last executing test programs:

2m26.372953494s ago: executing program 1 (id=197):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000351930404516080036cf000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x24, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m24.792766705s ago: executing program 1 (id=211):
r0 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef)
setsockopt$sock_attach_bpf(r0, 0x1, 0x44, &(0x7f0000000340), 0x4)

2m24.513443479s ago: executing program 1 (id=213):
r0 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000003c0)={0x2, 0x101, 0x0, {0x80400000, 0x1, 0x2, 0x8800001}})

2m24.513203714s ago: executing program 1 (id=214):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@jqfmt_vfsold}, {@minixdf}, {@quota}]}, 0x3, 0x43b, &(0x7f0000000440)="$eJzs3MtvG0UYAPBv7TglfZC0Ko+mBQIFEfFImlBKDxwAgcQBJCQ4lGNI0irUbVATJFpFEBAqR1SJO+KIxF/ACS4IOCFxhTuqVKFcWjgZrb2b2I6dJqlTl/r3k7ae2R1r5vPu2DM73QTQs0bSf5KIvRHxR0QM1rKNBUZqLzdWlqb/WVmaTqJSefvvpFru+srSdF40f9+ePNMXUfg8icMt6l24eOnsVLk8eyHLjy+e+2B84eKlZ+fOTZ2ZPTN7fvLkyePPTbxwYvL5jsSZxnV9+OP5I4def/fKm9Onrrz3y3dJHn9THB0ystHBJyqVDlfXXfvq0klfFxvClhRr3TRK1f4/GMVYO3mD8dpnXW0csKMqlUrl/vaHlyvAXSyJbrcA6I78hz6d/+bbbRp63BGuvVybAKVx38i22pG+KGRlSk3z204aiYhTy/9+nW6xM/chAAAa/JCOf55pNf4rRP19oXuzNZShiNgfEQci4kREHIyI+yKqZR+IiAe3WH/zIsn68U/h6rYC26R0/PditrbVOP7LR38xVMxy+6rxl5LTc+XZY9lnMhqlXWl+YoM6fnz19y+b9w1kr/Xjv3RL68/Hglk7rvbtanzvzNTi1K3Gnbv2acRwX6v4k9WVgCQiDkXE8DbrmHvq2yPtjt08/g10YJ2p8k3Ek7XzvxxN8eeSjdcnx++J8uyx8fyqWO/X3y6/1a7+W4q/A9Lzv7vl9b8a/1BSv167sPU6Lv/5Rds5zXav//7knYZ9H00tLl6YiOhP3qg1un7/ZFO5ybXyafyjR1v3/wOx9kkcjoj0In4oIh6OiEeytj8aEY9FxNEN4v/5lcff3378OyuNf2ZL538t0R/Ne1onimd/+r6h0qGtxJ+e/+PV1Gi2ZzPff5tp1/auZgAAAPj/KUTE3kgKY6vpQmFsrPZ/+A/G7kJ5fmHx6dPzH56fqT0jMBSlQn6na7DufuhENq3P85P1+Zdqde2PiK+KA9XjY9Pz5ZluBw89bk+b/p/6q9jt1gE7zvNa0Lv0f+hd+j/0Lv0feleL/j9QvbsP3PVa/f5/0oV2ALdfU/+37Ac9xPwfepf+D71L/4eetDAQN39IXkJiXSIKd0QzOpcotfkzFz2a6PY3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGf8FwAA//8/beQW")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91)

2m24.214128549s ago: executing program 1 (id=216):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000180)={0x0, 0x7, 0x0, 0x0, 0x55e9313c}, &(0x7f00000002c0)=0x18)

2m23.570868908s ago: executing program 1 (id=222):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7")
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x2}, 0xc})
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0xdfe5)
timer_delete(0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r2, 0x40047211, &(0x7f00000000c0)=0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0xc, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
socket$kcm(0x29, 0x2, 0x0)

2m23.436678477s ago: executing program 32 (id=222):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7")
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x2}, 0xc})
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0xdfe5)
timer_delete(0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r2, 0x40047211, &(0x7f00000000c0)=0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0xc, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
socket$kcm(0x29, 0x2, 0x0)

1m51.82775727s ago: executing program 2 (id=490):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000005, 0x6031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4006, &(0x7f0000000000)=0x4, 0x5, 0x2)

1m51.586036187s ago: executing program 2 (id=492):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='signal_generate\x00', r1, 0x0, 0x3}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

1m51.500433848s ago: executing program 2 (id=493):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7aa, &(0x7f0000000000)={{@any, 0xffffffff}, @any, 0x7, 0x4, 0x40000, 0x7ffffffffffffffe, 0x7ffffffffffffffc, 0x0, 0x9})

1m51.434322054s ago: executing program 2 (id=494):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x2c}}, 0x240448c0)

1m51.434006064s ago: executing program 2 (id=495):
r0 = landlock_create_ruleset(&(0x7f0000000080)={0x9008, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000001f40), 0x0, 0x41)
ioctl$BLKSECDISCARD(r1, 0x5460, 0x0)

1m51.328547297s ago: executing program 2 (id=497):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xcccccccc})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r3, 0x0, <r4=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r3, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x1fff})

1m49.327610721s ago: executing program 3 (id=506):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r2, 0x0, r1})

1m49.193361085s ago: executing program 3 (id=508):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0xa}}]}, 0x38}}, 0x1000c840)

1m49.058983593s ago: executing program 3 (id=510):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)

1m48.938421899s ago: executing program 3 (id=512):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_freeze_timeout', 0xa02, 0x4)
sendfile(r0, r0, 0x0, 0x6)

1m48.856068214s ago: executing program 3 (id=514):
lsm_get_self_attr(0x64, &(0x7f0000000040)={0x0, 0x0, 0xdf, 0xbf, ""/191}, &(0x7f0000000180)=0xdf, 0x1)

1m48.736817943s ago: executing program 3 (id=515):
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001e00)={0x0, 0x0, <r1=>0x0}, &(0x7f0000001e40)=0xc)
setregid(r1, r1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1810002, &(0x7f0000000240)=ANY=[@ANYBLOB="002ecbc55fe6d6100837adda58fa7d10ab54aee93b992510be054d731ab7da7e75676e729a84f3b6a90100db5e477dbfee9ea3db9e2cdf0af3e9f7718732aaccc2158ad1dc498162eb5e87e3ec955164b6a97fb2a48d7a569258274a727cb0c7227e8f51529264e568b34e6f7ee018b3562d8fdd26e1b83ab2b09862ea8ac241fca01893c02becc286b2b17bd8c515b3dd02562333f6a7273bc91c9841bf3cb673bc8942336c5cebffbb08f82ba108af50c8dabb9628fc8e59c207395f370146898f1f3400f50f5e0566363558fe2c744cbebda08fe49b2155b62fcbb938b0d78d5e36b5e6b7d1c01f8b6423066333a94bb51f311c1d70dc272c6528d8057273e9bffbc8747d7c8a65b368828d39c69fc42125281702192328142ebb5b396e66db522ca6f2ae2ca64ab0d9d3f0eeb890d6b5a376ab004afb2ccc83293222ce378ef0e8d88e873ee168d615985aaabc293ce789dd163747e965405c11730f23faf8053fb37e93d5a54cdce54c1ce09598258ec5892938c5a16cf0c548695c973b45a0bc95feff28efd824744057c5da581fe9215d1a9e358a9da84b4ceb0f586c2ddbabbe2347dd728b8e05ecf90b4c7c9861ce1af7709c9babcdc2bdc5c8d70b1cb2b9fb072175a8496a48942dc2755a5ed6296745ec0810e42050e657b2c0965d423077136da0140277053c8ce91d0000000000000000000000f81a60f8321a29d95e555edc5822e904e5b3821224bb704efb9aea0f736fa06f46b1023fc644c7879a6315e96f6695f65fef95d6dbf22d80c068a20fc98bad02dbeb3c9f478063d2f2f8fd5e8af7a5d5937e5626c71efa3369e99787e78597c01acfa3b273102993abd03263ae4115a65254d32c517eddeb58bbc458d025fdc566906ac145a9db74f46d10805e6c7560f6740cf29445f6aec713655cdd27032c6413f342d8e76782bdc2d96870cf7e84d15838c48aa6af77086acec169846791fbb50b0f648adbc6f4058870827efcf4da44b43c62f3", @ANYRESHEX, @ANYRES64=r1, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16=r2, @ANYRES32=0x0, @ANYBLOB="2da97369bd5bd2a022e4fea628166430fb7a26dae38cd827ad7f8cff5d2246bdd2cc0e8101b9631aa9db6c88c4ea13a8fbc6a23601da47409ecba43e29d90521e4a37f2f57fa7ce2366b5b89b5b9529791fb53b47e83c2014cd5779926a7dd8a0de70a50b2baf658b32d6d108efa8d3b6101762c8308a5b3351fd14516c9c33e6c6bd15e956f84604a27325b8ebb315aff3e39aa98ba22dffb1b6a7c1acafedad4ef237de4595f77f679e98e9dcbf01dc5bcbd5c199b9e95c24b", @ANYRES32, @ANYRES8=0x0, @ANYRES32=r2], 0x1, 0x1d8, &(0x7f0000001a40)="$eJzs20lu02AYxvHHTmy3ZZ42rJBYwIYY0kjQHT0AF2BXtaaqcAFRNq0qQTfcg2Ow4yZcoJXoCYw8VMYhdjwodob/T2rzxvHj74uU1/kcJQKwsm5H/w0ZsqIqCIKvjyS9fSOpXxi1W5kggJkJjLjpM6y0tMcfi61NSAFYOL0/k7c7uQ3+86owOQsAi+xiuxetA34Z0u/L093zy1MjXhl8K7V+uNg2pV5yJ85Hf7a0Vip/Fg/3sC+d/5N3lD2AkTOd4Eecf6Jsfr3U7NPxN8byG9OC4SVT6MyMbp4+zuavSbou6Yakm5JuJddadyTdnTD+3tj4D0rOH2gifPUNMltKtW02PyjYwSnOh93z7sD3nlcaNWUl+Rc183aSHzbMb9bMO0l+sPvR38vd63XNowPFzP/6v5qp/Z8r/fiwSf/3K/S/VXMMYFkdHZ+83/F973P1wqyVoliV4mohGW4JT9PTU987n3N7xfp8TCO/6PjEBGDm3C+Hn9yj45NnB4c7+96+92E42no12hyOXm650brcbbI6BzDP0jf9cvsXfyUIAAAAAAAAAAAAAAB04Z6k+11PAgAAAEAr2vg5UdfPEQAAAAAAAAAAAAAAAAAAAFgWfwMAAP//azU4cQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x6a2, &(0x7f0000000100)="$eJzs3c1vHGcdB/DvrNeuHargtEkboSKiRCpIFolf5IK5EBBCPlSoKgfOVuI0VjZOZbvIrRC4FMEJiUP/gILkGyck7kHhXG69+lgJiUvEIeJiNLOz9tq7ju3Eb4HPJxo/z8zzzDO//e0zM951Vhvg/9bsWJoPU2R27O3Vcn1jfaq1sT71Ut3cSlLWG0mzXaRYTIpHyc2yveha0lX2+HRh5t0vHm982V5r1kvVv/G0/fro03etXnIlyUBd9ho86CF2jHcrycs9XYYOOtaOjmXSrtUlnLrNHmuH2f0w5y1wxnTuTkX7vtljNDmXZLj+PSD11aFxchEej0Nd5QAAAOAF9fmD044AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXjz19/8X9dKoy1xJ0fn+/6HOtrr+Qnt42gEAAAAAAAAAwBH4xpM8yWrOd9Y3i+pv/lerlYv5z2bylXyQ5cxnKdezmrmsZCVLmUgy2jXQ0OrcysrSxNaepf57Tvbdc/KkHjEAAAAAAAAA/E/6dWa3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQZEMtItqudipj6bRbFczVP5YS/7Rqb8gin4bH558HAAAAPBchp9hn68+yZOs5nxnfbOoXvO/Vr1eHs4HWcxKFrKSVuZzu34NXb7qb2ysT7U21qful0vvuD/416HCqEZM+72H/ke+XPUYyZ0sVFuu51YVzO00qj1Llzvx9I/r4zKm4vu1A0bWrNNaHuwPe72LcCQO+1bEaBlcspWR8Tq2MhsX2hkoqjdqkt2Z2PfZae4+UhoZ3DrSRBpb7/xcPIacn6vL8vH89lhzflhbmWikysRk1+x77emZSL751z//7G5r8d7dO8tjZ+ch7WNgj+2758RUVyZe75eJ7oHOdCaah+w/XmXi0tb6bH6cn2YsV/JOlrKQn2cuK5nPZt0+V8/n8ufo0+fMzR1r7+wXyVD9vLRTfZCYruRHVW0uV6t9z2chRR7kdubzVvVvMhP5TqYznZmuZ/jSnnFXj6066xu7z/rOM/23vsFf+1ZdGUnyu7rsycEue83Oo9K+9pd5vdCV1/asf7zV60LXeTDelaVXOtkZ7Dv4s1wbm1+rK+UxPqnLs2G0zkR5AnXuEp3oXm1nolndi3rn+R+rc2O5tXhv6e7c+3uMv7Zr/c26LKfV+tcPGmX/p+JolfPllQzXV5Kds6Nse3XrKnNhx111qP6LS7ut0dN2qWoris6Z+pOeM7Wcr+WZOlT/Dtc70mTV9nrftqmq7XJX247ft/Igrdw+gfwB8JxGc25o5J8jn498NvKbkbsjbw//8KXvvvTGUAb/Pvi95vjAm403ir/ks/xy+/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw7JY//OjeXKs1v9S/0ti7aZ/KfiPvqhT1F/o807HOYGU4yY4tg+WGIzvEJwfsPLI7jJ7K5q+SE89P50sE+/f5fVlp5iAD3tyvz8enPhPOemUg/SfAKV+YgGN3Y+X++zeWP/zo2wv3596bf29+cXB6emZ8ZvqtqRt3Flrz4+2fpx0lcBy2b/qnHQkAAAAAAAAAAABwUP0+GHD15f0+NHKgz3j4n4UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkZgdS/NhikyMXx8v1zfWp1rl0qlv92wmaTSS4hdJ8Si5mfaS0a7hivzpUTb7HOfThZl3v3i88eX2WM12/6RRl89hrV5yJclAXR7VeLeee7zi351HWCbsWidxcNr+GwAA///UmvRo")
rename(&(0x7f0000001800)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r5, 0x0, 0x80, 0x4e})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r5, 0x0, 0x1, 0xb97d})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r5, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$unix(0x1, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[], 0xb0)
sendto$inet6(r7, 0x0, 0x0, 0x10, 0x0, 0x0)
bind$unix(r6, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)

1m38.515458509s ago: executing program 0 (id=541):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x32, 0x9, 0xfffffffc, 0x25dfdbfd, {0x3}}, 0x14}}, 0x0)

1m38.515210664s ago: executing program 0 (id=542):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="30000000000b0102000000000100000003000000080002400000000008000340000000010b0001006d616e676c65"], 0x30}}, 0x20004084)

1m38.406790421s ago: executing program 0 (id=543):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x70)
sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000140)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000940)=[@rdma_dest={0x18, 0x114, 0x2, {0xf, 0x4}}], 0x18, 0x20040054}, 0x0)

1m38.394303463s ago: executing program 0 (id=544):
syz_mount_image$ext4(&(0x7f0000000880)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x101868f, &(0x7f0000000240), 0xfe, 0x527, &(0x7f0000000280)="$eJzs3V9rZGcZAPDnnGR2s93UpOhFLbQWq+wuujNJY9voRbuieFdQ6v0akkkImWRCZtJuQpEsfgBBRAteeeWN4AcQpB9BCgV7LyqK6FYvvFCPnJkz2ezkjEkwMxOT3w/emfe858x5njfZnDn/9j0BXFkvRsS9iJiIiDsRMVO0p0WJg27Jl/v40bvLecnnvPWXJJKirX+dN4uPTXXfSrX29jeWGo36TjFda29u11p7+3fXN5fW6mv1rYWF+VcXX1t8ZXHu7J2aPd6U9+v1r//hR9//2Tde/9UX3/nt/T/d/m6e/9d6Cxwc78d5+KjzWsl/FocmI2JnGMHGYKLoT2XciQAAcCr5Pv5ni3InZmKiszfX0b9LNzX67AAAAIDzkL0xHf9MIjIAAADg0nojIqYjSavFvQDTkabVavce3k/FU2mj2Wp/YbW5u7WSz4uYjUq6ut6ozxX31M5GJcmn54vbbnvTL/dNL3w54pmI+OHMjc50dbnZWBn3yQ8AAAC4Im72Hf//faZ7/A8AAABcMiXjZQEAAACXzKDj/2TEeQAAAADDM+j4//qI8wAAAACG4ptvvpmXrPcc75W393Y3mm/fXam3Nqqbu8vV5ebOdnWt2VzrjNm3edL6Gs3m9pdia/dBrV1vtWutvf37m83drfb9dc8PBAAAgHF55jPvf5RExMFXbnRK7lr+MjHgA8YKgEsjPcvCvx9eHsDoDfqaBy6/ySem7o0tD2AMDsadADBuTwz1MXl8/tGbd9KjC/96iEkBAADn6tany6//54cAlXEnBwzVma7/A5eK6/9wdZWc6j/u8cn/D4aZCzBaFXsAcOWd9KiPgYN3lF3/v1a2YJaduC4AAGCopjuvSVotrgVOR5pWqxFPd/6rfyVZXW/U5yLiExHxm5nK9Xx6vvsZjwcEAAAAAAAAAAAAAAAAAAAAAAAAgFPKsiQyAAAA4FKLSP+YRMSNAecHriX/mInikV7v/OStHz9Yard35vP2vx62t98r2l8e6akLAAAAYIDecXrvOB4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAztPHj95dLsq1Ucb981cjYvaJ+MvdOZMx1XmfikpEPPW3JCaPfC6JiIlziH/wMCKeLYuf5GnFbJFFf/w0Im6MJv7zWZaVxr95DvHhKns/3/7cK/v7S+PFznv53/9kUf5Xg7d/6eH2b2LA9u/pU8Z47sNf1AbGfxjx3GT59qcXPxkQ/6WyFZb8UL7z7f39Y43dlUf204hbUR7/aKxae3O71trbv7u+ubRWX6tvLSzMv7r42uIri3O11fVGvXgt7eMPnv/lv/ua/pV1dfofA+LPntD/z+WVypHGrD9MEezDB48+2a1W+lbRiX/7pfLf/7P/JX7+b+LzxfdAPv9Wr37QrR/1ws8/eKE0sSL+yoD+n/T7vz1opX3ufOt7vzvlogDACLT29jeWGo36ztAr72VZNqpYp6ps37wQaVyUSm/vbmghpi5KT/8fK9cjYnRBz+PMFgAAcNE83ukfdyYAAAAAAAAAAAAAAAAAAABwdbX2Ij3bCGFZMez+YcvDkwaN6495MIZ+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc5D8BAAD//9+S1rw=")

1m38.146299363s ago: executing program 0 (id=545):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0x23, &(0x7f0000000040)=""/32, &(0x7f0000000000)=0x20)

1m38.14599155s ago: executing program 0 (id=546):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030006000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)

1m13.93119829s ago: executing program 33 (id=497):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xcccccccc})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r3, 0x0, <r4=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r3, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x1fff})

16.142805066s ago: executing program 34 (id=546):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030006000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)

11.088650335s ago: executing program 35 (id=515):
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001e00)={0x0, 0x0, <r1=>0x0}, &(0x7f0000001e40)=0xc)
setregid(r1, r1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1810002, &(0x7f0000000240)=ANY=[@ANYBLOB="002ecbc55fe6d6100837adda58fa7d10ab54aee93b992510be054d731ab7da7e75676e729a84f3b6a90100db5e477dbfee9ea3db9e2cdf0af3e9f7718732aaccc2158ad1dc498162eb5e87e3ec955164b6a97fb2a48d7a569258274a727cb0c7227e8f51529264e568b34e6f7ee018b3562d8fdd26e1b83ab2b09862ea8ac241fca01893c02becc286b2b17bd8c515b3dd02562333f6a7273bc91c9841bf3cb673bc8942336c5cebffbb08f82ba108af50c8dabb9628fc8e59c207395f370146898f1f3400f50f5e0566363558fe2c744cbebda08fe49b2155b62fcbb938b0d78d5e36b5e6b7d1c01f8b6423066333a94bb51f311c1d70dc272c6528d8057273e9bffbc8747d7c8a65b368828d39c69fc42125281702192328142ebb5b396e66db522ca6f2ae2ca64ab0d9d3f0eeb890d6b5a376ab004afb2ccc83293222ce378ef0e8d88e873ee168d615985aaabc293ce789dd163747e965405c11730f23faf8053fb37e93d5a54cdce54c1ce09598258ec5892938c5a16cf0c548695c973b45a0bc95feff28efd824744057c5da581fe9215d1a9e358a9da84b4ceb0f586c2ddbabbe2347dd728b8e05ecf90b4c7c9861ce1af7709c9babcdc2bdc5c8d70b1cb2b9fb072175a8496a48942dc2755a5ed6296745ec0810e42050e657b2c0965d423077136da0140277053c8ce91d0000000000000000000000f81a60f8321a29d95e555edc5822e904e5b3821224bb704efb9aea0f736fa06f46b1023fc644c7879a6315e96f6695f65fef95d6dbf22d80c068a20fc98bad02dbeb3c9f478063d2f2f8fd5e8af7a5d5937e5626c71efa3369e99787e78597c01acfa3b273102993abd03263ae4115a65254d32c517eddeb58bbc458d025fdc566906ac145a9db74f46d10805e6c7560f6740cf29445f6aec713655cdd27032c6413f342d8e76782bdc2d96870cf7e84d15838c48aa6af77086acec169846791fbb50b0f648adbc6f4058870827efcf4da44b43c62f3", @ANYRESHEX, @ANYRES64=r1, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16=r2, @ANYRES32=0x0, @ANYBLOB="2da97369bd5bd2a022e4fea628166430fb7a26dae38cd827ad7f8cff5d2246bdd2cc0e8101b9631aa9db6c88c4ea13a8fbc6a23601da47409ecba43e29d90521e4a37f2f57fa7ce2366b5b89b5b9529791fb53b47e83c2014cd5779926a7dd8a0de70a50b2baf658b32d6d108efa8d3b6101762c8308a5b3351fd14516c9c33e6c6bd15e956f84604a27325b8ebb315aff3e39aa98ba22dffb1b6a7c1acafedad4ef237de4595f77f679e98e9dcbf01dc5bcbd5c199b9e95c24b", @ANYRES32, @ANYRES8=0x0, @ANYRES32=r2], 0x1, 0x1d8, &(0x7f0000001a40)="$eJzs20lu02AYxvHHTmy3ZZ42rJBYwIYY0kjQHT0AF2BXtaaqcAFRNq0qQTfcg2Ow4yZcoJXoCYw8VMYhdjwodob/T2rzxvHj74uU1/kcJQKwsm5H/w0ZsqIqCIKvjyS9fSOpXxi1W5kggJkJjLjpM6y0tMcfi61NSAFYOL0/k7c7uQ3+86owOQsAi+xiuxetA34Z0u/L093zy1MjXhl8K7V+uNg2pV5yJ85Hf7a0Vip/Fg/3sC+d/5N3lD2AkTOd4Eecf6Jsfr3U7NPxN8byG9OC4SVT6MyMbp4+zuavSbou6Yakm5JuJddadyTdnTD+3tj4D0rOH2gifPUNMltKtW02PyjYwSnOh93z7sD3nlcaNWUl+Rc183aSHzbMb9bMO0l+sPvR38vd63XNowPFzP/6v5qp/Z8r/fiwSf/3K/S/VXMMYFkdHZ+83/F973P1wqyVoliV4mohGW4JT9PTU987n3N7xfp8TCO/6PjEBGDm3C+Hn9yj45NnB4c7+96+92E42no12hyOXm650brcbbI6BzDP0jf9cvsXfyUIAAAAAAAAAAAAAAB04Z6k+11PAgAAAEAr2vg5UdfPEQAAAAAAAAAAAAAAAAAAAFgWfwMAAP//azU4cQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x6a2, &(0x7f0000000100)="$eJzs3c1vHGcdB/DvrNeuHargtEkboSKiRCpIFolf5IK5EBBCPlSoKgfOVuI0VjZOZbvIrRC4FMEJiUP/gILkGyck7kHhXG69+lgJiUvEIeJiNLOz9tq7ju3Eb4HPJxo/z8zzzDO//e0zM951Vhvg/9bsWJoPU2R27O3Vcn1jfaq1sT71Ut3cSlLWG0mzXaRYTIpHyc2yveha0lX2+HRh5t0vHm982V5r1kvVv/G0/fro03etXnIlyUBd9ho86CF2jHcrycs9XYYOOtaOjmXSrtUlnLrNHmuH2f0w5y1wxnTuTkX7vtljNDmXZLj+PSD11aFxchEej0Nd5QAAAOAF9fmD044AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXjz19/8X9dKoy1xJ0fn+/6HOtrr+Qnt42gEAAAAAAAAAwBH4xpM8yWrOd9Y3i+pv/lerlYv5z2bylXyQ5cxnKdezmrmsZCVLmUgy2jXQ0OrcysrSxNaepf57Tvbdc/KkHjEAAAAAAAAA/E/6dWa3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQZEMtItqudipj6bRbFczVP5YS/7Rqb8gin4bH558HAAAAPBchp9hn68+yZOs5nxnfbOoXvO/Vr1eHs4HWcxKFrKSVuZzu34NXb7qb2ysT7U21qful0vvuD/416HCqEZM+72H/ke+XPUYyZ0sVFuu51YVzO00qj1Llzvx9I/r4zKm4vu1A0bWrNNaHuwPe72LcCQO+1bEaBlcspWR8Tq2MhsX2hkoqjdqkt2Z2PfZae4+UhoZ3DrSRBpb7/xcPIacn6vL8vH89lhzflhbmWikysRk1+x77emZSL751z//7G5r8d7dO8tjZ+ch7WNgj+2758RUVyZe75eJ7oHOdCaah+w/XmXi0tb6bH6cn2YsV/JOlrKQn2cuK5nPZt0+V8/n8ufo0+fMzR1r7+wXyVD9vLRTfZCYruRHVW0uV6t9z2chRR7kdubzVvVvMhP5TqYznZmuZ/jSnnFXj6066xu7z/rOM/23vsFf+1ZdGUnyu7rsycEue83Oo9K+9pd5vdCV1/asf7zV60LXeTDelaVXOtkZ7Dv4s1wbm1+rK+UxPqnLs2G0zkR5AnXuEp3oXm1nolndi3rn+R+rc2O5tXhv6e7c+3uMv7Zr/c26LKfV+tcPGmX/p+JolfPllQzXV5Kds6Nse3XrKnNhx111qP6LS7ut0dN2qWoris6Z+pOeM7Wcr+WZOlT/Dtc70mTV9nrftqmq7XJX247ft/Igrdw+gfwB8JxGc25o5J8jn498NvKbkbsjbw//8KXvvvTGUAb/Pvi95vjAm403ir/ks/xy+/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw7JY//OjeXKs1v9S/0ti7aZ/KfiPvqhT1F/o807HOYGU4yY4tg+WGIzvEJwfsPLI7jJ7K5q+SE89P50sE+/f5fVlp5iAD3tyvz8enPhPOemUg/SfAKV+YgGN3Y+X++zeWP/zo2wv3596bf29+cXB6emZ8ZvqtqRt3Flrz4+2fpx0lcBy2b/qnHQkAAAAAAAAAAABwUP0+GHD15f0+NHKgz3j4n4UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkZgdS/NhikyMXx8v1zfWp1rl0qlv92wmaTSS4hdJ8Si5mfaS0a7hivzpUTb7HOfThZl3v3i88eX2WM12/6RRl89hrV5yJclAXR7VeLeee7zi351HWCbsWidxcNr+GwAA///UmvRo")
rename(&(0x7f0000001800)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r5, 0x0, 0x80, 0x4e})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r5, 0x0, 0x1, 0xb97d})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r5, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$unix(0x1, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[], 0xb0)
sendto$inet6(r7, 0x0, 0x0, 0x10, 0x0, 0x0)
bind$unix(r6, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)

2.457855414s ago: executing program 6 (id=608):
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
read$nci(r0, &(0x7f0000002780)=""/3, 0x3)

2.369062238s ago: executing program 6 (id=609):
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f0000000600))
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$tun(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="000401040900006201"], 0x32)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

2.302106123s ago: executing program 6 (id=611):
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x232, &(0x7f0000000500)="$eJzslbFrFEEUxr+Z3du7BA1YaGFzKQJGMHu7G5U0FrEXhETU8jCTcLrJhcsVSUBIsBHEWvwD7KwtUlnYaWVtoYJgYUobBUdmdvZ2Nrt78bhgk/eDm/vmzbyZN7Nv34IgiFPL1y8/Pz+/ubB8BcAZzKBu7N+dbA635n966dSMfLcx9fjAGmqohgGQMjO6x+zvAXi76AB7ybJSZt6vzb9acxkcM6Z/BxyXjb4LBj+NVWbeAgz3jfnhphycpjthRCzYg268stqJRaCaUDXRaudVLRefiv9wn2HFHFDtwKzxrZ3dR+0Y6CUiFqmoyXSfwlAqkpMBJUM5Mez+dHyLHDesK1DP697TJ/uq7xt7YN1fCI7Q6HkwLBm9gDp832+argit8190s/Wd5LEl7FXHXRSNUSaPL87N5SzTUEJl+HD3iVio055YGH/kkDn1kRdkJqu8XAqOEeGz8U+q4hjdizeLXl5xnYY5qLaIY16Sf9idHbUwOyUuHB68L3p9+29Je/IC5gLtoRfqoj5OxvGtUq/zOct0xSvj4awuCZUpkdQP5gKXrPrkWl+FVn99s7W1szvXWW+viTWxEUXz14OrQXAtaunanLR2uTtS/xq6Pk1a69cqaqXHPGy3+/1euA30e+GgHyWtlUxLb7o/tA/X9Y9j9reU6edFv3jph5Ll92Dmx/W/UrNObgKvCI4gCIIgCIIgCIIgCIIgCKKUX5ZuguHD1KAry3Gj23r4bwAAAP//c8NPrw==")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$caif_seqpacket(0x25, 0x5, 0x0)
r1 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, r1, r1, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x20)
fadvise64(r2, 0xfcff, 0x20000, 0x3)

1.189139647s ago: executing program 6 (id=616):
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
recvmmsg(r0, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x3, 0x0)

519.821226ms ago: executing program 4 (id=622):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
fstatfs(r0, &(0x7f0000000680)=""/238)

470.465745ms ago: executing program 4 (id=623):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0xfcfd}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {&(0x7f00000005c0)="25062456", 0x4}], 0x4}}], 0x1, 0x4000800)

410.439719ms ago: executing program 4 (id=624):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
creat(&(0x7f00000001c0)='./file0\x00', 0x0)

410.21415ms ago: executing program 5 (id=625):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8948, &(0x7f0000000200)={'bond0\x00', 0x10000})

330.425419ms ago: executing program 5 (id=626):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pipe2(&(0x7f0000000000)={<r1=>0x0, <r2=>0x0}, 0x0)
tee(r1, r0, 0x100, 0x0)
vmsplice(r2, &(0x7f0000001700)=[{&(0x7f0000000a40)="8b", 0x1}], 0x1, 0x0)

330.190548ms ago: executing program 4 (id=627):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000002700010000000000000000000c000080080023"], 0x1c}], 0x1}, 0x0)

260.665935ms ago: executing program 4 (id=628):
unlink(0x0)

260.426361ms ago: executing program 5 (id=629):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$rds(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x24000001)
sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x14, 0x14, 0x601, 0x3, 0x0, {0x2b, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4050}, 0x4000)

188.991101ms ago: executing program 6 (id=630):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001e40)={&(0x7f0000001d40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x7, [@type_tag={0x5, 0x0, 0x0, 0x12, 0x4}, @float={0x5, 0x0, 0x0, 0x10, 0xc}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1, 0x9}}]}, {0x0, [0x0, 0x30, 0x0, 0x30, 0x2e]}}, 0x0, 0x5b, 0x0, 0x1, 0x2}, 0x28)

188.749103ms ago: executing program 4 (id=631):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sessionid\x00')
exit(0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/239, 0xef}], 0x1, 0x2, 0x2)

107.567071ms ago: executing program 5 (id=632):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001100010026bd7000fbdbdf25e0000001000000001b00000000000000000004d50a00ff000c0015"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

107.286547ms ago: executing program 6 (id=633):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")

50.411912ms ago: executing program 5 (id=634):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000002"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

0s ago: executing program 5 (id=635):
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000000c0), 0x3, 0x4ec, &(0x7f0000000e40)="$eJzs3c1rXF0ZAPDnTjJN0qYmVRdVsBatpEU7kzS2DS5qBNFVwVr3MSaTEDLJhMykbUKRFP8AQfxCV67cCK5FkP4JIhR050JElKJtXbjwfedlZu68bdOZfLzNZNLM7wcn99yPuc9zEu7JnDmXuQH0rIsRMR0RfRFxJSJG0u2ZtMR2o9SOe/7s4VytJFGt3v13Ekm6rXmuJF2eSV82GBHf/mbE95I345Y3t5Zni8XCerqer6ys5cubW1eXVmYXC4uF1enJiRtTN6euT40fWltvff0fP/3hr79x6w9fuv+3mX9d/n4treF036vt2I/tfR7XaHq2/rto6o+I9YMEO8b60vZku50IAAD7UnuP//GI+FxEvPhFt7MBAAAAOqH61eH4fxJRBQAAAE6s6I8YjiSTS+8FGI5MJpdr3MP7yTidKZbKlS8ulDZW5xv3yo5GNrOwVCyMp/cKj0Y2qa1P1Osv16/tWJ+MiHMR8eORofp6bq5UnO/2hx8AAADQI87E6+P//440xv8AAADACTPa7QQAAACAjjP+BwAAgJOv7fg/6T/aRAAAAIBO+Nbt27VSbT7/ev7e5sZy6d7V+UJ5ObeyMZebK62v5RZLpcX6d/at7HW+Yqm09uVY3XiQrxTKlXx5c2tmpbSxWpmpP9d7puA50QAAAHD0zn328V+SiNj+ylC91JxK9+1jrD7d2eyATsoc7PCkU3kAR6+v2wkAXeMGX+hd5uOBPQb2P9mxfsCPDQAAgONg7FNvNf9vPhDeYQby0LvM/0Pv+mjz/0OHngdw9Mz/Q48b2PuQwXY7/njIuQAAAB0zXC9JJpfOBQ5HJpPLRZytPxYgmywsFQvjEfGxiPjzSHagtj7R7aQBAAAAAAAAAAAAAAAAAAAAAAAA4B1TrSZRBQAAAE60iMw/k/RB/mMjl4Z3fj5wKvnfSH0ZEfd/efdnD2YrlfWJ2vb/fLi98vN0+7XmFgAAAKAj2j6g+3XNcXpzHA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh+n5s4dzzXKUcZ9+LSJGW8Xvj8H6cvB3IxFx+kUS/a+8LomIvkOIv/0oIs63ip/U0orRNIud8TMRMdTl+GcOIT70sse1/me6dv1ld1x/mbhYX7a+/vrT8raeXmzX/2Wa/V+9n2vV/53d/dSDzcqnn/w23/qQbGN/f+v+pxk/ecv+97vf2dpqt6/6q4ixPf7/1GLlKytr+fLm1tWlldnFwmJhdXJy4sbUzanrU+P5haViIf3ZMsaPPvP799vFf/oo4nTL+I3+d7f2X3rzdAOtYrz35MGzT+wS//LnW//9z+8Sv/a7/0L6f6C2f6xZ327UX3XhN3+6sFv759u0f6+//+V2J93hyp0f/H2fhwIAR6C8ubU8WywW1t+NSkTjXflxyUelU5W/Ho80Olzp63iIO+mFfuCXd7dfAgAADt/LN/27HHSkdwQAAAAAAAAAAAAAAAAAAABA7+n495wNvP7NAoPdayoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK4+CAAA///Dps5k")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
socketpair(0x11, 0xa, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000039c0)={0x8, {"213d8fea9ccc6e1efcb0334b4064a5bc590845233c0e742e84698449c7b8a1eacb993f8fb0398840472bcb46fe96da7eab5300a7f25b76036e725e8b34da9cb0f067b9674c5d9f9e0b7f0ac1b8a80e8f62da68bf0af9f887cbca45e3a99a8f9e0ff0730803b86811ed576001cd4e5f9c2e28f0f06205687b1957aac59b289ebe1de1ef1ae11114b5f805857b4c16ee0408be9d1cec0440e39a7a208931ed64ea33f57d24e3da0f9a6a59b30cb9f268f4f7938f384bcfd816bd71c985edfc2b68e584c9862a3b86f5eb63fb8718ab5fef906aef5cdd352e8e372bdbf32ccf81a591a448eec63e88056bf58a123bb3c396634b2f202bff71515d58ba5a3b90f5c18feb41257cbc1ddef618f9eddba9297aa40f19804e053de3914d3182ae5479f1a6d015248f015addccda5c9592f754cf72f01b44ee096aea5cc9b4d1439f514bdb0ad37e832b0d439759b8c3d7c6fd365aff958805857d9ca92c60b2dcceaf781965fcf6127c2a5abbf3d8489fca49e16a9b54909b321ca726dea26c5e976c8a9db3de16f0d210f9cfa0ec76015ccdcf17f3ed7b21c348cb8a4795d14484241839518d6849603027fc7c96413c03d983f6b82190e8bde18590c986a01091b7970f9173be3cdbd2956d94e09d81edea51ee3e11301aefa24830d50be0c3ed9360d96b5cd3347e06db6fa10fadeefe3f8e2a7f31f3416925d61f2afebf1e3ecc60d8bb84336e34a986d370626ce26dd0d9f430f6f84b12c5a0eca592a52fbff8078267df08bd5a6d1686935de2ad9a8c63b4b1528ce294e7b3f6f9c91128cb6b87c0e1e2acbe941dd25121ec822bd0dadb22c5aef300e5d40c66ce6343a3bbdf1f73e9e9315473a4794ddc78a116818b08805f89390486aaafc43f3d9f0041b4157aa92a05ca247264d2f224a103381617dd9d5ad07166d57f6c2d2c21519e0dbe37d15a3ad8c161544b94094d7a521386f2a211986242e8fbf2415f3fdbcba1e8746ac1244951cfcfdcf1cb54ef702de5bf0081d5c3a557ebec17597cc520ab0832de58f2422ea49a4eb65058f6b1f19c1f768749d87461a0558f2b419b52e87283a8a414ce50038f2fd336b8b28733c4f467f4d003464a66f79cf550690dd6b65ebeb72134d208b103e72caa508eaf887272c3bc3debe8a54262868ab22e401e08fc9f19cb6a9a53a8800b05c5ec61ced2ef010dab30e67b2b0b7c271321916ac764ea2baf1ec3cb245fbb3feccc35842f8d6a3737925735c67f5f27f5907331d99683183a5f63778920d5cf975510260595ee190e340ecf2d87c467415584f122b11bddfc7fa96dd924f003e74ed567bdcc5a5fbf555d0a81ab47e51c29cb2decee9823148c9ca3efcb8afe0925ad0c83c8fa5c5765f8f5ad7f5d2aeb5bfbca989d1672a8d49e268cd98e5bd893efc3fb205979b68bfa2ee2e38895dc1bca2beeaddfd1aa089c5e1cebd1684474d6df2ba5398cd2afd69459b6734749691e4355672630acd5dcb8fad83a763d535ec5f470eed110d61a38860ec8ef97e4ee88f4cf46f73b43c75746510f7488f1bd6a9d39efe082f040b97da7402a43924d39895723704154b7b9eb8d785f95e4fb869abd5d353d75beb070b604eafee5d4b8eb0e952791a4a9ddc824610cc182f428e22c2265ad21125a705332fe9a02dcd007e741acae2c075ff11a0af0381b31a6b6d0a41cc3d18b103b3c6894bfc76e4851a7fdafd364ceabe7f94c5d66a7324c8c75279da9be3b61e32c6a8a3fbd3a27b5aecdc481c9c9cbe8d22161620273d968f36e88d87d530b53b8fadffae5512794555b323a17df45c2eb3102e8f0a2bccdff45411392038fa07c2aad34e65c4a49ecca82dda17fb285250b62b8774fde44d73de9d603c1c8d054540096e85b91a34d633000b47168eed666bfa189810dff7c191e6c9de41ce77293abc671644013414ebd318680708db45ff3b2775641a17d2727b78cbbaf56e1dde16c6c9a594452df91074626c1979d615578ad6e462bafcbd3137a4aeb404fae133b01a0fd248145edd04874badb7b58f7ebfbd1aec009f4eddd94a8326b6e411d11c985f80aa1fb533b869caf70f67c5560f54b9dd6bbde34412a99952b462042eedad80be2108e62fc0d35c481b8fb02e04fe440bda3c8dcf98f98f753ac3962b6e7f3958a83d16b0882eb2d3044bce22ecf4d0ff3efb51a88982260f109d04d2bb31d8eab652259ceb036f35a2a7b34d2e1f2e012444921e8d6972d32e34ff6bdb342e87c5b49e5bd75294da25eb02d9486ab57b2fdc619bcfae3534b766b43da6bb46fbade4dc32609fb0108b8dad81f9c518fe54cce206d071ada2600fba95cd1baaca9c7aed3fc9345b68791571b35cb318eca3323f068227eacd05f8df93a6736621671a70617dad2913d50c33705f86c3d361462c8de1001f2611ba69b8938345b06e3793642944e94c0e3cdd6010d5020b667d639c8f9370d6675e17a3a34ae37ab6ce370d9eb0862b98d53e2c4e302ba3705753b830e67a618b4b79505bc20eb27ff50760900ee89115d9c727ee78daa662ea0943c9392266998d87baa9c189eb6f19e887e5644095a3d6737f45e00aa03d202cc1809121a1fc5b5baf20d08a88ee009caeab1a27fff5344b2f8318caadbebe3226311807d069d3dab13e6ad40ac0d2f01319b3fa53f7d7953337c27816eff2061562a989b7d33650ebf7ce69b7cafcfacc2edbaa0ff3163b320abaffe84e7b184d7bd5c150adc92ee03915dd4dc2d6423a5d98a6d82371e2e83bb7435de2f9013a3fcf7b903d1fb89a969397f7f85d2934e5f808ea6c10f5813e07ad6d92d0a31c3fd43a4759dc53a439c67957396f9de7feebbceaac8ca5a28a87bd9e67640f6eb24d648b168a18ee364e0273c7df34583f8c8422270aba291d66ae0f51cec2e0ab13359f8537bae3c04e0984b6181db1bd943021de6ed3970f53aef5a9526e0b218ec6f507b805612cd69e3ba9135fed94ece93d21bc7950ad64dc64c56bd035a83a9f52c39b6fb99ecc6162dad56eba44e3eb0c2c27f6b7a60f5a1306228b79a53fc30af10caa507510bd2e79059ee128d1ef3c5f96738efb25df9dfc5d0b783591aed834e28216762942b59cecd6ff9010bfe73bb0a2674afe810d2a346201e882dd6e4ee7af999372a2f142cf2b71d9ffd0071dda91b26fbf81ecb4da6409b6839a78fa26b6b29cd8d249e880107c409b3cb36cdb9fa05742b31c897866101fe9a8c2e37c105c15f0a914b8e7d58d1bdb51398759fa6874fa2173c9e45d15685eb2a5ec80c35dbc53271c36f532ec35846f33dc52a7dbc8c259600229b4ad552e6aa77fe61276e1e2de55c3d0600cbbb7ba5fca35d44391488a1e830cdb90d40f4e6478ab1cc512ac275c59dcdc703480dbb52c9ab35e326972c44ce42927f3675a8489b3d2a0893ffac92ceeaa70ede5d566e1747bf0307fc0ea5e95d71f824a73db87bb35a45f85aecdae890bb6825d91941c7002152f30c6f163df030807a7e119bb1661d0c22f0951d02a478bc5e2d6d535e41ae76c1b9982f358e49e1b63a7b33d6ec69970c9675cd9bfa692d550838d9f2568c17d8cc110b4f0dd9c5201ebea8c8bbbc8c6349075f2cbb2b3b8b6c1dc34d6644c03694e9c0dba22154c976b8e493fe490fc0cf219d0f329330d71492ec6d201f16559c0b9ecea0172b07fdbb9003ff6d192321982cf9011b3891219172425889d0e9f7145c9c34f124a1032d0d9e3140a91a3cc41edb7651b1d5821656f32c42a2bc0ab792b1ccd77936a2050ece77e739c3bfe28ec6aa5d6bc239928e36d5ad2042825941b8ae9dc0fa4eadd1ee6d598c6cebb7a0dae836bfc7b87a597f10be3093bea74398ebea3f121a0552f7c3990e180a3a1d6d29947fbf2a41d31b1ce07e02c320f746ba3fcbb88edd7d1d0348ff8194a1298824a0d6ffa900749b0edb1bf406753a9e527dc247428c860113bdefab0425e0d9be07dad01f9279b3ef306c74731baaa64dd9b46962510b3e47007cea66a916b393bfc052c9e8968eae254408de9b6f434fcdfc697ea43457d84aeca37a3a93a0d66420dfd2338949fe05e14455ea30b35a021ad31e50c934471ae9db7b43a2d9f406afd9b59ca2ad44b9904b31786363adccd79d00e1de63290708d52dce26e6df8f30bf2ae0ca394b34745f5abf052a1080b0526cb191ef5e43cb4d27de9747b879583ba04b512f33a76e140ed3e76e93f576b3ad00040a4c62e9f3098345105fef334ccd6dcefe2ca6c0a5454f095fffa8cbf46873dd114524747dae55eee1edc81d290ffdf4c5dd0650fb8f3a8b86f91cc57d3d627b28f554d476e0e15ecb5abba29b618453862265b1fc1b1b63d0093f8159e2ba43dfd0fb535d09911d4f1e0937e1d6b5af4decbdc1368395dea4fc7476fbcefdbf82f74631da7dac3669ac7d2305a257978be4f023b8b58689a1799b853f9d7bfc45068a682a4cb416ebdf968e87f1e29d307908507ec43c1e44fa49cf25919a30a1f754795f6cce8895f7dea4ec2fed4eff823f5da4e0cc9dc6fd0b962d7bbae3caa6645895f887b807464912d2e4dff4ea792e2dc361847bcb39dd1a5b69aee9836fdcc1abd92caf5ebf45cbf9ca04f3304cef1ef4aa9c3411e7d826d652dc3b46e5666a7f88d415b4bd6b6b0587f7a9b2be6566f6d6ef0e9d7eadc36cd7e1ec611f69733bb2301473bcb9e37df796e28ce726e8921d24794ab599cdbda1b47b1720317ebb3738888d6589ffab9ab5d660c04efe167d01d7d88ee9c1c6bf53d3b396eb3e56d7ac1d0244d3741ffc4398ce5e123b3850b84b88e66fc566912859aa48d39c27de955f48a8546ca4d2172eeb7673fedc46f75a64c593fff0d8fd20e430f5f2b627daefb204bb9b980e2829dfc63b5c58fadc12d863f34822906344274a6ee2d8de746d742b1eeb69610404e1cf88a9ae80283b130a601d3022ae133c046309a806045e6fd1e8b6d0f70b5c2d3c0028f3243c905d2b97e2ccdba9671c3855c44cc3d18214a0179750b61c15877a59c6c43f8dff26346dbed8b718e608f58ab38ed56d37c716d6e963b728101f098d7e810f9a9ea869336d917dfba12eeed019f2166334d939e9e59b2a6fb2a8bde1d6c40b40988735317d671f77c71b8534ccac6c6ce2c5a0ac13d1c3b318b0b9e7e7ce906233171f0950b282776c8e2232891c19ae83a543890b27eae5af7c10facfb7424266698729ad4e5f16f6ffe7c9d0086d6446796dfc75d5a6884a0da2f22c764c067eec267ab66995cdaa2025f816da053145be5586f9ea7a27ef29186d27975e6815e710b05e88e55d4a0b6c37b2f66297131aa998e80f12c0de8c4454e1cee5254958b8a10d486a27ac5382b66094c2acd2883bcf8312b929a9ea5c96f9a518619780203745120b9ae6bbecd3efbe4cf7954570463fa2b7ab026036224e1412503970a431325212a1ac80fcca3957aebff85eee352d3796712cee1e0dc4c48e4b741cb160bf387766b5970f27615e9920f455f3a137055ec8298581ec2ba29c7b0961736418ebb2af15371a2d239afea4d6f0d003864849640453b50bc5a64093f8393f1146acdb66fcd0ad8fb606f0cacfcbf286d547043576b74ee5df4d09453cd5622fc33428793be0f9e04803236909c3bf9b9ab2ad2e9b09336130669350b92c2e1bec8a12d4d237fcb494062cbdb0bd3b7c55309f1349c07f6b14f9edbdfbd8ada889c00c33a50e82370b08a9d4d74d1454391c709406728fdf0e5b70d484357b83f21475fe51f3583e6ed81985", 0x1000}}, 0x1006)
fallocate(r0, 0x8, 0x4000, 0x4000)

kernel console output (not intermixed with test programs):

3A dev="mqueue" ino=4888 res=0 errno=0
[   65.718641][ T5853] veth0_macvtap: entered promiscuous mode
[   65.750216][ T5853] veth1_macvtap: entered promiscuous mode
[   65.779099][ T5859] veth0_macvtap: entered promiscuous mode
[   65.786154][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.803687][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.810032][ T5859] veth1_macvtap: entered promiscuous mode
[   65.822607][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.825876][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.829158][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.846084][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.881481][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.904345][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.915571][ T5721] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.936196][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.941615][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.952576][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.954516][ T5923] loop2: detected capacity change from 0 to 512
[   65.970153][ T3065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.978029][ T3065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.998511][ T5923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.018141][ T5923] ext4 filesystem being mounted at /3/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.030099][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.034133][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.056018][ T5923] EXT4-fs error (device loop2): ext4_get_first_dir_block:3533: inode #12: comm syz.2.6: Attempting to read directory block (0) that is past i_size (3)
[   66.064833][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.068896][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.114095][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.118760][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.127680][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.263086][ T5934] Driver unsupported XDP return value 0 on prog  (id 3) dev N/A, expect packet loss!
[   66.314231][ T5936] loop2: detected capacity change from 0 to 256
[   66.317171][ T5936] =======================================================
[   66.317171][ T5936] WARNING: The mand mount option has been deprecated and
[   66.317171][ T5936]          and is ignored by this kernel. Remove the mand
[   66.317171][ T5936]          option from the mount to silence this warning.
[   66.317171][ T5936] =======================================================
[   66.521758][ T5928] loop1: detected capacity change from 0 to 32768
[   66.553089][ T5928] JBD2: Ignoring recovery information on journal
[   66.586777][ T5928] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   66.676660][ T5853] ocfs2: Unmounting device (7,1) on (node local)
[   66.729779][ T5943] loop0: detected capacity change from 0 to 32768
[   66.759742][ T5943] 
[   66.759742][ T5943]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   66.759742][ T5943] 
[   66.789863][ T5951] erspan1: entered promiscuous mode
[   66.791516][ T5951] erspan1: entered allmulticast mode
[   66.804044][ T5859] 
[   66.804044][ T5859]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   66.804044][ T5859] 
[   66.815449][ T5859] 
[   66.815449][ T5859]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   66.815449][ T5859] 
[   66.955038][ T5954] loop0: detected capacity change from 0 to 4096
[   66.963597][ T5954] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[   67.173126][ T5858] Bluetooth: hci0: command tx timeout
[   67.175995][ T5235] Bluetooth: hci1: command tx timeout
[   67.263294][ T5235] Bluetooth: hci2: command tx timeout
[   67.308279][ T5959] loop2: detected capacity change from 0 to 32768
[   67.343283][ T5964] loop0: detected capacity change from 0 to 32768
[   67.360530][ T5964] (syz.0.21,5964,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #66: directory entry overrun - offset=88, inode=69, rec_len=32800, name_len=8
[   67.377219][ T5964] (syz.0.21,5964,0):ocfs2_init_global_system_inodes:465 ERROR: status = -22
[   67.383034][ T5964] (syz.0.21,5964,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 2, possibly corrupt fs?
[   67.383057][ T5964] (syz.0.21,5964,0):ocfs2_init_global_system_inodes:476 ERROR: status = -22
[   67.398765][ T5964] (syz.0.21,5964,0):ocfs2_initialize_super:2198 ERROR: status = -22
[   67.401694][ T5964] (syz.0.21,5964,0):ocfs2_fill_super:1177 ERROR: status = -22
[   67.437706][ T5959] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[   67.437722][ T5959]   allowing incompatible features above 0.0: (unknown version)
[   67.437727][ T5959]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   67.475784][ T5959] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[   67.484016][ T5959] bcachefs (loop2): initializing new filesystem
[   67.504436][ T5959] bcachefs (loop2): going read-write
[   67.516525][ T5959] bcachefs (loop2): marking superblocks
[   67.548356][ T5959] bcachefs (loop2): initializing freespace
[   67.556663][ T5959] bcachefs (loop2): done initializing freespace
[   67.560867][ T5959] bcachefs (loop2): reading snapshots table
[   67.565672][ T5959] bcachefs (loop2): reading snapshots done
[   67.590818][ T5959] bcachefs (loop2): done starting filesystem
[   67.649078][ T5959] syz.2.19 (5959) used greatest stack depth: 16904 bytes left
[   67.664388][ T5849] bcachefs (loop2): shutting down
[   67.666563][ T5849] bcachefs (loop2): going read-only
[   67.669012][ T5849] bcachefs (loop2): finished waiting for writes to stop
[   67.680111][ T5849] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[   67.706614][ T5849] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[   67.717238][ T5849] bcachefs (loop2): clean shutdown complete, journal seq 4
[   67.723300][ T5849] bcachefs (loop2): marking filesystem clean
[   67.762026][ T5849] bcachefs (loop2): shutdown complete
[   67.923906][ T5979] loop0: detected capacity change from 0 to 40427
[   67.929310][ T5979] F2FS-fs (loop0): build fault injection rate: 771
[   67.934688][ T5979] F2FS-fs (loop0): invalid crc value
[   68.036001][ T5979] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   68.040945][ T5979] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   68.153967][ T5986] netlink: 148 bytes leftover after parsing attributes in process `syz.1.24'.
[   68.303861][ T5859] syz-executor: attempt to access beyond end of device
[   68.303861][ T5859] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   68.309062][ T5859] CPU: 1 UID: 0 PID: 5859 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   68.309077][ T5859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   68.309083][ T5859] Call Trace:
[   68.309087][ T5859]  <TASK>
[   68.309104][ T5859]  dump_stack_lvl+0x189/0x250
[   68.309121][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.309131][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[   68.309140][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.309151][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.309167][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[   68.309183][ T5859]  f2fs_write_end_io+0x886/0xb60
[   68.309202][ T5859]  __submit_merged_bio+0x27a/0x6a0
[   68.309216][ T5859]  __submit_merged_write_cond+0x255/0x530
[   68.309231][ T5859]  f2fs_write_data_pages+0x261d/0x3000
[   68.309261][ T5859]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   68.309310][ T5859]  ? __lock_acquire+0xab9/0xd20
[   68.309327][ T5859]  ? do_raw_spin_lock+0x121/0x290
[   68.309342][ T5859]  ? do_raw_spin_unlock+0x4d/0x240
[   68.309358][ T5859]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   68.309370][ T5859]  do_writepages+0x32e/0x550
[   68.309388][ T5859]  ? do_raw_spin_unlock+0x4d/0x240
[   68.309400][ T5859]  filemap_fdatawrite+0x199/0x240
[   68.309411][ T5859]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   68.309447][ T5859]  ? do_raw_spin_unlock+0x4d/0x240
[   68.309459][ T5859]  f2fs_sync_dirty_inodes+0x31f/0x830
[   68.309475][ T5859]  f2fs_write_checkpoint+0x95a/0x1df0
[   68.309496][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   68.309526][ T5859]  ? f2fs_stop_gc_thread+0x7f/0xb0
[   68.309560][ T5859]  ? kfree+0x18e/0x440
[   68.309572][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[   68.309584][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[   68.309596][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[   68.309603][ T5859]  ? radix_tree_delete_item+0x2b6/0x400
[   68.309618][ T5859]  ? shrinker_free+0x2ce/0x3e0
[   68.309628][ T5859]  deactivate_locked_super+0xbc/0x130
[   68.309640][ T5859]  cleanup_mnt+0x425/0x4c0
[   68.309650][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.309662][ T5859]  task_work_run+0x1d4/0x260
[   68.309675][ T5859]  ? __pfx_task_work_run+0x10/0x10
[   68.309684][ T5859]  ? __x64_sys_umount+0x122/0x160
[   68.309698][ T5859]  ? exit_to_user_mode_loop+0x40/0x110
[   68.309712][ T5859]  exit_to_user_mode_loop+0xec/0x110
[   68.309723][ T5859]  do_syscall_64+0x2bd/0x3b0
[   68.309734][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.309744][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.309752][ T5859]  ? exc_page_fault+0x9f/0xf0
[   68.309770][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.309778][ T5859] RIP: 0033:0x7fa0dd38ff17
[   68.309788][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   68.309795][ T5859] RSP: 002b:00007ffe10e41bd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   68.309805][ T5859] RAX: 0000000000000000 RBX: 00007fa0dd411c05 RCX: 00007fa0dd38ff17
[   68.309811][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe10e41c90
[   68.309816][ T5859] RBP: 00007ffe10e41c90 R08: 0000000000000000 R09: 0000000000000000
[   68.309821][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe10e42d20
[   68.309826][ T5859] R13: 00007fa0dd411c05 R14: 0000000000010a3d R15: 00007ffe10e42d60
[   68.309841][ T5859]  </TASK>
[   68.309845][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   68.864800][ T5996] capability: warning: `syz.0.28' uses deprecated v2 capabilities in a way that may be insecure
[   69.253591][ T5235] Bluetooth: hci1: command tx timeout
[   69.255803][ T5235] Bluetooth: hci0: command tx timeout
[   69.332784][ T5858] Bluetooth: hci2: command tx timeout
[   69.516008][ T6028] netlink: 'syz.2.23': attribute type 11 has an invalid length.
[   69.518475][ T6028] netlink: 140 bytes leftover after parsing attributes in process `syz.2.23'.
[   69.568018][ T6032] loop2: detected capacity change from 0 to 128
[   69.583054][ T6032] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[   69.621775][ T6032] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[   69.627968][ T6034] loop1: detected capacity change from 0 to 47
[   69.648958][ T6032] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[   69.669338][ T6032] netlink: 104 bytes leftover after parsing attributes in process `syz.2.44'.
[   69.860232][ T6044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'.
[   69.867527][ T6044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'.
[   70.050481][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.055248][ T6062] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.064106][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.071223][ T6062] batman_adv: batadv0: Removing interface: batadv_slave_1
[   70.749356][ T6072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.64'.
[   70.786063][ T6074] loop1: detected capacity change from 0 to 256
[   70.799248][ T6076] loop2: detected capacity change from 0 to 256
[   70.802371][ T6074] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   70.808633][ T6076] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   70.822007][ T6076] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[   70.827563][ T6074] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[   70.837404][ T6076] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   70.838402][ T6074] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   71.106102][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[   71.108753][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[   71.148217][ T6087] netlink: 'syz.0.70': attribute type 3 has an invalid length.
[   71.151210][ T6087] netlink: 236 bytes leftover after parsing attributes in process `syz.0.70'.
[   71.223079][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   71.333153][ T5858] Bluetooth: hci0: command tx timeout
[   71.335186][ T5858] Bluetooth: hci1: command tx timeout
[   71.390238][    T9] usb 2-1: Using ep0 maxpacket: 8
[   71.413725][ T5235] Bluetooth: hci2: command tx timeout
[   71.416817][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[   71.428639][    T9] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[   71.435291][ T6091] loop0: detected capacity change from 0 to 40427
[   71.442731][    T9] usb 2-1: config 0 has no interface number 0
[   71.444968][    T9] usb 2-1: config 0 interface 35 altsetting 12 endpoint 0x4 has invalid maxpacket 512, setting to 64
[   71.457713][    T9] usb 2-1: config 0 interface 35 altsetting 12 endpoint 0x9 has invalid maxpacket 512, setting to 64
[   71.464494][    T9] usb 2-1: config 0 interface 35 has no altsetting 0
[   71.468487][ T6091] F2FS-fs (loop0): invalid crc value
[   71.481822][    T9] usb 2-1: New USB device found, idVendor=0572, idProduct=c68a, bcdDevice=23.27
[   71.498556][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.504572][ T6091] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   71.508137][ T6091] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   71.522620][    T9] usb 2-1: Product: syz
[   71.524298][    T9] usb 2-1: Manufacturer: syz
[   71.526022][    T9] usb 2-1: SerialNumber: syz
[   71.586055][    T9] usb 2-1: config 0 descriptor??
[   72.029115][    T9] usbhid 2-1:0.35: couldn't find an input interrupt endpoint
[   72.043270][    T9] usb 2-1: USB disconnect, device number 2
[   72.157595][ T5859] syz-executor: attempt to access beyond end of device
[   72.157595][ T5859] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   72.168138][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   72.168159][ T5859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   72.168166][ T5859] Call Trace:
[   72.168172][ T5859]  <TASK>
[   72.168178][ T5859]  dump_stack_lvl+0x189/0x250
[   72.168236][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.168252][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[   72.168265][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   72.168282][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.168308][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[   72.168332][ T5859]  f2fs_write_end_io+0x886/0xb60
[   72.168360][ T5859]  __submit_merged_bio+0x27a/0x6a0
[   72.168384][ T5859]  __submit_merged_write_cond+0x255/0x530
[   72.168407][ T5859]  f2fs_write_data_pages+0x261d/0x3000
[   72.168462][ T5859]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   72.168529][ T5859]  ? folios_put_refs+0x559/0x640
[   72.168555][ T5859]  ? __lock_acquire+0xab9/0xd20
[   72.168582][ T5859]  ? do_raw_spin_lock+0x121/0x290
[   72.168607][ T5859]  ? do_raw_spin_unlock+0x4d/0x240
[   72.168623][ T5859]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   72.168642][ T5859]  do_writepages+0x32e/0x550
[   72.168669][ T5859]  ? do_raw_spin_unlock+0x4d/0x240
[   72.168688][ T5859]  filemap_fdatawrite+0x199/0x240
[   72.168706][ T5859]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   72.168764][ T5859]  ? do_raw_spin_unlock+0x4d/0x240
[   72.168783][ T5859]  f2fs_sync_dirty_inodes+0x31f/0x830
[   72.168810][ T5859]  f2fs_write_checkpoint+0x95a/0x1df0
[   72.168844][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   72.168893][ T5859]  ? f2fs_stop_gc_thread+0x7f/0xb0
[   72.168905][ T5859]  ? kfree+0x18e/0x440
[   72.168922][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[   72.168939][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[   72.168958][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[   72.168969][ T5859]  ? radix_tree_delete_item+0x2b6/0x400
[   72.168992][ T5859]  ? shrinker_free+0x2ce/0x3e0
[   72.169009][ T5859]  deactivate_locked_super+0xbc/0x130
[   72.169027][ T5859]  cleanup_mnt+0x425/0x4c0
[   72.169041][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[   72.169061][ T5859]  task_work_run+0x1d4/0x260
[   72.169081][ T5859]  ? __pfx_task_work_run+0x10/0x10
[   72.169095][ T5859]  ? __x64_sys_umount+0x122/0x160
[   72.169117][ T5859]  ? exit_to_user_mode_loop+0x40/0x110
[   72.169138][ T5859]  exit_to_user_mode_loop+0xec/0x110
[   72.169156][ T5859]  do_syscall_64+0x2bd/0x3b0
[   72.169173][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[   72.169213][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.169227][ T5859]  ? exc_page_fault+0x9f/0xf0
[   72.169246][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.169258][ T5859] RIP: 0033:0x7fa0dd38ff17
[   72.169271][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   72.169281][ T5859] RSP: 002b:00007ffe10e41bd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   72.169296][ T5859] RAX: 0000000000000000 RBX: 00007fa0dd411c05 RCX: 00007fa0dd38ff17
[   72.169305][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe10e41c90
[   72.169313][ T5859] RBP: 00007ffe10e41c90 R08: 0000000000000000 R09: 0000000000000000
[   72.169320][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe10e42d20
[   72.169328][ T5859] R13: 00007fa0dd411c05 R14: 0000000000011913 R15: 00007ffe10e42d60
[   72.169353][ T5859]  </TASK>
[   72.169358][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   72.311777][ T6113] batman_adv: batadv0: Adding interface: dummy0
[   72.316282][ T6113] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.328373][ T6113] batman_adv: batadv0: Interface activated: dummy0
[   72.341540][ T6113] batadv0: mtu less than device minimum
[   72.345569][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.350572][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.355649][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.360539][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.365473][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.370377][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.375413][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.380285][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.385270][ T6113] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   72.589732][ T6117] netlink: 32 bytes leftover after parsing attributes in process `syz.0.79'.
[   72.594265][ T6117] netlink: 32 bytes leftover after parsing attributes in process `syz.0.79'.
[   72.747395][ T6127] loop1: detected capacity change from 0 to 1024
[   72.804173][ T6127] hfsplus: extend alloc file! (16384,256,150995124)
[   73.056521][ T6145] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[   73.091853][ T6148] process 'syz.1.96' launched './file0' with NULL argv: empty string added
[   73.479605][ T6167] loop1: detected capacity change from 0 to 512
[   73.497372][ T6167] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   73.501368][ T6167] EXT4-fs (loop1): invalid journal inode
[   73.505231][ T6167] EXT4-fs (loop1): can't get journal size
[   73.514107][ T6167] EXT4-fs (loop1): 1 truncate cleaned up
[   73.516838][ T6167] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.525945][ T6167] EXT4-fs warning (device loop1): verify_group_input:137: Cannot add at group 1701996919 (only 1 groups)
[   73.561249][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.844593][ T6181] netlink: 'syz.0.111': attribute type 16 has an invalid length.
[   73.904774][ T6185] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   74.080519][ T6198] mmap: syz.0.119 (6198) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   74.207723][ T6204] bridge0: port 3(syz_tun) entered blocking state
[   74.216261][ T6204] bridge0: port 3(syz_tun) entered disabled state
[   74.219107][ T6204] syz_tun: entered allmulticast mode
[   74.224761][ T6204] syz_tun: entered promiscuous mode
[   74.231102][ T6204] bridge0: port 3(syz_tun) entered blocking state
[   74.234135][ T6204] bridge0: port 3(syz_tun) entered forwarding state
[   74.331477][ T6212] netlink: 39 bytes leftover after parsing attributes in process `syz.2.126'.
[   74.349231][ T6200] loop1: detected capacity change from 0 to 32768
[   74.365304][ T6200] (syz.1.120,6200,0):ocfs2_check_set_options:1259 ERROR: Group quotas were requested, but this filesystem does not have the feature enabled.
[   74.380843][ T6200] (syz.1.120,6200,0):ocfs2_fill_super:1177 ERROR: status = -22
[   74.420252][ T5858] Bluetooth: hci0: unknown advertising packet type: 0x82
[   74.420293][ T5858] Bluetooth: hci0: Dropping invalid advertising data
[   74.429690][ T5858] Bluetooth: hci0: Malformed LE Event: 0x02
[   74.483080][  T972] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.642684][  T972] usb 1-1: Using ep0 maxpacket: 32
[   74.647951][  T972] usb 1-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.651873][  T972] usb 1-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[   74.657034][  T972] usb 1-1: config 0 interface 0 has no altsetting 0
[   74.659937][  T972] usb 1-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[   74.664731][  T972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.670288][  T972] usb 1-1: config 0 descriptor??
[   74.802561][   T51] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   74.978096][   T51] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   74.986331][   T51] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[   74.990026][   T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.993858][   T51] usb 2-1: Product: syz
[   74.998275][   T51] usb 2-1: Manufacturer: syz
[   75.000137][   T51] usb 2-1: SerialNumber: syz
[   75.006922][   T51] usb 2-1: config 0 descriptor??
[   75.013530][   T51] yurex 2-1:0.0: Could not find endpoints
[   75.087192][  T972] betop 0003:20BC:5500.0001: unbalanced collection at end of report description
[   75.091561][  T972] betop 0003:20BC:5500.0001: parse failed
[   75.095813][  T972] betop 0003:20BC:5500.0001: probe with driver betop failed with error -22
[   75.218449][ T5854] usb 2-1: USB disconnect, device number 3
[   75.290284][    T9] usb 1-1: USB disconnect, device number 2
[   75.367440][ T6226] loop2: detected capacity change from 0 to 32768
[   75.373387][ T6226] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value
[   75.979634][ T6234] loop1: detected capacity change from 0 to 4096
[   75.999294][ T6234] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   76.005486][ T6234] ntfs3(loop1): Failed to load $Extend (-22).
[   76.007969][ T6234] ntfs3(loop1): Failed to initialize $Extend.
[   76.039693][ T6234] ntfs3(loop1): ino=1b, "file0" ntfs_readdir
[   76.124734][ T6238] loop1: detected capacity change from 0 to 4096
[   76.152297][ T6239] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   76.315334][ T6236] loop0: detected capacity change from 0 to 32768
[   76.361400][ T6236] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   76.402743][ T6236] XFS (loop0): Ending clean mount
[   76.442674][ T5859] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   76.646255][ T6243] loop1: detected capacity change from 0 to 32768
[   76.727664][ T6251] loop2: detected capacity change from 0 to 32768
[   76.778117][ T6243] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   76.778141][ T6243]   allowing incompatible features above 0.0: (unknown version)
[   76.778149][ T6243]   features: 
[   76.792168][ T6243] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   76.795954][ T6243] bcachefs (loop1): initializing new filesystem
[   76.807871][ T6243] bcachefs (loop1): going read-write
[   76.819146][ T6251] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   76.819160][ T6251]   allowing incompatible features above 0.0: (unknown version)
[   76.819165][ T6251]   features: lz4
[   76.821993][ T6243] bcachefs (loop1): marking superblocks
[   76.832730][ T6251] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[   76.832756][ T6251] bcachefs (loop2): initializing new filesystem
[   76.846751][ T6243] bcachefs (loop1): initializing freespace
[   76.853398][ T6243] bcachefs (loop1): done initializing freespace
[   76.857436][ T6251] bcachefs (loop2): going read-write
[   76.859358][ T6243] bcachefs (loop1): reading snapshots table
[   76.861515][ T6243] bcachefs (loop1): reading snapshots done
[   76.871856][ T6251] bcachefs (loop2): marking superblocks
[   76.879070][ T6243] bcachefs (loop1): done starting filesystem
[   76.913692][ T6251] bcachefs (loop2): initializing freespace
[   76.924097][ T6251] bcachefs (loop2): done initializing freespace
[   76.944637][ T6251] bcachefs (loop2): reading snapshots table
[   76.946836][ T6251] bcachefs (loop2): reading snapshots done
[   76.962816][ T6251] bcachefs (loop2): done starting filesystem
[   77.037176][ T6261] loop0: detected capacity change from 0 to 32768
[   77.040718][ T6261] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section quota: wrong size (got 40 should be 80)
[   77.040718][ T6261] quota (size 40):
[   77.040718][ T6261] user: flags 9 space timelimit 7 warnlimit 0 inodes timelimit 24 warnlimit 0
[   77.040718][ T6261] group: flags 1 space timelimit 80 warnlimit 10 inodes timelimit 0 warnlimit 0
[   77.040718][ T6261] project: flags 38 space timelimit 0 warnlimit 0 inodes timelimit 0 warnlimit 0
[   77.040718][ T6261] 
[   77.057386][ T6261] bcachefs: bch2_fs_get_tree() error: invalid_sb_quota
[   77.130667][ T6243] syz.1.139 (6243) used greatest stack depth: 15352 bytes left
[   77.174122][ T5849] bcachefs (loop2): shutting down
[   77.176040][ T5849] bcachefs (loop2): going read-only
[   77.178323][ T5849] bcachefs (loop2): finished waiting for writes to stop
[   77.197895][ T5849] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[   77.242959][ T5849] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[   77.273494][ T5849] bcachefs (loop2): clean shutdown complete, journal seq 4
[   77.274180][ T5853] bcachefs (loop1): shutting down
[   77.276687][ T5849] bcachefs (loop2): marking filesystem clean
[   77.277984][ T5853] bcachefs (loop1): going read-only
[   77.282026][ T5853] bcachefs (loop1): finished waiting for writes to stop
[   77.297708][ T5853] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[   77.328919][ T5853] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[   77.330187][ T5849] bcachefs (loop2): shutdown complete
[   77.345241][ T5853] bcachefs (loop1): clean shutdown complete, journal seq 5
[   77.348494][ T5853] bcachefs (loop1): marking filesystem clean
[   77.404642][ T5853] bcachefs (loop1): shutdown complete
[   77.514470][ T6282] loop0: detected capacity change from 0 to 4096
[   77.536781][ T6282] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[   77.557612][ T6282] ntfs3(loop0): Failed to load $MFTMirr (-22).
[   78.299174][ T6292] loop0: detected capacity change from 0 to 131072
[   78.426473][ T6292] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[   78.429004][ T6292] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   78.436165][ T6292] F2FS-fs (loop0): invalid crc value
[   78.497075][ T6292] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   78.502864][ T6292] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   78.505023][ T6292] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   78.647527][ T6301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.151'.
[   78.938362][ T6303] loop2: detected capacity change from 0 to 40427
[   78.941219][ T6303] F2FS-fs: heap/no_heap options were deprecated
[   78.944875][ T6303] F2FS-fs (loop2): Image doesn't support compression
[   78.947089][ T6303] F2FS-fs (loop2): build fault injection rate: 690
[   78.950830][ T6303] F2FS-fs (loop2): invalid crc value
[   79.016602][ T6303] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   79.022312][ T6303] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   79.038511][   T33] audit: type=1800 audit(1755690610.634:3): pid=6303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.152" name="bus" dev="loop2" ino=10 res=0 errno=0
[   79.039884][ T6303] syz.2.152: attempt to access beyond end of device
[   79.039884][ T6303] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   79.050663][ T6303] CPU: 0 UID: 0 PID: 6303 Comm: syz.2.152 Not tainted syzkaller #0 PREEMPT(full) 
[   79.050682][ T6303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.050692][ T6303] Call Trace:
[   79.050699][ T6303]  <TASK>
[   79.050706][ T6303]  dump_stack_lvl+0x189/0x250
[   79.050731][ T6303]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.050746][ T6303]  ? __pfx_queue_work_on+0x10/0x10
[   79.050762][ T6303]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.050783][ T6303]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.050813][ T6303]  f2fs_handle_critical_error+0x37c/0x540
[   79.050838][ T6303]  f2fs_write_end_io+0x886/0xb60
[   79.050867][ T6303]  __submit_merged_bio+0x27a/0x6a0
[   79.050894][ T6303]  __submit_merged_write_cond+0x255/0x530
[   79.050928][ T6303]  f2fs_write_data_pages+0x261d/0x3000
[   79.050976][ T6303]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   79.051060][ T6303]  ? __lock_acquire+0xab9/0xd20
[   79.051092][ T6303]  ? do_raw_spin_lock+0x121/0x290
[   79.051122][ T6303]  ? do_raw_spin_unlock+0x4d/0x240
[   79.051138][ T6303]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   79.051155][ T6303]  do_writepages+0x32e/0x550
[   79.051187][ T6303]  ? do_raw_spin_unlock+0x4d/0x240
[   79.051210][ T6303]  filemap_fdatawrite+0x199/0x240
[   79.051229][ T6303]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   79.051290][ T6303]  ? do_raw_spin_unlock+0x4d/0x240
[   79.051313][ T6303]  f2fs_sync_dirty_inodes+0x31f/0x830
[   79.051340][ T6303]  f2fs_write_checkpoint+0x95a/0x1df0
[   79.051374][ T6303]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   79.051426][ T6303]  ? down_write+0x162/0x1f0
[   79.051443][ T6303]  ? __pfx_down_write+0x10/0x10
[   79.051474][ T6303]  f2fs_issue_checkpoint+0x3ac/0x570
[   79.051493][ T6303]  ? __pfx_f2fs_issue_checkpoint+0x10/0x10
[   79.051515][ T6303]  ? mnt_get_write_access+0x68/0x2a0
[   79.051549][ T6303]  ? f2fs_sync_fs+0x200/0x3d0
[   79.051598][ T6303]  __f2fs_ioctl+0x3d63/0xb610
[   79.051633][ T6303]  ? 0xffffffffff600000
[   79.051646][ T6303]  ? file_ioctl+0x22d/0x780
[   79.051663][ T6303]  ? __pfx_file_ioctl+0x10/0x10
[   79.051690][ T6303]  ? kasan_quarantine_put+0xdd/0x220
[   79.051714][ T6303]  ? __pfx___f2fs_ioctl+0x10/0x10
[   79.051734][ T6303]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   79.051757][ T6303]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   79.051772][ T6303]  ? do_vfs_ioctl+0xb33/0x1430
[   79.051790][ T6303]  ? 0xffffffffff600000
[   79.051802][ T6303]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   79.051835][ T6303]  ? __lock_acquire+0xab9/0xd20
[   79.051896][ T6303]  ? __fget_files+0x2a/0x420
[   79.051929][ T6303]  ? __fget_files+0x2a/0x420
[   79.051943][ T6303]  ? __fget_files+0x3a0/0x420
[   79.051955][ T6303]  ? __fget_files+0x2a/0x420
[   79.051970][ T6303]  ? f2fs_ioctl+0x135/0x250
[   79.051979][ T6303]  ? 0xffffffffff600000
[   79.051986][ T6303]  ? __pfx_f2fs_ioctl+0x10/0x10
[   79.051995][ T6303]  ? 0xffffffffff600000
[   79.052003][ T6303]  __se_sys_ioctl+0xfc/0x170
[   79.052017][ T6303]  do_syscall_64+0xfa/0x3b0
[   79.052030][ T6303]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.052042][ T6303]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.052052][ T6303]  ? exc_page_fault+0x9f/0xf0
[   79.052064][ T6303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.052072][ T6303] RIP: 0033:0x7f5341b8ebe9
[   79.052080][ T6303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.052088][ T6303] RSP: 002b:00007f5342a23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   79.052097][ T6303] RAX: ffffffffffffffda RBX: 00007f5341db5fa0 RCX: 00007f5341b8ebe9
[   79.052103][ T6303] RDX: ffffffffff600000 RSI: 000000000000f507 RDI: 0000000000000004
[   79.052108][ T6303] RBP: 00007f5341c11e19 R08: 0000000000000000 R09: 0000000000000000
[   79.052114][ T6303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   79.052119][ T6303] R13: 00007f5341db6038 R14: 00007f5341db5fa0 R15: 00007ffcc62f0358
[   79.052131][ T6303]  ? 0xffffffffff600000
[   79.052141][ T6303]  </TASK>
[   79.052146][ T6303] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   79.432536][ T6310] loop0: detected capacity change from 0 to 32768
[   79.452293][ T6310] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   79.480769][ T6310] XFS (loop0): Ending clean mount
[   79.489028][ T6310] XFS (loop0): Quotacheck needed: Please wait.
[   79.494942][ T6320] warning: `syz.2.153' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   79.588396][ T6310] XFS (loop0): Quotacheck: Done.
[   79.625163][   T33] audit: type=1800 audit(1755690611.224:4): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.154" name="bus" dev="loop0" ino=9291 res=0 errno=0
[   79.663912][ T5859] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   79.832598][ T6332] syz.2.160 uses obsolete (PF_INET,SOCK_PACKET)
[   80.089890][ T6340] loop0: detected capacity change from 0 to 32768
[   80.137626][ T6340] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   80.166843][ T6342] loop2: detected capacity change from 0 to 32768
[   80.184020][ T6342] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.164 (6342)
[   80.186404][ T6340] XFS (loop0): Ending clean mount
[   80.203962][ T6342] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.207572][ T6340] XFS (loop0): Quotacheck needed: Please wait.
[   80.213734][ T6342] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   80.217183][ T6342] BTRFS info (device loop2): using free-space-tree
[   80.290897][ T6340] XFS (loop0): Quotacheck: Done.
[   80.351395][ T5859] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   80.614330][ T5882] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[   80.620705][ T5849] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.805491][ T6379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'.
[   80.888140][ T6383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.170'.
[   80.922694][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   80.992656][ T6389] loop2: detected capacity change from 0 to 1024
[   81.049340][ T1091] hfsplus: b-tree write err: -5, ino 4
[   81.073107][    T9] usb 1-1: Using ep0 maxpacket: 32
[   81.078784][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.099052][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.103657][    T9] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[   81.107146][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.122280][    T9] usb 1-1: config 0 descriptor??
[   81.353599][   T95] cfg80211: failed to load regulatory.db
[   81.360212][    T9] usbhid 1-1:0.0: can't add hid device: -71
[   81.363881][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   81.374254][    T9] usb 1-1: USB disconnect, device number 3
[   81.492714][   T51] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   81.648303][   T51] usb 3-1: config 0 has an invalid interface number: 20 but max is 0
[   81.651672][   T51] usb 3-1: config 0 has no interface number 0
[   81.661288][   T51] usb 3-1: config 0 interface 20 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.674649][   T51] usb 3-1: config 0 interface 20 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.679589][   T51] usb 3-1: config 0 interface 20 has no altsetting 0
[   81.688814][   T51] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[   81.692370][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.709970][   T51] usb 3-1: config 0 descriptor??
[   81.852048][ T6418] overlayfs: failed to verify upper (73/file0, ino=397, err=-116)
[   81.858454][ T6418] overlayfs: failed to verify index dir 'upper' xattr
[   81.861176][ T6418] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[   82.029983][ T6424] capability: warning: `syz.1.190' uses 32-bit capabilities (legacy support in use)
[   82.148152][   T51] logitech-djreceiver 0003:046D:C534.0002: unknown main item tag 0x0
[   82.150642][   T51] logitech-djreceiver 0003:046D:C534.0002: unknown main item tag 0x0
[   82.153189][   T51] logitech-djreceiver 0003:046D:C534.0002: unknown main item tag 0x0
[   82.178042][   T51] logitech-djreceiver 0003:046D:C534.0002: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.2-1/input20
[   82.436921][ T5921] usb 3-1: USB disconnect, device number 2
[   82.544107][ T6443] loop1: detected capacity change from 0 to 8
[   82.730510][ T6445] loop1: detected capacity change from 0 to 32768
[   82.735360][ T6445] jfs_mount: Failed to read FILESYSTEM_I
[   82.737513][ T6445] Mount JFS Failure: -5
[   82.738825][ T6445] jfs_mount failed w/return code = -5
[   83.004145][  T972] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   83.171006][ T6465] netlink: 14 bytes leftover after parsing attributes in process `syz.2.205'.
[   83.184502][  T972] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[   83.187554][  T972] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.196082][  T972] usb 2-1: config 0 descriptor??
[   83.264954][ T6465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.271578][ T6465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.276861][ T6465] bond0 (unregistering): Released all slaves
[   83.412649][ T5921] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[   83.425699][  T972] kaweth 2-1:0.0: Firmware present in device.
[   83.564719][ T5921] usb 1-1: unable to get BOS descriptor or descriptor too short
[   83.567564][ T5921] usb 1-1: not running at top speed; connect to a high speed hub
[   83.573487][ T5921] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[   83.582681][ T5921] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   83.585744][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.589240][ T5921] usb 1-1: Product: syz
[   83.589488][ T6468] loop2: detected capacity change from 0 to 32768
[   83.590509][ T5921] usb 1-1: Manufacturer: syz
[   83.590530][ T5921] usb 1-1: SerialNumber: syz
[   83.617731][ T6468] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   83.620877][  T972] kaweth 2-1:0.0: Statistics collection: 0
[   83.623865][  T972] kaweth 2-1:0.0: Multicast filter limit: 0
[   83.627828][  T972] kaweth 2-1:0.0: MTU: 0
[   83.631018][  T972] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00
[   83.677432][ T5849] ocfs2: Unmounting device (7,2) on (node local)
[   83.803989][ T5921] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   83.826364][  T972] kaweth 2-1:0.0: probe with driver kaweth failed with error -5
[   83.845049][ T5921] usb 1-1: USB disconnect, device number 4
[   83.847448][  T972] usb 2-1: USB disconnect, device number 4
[   83.882311][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   84.124954][   T95] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   84.274442][   T95] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[   84.278148][   T95] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.289735][   T95] usb 3-1: config 0 descriptor??
[   84.503693][   T95] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[   84.615555][ T6480] loop0: detected capacity change from 0 to 32768
[   84.704777][   T95] [drm:udl_init] *ERROR* Selecting channel failed
[   84.721249][ T6485] loop1: detected capacity change from 0 to 512
[   84.721269][   T95] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 3
[   84.728294][   T95] [drm] Initialized udl on minor 3
[   84.733173][ T6485] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   84.734206][   T95] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[   84.737760][ T6485] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   84.751670][   T95] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[   84.768941][ T5921] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[   84.782906][   T95] usb 3-1: USB disconnect, device number 3
[   84.787859][ T5921] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[   84.810161][ T6485] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   84.833974][ T6485] EXT4-fs (loop1): 1 truncate cleaned up
[   84.837631][ T6485] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.937027][ T6485] loop1: detected capacity change from 512 to 64
[   84.964851][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.001211][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.008677][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.015325][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.023419][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.028571][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.034235][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.038968][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.044079][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.048639][ T5853] EXT4-fs warning (device loop1): ext4_empty_dir:3113: inode #11: lblock 5: comm syz-executor: error -12 reading directory block
[   85.490638][ T6503] loop2: detected capacity change from 0 to 128
[   85.500877][ T6503] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   85.507183][ T6503] ext4 filesystem being mounted at /79/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   85.543087][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.576455][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.581146][ T5849] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   85.641184][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.697694][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.833641][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.977947][ T6512] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   86.014478][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.024931][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.028607][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.033296][ T5235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.036674][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.066212][   T13] bridge_slave_1: left allmulticast mode
[   86.068474][   T13] bridge_slave_1: left promiscuous mode
[   86.071655][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.103822][   T13] bridge_slave_0: left allmulticast mode
[   86.105615][   T13] bridge_slave_0: left promiscuous mode
[   86.108039][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.255422][ T6519] loop2: detected capacity change from 0 to 512
[   86.280345][ T6519] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.286425][ T6519] ext4 filesystem being mounted at /81/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   86.336751][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.568945][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.574308][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   86.590036][   T13] bond0 (unregistering): Released all slaves
[   86.834086][   T95] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   86.994965][   T95] usb 3-1: config 10 has an invalid interface number: 185 but max is 0
[   87.009760][   T95] usb 3-1: config 10 has no interface number 0
[   87.012291][   T95] usb 3-1: config 10 interface 185 has no altsetting 0
[   87.026073][   T95] usb 3-1: New USB device found, idVendor=17cc, idProduct=1969, bcdDevice=72.2f
[   87.029301][   T95] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.036997][ T6546] loop0: detected capacity change from 0 to 2048
[   87.038306][   T95] usb 3-1: Product: syz
[   87.041023][   T95] usb 3-1: Manufacturer: syz
[   87.045972][   T95] usb 3-1: SerialNumber: syz
[   87.080121][ T6546] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[   87.096497][   T13] hsr_slave_0: left promiscuous mode
[   87.107645][   T13] hsr_slave_1: left promiscuous mode
[   87.117831][ T6546] UDF-fs: unknown compression code (0)
[   87.122347][   T13] veth1_macvtap: left promiscuous mode
[   87.124361][   T13] veth0_macvtap: left promiscuous mode
[   87.126270][   T13] veth1_vlan: left promiscuous mode
[   87.128050][   T13] veth0_vlan: left promiscuous mode
[   87.177664][ T6549] loop2: detected capacity change from 0 to 7
[   87.186398][ T6549]  loop2: [CUMANA/ADFS] p1 [ADFS] p1
[   87.188374][ T6549] loop2: partition table partially beyond EOD, truncated
[   87.190655][ T6549] loop2: p1 size 2989602745 extends beyond EOD, truncated
[   87.231326][ T5862] udevd[5862]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   87.305242][   T95] snd-usb-caiaq 3-1:10.185: can't set alt interface.
[   87.316724][   T95] usb 3-1: unable to init card! (ret=-5)
[   87.319989][   T95] snd-usb-caiaq 3-1:10.185: probe with driver snd-usb-caiaq failed with error -5
[   87.336883][   T95] usb 3-1: USB disconnect, device number 4
[   87.432017][ T6551] loop0: detected capacity change from 0 to 32768
[   87.474362][ T6551] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   87.512313][ T6551] XFS (loop0): Ending clean mount
[   87.518791][ T6551] XFS (loop0): Quotacheck needed: Please wait.
[   87.566883][ T6551] XFS (loop0): Quotacheck: Done.
[   87.672151][ T5859] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   87.943146][   T13] team0 (unregistering): Port device team_slave_1 removed
[   87.981893][   T13] team0 (unregistering): Port device team_slave_0 removed
[   88.005557][ T6565] loop2: detected capacity change from 0 to 512
[   88.044302][ T6565] fscrypt (loop2, inode 2): Error -61 getting encryption context
[   88.060576][ T6565] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61
[   88.070717][ T6565] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #13: comm syz.2.241: iget: bad i_size value: 12154757448730
[   88.086915][ T6565] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.241: couldn't read orphan inode 13 (err -117)
[   88.095230][ T6565] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.104299][ T6565] fscrypt (loop2, inode 2): Error -61 getting encryption context
[   88.132979][ T5858] Bluetooth: hci1: command tx timeout
[   88.138376][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.461162][ T6513] chnl_net:caif_netlink_parms(): no params data found
[   88.560008][ T6579] loop0: detected capacity change from 0 to 16
[   88.593418][ T6579] erofs (device loop0): mounted with root inode @ nid 36.
[   88.700431][ T6588] loop0: detected capacity change from 0 to 128
[   88.711424][ T6513] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.721231][ T6513] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.725638][ T6588] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   88.731506][ T6513] bridge_slave_0: entered allmulticast mode
[   88.738472][ T6513] bridge_slave_0: entered promiscuous mode
[   88.742910][ T6588] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   88.749280][ T6588] EXT4-fs warning (device loop0): verify_group_input:137: Cannot add at group 4095 (only 1 groups)
[   88.781099][ T6513] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.787198][ T6513] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.791445][ T6513] bridge_slave_1: entered allmulticast mode
[   88.796089][ T6513] bridge_slave_1: entered promiscuous mode
[   88.805672][ T5859] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   88.824098][ T6575] loop2: detected capacity change from 0 to 40427
[   88.827168][ T6575] f2fs: Unexpected value for 'grpquota'
[   88.915168][ T6513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.919965][ T6513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.008074][ T6513] team0: Port device team_slave_0 added
[   89.035603][ T6594] af_packet: tpacket_rcv: packet too big, clamped from 65232 to 4294967272. macoff=96
[   89.035987][ T6513] team0: Port device team_slave_1 added
[   89.103631][ T6513] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.105720][ T6513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.127320][ T6513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.131860][ T6513] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.145470][ T6513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.153418][ T6513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.205706][ T6513] hsr_slave_0: entered promiscuous mode
[   89.208081][ T6513] hsr_slave_1: entered promiscuous mode
[   89.210144][ T6513] debugfs: 'hsr0' already exists in 'hsr'
[   89.211923][ T6513] Cannot create hsr debugfs directory
[   89.229716][ T6604] loop2: detected capacity change from 0 to 256
[   89.246254][ T6604] overlayfs: failed lookup in lower (/, name='file1', err=-40): overlapping layers
[   89.401688][ T6612] net_ratelimit: 10 callbacks suppressed
[   89.401701][ T6612] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[   89.422675][  T972] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   89.459024][ T6513] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   89.483313][ T6513] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   89.492099][ T6513] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   89.503198][ T6513] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   89.586561][ T6627] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[   89.602545][  T972] usb 1-1: Using ep0 maxpacket: 16
[   89.621121][  T972] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   89.625610][  T972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   89.631916][  T972] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   89.636418][  T972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.640251][  T972] usb 1-1: Product: syz
[   89.641646][  T972] usb 1-1: Manufacturer: syz
[   89.646717][  T972] usb 1-1: SerialNumber: syz
[   89.664366][  T972] usb 1-1: config 0 descriptor??
[   89.670996][  T972] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   89.678255][ T6513] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.682923][  T972] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[   89.698318][ T6513] 8021q: adding VLAN 0 to HW filter on device team0
[   89.704145][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.706473][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.719982][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.722520][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.885032][ T6642] Zero length message leads to an empty skb
[   89.949175][ T6645] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   89.984037][ T6513] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.049998][ T6513] veth0_vlan: entered promiscuous mode
[   90.066113][ T6513] veth1_vlan: entered promiscuous mode
[   90.101277][ T6513] veth0_macvtap: entered promiscuous mode
[   90.111451][ T6513] veth1_macvtap: entered promiscuous mode
[   90.130673][ T6513] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.149023][ T6513] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.161671][ T5882] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.188134][ T5882] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.191861][ T5882] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.195390][ T5882] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.216262][ T5858] Bluetooth: hci1: command tx timeout
[   90.548679][  T972] em28xx 1-1:0.0: chip ID is em2874
[   90.631784][ T1190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.639015][ T1190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.705816][ T1190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.710250][ T1190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.763619][ T5854] usb 1-1: USB disconnect, device number 5
[   90.766213][ T5854] em28xx 1-1:0.0: Disconnecting em28xx
[   90.799841][ T5854] em28xx 1-1:0.0: Freeing device
[   91.076347][ T6658] loop3: detected capacity change from 0 to 32768
[   91.125075][ T6658] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.169024][ T6658] XFS (loop3): Ending clean mount
[   91.183720][ T6658] XFS (loop3): Quotacheck needed: Please wait.
[   91.217478][ T6658] XFS (loop3): Quotacheck: Done.
[   91.254785][ T6513] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.462799][ T6690] loop0: detected capacity change from 0 to 40427
[   91.475448][ T6690] F2FS-fs (loop0): invalid crc value
[   91.513058][ T6690] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   91.516932][ T6690] F2FS-fs (loop0): Start checkpoint disabled!
[   91.532546][ T6690] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   91.579894][   T33] audit: type=1800 audit(1755690623.174:5): pid=6690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.268" name="file1" dev="loop0" ino=10 res=0 errno=0
[   91.828702][ T6709] team0: No ports can be present during mode change
[   91.940238][ T6712] syz.0.268: attempt to access beyond end of device
[   91.940238][ T6712] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[   91.952781][ T6712] syz.0.268: attempt to access beyond end of device
[   91.952781][ T6712] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[   91.960501][ T6712] syz.0.268: attempt to access beyond end of device
[   91.960501][ T6712] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[   91.966929][ T6712] syz.0.268: attempt to access beyond end of device
[   91.966929][ T6712] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[   91.973503][ T6712] syz.0.268: attempt to access beyond end of device
[   91.973503][ T6712] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[   91.980764][ T6712] syz.0.268: attempt to access beyond end of device
[   91.980764][ T6712] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[   91.988357][ T6712] syz.0.268: attempt to access beyond end of device
[   91.988357][ T6712] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[   91.995458][ T6712] syz.0.268: attempt to access beyond end of device
[   91.995458][ T6712] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[   92.002138][ T6712] syz.0.268: attempt to access beyond end of device
[   92.002138][ T6712] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[   92.009277][ T6712] syz.0.268: attempt to access beyond end of device
[   92.009277][ T6712] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[   92.245036][   T68] CPU: 1 UID: 0 PID: 68 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[   92.245052][   T68] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   92.245058][   T68] Workqueue: writeback wb_workfn (flush-7:0)
[   92.245074][   T68] Call Trace:
[   92.245078][   T68]  <TASK>
[   92.245082][   T68]  dump_stack_lvl+0x189/0x250
[   92.245098][   T68]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.245107][   T68]  ? __pfx_queue_work_on+0x10/0x10
[   92.245117][   T68]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   92.245130][   T68]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   92.245144][   T68]  f2fs_handle_critical_error+0x37c/0x540
[   92.245162][   T68]  f2fs_write_end_io+0x886/0xb60
[   92.245179][   T68]  __submit_merged_bio+0x27a/0x6a0
[   92.245193][   T68]  __submit_merged_write_cond+0x255/0x530
[   92.245207][   T68]  f2fs_write_data_pages+0x261d/0x3000
[   92.245234][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   92.245251][   T68]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   92.245275][   T68]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   92.245292][   T68]  ? trace_f2fs_writepages+0x7f/0x200
[   92.245304][   T68]  ? f2fs_write_node_pages+0x478/0x6e0
[   92.245324][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   92.245336][   T68]  do_writepages+0x32e/0x550
[   92.245350][   T68]  ? reacquire_held_locks+0x127/0x1d0
[   92.245359][   T68]  ? writeback_sb_inodes+0x384/0x1010
[   92.245374][   T68]  __writeback_single_inode+0x145/0xff0
[   92.245384][   T68]  ? do_raw_spin_unlock+0x4d/0x240
[   92.245424][   T68]  writeback_sb_inodes+0x6c7/0x1010
[   92.245434][   T68]  ? lockdep_hardirqs_on+0x9c/0x150
[   92.245457][   T68]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   92.245486][   T68]  ? rcu_is_watching+0x15/0xb0
[   92.245499][   T68]  wb_writeback+0x43b/0xaf0
[   92.245513][   T68]  ? queue_io+0x321/0x590
[   92.245524][   T68]  ? __pfx_wb_writeback+0x10/0x10
[   92.245538][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[   92.245550][   T68]  wb_workfn+0x409/0xef0
[   92.245565][   T68]  ? __pfx_wb_workfn+0x10/0x10
[   92.245576][   T68]  ? __lock_acquire+0xab9/0xd20
[   92.245593][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[   92.245604][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[   92.245613][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[   92.245620][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[   92.245628][   T68]  process_scheduled_works+0xae1/0x17b0
[   92.245649][   T68]  ? __pfx_process_scheduled_works+0x10/0x10
[   92.245664][   T68]  worker_thread+0x8a0/0xda0
[   92.245685][   T68]  kthread+0x711/0x8a0
[   92.245697][   T68]  ? __pfx_worker_thread+0x10/0x10
[   92.245704][   T68]  ? __pfx_kthread+0x10/0x10
[   92.245714][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[   92.245723][   T68]  ? lockdep_hardirqs_on+0x9c/0x150
[   92.245732][   T68]  ? __pfx_kthread+0x10/0x10
[   92.245747][   T68]  ret_from_fork+0x3fc/0x770
[   92.245758][   T68]  ? __pfx_ret_from_fork+0x10/0x10
[   92.245769][   T68]  ? __switch_to_asm+0x39/0x70
[   92.245778][   T68]  ? __switch_to_asm+0x33/0x70
[   92.245787][   T68]  ? __pfx_kthread+0x10/0x10
[   92.245797][   T68]  ret_from_fork_asm+0x1a/0x30
[   92.245815][   T68]  </TASK>
[   92.245818][   T68] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   92.293337][ T5858] Bluetooth: hci1: command tx timeout
[   92.313436][ T6722] loop3: detected capacity change from 0 to 4096
[   93.063698][ T6735] loop0: detected capacity change from 0 to 256
[   93.087546][ T6735] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   93.107853][ T6735] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[   93.117423][ T6735] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[   93.427387][ T6752] loop3: detected capacity change from 0 to 256
[   94.214971][ T6767] 9p: Unknown access argument (: -22
[   94.382724][ T5858] Bluetooth: hci1: command tx timeout
[   94.489539][ T6784] qrtr: Invalid version 0
[   94.792561][  T975] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[   94.957851][  T975] usb 3-1: config 0 has an invalid interface number: 200 but max is 0
[   94.961457][  T975] usb 3-1: config 0 has no interface number 0
[   94.964730][  T975] usb 3-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=91.6f
[   94.968805][  T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.977417][  T975] usb 3-1: config 0 descriptor??
[   95.196543][  T975] RobotFuzz Open Source InterFace, OSIF 3-1:0.200: version 91.6f found at bus 003 address 005
[   95.400263][ T5921] usb 3-1: USB disconnect, device number 5
[   95.431181][ T6798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'.
[   95.961040][ T6816] loop2: detected capacity change from 0 to 512
[   95.968395][ T6816] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   95.985543][ T6816] EXT4-fs (loop2): 1 truncate cleaned up
[   95.988286][ T6816] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.050805][ T6816] EXT4-fs (loop2): shut down requested (1)
[   96.087938][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.253317][ T6824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.315'.
[   96.444122][ T6814] loop3: detected capacity change from 0 to 131072
[   96.447213][ T6814] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[   96.449921][ T6814] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   96.454331][ T6814] F2FS-fs (loop3): invalid crc value
[   96.506244][ T6814] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   96.510503][ T6814] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   96.512896][ T6814] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[   97.308573][ T6866] comedi comedi0: Minor -2147450880 is invalid!
[   97.489453][ T6869] syz.0.329 uses old SIOCAX25GETINFO
[   97.570723][ T6874] loop2: detected capacity change from 0 to 256
[   97.593951][ T6874] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011d93, chksum : 0x4501cc6b, utbl_chksum : 0xe619d30d)
[   98.179075][ T6897] 9pnet_fd: Insufficient options for proto=fd
[   98.193738][ T6897] lo speed is unknown, defaulting to 1000
[   98.196601][ T6897] lo speed is unknown, defaulting to 1000
[   98.213393][ T6897] lo speed is unknown, defaulting to 1000
[   98.244093][ T6897] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   98.339114][ T6897] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[   98.408173][ T6897] lo speed is unknown, defaulting to 1000
[   98.415533][ T6892] loop2: detected capacity change from 0 to 16
[   98.416010][ T6897] lo speed is unknown, defaulting to 1000
[   98.418129][ T6892] erofs: Unknown parameter 'K،jxIE'
[   98.421165][ T6897] lo speed is unknown, defaulting to 1000
[   98.422800][ T5921] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   98.465392][ T6901] loop3: detected capacity change from 0 to 512
[   98.499813][ T6901] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   98.507554][ T6901] EXT4-fs (loop3): mount failed
[   98.582928][ T5921] usb 1-1: Using ep0 maxpacket: 32
[   98.588300][ T5921] usb 1-1: config 0 has an invalid interface number: 58 but max is 27
[   98.592164][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   98.597153][ T5921] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 28
[   98.600554][ T5921] usb 1-1: config 0 has no interface number 0
[   98.617526][ T5921] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x6 has invalid maxpacket 56166, setting to 64
[   98.620920][ T5921] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x7 has invalid maxpacket 64800, setting to 64
[   98.624554][ T5921] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   98.627448][ T5921] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[   98.630661][ T5921] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[   98.637528][ T5921] usb 1-1: config 0 interface 58 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[   98.649344][ T5921] usb 1-1: New USB device found, idVendor=05ac, idProduct=021c, bcdDevice=5c.24
[   98.652084][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.658997][ T5921] usb 1-1: Product: syz
[   98.661247][ T5921] usb 1-1: Manufacturer: syz
[   98.663387][ T5921] usb 1-1: SerialNumber: syz
[   98.666629][ T6907] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   98.671917][ T5921] usb 1-1: config 0 descriptor??
[   98.887586][ T5921] appletouch 1-1:0.58: Could not find int-in endpoint
[   98.889898][ T5921] appletouch 1-1:0.58: probe with driver appletouch failed with error -5
[   98.895073][ T5921] usbhid 1-1:0.58: couldn't find an input interrupt endpoint
[   98.901035][ T5921] usb 1-1: USB disconnect, device number 6
[   99.511606][ T6922] netlink: 'syz.0.350': attribute type 9 has an invalid length.
[   99.515599][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.350'.
[   99.522820][  T975] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   99.672790][  T975] usb 3-1: Using ep0 maxpacket: 32
[   99.733466][  T975] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.737077][  T975] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.752757][  T975] usb 3-1: config 0 interface 0 has no altsetting 0
[   99.761392][  T975] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[   99.767619][  T975] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[   99.772363][  T975] usb 3-1: Product: syz
[   99.783455][  T975] usb 3-1: config 0 descriptor??
[  100.037633][ T6928] loop0: detected capacity change from 0 to 40427
[  100.047375][ T6928] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  100.055659][ T6928] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  100.125647][ T6928] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  100.132328][ T6928] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  100.135529][ T6928] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  100.206068][  T975] hid (null): unknown global tag 0xe
[  100.226754][  T975] waterforce 0003:1044:7A4D.0003: unknown global tag 0xe
[  100.229505][  T975] waterforce 0003:1044:7A4D.0003: item 0 2 1 14 parsing failed
[  100.233186][  T975] waterforce 0003:1044:7A4D.0003: hid parse failed with -22
[  100.236096][  T975] waterforce 0003:1044:7A4D.0003: probe with driver waterforce failed with error -22
[  100.425594][  T975] usb 3-1: USB disconnect, device number 6
[  101.687929][ T6979] lo speed is unknown, defaulting to 1000
[  101.736210][ T6981] netlink: 36 bytes leftover after parsing attributes in process `syz.0.369'.
[  101.739917][ T6981] netlink: 24 bytes leftover after parsing attributes in process `syz.0.369'.
[  101.807599][ T6985] loop0: detected capacity change from 0 to 512
[  101.830887][ T6985] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  101.838218][ T6985] EXT4-fs (loop0): mount failed
[  102.038686][ T6996] netlink: 316 bytes leftover after parsing attributes in process `syz.0.373'.
[  102.830755][ T7030] netlink: 16 bytes leftover after parsing attributes in process `syz.2.382'.
[  103.357434][ T7059] loop0: detected capacity change from 0 to 2048
[  103.426345][ T7059] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.499808][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.501040][ T7064] loop3: detected capacity change from 0 to 4096
[  103.506424][ T7064] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  103.526589][ T7064] ntfs3(loop3): ino=5, mi_enum_attr
[  103.528252][ T7064] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  103.847952][ T7089] loop3: detected capacity change from 0 to 2048
[  103.872628][ T7089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.887283][ T7089] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.954615][ T6513] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.196514][ T7102] loop3: detected capacity change from 0 to 40427
[  104.200242][ T7102] F2FS-fs (loop3): build fault injection rate: 14
[  104.202792][ T7102] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  104.208053][ T7102] F2FS-fs (loop3): invalid crc value
[  104.211526][    C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  104.218592][    C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  104.252349][ T7102] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  104.255179][ T7102] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  104.259384][ T7102] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  104.275929][ T7102] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  104.281438][ T7102] F2FS-fs (loop3): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0xfa/0x570
[  104.293668][ T5854] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  104.300048][ T7102] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x11a/0xab0
[  104.339762][ T6513] bio_check_eod: 176 callbacks suppressed
[  104.339789][ T6513] syz-executor: attempt to access beyond end of device
[  104.339789][ T6513] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  104.346601][ T6513] CPU: 0 UID: 0 PID: 6513 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  104.346612][ T6513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.346618][ T6513] Call Trace:
[  104.346622][ T6513]  <TASK>
[  104.346626][ T6513]  dump_stack_lvl+0x189/0x250
[  104.346644][ T6513]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.346654][ T6513]  ? __pfx_queue_work_on+0x10/0x10
[  104.346664][ T6513]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  104.346677][ T6513]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.346693][ T6513]  f2fs_handle_critical_error+0x37c/0x540
[  104.346710][ T6513]  f2fs_write_end_io+0x886/0xb60
[  104.346728][ T6513]  __submit_merged_bio+0x27a/0x6a0
[  104.346742][ T6513]  __submit_merged_write_cond+0x255/0x530
[  104.346757][ T6513]  f2fs_write_data_pages+0x261d/0x3000
[  104.346787][ T6513]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.346806][ T6513]  ? is_bpf_text_address+0x26/0x2b0
[  104.346833][ T6513]  ? kernel_text_address+0xa5/0xe0
[  104.346845][ T6513]  ? __kernel_text_address+0xd/0x40
[  104.346856][ T6513]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.346874][ T6513]  ? stack_trace_save+0x9c/0xe0
[  104.346888][ T6513]  ? __lock_acquire+0xab9/0xd20
[  104.346910][ T6513]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.346922][ T6513]  do_writepages+0x32e/0x550
[  104.346939][ T6513]  ? do_raw_spin_unlock+0x4d/0x240
[  104.346951][ T6513]  filemap_fdatawrite+0x199/0x240
[  104.346962][ T6513]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  104.346997][ T6513]  ? do_raw_spin_unlock+0x4d/0x240
[  104.347009][ T6513]  f2fs_sync_dirty_inodes+0x31f/0x830
[  104.347026][ T6513]  f2fs_write_checkpoint+0x95a/0x1df0
[  104.347046][ T6513]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  104.347079][ T6513]  ? kill_f2fs_super+0x298/0x6c0
[  104.347090][ T6513]  kill_f2fs_super+0x2c3/0x6c0
[  104.347101][ T6513]  ? __pfx_kill_f2fs_super+0x10/0x10
[  104.347108][ T6513]  ? radix_tree_delete_item+0x2b6/0x400
[  104.347123][ T6513]  ? shrinker_free+0x2ce/0x3e0
[  104.347133][ T6513]  deactivate_locked_super+0xbc/0x130
[  104.347144][ T6513]  cleanup_mnt+0x425/0x4c0
[  104.347153][ T6513]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.347166][ T6513]  task_work_run+0x1d4/0x260
[  104.347177][ T6513]  ? __pfx_task_work_run+0x10/0x10
[  104.347187][ T6513]  ? __x64_sys_umount+0x122/0x160
[  104.347200][ T6513]  ? exit_to_user_mode_loop+0x40/0x110
[  104.347213][ T6513]  exit_to_user_mode_loop+0xec/0x110
[  104.347224][ T6513]  do_syscall_64+0x2bd/0x3b0
[  104.347234][ T6513]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.347244][ T6513]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.347253][ T6513]  ? exc_page_fault+0x9f/0xf0
[  104.347264][ T6513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.347272][ T6513] RIP: 0033:0x7f0fd778ff17
[  104.347281][ T6513] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  104.347287][ T6513] RSP: 002b:00007fff7257f238 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  104.347297][ T6513] RAX: 0000000000000000 RBX: 00007f0fd7811c05 RCX: 00007f0fd778ff17
[  104.347303][ T6513] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff7257f2f0
[  104.347333][ T6513] RBP: 00007fff7257f2f0 R08: 0000000000000000 R09: 0000000000000000
[  104.347338][ T6513] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff72580380
[  104.347343][ T6513] R13: 00007f0fd7811c05 R14: 0000000000019703 R15: 00007fff725803c0
[  104.347358][ T6513]  </TASK>
[  104.347362][ T6513] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  104.542583][ T5854] usb 1-1: Using ep0 maxpacket: 8
[  104.547554][ T5854] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  104.550546][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.553350][ T5854] usb 1-1: Product: syz
[  104.554874][ T5854] usb 1-1: Manufacturer: syz
[  104.556626][ T5854] usb 1-1: SerialNumber: syz
[  104.559713][ T5854] usb 1-1: config 0 descriptor??
[  104.569538][ T5854] gspca_main: sq905-2.14.0 probing 2770:9120
[  104.746548][ T7116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.403'.
[  104.880971][ T7122] loop3: detected capacity change from 0 to 512
[  104.889816][ T7122] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  104.919727][ T7122] netlink: 260 bytes leftover after parsing attributes in process `syz.3.406'.
[  105.027106][ T7126] tipc: Started in network mode
[  105.029010][ T7126] tipc: Node identity 6e8d096c526f, cluster identity 4711
[  105.034407][ T7126] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  105.038019][ T7126] syzkaller0: entered promiscuous mode
[  105.039884][ T7126] syzkaller0: entered allmulticast mode
[  105.057217][ T7126] tipc: Resetting bearer <eth:syzkaller0>
[  105.064760][ T7125] tipc: Resetting bearer <eth:syzkaller0>
[  105.077488][ T7125] tipc: Disabling bearer <eth:syzkaller0>
[  105.425337][ T7128] loop3: detected capacity change from 0 to 32768
[  105.431661][ T7128] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.409 (7128)
[  105.458458][ T7128] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  105.464329][ T7128] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  105.467663][ T7128] BTRFS info (device loop3): using free-space-tree
[  105.475914][ T5854] gspca_sq905: sq905_command: usb_control_msg failed (-110)
[  105.482557][ T5854] sq905 1-1:0.0: probe with driver sq905 failed with error -110
[  105.564959][ T7128] evm: overlay not supported
[  105.614313][ T6513] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  105.702759][  T972] usb 1-1: USB disconnect, device number 7
[  105.738521][ T7150] QAT: failed to copy from user.
[  105.816505][ T7152] pim6reg0: tun_chr_ioctl cmd 1074025677
[  105.818998][ T7152] pim6reg0: linktype set to 776
[  105.856701][  T975] libceph: connect (1)[c::]:6789 error -101
[  105.862900][  T975] libceph: mon0 (1)[c::]:6789 connect error
[  106.138936][  T975] libceph: connect (1)[c::]:6789 error -101
[  106.145985][  T975] libceph: mon0 (1)[c::]:6789 connect error
[  106.526669][ T7177] loop2: detected capacity change from 0 to 512
[  106.556341][ T7177] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.560289][ T7177] ext4 filesystem being mounted at /153/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  106.576739][ T7177] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.421: lblock 23 mapped to illegal pblock 18 (length 1)
[  106.584104][ T7177] EXT4-fs (loop2): Remounting filesystem read-only
[  106.598438][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.635303][ T7155] ceph: No mds server is up or the cluster is laggy
[  106.655529][  T975] libceph: connect (1)[c::]:6789 error -101
[  106.659690][  T975] libceph: mon0 (1)[c::]:6789 connect error
[  106.754013][ T7182] loop2: detected capacity change from 0 to 64
[  107.080470][ T7189] loop0: detected capacity change from 0 to 512
[  107.093099][ T7189] EXT4-fs (loop0): #blocks per group too big: 65535
[  107.283903][ T7193] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.427'.
[  107.290712][ T7193] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  107.294887][ T7193] openvswitch: netlink: Duplicate key (type 0).
[  108.031625][ T7197] loop3: detected capacity change from 0 to 32768
[  108.034773][ T7197] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.429 (7197)
[  108.070220][ T7197] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.075034][ T7197] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  108.080026][ T7201] loop0: detected capacity change from 0 to 32768
[  108.080362][ T7197] BTRFS info (device loop3): using free-space-tree
[  108.136906][ T7201] JBD2: Ignoring recovery information on journal
[  108.193368][ T7201] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  108.295578][ T6513] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.318093][ T5859] ocfs2: Unmounting device (7,0) on (node local)
[  108.427191][ T7208] loop2: detected capacity change from 0 to 32768
[  108.466116][ T7208] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.434 (7208)
[  108.509826][ T7208] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.509891][ T7208] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  108.509965][ T7208] BTRFS info (device loop2): using free-space-tree
[  109.075675][ T5849] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  109.852109][ T7265] loop2: detected capacity change from 0 to 32768
[  109.861788][ T7265] XFS: attr2 mount option is deprecated.
[  109.911944][ T7265] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  109.918375][ T7265] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  109.994553][ T7265] XFS (loop2): Ending clean mount
[  110.030905][ T7265] XFS (loop2): Quotacheck needed: Please wait.
[  110.094518][ T7283] loop3: detected capacity change from 0 to 128
[  110.097514][ T7265] XFS (loop2): Quotacheck: Done.
[  110.140302][ T7283] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  110.154086][ T7283] ext4 filesystem being mounted at /71/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  110.186097][ T7283] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro.
[  110.186631][ T5849] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  110.201002][ T7283] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w.
[  110.319162][ T6513] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  110.439183][ T7287] loop3: detected capacity change from 0 to 512
[  111.397418][ T7308] [U] 1WT`8H$09\
[  111.401175][ T7308] [U] ;2}UGVĥ#O9ե>-ߴSݢP
[  111.407000][ T7307] [U] 4XZ^Y)MC.OȞPOW
[  111.705815][ T7324] loop2: detected capacity change from 0 to 256
[  111.767015][ T7326] syz.2.467: attempt to access beyond end of device
[  111.767015][ T7326] loop2: rw=6144, sector=8, nr_sectors = 2 limit=0
[  111.771172][ T7326] bcachefs (/dev/loop2): error reading default superblock: IO error: -5
[  111.775510][ T7326] syz.2.467: attempt to access beyond end of device
[  111.775510][ T7326] loop2: rw=6144, sector=7, nr_sectors = 1 limit=0
[  111.779575][ T7326] bcachefs (/dev/loop2): error reading superblock: IO error: -5
[  111.782134][ T7326] bcachefs: bch2_fs_get_tree() error: EIO
[  111.885711][ T7320] loop3: detected capacity change from 0 to 32768
[  111.896952][ T7320] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section journal: journal bucket 128 past end of device (nbuckets 128)
[  111.896952][ T7320] journal (size 32):
[  111.896952][ T7320] Buckets:  9 7 128
[  111.896952][ T7320] 
[  111.905866][ T7320] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal
[  112.267014][ T7334] loop3: detected capacity change from 0 to 1024
[  112.290588][ T1092] hfsplus: b-tree write err: -5, ino 4
[  112.502624][   T33] audit: type=1800 audit(1755690644.094:6): pid=7344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.475" name="bus" dev="overlay" ino=735 res=0 errno=0
[  116.022698][ T7368] loop2: detected capacity change from 0 to 262144
[  116.037680][ T7368] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.484 (7368)
[  116.069234][ T7368] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  116.072507][ T7368] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  116.075427][ T7368] BTRFS info (device loop2): using free-space-tree
[  116.231678][   T28] BTRFS warning (device loop2): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[  116.239530][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 22036480 (dev /dev/loop2 sector 43040)
[  116.243886][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 22040576 (dev /dev/loop2 sector 43048)
[  116.247501][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 22044672 (dev /dev/loop2 sector 43056)
[  116.251027][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 22048768 (dev /dev/loop2 sector 43064)
[  116.283226][   T28] BTRFS warning (device loop2): checksum verify failed on logical 30457856 mirror 1 wanted 0x402e75f1de9ccfe6 found 0x42450c21b86dd7c2 level 0
[  116.288143][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 30457856 (dev /dev/loop2 sector 75872)
[  116.292051][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 30461952 (dev /dev/loop2 sector 75880)
[  116.295731][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 30466048 (dev /dev/loop2 sector 75888)
[  116.299200][ T7368] BTRFS info (device loop2): read error corrected: ino 0 off 30470144 (dev /dev/loop2 sector 75896)
[  116.446743][ T5849] BTRFS info (device loop2): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  117.069276][ T7391] loop2: detected capacity change from 0 to 128
[  117.092786][ T7391] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  117.117335][ T7391] ext4 filesystem being mounted at /176/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  117.148059][ T5849] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  117.238120][ T7396] loop0: detected capacity change from 0 to 1024
[  117.259601][ T7397] tmpfs: Bad value for 'usrquota_block_hardlimit'
[  117.278365][ T7396] EXT4-fs: Ignoring removed nobh option
[  117.288041][ T7396] EXT4-fs: Ignoring removed bh option
[  117.331874][ T7396] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.429113][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.527116][ T7420] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[  118.531625][ T7420] overlayfs: overlapping lowerdir path
[  118.954084][ T7422] loop3: detected capacity change from 0 to 32768
[  118.974385][ T7422] bcachefs (/dev/loop3): error reading superblock: block size (0) smaller than device block size (512)
[  118.992590][ T7422] bcachefs: bch2_fs_get_tree() error: block_size_too_small
[  119.255964][ T7427] loop3: detected capacity change from 0 to 256
[  119.307367][ T7427] FAT-fs (loop3): Directory bread(block 64) failed
[  119.323795][ T7427] FAT-fs (loop3): Directory bread(block 65) failed
[  119.328188][ T7427] FAT-fs (loop3): Directory bread(block 66) failed
[  119.341190][ T7427] FAT-fs (loop3): Directory bread(block 67) failed
[  119.347051][ T7427] FAT-fs (loop3): Directory bread(block 68) failed
[  119.349607][ T7427] FAT-fs (loop3): Directory bread(block 69) failed
[  119.364347][ T7427] FAT-fs (loop3): Directory bread(block 70) failed
[  119.369464][ T7427] FAT-fs (loop3): Directory bread(block 71) failed
[  119.372064][ T7427] FAT-fs (loop3): Directory bread(block 72) failed
[  119.380686][ T7427] FAT-fs (loop3): Directory bread(block 73) failed
[  119.881100][ T7435] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  120.478583][ T7453] loop3: detected capacity change from 0 to 64
[  120.628687][ T7459] syz.3.515: attempt to access beyond end of device
[  120.628687][ T7459] loop3: rw=0, sector=16777216, nr_sectors = 2 limit=64
[  120.651149][ T7459] Buffer I/O error on dev loop3, logical block 8388608, async page read
[  120.669665][ T7459] syz.3.515: attempt to access beyond end of device
[  120.669665][ T7459] loop3: rw=0, sector=16777216, nr_sectors = 2 limit=64
[  120.684033][ T7459] Buffer I/O error on dev loop3, logical block 8388608, async page read
[  122.080257][ T7465] loop0: detected capacity change from 0 to 512
[  122.091999][ T7465] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  122.115639][ T7465] EXT4-fs (loop0): 1 truncate cleaned up
[  122.119865][ T7465] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.141269][ T7465] syz.0.520 (pid 7465) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  122.176752][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.613581][ T5921] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  122.772681][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  122.785262][ T5921] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  122.788814][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.792230][ T5921] usb 1-1: Product: syz
[  122.795857][ T5921] usb 1-1: Manufacturer: syz
[  122.797765][ T5921] usb 1-1: SerialNumber: syz
[  122.803932][ T5921] usb 1-1: config 0 descriptor??
[  122.817288][ T5921] gspca_main: sq930x-2.14.0 probing 2770:930c
[  123.872798][ T5921] gspca_sq930x: reg_w 0105 0f00 failed -71
[  124.094326][ T5921] gspca_sq930x: Sensor ov9630 not yet treated
[  124.096832][ T5921] sq930x 1-1:0.0: probe with driver sq930x failed with error -22
[  124.108490][ T5921] usb 1-1: USB disconnect, device number 8
[  124.701238][ T7473] loop0: detected capacity change from 0 to 32768
[  124.897725][ T7473] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.979407][ T7473] XFS (loop0): Ending clean mount
[  124.989226][ T7473] XFS (loop0): Quotacheck needed: Please wait.
[  125.025380][ T7473] XFS (loop0): Quotacheck: Done.
[  125.073805][ T5859] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.922791][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  126.084458][    T9] usb 1-1: Using ep0 maxpacket: 32
[  126.087778][    T9] usb 1-1: config 0 has an invalid interface number: 131 but max is 0
[  126.090395][    T9] usb 1-1: config 0 has no interface number 0
[  126.098272][    T9] usb 1-1: New USB device found, idVendor=5ccd, idProduct=0325, bcdDevice=d4.7c
[  126.101219][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.105569][    T9] usb 1-1: Product: syz
[  126.106890][    T9] usb 1-1: Manufacturer: syz
[  126.108442][    T9] usb 1-1: SerialNumber: syz
[  126.114237][    T9] usb 1-1: config 0 descriptor??
[  126.120778][    T9] usb-storage 1-1:0.131: USB Mass Storage device detected
[  126.968359][ T7492] loop0: detected capacity change from 0 to 256
[  126.996226][ T7492] FAT-fs (loop0): Directory bread(block 64) failed
[  127.000125][ T7492] FAT-fs (loop0): Directory bread(block 65) failed
[  127.006148][ T7492] FAT-fs (loop0): Directory bread(block 66) failed
[  127.008645][ T7492] FAT-fs (loop0): Directory bread(block 67) failed
[  127.011330][ T7492] FAT-fs (loop0): Directory bread(block 68) failed
[  127.014819][ T7492] FAT-fs (loop0): Directory bread(block 69) failed
[  127.016837][ T7492] FAT-fs (loop0): Directory bread(block 70) failed
[  127.018871][ T7492] FAT-fs (loop0): Directory bread(block 71) failed
[  127.020976][ T7492] FAT-fs (loop0): Directory bread(block 72) failed
[  127.025834][ T7492] FAT-fs (loop0): Directory bread(block 73) failed
[  127.038950][ T7492] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF
[  127.638324][    T9] usb 1-1: USB disconnect, device number 9
[  127.932688][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  128.089987][    T9] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  128.093569][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.096843][    T9] usb 1-1: Product: syz
[  128.098528][    T9] usb 1-1: Manufacturer: syz
[  128.100465][    T9] usb 1-1: SerialNumber: syz
[  128.109966][    T9] usb 1-1: config 0 descriptor??
[  128.117956][    T9] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  128.359206][    T9] gspca_sunplus: reg_r err -71
[  128.374236][    T9] usb 1-1: USB disconnect, device number 10
[  129.058874][ T7502] loop0: detected capacity change from 0 to 4096
[  129.196575][ T7504] loop0: detected capacity change from 0 to 512
[  129.221605][ T7504] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.227427][ T7504] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.241577][   T33] audit: type=1800 audit(1755690660.834:7): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.533" name="file1" dev="loop0" ino=15 res=0 errno=0
[  129.262651][   T33] audit: type=1800 audit(1755690660.844:8): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.533" name="file2" dev="loop0" ino=16 res=0 errno=0
[  129.281390][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.386232][ T7511] loop0: detected capacity change from 0 to 512
[  129.401771][ T7511] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  129.410980][ T7511] EXT4-fs (loop0): 1 truncate cleaned up
[  129.418320][ T7511] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.445230][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.828114][ T7532] loop0: detected capacity change from 0 to 512
[  130.840644][ T7532] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  130.864816][ T7532] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[  130.868188][ T7532] EXT4-fs (loop0): failed to initialize system zone (-117)
[  130.871191][ T7532] EXT4-fs (loop0): mount failed
[  132.695188][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  132.704286][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  136.572482][    C1] sched: DL replenish lagged too much
[  191.873889][ T5235] Bluetooth: hci2: command 0x0406 tx timeout
[  194.588281][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  194.599618][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  217.311120][ T7413] bridge0: port 3(syz_tun) entered disabled state
[  217.475104][ T7413] syz_tun (unregistering): left allmulticast mode
[  217.477106][ T7413] syz_tun (unregistering): left promiscuous mode
[  217.479060][ T7413] bridge0: port 3(syz_tun) entered disabled state
[  218.808201][ T5235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  218.813392][ T5235] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  218.816320][ T5235] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  218.819199][ T5235] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  218.821970][ T5235] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  218.870609][ T7555] lo speed is unknown, defaulting to 1000
[  218.888724][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  218.893788][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  218.896824][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  218.900345][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  218.905877][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  218.947128][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  218.953674][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  218.958488][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  218.968146][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  218.971284][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  219.009539][ T7557] lo speed is unknown, defaulting to 1000
[  219.038450][ T7559] lo speed is unknown, defaulting to 1000
[  219.107845][ T7555] chnl_net:caif_netlink_parms(): no params data found
[  219.281890][ T7555] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.284944][ T7555] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.287172][ T7555] bridge_slave_0: entered allmulticast mode
[  219.289874][ T7555] bridge_slave_0: entered promiscuous mode
[  219.311935][ T7557] chnl_net:caif_netlink_parms(): no params data found
[  219.317278][ T7555] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.320241][ T7555] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.325735][ T7555] bridge_slave_1: entered allmulticast mode
[  219.329718][ T7555] bridge_slave_1: entered promiscuous mode
[  219.424434][ T7559] chnl_net:caif_netlink_parms(): no params data found
[  219.457418][ T7555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.476135][ T7555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.529363][ T7555] team0: Port device team_slave_0 added
[  219.531590][ T7557] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.534694][ T7557] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.537231][ T7557] bridge_slave_0: entered allmulticast mode
[  219.539906][ T7557] bridge_slave_0: entered promiscuous mode
[  219.543648][ T7557] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.545796][ T7557] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.548068][ T7557] bridge_slave_1: entered allmulticast mode
[  219.550854][ T7557] bridge_slave_1: entered promiscuous mode
[  219.569186][ T7555] team0: Port device team_slave_1 added
[  219.597892][ T7559] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.600232][ T7559] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.603038][ T7559] bridge_slave_0: entered allmulticast mode
[  219.605818][ T7559] bridge_slave_0: entered promiscuous mode
[  219.609119][ T7559] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.611380][ T7559] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.614158][ T7559] bridge_slave_1: entered allmulticast mode
[  219.616854][ T7559] bridge_slave_1: entered promiscuous mode
[  219.636094][ T7557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.663634][ T7557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.667274][ T7555] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.669482][ T7555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.678297][ T7555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.700780][ T7555] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.703487][ T7555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.711539][ T7555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.722341][ T7559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.735497][ T7557] team0: Port device team_slave_0 added
[  219.738756][ T7559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.744085][ T7557] team0: Port device team_slave_1 added
[  219.799645][ T7559] team0: Port device team_slave_0 added
[  219.808005][ T7555] hsr_slave_0: entered promiscuous mode
[  219.810545][ T7555] hsr_slave_1: entered promiscuous mode
[  219.814032][ T7555] debugfs: 'hsr0' already exists in 'hsr'
[  219.815889][ T7555] Cannot create hsr debugfs directory
[  219.818227][ T7557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.820565][ T7557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.830678][ T7557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.836637][ T7557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.839377][ T7557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.847988][ T7557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.853085][ T7559] team0: Port device team_slave_1 added
[  219.889191][ T7559] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.891386][ T7559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.901584][ T7559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.940790][ T7559] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.943274][ T7559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.950984][ T7559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.979717][ T7557] hsr_slave_0: entered promiscuous mode
[  219.982107][ T7557] hsr_slave_1: entered promiscuous mode
[  219.985055][ T7557] debugfs: 'hsr0' already exists in 'hsr'
[  219.987116][ T7557] Cannot create hsr debugfs directory
[  220.045996][ T7559] hsr_slave_0: entered promiscuous mode
[  220.048465][ T7559] hsr_slave_1: entered promiscuous mode
[  220.050791][ T7559] debugfs: 'hsr0' already exists in 'hsr'
[  220.056540][ T7559] Cannot create hsr debugfs directory
[  220.233479][ T7555] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  220.247554][ T7555] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  220.265772][ T7555] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  220.277035][ T7555] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  220.346090][ T7557] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  220.359362][ T7557] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  220.370047][ T7557] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  220.375898][ T7557] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  220.448134][ T7559] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  220.455303][ T7559] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  220.461178][ T7559] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  220.471640][ T7559] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  220.503224][ T7555] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.541253][ T7555] 8021q: adding VLAN 0 to HW filter on device team0
[  220.566982][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.569578][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.584368][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.586598][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.605410][ T7557] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.640334][ T7557] 8021q: adding VLAN 0 to HW filter on device team0
[  220.664219][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.667072][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.675059][ T7559] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.687255][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.689600][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.721390][ T7559] 8021q: adding VLAN 0 to HW filter on device team0
[  220.737439][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.740086][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.745366][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.748137][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.853848][ T5235] Bluetooth: hci0: command tx timeout
[  220.877810][ T7555] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.936825][ T5235] Bluetooth: hci1: command tx timeout
[  221.013324][ T5235] Bluetooth: hci2: command tx timeout
[  221.019235][ T7559] 8021q: adding VLAN 0 to HW filter on device batadv0
[  221.049195][ T7557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  221.151067][ T7555] veth0_vlan: entered promiscuous mode
[  221.163559][ T7555] veth1_vlan: entered promiscuous mode
[  221.203648][ T7555] veth0_macvtap: entered promiscuous mode
[  221.216941][ T7555] veth1_macvtap: entered promiscuous mode
[  221.235819][ T7555] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.258541][ T7555] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.278414][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.290084][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.296565][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.306942][ T7559] veth0_vlan: entered promiscuous mode
[  221.315752][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.326315][ T7557] veth0_vlan: entered promiscuous mode
[  221.331198][ T7559] veth1_vlan: entered promiscuous mode
[  221.341920][ T7557] veth1_vlan: entered promiscuous mode
[  221.424655][ T7557] veth0_macvtap: entered promiscuous mode
[  221.438039][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.438269][ T7559] veth0_macvtap: entered promiscuous mode
[  221.440999][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.447526][ T7559] veth1_macvtap: entered promiscuous mode
[  221.453042][ T7557] veth1_macvtap: entered promiscuous mode
[  221.496434][ T7559] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.503445][ T7557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.523061][ T7557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.526312][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.529637][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.534528][ T7559] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.553799][ T5882] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.571795][ T5882] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.582257][ T5882] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.592923][ T5882] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.635752][ T5882] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.641779][ T5882] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.649693][ T5882] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.675086][ T5882] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.755832][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.758720][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.799235][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.802289][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.837199][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.840421][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.853358][  T975] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  221.859928][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.862293][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.015874][  T975] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  222.021938][  T975] usb 7-1: config 179 has no interface number 0
[  222.032380][  T975] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  222.040433][  T975] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[  222.050320][  T975] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  222.057548][  T975] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 64
[  222.071673][  T975] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  222.077867][ T7635] loop4: detected capacity change from 0 to 8
[  222.080643][ T7635] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  222.092654][  T975] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  222.095818][  T975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.103402][ T7629] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  222.105969][ T7629] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  222.127663][ T7635] cramfs: Error -3 while decompressing!
[  222.130090][ T7635] cramfs: ffffffff99beb628(26)->ffff88801177f000(4096)
[  222.153594][ T7635] cramfs: Error -3 while decompressing!
[  222.155903][ T7635] cramfs: ffffffff99beb642(26)->ffff888034397000(4096)
[  222.158627][ T7635] cramfs: Error -3 while decompressing!
[  222.160811][ T7635] cramfs: ffffffff99beb65c(16)->ffff8880116c4000(4096)
[  222.177788][ T7635] cramfs: Error -3 while decompressing!
[  222.180219][ T7635] cramfs: ffffffff99beb628(26)->ffff88801177f000(4096)
[  222.187441][   T33] audit: type=1800 audit(1755690753.784:9): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.550" name="file2" dev="loop4" ino=348 res=0 errno=0
[  222.208346][ T7631] loop5: detected capacity change from 0 to 32768
[  222.217525][ T7631] bcachefs (/dev/loop5): error validating superblock: Invalid option shard_inode_numbers_bits: too big (max 8)
[  222.222050][ T7631] bcachefs: bch2_fs_get_tree() error: ERANGE_option_too_big
[  222.339090][  T975] usb 7-1: USB disconnect, device number 2
[  222.341056][    C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  222.341082][    C1] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  222.526288][ T7647] netlink: 28 bytes leftover after parsing attributes in process `syz.4.556'.
[  222.529646][ T7647] netlink: 28 bytes leftover after parsing attributes in process `syz.4.556'.
[  222.576548][ T7651] netlink: 'syz.4.558': attribute type 1 has an invalid length.
[  222.844007][ T7655] loop4: detected capacity change from 0 to 32768
[  222.883446][ T7655] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  222.937704][ T5235] Bluetooth: hci0: command tx timeout
[  223.011328][ T7655] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  223.023426][ T5235] Bluetooth: hci1: command tx timeout
[  223.092959][ T5235] Bluetooth: hci2: command tx timeout
[  223.242358][ T7559] ocfs2: Unmounting device (7,4) on (node local)
[  223.627855][ T7677] loop6: detected capacity change from 0 to 32768
[  223.652143][   T33] audit: type=1800 audit(1755690755.244:10): pid=7677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.570" name="file1" dev="loop6" ino=4 res=0 errno=0
[  223.758440][ T7688] netlink: 168 bytes leftover after parsing attributes in process `syz.5.574'.
[  223.939168][ T7677] ERROR: (device loop6): dbAdjCtl: the maximum free buddy is not the old root
[  223.939168][ T7677] 
[  223.946084][ T7677] ERROR: (device loop6): remounting filesystem as read-only
[  224.298918][ T7700] loop4: detected capacity change from 0 to 32768
[  224.324592][ T7700] XFS: noikeep mount option is deprecated.
[  224.391429][ T7700] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  224.432857][ T7544] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  224.455362][ T7700] XFS (loop4): Ending clean mount
[  224.460652][ T7700] XFS (loop4): Quotacheck needed: Please wait.
[  224.510921][ T7700] XFS (loop4): Quotacheck: Done.
[  224.593574][ T7559] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  224.603485][ T7544] usb 6-1: too many configurations: 80, using maximum allowed: 8
[  224.611667][ T7544] usb 6-1: unable to read config index 0 descriptor/start: -61
[  224.619078][ T7544] usb 6-1: can't read configurations, error -61
[  224.783393][ T7544] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  224.962641][ T7544] usb 6-1: too many configurations: 80, using maximum allowed: 8
[  225.001801][ T7544] usb 6-1: unable to read config index 0 descriptor/start: -61
[  225.004484][ T7544] usb 6-1: can't read configurations, error -61
[  225.012835][ T5235] Bluetooth: hci0: command tx timeout
[  225.026642][ T7544] usb usb6-port1: attempt power cycle
[  225.079682][ T7719] loop4: detected capacity change from 0 to 64
[  225.092856][ T5235] Bluetooth: hci1: command tx timeout
[  225.101194][ T7719] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  225.173582][ T5235] Bluetooth: hci2: command tx timeout
[  225.382866][ T7544] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  225.420075][ T7544] usb 6-1: too many configurations: 80, using maximum allowed: 8
[  225.423905][ T7544] usb 6-1: unable to read config index 0 descriptor/start: -61
[  225.423936][ T7544] usb 6-1: can't read configurations, error -61
[  225.553852][ T7544] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  225.575141][ T7544] usb 6-1: too many configurations: 80, using maximum allowed: 8
[  225.576873][ T7544] usb 6-1: unable to read config index 0 descriptor/start: -61
[  225.576901][ T7544] usb 6-1: can't read configurations, error -61
[  225.577163][ T7544] usb usb6-port1: unable to enumerate USB device
[  225.583155][ T7729] netlink: set zone limit has 4 unknown bytes
[  225.777121][ T7737] netlink: 20 bytes leftover after parsing attributes in process `syz.6.590'.
[  225.780182][ T7737] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  225.788147][ T7739] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.591'.
[  225.871634][ T7744] loop4: detected capacity change from 0 to 2048
[  225.928208][ T7748] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  225.941743][ T7744] NILFS (loop4): failed to count free inodes: err=-34
[  225.992189][ T7559] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 8796093022222
[  225.996345][ T7559] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16)
[  226.011867][ T7559] Remounting filesystem read-only
[  226.013846][ T7559] NILFS (loop4): error -5 truncating bmap (ino=16)
[  226.018712][ T7559] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer
[  226.170301][ T7766] netlink: 'syz.4.604': attribute type 10 has an invalid length.
[  226.204463][ T7766] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  226.209957][ T7765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  226.393521][ T7770] loop6: detected capacity change from 0 to 32768
[  226.449343][ T7770] XFS (loop6): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  226.473820][ T7770] XFS (loop6): Ending clean mount
[  226.523083][ T7770] loop6: detected capacity change from 32768 to 64
[  226.531463][ T7770] XFS (loop6): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  226.536403][ T7770] syz.6.606: attempt to access beyond end of device
[  226.536403][ T7770] loop6: rw=432129, sector=384, nr_sectors = 64 limit=64
[  226.543729][   T25] XFS (loop6): log I/O error -5
[  226.545743][   T25] XFS (loop6): Filesystem has been shut down due to log error (0x2).
[  226.548707][   T25] XFS (loop6): Please unmount the filesystem and rectify the problem(s).
[  226.823217][ T7788] loop6: detected capacity change from 0 to 16
[  226.837725][ T7788] erofs (device loop6): mounted with root inode @ nid 36.
[  226.922303][ T7792] sctp: [Deprecated]: syz.4.613 (pid 7792) Use of struct sctp_assoc_value in delayed_ack socket option.
[  226.922303][ T7792] Use struct sctp_sack_info instead
[  226.955032][ T7793] erofs (device loop6): bogus lookback distance 1586 @ lcn 46 of nid 36
[  226.958226][ T7793] erofs (device loop6): readahead error at folio 47 @ nid 36
[  226.960436][ T7793] erofs (device loop6): bogus lookback distance 1586 @ lcn 46 of nid 36
[  226.985926][ T7793] erofs (device loop6): readahead error at folio 46 @ nid 36
[  226.988399][ T7793] erofs (device loop6): readahead error at folio 45 @ nid 36
[  226.990699][ T7793] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  227.002667][ T7793] erofs (device loop6): readahead error at folio 43 @ nid 36
[  227.006310][ T7793] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  227.009158][ T7793] erofs (device loop6): readahead error at folio 42 @ nid 36
[  227.011549][ T7793] erofs (device loop6): bogus lookback distance 774 @ lcn 40 of nid 36
[  227.020791][ T7793] erofs (device loop6): readahead error at folio 41 @ nid 36
[  227.023694][ T7793] erofs (device loop6): bogus lookback distance 774 @ lcn 40 of nid 36
[  227.026310][ T7793] erofs (device loop6): readahead error at folio 40 @ nid 36
[  227.028905][ T7793] erofs (device loop6): readahead error at folio 39 @ nid 36
[  227.031409][ T7793] erofs (device loop6): readahead error at folio 38 @ nid 36
[  227.041757][ T7793] erofs (device loop6): readahead error at folio 36 @ nid 36
[  227.045095][ T7793] erofs (device loop6): bogus lookback distance 1468 @ lcn 31 of nid 36
[  227.047844][ T7793] erofs (device loop6): readahead error at folio 31 @ nid 36
[  227.059538][ T7793] erofs (device loop6): readahead error at folio 25 @ nid 36
[  227.062105][ T7793] erofs (device loop6): readahead error at folio 24 @ nid 36
[  227.084076][ T7793] erofs (device loop6): readahead error at folio 19 @ nid 36
[  227.092719][ T5235] Bluetooth: hci0: command tx timeout
[  227.098076][ T7793] syz.6.611: attempt to access beyond end of device
[  227.098076][ T7793] loop6: rw=524288, sector=784, nr_sectors = 64 limit=16
[  227.114882][ T7793] syz.6.611: attempt to access beyond end of device
[  227.114882][ T7793] loop6: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  227.132802][ T7793] syz.6.611: attempt to access beyond end of device
[  227.132802][ T7793] loop6: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  227.159169][ T7793] syz.6.611: attempt to access beyond end of device
[  227.159169][ T7793] loop6: rw=524288, sector=16, nr_sectors = 16 limit=16
[  227.172592][ T5235] Bluetooth: hci1: command tx timeout
[  227.255538][ T5235] Bluetooth: hci2: command tx timeout
[  227.278617][ T7798] loop5: detected capacity change from 0 to 512
[  227.297880][ T7798] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  227.341503][ T7798] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[  227.372179][ T7798] EXT4-fs (loop5): orphan cleanup on readonly fs
[  227.391726][ T7798] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.615: bg 0: block 361: padding at end of block bitmap is not set
[  227.434076][ T7798] EXT4-fs (loop5): Remounting filesystem read-only
[  227.448831][ T7798] EXT4-fs (loop5): 1 truncate cleaned up
[  227.455882][ T7798] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  227.809937][ T7801] EXT4-fs warning (device loop5): dx_probe:861: inode #2: comm syz.5.615: dx entry: limit 0 != root limit 125
[  227.814371][ T7801] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.615: Corrupt directory, running e2fsck is recommended
[  227.821015][ T7801] EXT4-fs warning (device loop5): dx_probe:861: inode #2: comm syz.5.615: dx entry: limit 0 != root limit 125
[  227.824729][ T7801] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.615: Corrupt directory, running e2fsck is recommended
[  227.829965][ T7801] EXT4-fs warning (device loop5): dx_probe:861: inode #2: comm syz.5.615: dx entry: limit 0 != root limit 125
[  227.834328][ T7801] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.615: Corrupt directory, running e2fsck is recommended
[  227.841212][ T7801] EXT4-fs warning (device loop5): dx_probe:861: inode #2: comm syz.5.615: dx entry: limit 0 != root limit 125
[  227.845638][ T7801] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.615: Corrupt directory, running e2fsck is recommended
[  227.976839][ T7557] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  228.578655][ T7818] comedi comedi0: adq12b: I/O port conflict (0xffffffffffffffff,16)
[  228.640137][ T7822] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  228.645049][ T7822] macsec1: entered promiscuous mode
[  228.655836][ T7822] netdevsim netdevsim5 netdevsim0: left promiscuous mode
[  229.080952][ T7846] loop6: detected capacity change from 0 to 512
[  229.147022][ T7846] EXT4-fs (loop6): 1 orphan inode deleted
[  229.150512][ T7846] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.153203][ T7853] loop5: detected capacity change from 0 to 512
[  229.155360][ T7846] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.176618][ T7853] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.181393][ T7853] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.184932][ T1092] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  229.185028][ T1092] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u10:6: Failed to release dquot type 1
[  229.252541][ T7853] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  229.253061][   T13] unregister_netdevice: waiting for lo to become free. Usage count = 2
[  229.260049][ T7853] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 28
[  229.268392][ T7853] EXT4-fs (loop5): This should not happen!! Data will be lost
[  229.268392][ T7853] 
[  229.270607][   T13] ref_tracker: netdev@ffff888106208610 has 1/1 users at
[  229.270607][   T13]      dst_init+0xd9/0x450
[  229.270607][   T13]      dst_alloc+0x12a/0x170
[  229.270607][   T13]      ip_route_input_rcu+0x1ed5/0x2ff0
[  229.270607][   T13]      ip_route_input_noref+0x167/0x250
[  229.270607][   T13]      ip_rcv_finish_core+0x5af/0x1c00
[  229.270607][   T13]      ip_rcv_finish+0x14c/0x2f0
[  229.270607][   T13]      NF_HOOK+0x30c/0x3a0
[  229.270607][   T13]      __netif_receive_skb+0x143/0x380
[  229.270607][   T13]      netif_receive_skb+0x1cb/0x790
[  229.270607][   T13]      tun_rx_batched+0x1b9/0x730
[  229.270607][   T13]      tun_get_user+0x2aa2/0x3e20
[  229.270607][   T13]      tun_chr_write_iter+0x113/0x200
[  229.270607][   T13]      vfs_write+0x5c9/0xb30
[  229.270607][   T13]      ksys_write+0x145/0x250
[  229.270607][   T13]      do_syscall_64+0xfa/0x3b0
[  229.270607][   T13]      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.270607][   T13] 
[  229.272060][ T7853] EXT4-fs (loop5): Total free blocks count 0
[  229.272080][ T7853] EXT4-fs (loop5): Free/Dirty block details
[  229.272198][ T7853] EXT4-fs (loop5): free_blocks=39626
[  229.308064][    C0] vkms_vblank_simulate: vblank timer overrun
[  229.318593][ T7853] EXT4-fs (loop5): dirty_blocks=2
[  229.320408][ T7853] EXT4-fs (loop5): Block reservation details
[  229.322549][ T7853] EXT4-fs (loop5): i_reserved_data_blocks=2
[  229.333421][ T7555] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.352857][   T52] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
11:52:41  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000001e700 RDI=000000000001e701 RBP=00000000000003f8 RSP=ffffc90002cfecf0
R8 =ffff888106760237 R9 =1ffff11020cec046 R10=dffffc0000000000 R11=ffffffff854eff70
R12=dffffc0000000000 R13=ffffffff99af9908 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854effec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2a5f6226c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000004000 CR3=000000002a4c6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=65756e69746e6f63 3d73726f7272652c XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffffffffffffffff XMM05=0000000000000000 00007f2a5f6216e0
XMM06=00007f2a5f6216e0 00007f2a5f621560 XMM07=00007f2a5f6215a0 00007f2a5f621580
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f2a5e812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000075b RBX=0000000000000002 RCX=000000004d1006a2 RDX=000000005184e079
RSI=000000003a1df36f RDI=ffff888108763980 RBP=0000000000000000 RSP=ffffc90003a0f8f0
R8 =0000000000000000 R9 =ffffffff8b46cf22 R10=dffffc0000000000 R11=ffffffff8b46ce50
R12=00000000d1a8e354 R13=ffff888108764470 R14=ffff8881087644c0 R15=689dde5b4d1006a2
RIP=ffffffff819d67f3 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c43df74 CR3=00000001181ca000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f97c0587498 00007f97c0587470 XMM03=00007f97c05874a8 00007f97c05874a0
XMM04=00007f97c10ed100 00007f97c0587460 XMM05=00007f97c0587478 00007f97c05874c0
XMM06=00007f97c05874b8 00007f97c05874b0 XMM07=00007f97c05874a8 00007f97c05874a0
XMM08=0000000000000000 00007f97c0412ee7 XMM09=0000000000000000 00007f97c0412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
