000000020b
[  274.470062][    C1] RBP: 0000000000000000 R08: ffff88804e90201f R09: 1ffff11009d20403
[  274.478064][    C1] R10: dffffc0000000000 R11: ffffed1009d20404 R12: dffffc0000000000
[  274.486060][    C1] R13: ffff88804e902018 R14: 00000000000001c0 R15: 0000000000000000
[  274.494055][    C1] FS:  0000000000000000(0000) GS:ffff8881253b4000(0000) knlGS:0000000000000000
[  274.503010][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  274.509613][    C1] CR2: 0000001b30f24220 CR3: 0000000033ff2000 CR4: 00000000003526f0
[  274.517617][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  274.525467][    C1] Kernel Offset: disabled
[  274.529806][    C1] Rebooting in 86400 seconds..