last executing test programs:

8m38.378943s ago: executing program 0 (id=352):
r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
syz_mount_image$msdos(&(0x7f0000000400), &(0x7f0000001cc0)='.\x00', 0x1aca4b8, &(0x7f0000000a80)=ANY=[@ANYRES16=r0, @ANYRESHEX=r0, @ANYBLOB="29ab3b30df7d75af6a66b0358c15235889ce2a0584d8b2ef4a21a27c9af13b6657ff207e1c5d58aea9c00a00ca049d3d367df0c23e00000000fdff00000639e695cecd9d0c27f3bd893e78c469110da7a3f6e2a787693f16be9dccc8aa22db6946d10cc6f04f5ca3a1a1d4a66bf1109fb12822f5e2a37bdd6dfdc5a2a86a95ba2a86dc0f5b5567f70a01d8aa78820a5dfb853c8562ce313972cf4af2e04803755d0068705559237f9a063c2c24ed23c25b8f4aab53efd1c9ced5045e9b88cfe32f33119a4bc01d3d73afd037dedde8aa4600c93c71e78ab732db07cba921af5f6b88c9b5ceccf4c71a4e74dca34e9c482904efbc2ea3d7ec2ec12cdae77d039aa63a344714995b27f961e81b2a68e073361ac1380aa8a2f3298c0807e1fe47f57e88e1a7ed753c1afbdda398eb521c9bc74429", @ANYRESHEX=r0, @ANYRESHEX, @ANYRES32=r0], 0xb, 0x0, &(0x7f0000000000))
chdir(&(0x7f0000000440)='./file0\x00')
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f0000000140))

8m38.228782436s ago: executing program 0 (id=353):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@ipv6_newaddr={0x2c, 0x14, 0x1, 0x70bd28, 0x25dfdbfd, {0xa, 0x40, 0x22, 0xfe, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2e}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x811}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040)

8m38.098932481s ago: executing program 0 (id=355):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="900000000001010400000000141a00000200ffff0800074000000001240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e02010c00028005000100000000002c000e80050003a1076f36000c000280200001009300000014000180070001"], 0x90}}, 0x0)

8m38.02375328s ago: executing program 0 (id=356):
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x3800813, &(0x7f0000000480)={[{@cruft}, {@map_acorn}, {@unhide}, {@session={'session', 0x3d, 0x31}}, {@nojoliet}, {@overriderock}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@nocompress}, {@overriderock}, {}, {@block={'block', 0x3d, 0x200}}, {}, {@overriderock}, {@nojoliet}, {@mode={'mode', 0x3d, 0xf}}]}, 0x1, 0xa61, &(0x7f0000001cc0)="$eJzs3c1vHGcZAPBn1nbsuiVJ21BK1MablKRua5y1QxOsHorjXTtbbC+yHakRh6Y0DopiKLQgtRVSUwlxagUSiAPcKk6cKvVCOaBeENzoiQMS6r9QcQqnRTO7a+/au17b+Kvp7+fs7nw8877P7Mw7b/ZrJvh8qR5rGatWs9sOx6/+cR8y5hC7XPz0/Q/eS2/v3Ikj0RPPJn+KGIiIfERvRDwa0TdVXKjMdSnodsT1iPg4IomI/qg9bsn1SH4ZD6yNfxzJ79N6Ozqy1ZLppsoX2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBglU8VCYSw5EuX5qy/mayLyG0wVFypJVKsb5zSWqfkou+p38tFmdfY26k7/DQw0LvX96Im1kEciIn8mHquNPZZdkLx/IN66/5Hjzz3cm6stm7TJcxf0b73Y19986/bLKyvLr7WdmyS7mNUhU9tHZkrz5cVKeW5yppQvL1byExcvFs5fmV7MT5dnS4vXFpdKc/mphdLkUmUhPzz1VH5sYuJCvjR6rXJ1fqY4OltqTLz09fFC4WL+hdHvlCYXFivz518YXZy6Up6dLc/PZDHp7DTmUrojfru8lF8qTc7l8zdvrSxfWJdZT6zbf9OgsW7rkwaNdwsaL4yPj42Nj4+9U7969uqEi89OPHupUOgt1DwQ9YHYELFHOy2Hy32dN/MeHMVhZ3K1/j9iNsoxH1fjxci3/ZuKYixEJeY6zK9r9P9nz5c2rTay/rvW/9d7+d6m+SfTuzNxqj46MJDdb+j/O+Syf3+vx5vxVtyOl2MlVmI5XjvwjPb3byZKMR/lWIxKlGMuJrMp+fqUfEzExbgYhXgprsRQLEZvTEc5ZqMUi3EtFmMpStkeNRULUYrJWIpKLEQ+hmMqnop8jMVETMSFyEcpRuNaVOJqzMdMFGMyK+Vm3Mqe9wub5LgaNLaVoPFNgjZ05p36/1XrFymt/88J96Dcplt5D47isDPVev9/pHvo8FTLaO/eJQUAAADsqq/+PY6eeOhv/45I4vHsM/np8mypcNBpAQAAALso+7reY+lDXzr0eCRe/wMAAMC9Jsl+Y5dExGAM1YYav4TyJgAAAADcI7LP/09FMrQ2wet/AAAAuMesO8d+m3Psdo1IRhqn/83fqD3eqEfUxpLB6fJsaXSqMvvcWJzLzjKQ/dJgQ2k9EUlf9vODp+N0Ler0YO1xcK3EtM6BNGps9LmxeDrO1Fdk+In04YnhNpHjtcgna5FPNkf2REvkhTQSAO51Zzbpj7fa/z8dI7WIkZNZl997sqUP7sl61oKeFQAOi9Vr7Py3fkmzNv3/qdq5AU516v+/scnr/zTiobg5VPtKwWi8Eq/GStyIkah/42CoXamNqxHUvoYw0uXdgMH6VxY+uZSLkQ3vBwysrmtz7HKMx0jbdwSayk0aOVyoxfXs1VYAgP11ZtN+uNH/Z2+Sd+z/RzZ//d/U5/pKIQAcBqtXsN/uwNDWgw96HQGAVnppAAAAAAAAAAAAAAAAAAAAAAAAAAAA2H1bOoH/P85FrKwsR+z0YgFtBj7565+/1DHm3fsjBraT4eYDudiVnPsjYlfWvTGQ7HaBt3siYlcL3MbA87HtpdJtfBCp3usDyZ2swf5f5RzwgQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB9kUT0tJuei+iPiEJEnN//rPbOnYNOYLfkd7ZYcjfuxhtxdLfTAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4oquf/z8Xtcf7a5OiNxdxNiKuR8R3DzrH7RjoMv/uPuVx+Pwgu286/38uoi+qSfRGtVqtRiR9U8WFyly6KyT96fxP3//gvfTWsci3GwMbr6qQFpDW0HJxiXoNTVP6Wpd6MFtqsLj8+u2fvPqjfPFytmNeXpqeLc7NLHxrLfCR5MPaJRCaL4PQyPdnZ//yq6bJR+qVfxi9nVZkfb3TWb3FjfV+pd3SHerdglsry+NpTUulF5d++sNc86yH4nTEE8MRw601fT+9dajp9Prns1XyWfKL5Gj8Nq5n2z99NpJqkm6iY0k9ZGV59JVXV26s5vT2rTeaCjgeQxFxo7WVdclpKJJO+aQHm8j13by1slzIgtK7E13K21RTiWNrz2vLOjyY7TKD21qHfOd1yHR53usZXVifUTVtJL/+8cNxbtMt3d+mxHNdamwr+Sz5V3Il/hk/b7r+Ry7d/mejbetsU0QWmbsvXZ9sT2me19K8cmfX1ny8ecZL68vs2CrZA+/G9+Kbq9s/lx3/m9vNeId2s3o8er5pYod202haHdpFf2tL3dAu6rq1i40t9Q/HNvQorbXGiXU9Uv3o02mZep4nalEd8vxyPBPRe3JbR5RnuhxRui2/0/b/u2Q4/hN3XP8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/JKInnbTcxFnI+J4RBxLx/MR1fUxd3ZQX24w2Umau2YnOX/+JB1XNLkbd+ONOLrfGQEAAAAAAACwNy4XP33/g/fSW/Z5fE98LVefk4/ojYjjyW/6pooLlbkuBfVFXG98pD/QPqTD5Lie3j2wNv5xOvZol/oO9usDAPC59r8AAAD//2xZa78=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

8m37.830743194s ago: executing program 0 (id=358):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0xffffffff}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x10001}]}}]}, 0x40}}, 0x0)

8m37.453063874s ago: executing program 0 (id=359):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan0\x00', <r2=>0x0})
sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x4305, r2, 0x1, 0xe0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x14)

8m37.236641975s ago: executing program 32 (id=359):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan0\x00', <r2=>0x0})
sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x4305, r2, 0x1, 0xe0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x14)

7m10.681859323s ago: executing program 3 (id=1310):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newtclass={0x30, 0x28, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x10, 0xffff}, {0xfff2, 0x7}, {0x9, 0xfff1}}, [@tclass_kind_options=@c_qfq={{0x8}, {0x4}}]}, 0x30}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000001100050000000000feffffff07000000", @ANYRES32=r1, @ANYBLOB="003000000000000014001a80100004800c000980"], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0)

7m10.581961163s ago: executing program 3 (id=1312):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$sock_int(r0, 0x1, 0x35, &(0x7f0000000040)=0x1, 0x4)

7m10.520608079s ago: executing program 3 (id=1313):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0xfd}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xa0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffffffffffff, 0xfffffffffffffffe}, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)

7m10.450339789s ago: executing program 3 (id=1317):
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d480e8b089b3f350068090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d076d0936cd3b78130daa61d8e8040000005802b77f07227227b7fa67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e9871540000000000004ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e4843e2808d4743b95bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c6f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20e8911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab9d6203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edcad74b221cfec48000000000000000d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea50000000000000068987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c10900df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d8008d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c46bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78bb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bf340b17cfcfd9c52c9711937f79abb1a124f121fc65483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4f01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8650000878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95a498b562d71565f924779ca1f731b3346ff177050373d79ff7bc1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f79a598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015a08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b686081b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24ae918423922e4e0167584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f13a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307f561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe40}}, 0x1047)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94)
r1 = socket$pptp(0x18, 0x1, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0800000000000000004a5344f400fd0ce80100ef0000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x14, 0x3e}}}, 0x1e)
connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000340)=0x1)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
readv(r3, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/66, 0x42}], 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f000001b700)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x28}}, 0x44)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x5, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3d}, [@call={0x85, 0x0, 0x0, 0x7d}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)

7m8.838629149s ago: executing program 3 (id=1327):
r0 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000100)=@ethtool_sset_info={0x37, 0xb1}})

7m8.838328256s ago: executing program 3 (id=1329):
syz_usb_connect(0x3, 0x2f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9b, 0xbd, 0x8b, 0x8, 0x4e8, 0xff30, 0xa6d1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x29, 0xfd, 0xdd, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x2, 0x5}]}}]}}]}}]}}, 0x0)

7m8.731321547s ago: executing program 1 (id=1333):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x34, r1, 0x3, 0x0, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x34}, 0x1, 0x40030000000000, 0x0, 0x20854}, 0x4)

7m8.680517542s ago: executing program 1 (id=1334):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000100)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})

7m8.680049421s ago: executing program 1 (id=1336):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDELRT(r0, 0x890c, 0x0)
syz_read_part_table(0x1060, &(0x7f0000000000)="$eJzsz8FpAlEUBdA7n/mZCQSyTxFTRxaBrLJOE/bhypUd2I7FiIJ8YRwtQV2cs3k8ePfBDc9VcmqttXLb345J9zVmSsm2Jqm/U9Jm6Yd7bH+dbTinbuqSTbKu+U/qe5KPJN3PMCar75Skn48+D+Pyo8vf7qFdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBFXQIAAP//s1YVKg==")
epoll_create1(0x0)
epoll_create1(0x0)
syz_emit_ethernet(0x76, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x502, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @remote, [@hopopts={0x3a, 0x0, '\x00', [@pad1]}]}}}}}}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000005fc0)={@remote, @mcast2, @mcast2, 0x4, 0x8000, 0x40, 0x0, 0x1000, 0x10c0014})

7m8.618845758s ago: executing program 2 (id=1337):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x4001}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000280)="27031c00160014000000002f1eafacf706e105000000894f00050003ee0b80558ddbba9b37242d37a518fc9c5be50eaf07c3650596", 0x35}], 0x1}, 0x4)

7m8.617748203s ago: executing program 2 (id=1338):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0xffffffffffffffff, &(0x7f0000000140)=0x37)

7m8.538287702s ago: executing program 2 (id=1339):
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000180)={[{@check_relaxed}, {@gid}, {@check_relaxed}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@gid}, {@map_acorn}, {@nojoliet}, {}, {@block={'block', 0x3d, 0x400}}, {@gid}, {@unhide}, {@map_off}]}, 0x1, 0xa00, &(0x7f00000003c0)="$eJzs3UtsXFf9B/Dv9SNx3SpJ2/z7L1XbTFKSuq1xbIcmRF2UxJ4kLn4g25EasWhK46AQQ6EBqa2QmkqIFRVIIBawq1jBplI3dIO6gx2sWCChrthXrMLK6M6M49eMx3YdO00/n+h67uN3z/nd58mMr+eEz5eF/SumFhZqwxanL/5hBzLmLnZ29JP3P3ivHN69mT3pzPPFn5KeJJWkK8mjSffI6PTURJuCrieXk3ycFEn2pv66IZdT/CIPLE1/nOJ3Zb0t7dloybSzwBfabp9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwNypGRgcHh4o9GZu8+HKlLqmsMTI6PVVkYWHtksV16j6q9fpdfNS23qQoh/T0LHb1/ejBpcWPJKkcyeP1qcdrHZKnJ2/f/8iBFx7u6lhcv1U2n8nejRd74623r786Pz/3RuuQhXfq27A9ud1lzlcnx2amxibOnK9WxmamKqdPnhw8fuHcTOXc2Hh15tLMbHWiMjJdPTM7NV3pG3mmMnT69IlKdeDS1MXJ86MD49XFmae+Mjw4eLLy0sA3q2emZ6Ymj780MDNyYWx8fGzyfC2mXFzGnCpPxG+MzVZmq2cmKpWr1+bnTqzKqXP1zi6DhtptSRk03C5oeHB4eGhoeHjo3Ubv2bdnnHz+9POnBge7BlfJmog7dNJyd7mv9WHe5js4bF1Hvf3Pd8czlslczMupNP03ktFMZyoTLZY3LLb/R49X1613efvfaOW7li1+rPxxJE82JntatP8tctm5fzfyVt7O9bya+cxnLm/sekY7++98qpnMWGYylbFM5ExtTqUxp5LTOZmTGcwruZBDmUkl5zKW8VQzk0uZyWyqtTNqJNOp5kxmM5XpVNKXkTyTSoZyOqdzIpVUM5BLmcrFTOZ8RnOmVsrVXKvt9xPr5Hg7aGgjQcPrBK1uzMtzfXPtf/Ve/Z8gG7b9N3HYooVG+7+nfWjfyE4kBAAAAGy7L/01+w4+9Jd/JUWeqH0uf25svPribqcFAAAAbKPa43qPly/d5dgTPbX3/4O7nRYAAACwjYra39gVSXpzqD62+JdQPgQAAACAe0Tt9/9Ppji0NMP7fwAAALjHtP+O/bYRRf/i1/9WrtRfrzQi6lNF77mx8erAyNT4C0M5VvuWgSRPrC2tMym6a39+8GwO16MO99Zfe5dKLOvsKaOGBl4YyrM50tiQvqfKl6f6mkQO1yOfrkc+vTyyMysiT5SRAHCvO7JOe7zR9v/Z9Ncj+h+rNfldjzVpgwe1rABwt7jdx85/G12aNWn/GxFPtmr/v7rO+/8y4qFcPVR/pGAgr+X1zOdK+tN44uBQs1IXeyOoP4bQ3+bTgN7GIwt/P9WR/jWfB/Tc3tblsXMZTn/TTwSWlVss5nCiHtd5Z44BAOy0I+u2wxtr//vbvP/v9UghANxVbvdgv4mRdzYTPPfGjd3eRgBgJa00AAAAAAAAAAAAAAAAAAAAAAAAAAAAbL8NfYH/344l8/NzyRY6C9jySM9mMlx/pCM7lPOuj3Qm2a3aX8ym1yqP8Weo9I/3NVb/9+7v+XtuZJdvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyIIulsNr8j2ZtkMMnxnc/qzrm52wlsl8qeLa1W3MqtvJl9254PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAXXOP7/ztSf72/PitdHcnRJJeTfGu3c9xOt3Y7gTujaB/yvXrg0vf/dyTdWSjSVT/sKbpHRqenJsqiir3l8k/e/+C9cmhf9tpeFcoCyhpWdC7RqGHZnO6Vaz1YW6t3dO7G9R+9/oPK6NnaiXl29tz46MT56a8vBT5SfJhUUh8WLeb7k6N//uWy2Y2OEooPyy1tbnW952r1jq6t9/+brd2i3g24Nj83XNY0W3159sffv/bmskUP5XDyVF/St7Km75RDi5oOr96fKxWfFj8r9uU3uVw7/uXeKBaK8hDtr23/fVevzc8NvPb6/JXbOb2zIqcDOZTkStKz8ZwOtT43a2ddR3dZ62AtqPxxsE1561pW4lCL/fpg7ZTp3dQ2VNpcX232eyOjE00z+tUPH86xTR/pY21qbKr4tPhncSH/yE+X9f/RUR7/o2l6dTYpoha57ExZvmzF5dVRj6xt+fDyBa+sLrPlVckd8PN8O1+7ffw7lt3/G8dqZ+5Hy2psfl0km78ufr9/TYuypNYiHVzVIjXuPq3WaeR5sB7VIs//y3P1MjdxR3muXYt9h67/3xZ9+U9u6v8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4+xVJZ7P5HcnRJAeS7C+nK8nC6pibW6ivo7fYSprbZis5f/4ULTe0uJVbeTP7djojAAAAAAAAAO6Ms6OfvP/Be+VQ+318Z77c0VhSSbqSHCh+3T0yOj010aag7uTy4q/0ezaXw+XyxwNL0x+XU4+2WWl3Hx8AgM+1/wUAAP//p2dujQ==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)

7m8.440184845s ago: executing program 2 (id=1340):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x78, 0x30, 0xb, 0x5, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe9db, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ZONE={0x6, 0x4, 0x4}, @TCA_CT_LABELS={0x14, 0x7, "39e718863d4fdd1ef40ef06d7ec4da31"}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x8890}, 0x8050)

7m8.438477256s ago: executing program 1 (id=1341):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8840, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000340)={0x2, 0xffffffffffffffff})
fcntl$lock(r0, 0x11, &(0x7f0000003c80)={0x0, 0x0, 0x380000000000, 0x8})

7m8.380063552s ago: executing program 2 (id=1342):
syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x2000c12, &(0x7f0000000240)={[{@check_relaxed}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@map_off}, {@hide}, {@nocompress}, {@overriderock}, {@check_strict}, {@iocharset={'iocharset', 0x3d, 'cp869'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@unhide}, {@overriderock}, {@check_relaxed}, {@dmode={'dmode', 0x3d, 0xe565}}, {@unhide}, {@overriderock}]}, 0x3, 0x9f1, &(0x7f0000001b40)="$eJzs3c1vHOd9B/Dv8EWiaUOSbcF1BdtayZVMuyxFUrVUwYdaIlcSXb4UJAVY6MFyLaoQzNaNnQC2ESAyEOQUIwES5JDcjJxyMuBLfAl8S27JKYcAgf8FIyflxGBml9SSXHJJhSJp+fMhdndefvM8v9mZnYe7OztP+HpZOrxqbGmput3n+LVf7ULG7GOXxr/85NOPy9tHd3Ig3Xm5+HXSl6SW9CR5OukdG5+dmdq8nCLJjSRfNAYPNidtyY0UP8pj98a/SPGLst4NHdhqyXSyxDfaXu9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHxVj48PDI8WBTExfe73WkNTWGRufnSmytLR+zvIyDZ9XvX4Xn3esNynKW/r6lrv6fvrovdlPJamdzDONsWeqDsnTlw8fferIK0/2dC0vv1E2f5eDWy/2vQ8+fPvNxcWFdx9IIvvflfr0xNzMxNTFK/XaxNxM7cK5c8Nnrl6eq12emKzPXZ+br0/VxmbrF+dnZmsDYy/WRi5cOFurD12fuTZ9ZXxosr488fy/jA4Pn6u9NvSf9YuzczPTZ14bmhu7OjE5OTF9pYopZ5cx58sd8T8m5mvz9YtTtdqt24sLZ9fk1J01+28ZNNJpTcqg0U5Bo8OjoyMjo6MjHzV7z16ZcO7lCy+fHx7uGV4j6yIe0E7L/vLIxpt55w/icJ+6Gu1/MpmJTOdaXk+t7d9YxjObmUxtML9puf0/daa+ab2t7X+zle9pmX2svDuZ55qjfRu0/xvksnt/7+WDfJi382YWs5iFvLvnGe3u35XUM52JzGUmE5nKxWpKrTmllgs5l3MZzhu5muOZSy2XM5HJ1DOX65nLfOrVHjWW2dRzMfOZyWxqGchYXkwtI7mQCzmbWuoZyvXM5FqmcyXjuViVciu3q+f97CY5rgSNbCVodJOgdY35ttv/+tp/TvjG2fmDONynpWb7f6Bz6MDYbiQEAAAA7Lh//F0OHX3it39OijxbfS5/eWKyPrzXaQEAAAA7qDpd75nyobccejaF9/8AAADwsCmq39gVSfpzvDG0/EsoHwIAAADAQ6L6/v+5FMfvTfD+HwAAAB4yna+x3zGiGFy+/G/tZuPxZjOiMVb0X56YrA+NzUy+MpLT1VUGql8arCutOyl6q58fvJQTjagT/Y3H/nsllnX2lVEjQ6+M5KWcbK7IwPPlw/MDbSJHG5EvNCJfaI3szqrIs2UkADzsTm7SHm+1/X8pg42IwWNVk99zrE0bPKxlBYD9YqWPnb82uzRr0/43I57bqP3/103e/5cRT+TW8cYpBUN5K+9kMTczmOYZB8fblbrcG0HjNITBDp8G9DdPWfjD+a4Mrvs8oG9lXVtjFzKawbafCLSUWyzncLYR1/1gtgEA7LaTm7bDW2v/Bzu8/+93SiEA7CsrPdg/wIG9XkcAYDWtNAAAAAAAAAAAAAAAAAAAAAAAAAAAAOy8LV3A//enk8XFhWQXOgtYGejbToabD3Rll3Le84HuJHtV+79n20uV23i/PHUGVg/s8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXVEk3e2mdyUHkwwnObP7WT04d/Y6gZ1Su7/Firu5m/dzaKfTAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4pmte/78rjcdHG5PS05WcSnIjyX/tdY476e5eJ7Bn/re6b7n+f1fSm6UiPY3NnqJ3bHx2Zqrc/MXBcv6Xn3z6cXnrXPb6XhXKAsoaVnUu0ayhZUrv6qUer5bqH1947+1vv/P/tfFL1Y55af7y5PjUldlX7wU+VXzW6AKhtRuE5Xy/e+o3P26ZfKBZ+Wflmra3tt7LVb3j6+v9h3ZLb1DvFtxeXBgta5qvvz7/nf+7/X7LrCdyInl+IBlYXdP/lLcNajqx9vlcrfiq+EFxKD/LjWr7l89GsVSUm+hwtf6P3Lq9uDD01juLN1dy+t6qnI7keJKbSd/WczpeHU/aerSc09Vb1jpcBZV3RzuUt6lqP26UOLLB8/p4tcv0b2sdahuvQ6XD897M6GzbjH7yrSdzettb+nSHGtsqvir+VFzNH/P9lv4/usrtfyptX51tiqgiW/aU1nmrXl5djchqzUdbZ7yxtswNX5VtPbKt6Ifcq9tf5If57/zbyvbvajn+N7fV7hyPWmps/7pItv+6+OXhdS3KPVWLdHRNi9Q8+my0TDPPo42otnkut47HtnVE+ecOR5QH9fr/eTGQv+SO/n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9r0i6203vSk4lOZLkcDleS5bWxty5j/q6+ov7SXPH3E/OXz/Fhita3M3dvJ9Du50RAAAAAAAAAA/GpfEvP/n04/JWfR/fnX/qas6pJT1JjhQ/7R0bn52Z6lBQb3Jj+Sv9vu3lcKO8e+ze+Bfl2NMdFtrb0wcA4GvtbwEAAP//Dmxu+g==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x84100, 0x1c0)

7m8.379885147s ago: executing program 1 (id=1343):
syz_emit_ethernet(0x7e, &(0x7f00000006c0)={@local, @random="a15cc14e96b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @rand_addr, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@multicast2}, {@empty}, {@loopback}]}, @cipso={0x86, 0x21, 0x0, [{0x0, 0xd, "34abeec8d03ff1a8b8835e"}, {0x0, 0xe, "4ef661e96b4014469f350a42"}]}]}}}}}}}, 0x0)

7m7.967800134s ago: executing program 2 (id=1344):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x28, 0x2, 0x3, 0xc4dee3c1c0a44695, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0xc, 0x2}}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xe50dc9b30ee66d03}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000)

7m7.967516127s ago: executing program 1 (id=1345):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r2=>0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', <r3=>r2, 0x0, 0x0, 0x6, 0x6, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @multicast2}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'syztnl0\x00', &(0x7f0000000640)={'sit0\x00', r3, 0x80, 0x8000, 0x948f, 0xb1f, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x66, 0xe31, 0xd2, 0x29, 0x0, @broadcast, @multicast2}}}})
syz_clone(0x22822400, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = getpid()
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f000033f000/0x1000)=nil, 0x1000}, 0x5})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r5, 0x40505331, &(0x7f0000000180)={{0xc7, 0x9}, {0x0, 0x6}, 0x7, 0x2, 0x4})
prctl$PR_SCHED_CORE(0x3e, 0x0, r4, 0x2, 0x0)

6m28.686245354s ago: executing program 33 (id=1329):
syz_usb_connect(0x3, 0x2f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9b, 0xbd, 0x8b, 0x8, 0x4e8, 0xff30, 0xa6d1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x29, 0xfd, 0xdd, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x2, 0x5}]}}]}}]}}]}}, 0x0)

5m16.933704521s ago: executing program 34 (id=1345):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r2=>0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', <r3=>r2, 0x0, 0x0, 0x6, 0x6, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @multicast2}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'syztnl0\x00', &(0x7f0000000640)={'sit0\x00', r3, 0x80, 0x8000, 0x948f, 0xb1f, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x66, 0xe31, 0xd2, 0x29, 0x0, @broadcast, @multicast2}}}})
syz_clone(0x22822400, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = getpid()
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f000033f000/0x1000)=nil, 0x1000}, 0x5})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r5, 0x40505331, &(0x7f0000000180)={{0xc7, 0x9}, {0x0, 0x6}, 0x7, 0x2, 0x4})
prctl$PR_SCHED_CORE(0x3e, 0x0, r4, 0x2, 0x0)

4m44.116327333s ago: executing program 35 (id=1344):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x28, 0x2, 0x3, 0xc4dee3c1c0a44695, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0xc, 0x2}}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xe50dc9b30ee66d03}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000)

3m26.286664031s ago: executing program 5 (id=1955):
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x189082)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

3m24.859202367s ago: executing program 5 (id=1959):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000440)={0x0, @in={{0x2, 0x4e20, @empty}}, 0xa8, 0x5, 0xffff7fff, 0x1, 0x49a7ac009c9a722a, 0x0, 0x80}, 0x9c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x7, 0x977, 0x9, 0x4fc07588, 0x8a, 0x82, 0x3}, &(0x7f00000000c0)=0x9c)

3m24.859053593s ago: executing program 5 (id=1960):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00')
r1 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0, 0x0, r0}, 0x68)

3m24.776976289s ago: executing program 5 (id=1961):
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x21c0, 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@userxattr}]})
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000003680)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
socketpair(0x29, 0xa, 0x2abf, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'netpci0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, 0x0, 0x10001)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
write(0xffffffffffffffff, &(0x7f00000002c0), 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r3, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)="2221e9", 0x3}], 0x1}}, {{0x0, 0x0, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000380)}], 0x2}}], 0x2, 0x20040004)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
openat(r0, &(0x7f0000000300)='./file1\x00', 0xc4042, 0xbf)

3m24.540212554s ago: executing program 5 (id=1962):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000500)={0x7, 0x100, 0x103, 0x0, 0x6})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000380)={0x4, 0x3ff, 0x105, 0x0, 0xe})

3m24.273976461s ago: executing program 5 (id=1963):
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
close(r0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

3m24.168265259s ago: executing program 36 (id=1963):
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
close(r0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

3m3.318997888s ago: executing program 7 (id=2134):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x3, 0x5, 0x7, 0xc1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={r0, &(0x7f0000000200), 0x0}, 0x20)

3m3.272212905s ago: executing program 7 (id=2137):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000080), 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc010000000200000002000000000000000000000000000008001900000000000a00000000000000fe8000000000000000000000000000bb000000000a"], 0xe0}}, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
request_key(&(0x7f0000000900)='user\x00', &(0x7f0000000940)={'syz', 0x2}, &(0x7f0000000980)='\x00', 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
io_uring_setup(0x5bde, &(0x7f0000000240)={0x0, 0x5f41, 0x1, 0x0, 0xfffffffe})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x0)
socket$key(0xf, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r7, 0x402c542c, &(0x7f0000000340)={0xfffff2d4, 0x200ffffe, 0x2, 0xffffffff, 0x8, "4d6b5ccb00", 0x0, 0x200})

3m2.287642601s ago: executing program 7 (id=2147):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x13ec, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1fff, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
flock(0xffffffffffffffff, 0x1)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x20, 0x18, 0x5, {0x5, 0x3, "17ba2e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2m59.843710673s ago: executing program 7 (id=2166):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200, 0x4]})
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')

2m59.712042271s ago: executing program 7 (id=2167):
r0 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r0, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0x4b, 0x0, 0x0, 0x7f11b2d5, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffd, 0x6, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}})

2m58.796221538s ago: executing program 7 (id=2176):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = syz_io_uring_setup(0xec5, &(0x7f0000000000), &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x4000, &(0x7f00000001c0), 0x1, 0x40})
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
writev(r3, &(0x7f0000000080)=[{&(0x7f0000000380)='H', 0x1}], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x2, 0x10a5, 0x3, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f00000004c0)=[&(0x7f00000005c0)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)

2m58.640522594s ago: executing program 37 (id=2176):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = syz_io_uring_setup(0xec5, &(0x7f0000000000), &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x4000, &(0x7f00000001c0), 0x1, 0x40})
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
writev(r3, &(0x7f0000000080)=[{&(0x7f0000000380)='H', 0x1}], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x2, 0x10a5, 0x3, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f00000004c0)=[&(0x7f00000005c0)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)

5.968736204s ago: executing program 6 (id=4026):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
listen(r0, 0x7fff)

5.968302558s ago: executing program 6 (id=4027):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0a000000070000000200000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x63}, 0x50)

5.889455068s ago: executing program 6 (id=4028):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000380)=@generic={0x0, r0}, 0x18)

5.889153939s ago: executing program 6 (id=4029):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file1\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x110)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cb19976d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "64885973ff030000000000000000d01cd3160000ffffff7f0000000000002000", [0x200]})
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)

5.749637169s ago: executing program 6 (id=4031):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x40800)

5.487989215s ago: executing program 6 (id=4037):
syz_mount_image$exfat(&(0x7f0000000700), &(0x7f0000000000)='./file0\x00', 0x810000, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRES32], 0x0, 0x1509, &(0x7f0000001c80)="$eJzs3AuYjtXaOPD7Xms9Y0yT3iY5DGut++FNg2WSJIeEHJIkCUlOCUmTJAmJIackJDkfJslhCMkpJo3z+ZBz0mRLkyQhOYX1v7Tbn/bX/nb/77/7/r5rz/27ruey7nc993rXcs8171rPdc37XdfhNZvUqtaQiOBfgn/9JxUAYgFgEADcAAABAJRNKJtwpT+3xNR/7U3Yn6tR+rWeAbuWuP45G9c/Z+P652xc/5yN65+zcf1zNq5/zsb1Zywn2z6r4I185dyLn//nZPz5/28ku9TErzaWurnbfyOF65+zcf1zNq5/jtHoH77I9c/RuP45G9f/31/Vf9LH9c/ZuP6M5WTX+vkzX9f2utY/f4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGcoZz/ioFAH9rX+t5McYYY4wxxhhj7M/jc13rGTDGGGOMMcYYY+x/HoIACQoCiIFcEAu5IQ6ug3i4HvLADRCBGyEBboK8cDPkg/xQAApCIhSCwqDBgAWCEIpAUYjCLVAMboUkKA4loCQ4KAXJcBuUhtuhDNwBZeFOKAd3QXmoABWhEtwNleEeqAJVoRrcC9WhBtSEWnAf1Ib7oQ48AHXhQagHD0F9eBgawCPQEBpBY3gUmsBj0BQeh2bQHFpAS2j1/5T/MvSEV6AX9IZU6AN94VXoB/1hAAyEQfAaDIbXYQi8AUNhGAyHN2EEvAUj4W0YBaNhDIyFcTAeJsBEmASTIQ3egSnwLkyF92AaTIcZMBPSYRbMhvdhDsyFefABzIcPYQEshEWwGJbAR7AUlkEGfAzL4RPIhBWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHT2EH7IRdsBv2wF7YB5/BfvgcDsAXkAVf/jfzz/6n/G4ICChQoEKFMRiDsRiLcRiH8RiPeTAPRjCCCZiAeTEv5sN8WAALYCImYmEsjAYNEhIWwSIYxSgWw2KYhElYAkugQ4fJmIyl8XYsg2WwLJbFclgOy2MFrICVsBJWxspYBatgNayG1bE61sSaeB/eh/djHawTUxfrYj2sh/WxPjbABtgQG2JjbIxNsAk2xabYDJthC2yBrbAVtsbW2AbbYDtsh+2xPXbADpiCKdgRO2In7ISdsTN2wS7YFbtiN+yO3fFlfBlfwVewN1YXfbAv9sV+2A8H4EAciK/hYHwdX8c3cCgOw+H4Jr6Jb+FIPIOjcDSOwTFYWYzHCTgRSUzGNEzDKTgFp+JUnIbTcTrOxHSchbNxNs7BuTgXP8D5+CF+iAtxIS7GJbgEl+IyzMAMXI5nMRNX4EpchatxDa7Gdbge1+FG3IQbcQtuwW24DT/FT3En7sTduBv34l78DD/Dz/FzHIpZmIUH8SAewkN4GA9jNmbjETyCR/EoHsNjeByP4wk8iafwJJ7G03gGz+I5PIcX8AJexBcTv2m8t/iGoSCuUEKJGBEjYkWsiBNxIl7Eizwij4iIiEgQCSKvyCvyiXyigCggEkWiKCwKCyOMIBGKIqKIiIqoKCaKiSSRJEqIEsIJJ5JFsigtSosyoowoK+4U5cRdoryoINq6SqKSqCzauSqiqqgmqonqooaoKWqJWqK2qC3qiDqirqgr6ol6or54WDQQfXAANhJXKtNEDMOmYjg2E81FC9FSvIVPiNZiJLYRbUU78ZQYjaOwg2jtUsSzoqOYgJ3E82IiviC6iMnYVbwkuonuood4WfQUbVwv0VtMwz6ir5iJ/UR/MUAMFHOwhrhSsZriDTFUDBPDxZtiMb4lRoq3xSgxWowRY8U4MV5MEBPFJDFZpIl3xBTxrpgq3hPTxHQxQ8wU6WKWmC3eF3PEXDFPfCDmiw/FArFQLBKLxRLxkVgqlokM8bFYLj4RmWKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iU7FD7BS7xG6xR+wV+8RnYr/4XBwQX4gs8aU4KP4iDomvxGHxtcgW34gj4ltxVHwnjonvxXHxgzghTopT4kdxWvwkzoiz4pw4Ly6In8VFcUlcFl6ARCmklEoGMkbmkrEyt4yT18l4eb3MI2+QEXmjTJA3ybzyZplP5pcFZEGZKAvJwlJLI60kGcoisqiMyltkMXmrTJLFZQlZUjpZSibL22RpebssI++QZeWdspy8S5aXFWRFWUneLSvLe2QVWVVWk/fK6rKGrClryftkbXm/rCMfkHXlg7KefEjWlw/LBvIR2VA2ko3lo7KJfEw2lY/LZrK5bCFbylbyCdlaPinbyLaynXxKtpdPyw7yGZkin5Ud5XOyk3xedpYvyC7yRdlVviS7ye6yh7wkL0sve8neMlX2kX3lq7Kf7C8HyIFykHxNDpavyyHyDTlUDpPD5ZtyhHxLjpRvy1FytBwjx8pxcrycICfKSXKyTJPvyCnyXTlVvienyelyhpwp0+UsOeDXkeb9X+S/+w/yh/zy7tvkdvmp3CF3yl1yt9wj98p9cp/cL/fLA/KAzJJZ8qA8KA/JQ/KwPCyzZbY8Io/Io/KoPCaPyePyuDwhT8rz8kd5Wv4kz8iz8qw8Ly/IC/Lir/8HoFAJJZVSgYpRuVSsyq3i1HUqXl2v8qgbVETdqBLUTSqvulnlU/lVAVVQJapCqrDSyiirSIWqiCqqouoWVUzdqpJUcVVClVROlVLJ6rZ/Of+P5tdKtVKtVWvVRrVR7VQ71V61Vx1UB5WiUlRH1VF1Up1UZ9VZdVFdVFfVVXVT3VQP1UP1VD1VL9VLpapU1Ve9qvqp/mqAGqgGqdfUYDVYDVFD1FA1VA1Xw9UINUKNVCPVKDVKjVFj1Dg1Tk1QE9QkNUmlqTQ1RU1RU9VUNU1NUzPUDJWu0tVsNVvNUXPUPDVPzVfz1QK1QC1Si9QStUQtVUtVhspQy9VylalWqBVqlVql1qg1ap1apzaoDWqT2qS2qC0qU21X29UOtUPtUrvUHrVH7VP71H61Xx1QB1SWylIH1UF1SB1Sh9Vhla2y1RF1RB1VR9UxdUwdV8fVCXVCnVKn1Gl1Wp1RZ9Q5dU5dUBfURXVRXVaXr2z7AhGIQAUqiAligtggNogL4oL4ID7IE+QJIkEkSAgSgrzBzUG+IH9QICgYJAaFgsKBDkxgAwrCoEhQNIgGtwTFgluDpKB4UCIoGbigVJAc3BaUDm4PygR3BGWDO4NywV1B+aBCUDGoFNwdVA7uCaoEVYNqwb1B9aBGUDOoFdwX1A7uD+oEDwR1gweDesFDQf3g4aBB8EjQMGgUNA4eDZoEjwVNg8eDZkHzoEXQMmj1p47v/Zn8T7peurdO1X10X/2q7qf76wF6oB6kX9OD9et6iH5DD9XD9HD9ph6h39Ij9dt6lB6tx+ixepweryfoiXqSnqzT9Dt6in5XT9Xv6Wl6up6hZ+p0PUvP1u/rOXqunqc/0PP1h3qBXqgX6cV6if5IL9XLdIb+WC/Xn+hMvUKv1Kv0ar1Gr9Xr9Hq9QW/Um/RmvUVv1dv0dv2p3qF36l16t96j9+p9+jO9X3+uD+gvdJb+Uh/Uf9GH9Ff6sP5aZ+tv9BH9rT6qv9PH9Pf6uP5Bn9An9Sn9oz6tf9Jn9Fl9Tp/XF/TP+qK+pC9rf2Vzf+Xj3SijTIyJMbEm1sSZOBNv4k0ek8dETMQkmAST1+Q1+Uw+U8AUMIkm0RQ2hc0VZMgUMUVM1ERNMVPMJJkkU8KUMM44k2ySTWlT2pQxZUxZU9aUM+VMeVPeVDQVzd3mbnOPucdUNVXNveZeU8PUMLVMLVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTWPTxDQxTU1T08w0My1MC9PKtDKtTWvTxrQx7Uw70960Nx1MB5NiUkxH09F0Mp1MZ9PZdDFdTFfT1XQz3UwP08P0ND1NL9PLpJpU09f0Nf1MPzPADDCDzCAz2Aw2Q8wQM7b0pqpXTk4jzAgz0ow0o8xoM8aMNePMeDPBTDSTzGSTZtLMFDPFTDVTzTQzzcwwM0y6STezzWwzx8wx88w8M9/MNwvMArMIfz2KmaUmw2SY5Wa5yTSZZqVZaVab1WatWWvWm/Vmo9loNpvNZqvZarab7WaH2WF2mV1mj9lj9pl9Zr/Zbw6YAybLZJmD5qA5ZA6Zw+awyTbZ5og5Yo6ao+aYOWaOm+PmhDlhTplT5rQ5bc6YM+acOWcumJ/NRXPJXDbexFoBcfY6G2+vt3nsDTbW5ra/jQvYgjbRFrKFrbb5bP6/i421NskWtyVsSetsKZtsb/tdXN5WsBVtJXu3rWzvsVV+F9e299s69gFb1z5oa9n7/i6uZx+y9e1jtoF93Da0zW1j29I2sY/ZpvZx28w2ty1sS9vePm072Gdsin3WdrTP/S5eapfZ9XaD3Wg32f32c3vOnrdH7Xf2gv3Z9rK97SD7mh1sX7dD7Bt2qB32u3iMHWvH2fF2gp1oJ9nJv4tn2Jk23c6ys+37do6d+7t4if3IzrcZdoFdaBfZxb/EV+aUYT+2y+0nNtOusCvtKrvarrFr7br/mOsqu8VutdvsPvuZ3WF32l12t91j9/4SX1nHAfuFzbJf2iP2W3vIfmUP22M2237zS3xlfQDf2+P2B3vCnrSn7I/2tP3JnrFnf1n/lbX/aC/Zy9ZbICRBkhQFFEO5KJZyUxxdR/F0PeWhGyhCN1IC3UR56WbKR/mpABWkRCpEhUmTIUtEIRWhohSlW6gY3UpJVJxKUElyVIqS6TYqTbdTGbqDytKdVI7uovJUgSpSJbqbKtM9VIWqUjW6l6pTDapJteg+qk33Ux16gOrSg1SPHqL69DA1oEeoITWixvQoNaHHqCk9Ts2oObWgltSKnqDW9CS1obbUjp6i9vQ0daBnKIWepY70HHWi56kzvUBd6EXqSi9RN+pOPehl6kmvUC/qTanUh/rSq9SP+tMAGkiD6DUaTK/TEHqDhtIwGk5v0gh6i0bS2zSKRtMYGkvjaDxNoIk0iSZTGr1DU+hdmkrv0TSaTjNoJqXTLJpN79Mcmkvz6AOaTx/SAlpIi2gxLaGPaCktowz6mJbTJ5RJK2glraLVtIbW0jpaTxtoI22izbSFttI22k6f0g7aSbtoN+2hvbSPPqP99DkdoC8oi76kg/QXOkRf0WH6mrLpGzpC39JR+o6O0fd0nH6gE3SSTtGPdJp+ojN0ls7RebpAP9NFukSXyROEGIpQhioMwpgwVxgb5g7jwuvC+PD6ME94QxgJbwwTwpvCvOHNYb4wf1ggLBgmhoXCwqEOTWhDCsOwSFg0jIa3hMXCW8OksHhYIiwZurBUmBzeFpYObw/LhHeEZcM7w3LhXWH5sEL42IOVwrvDyuE9YZWwalgtvDesHtYIa4a1wvvC2uH9YZ3wgbBu+GBYJnworB8+HDYIHwkbho3CxuGjYZPwsbBp+HjYLGwetghbhq3CJ8LW4ZNhm7Bt2C58KmwfPh12CJ8JU8Jnw47hc3/Ynxr2CfuGr4avht4/IBdFF0eXRD+KLo0ui2ZEP44uj34SzYyuiK6Mroqujq6Jro2ui66PbohujG6Kbo5uiW6Nbot6XysXOHTCSadc4GJcLhfrcrs4d52Ld9e7PO4GF3E3ugR3k8vrbnb5XH5XwBV0ia6QK+y0M846cqEr4oq6qLvFFXO3uiRX3JVwJZ1zpVyya+lauVautXvStXFtXTv3lHvKPe2eds+4Z9yzrqN7znVyz7vO7gXXxb3oXnQvuW6uu+vhXnY93Suul+vtUl2q6+v6un6unxvgBrhBbpAb7Aa7IW6IG+qGuuFuuBvhRriRbqQb5Ua5MW6MG+fGuQlugpvkJrk0l+am5Jriprqpbpqb5ma4GS7dpbvZbrab4+a4eW6em5803y1wC9wit8gtcUvcUrfUZbgMt9wtd5ku0610K91qt9qtdWvderfebXQb3Wa32W11W912t93tcDvcLrfL7XF73D63z+13+90Bd8BluSx30B10h9whd9h97bLdN+6I+9Yddd+5Y+57d9z94E64k+6U+9Gddj+5M+6sO+fOuwvuZ3fRXXKXnXdpkXciUyLvRqZG3otMi0yPzIjMjKRHZkVmR96PzInMjcyLfBCZH/kwsiCyMLIosjiyJPJRZGlkWSQj8nFkeeSTSGZkRWRlZFVkdWRNxPtCO0JfxBf1UX+LL+Zv9Um+uC/hS3rnS/lkf5sv7W/3Zfwdvqy/05fzd/nyvoKv6B/3zXxz38K39K38E761f9K38W19O/+Ub++f9h38Mz7FP+s7+ud8J/+87+xf8F38i76rf8l38919D/+y7+lf8b18b5/q+/i+/lXfz/f3A/xAP8i/5gf71/0Q/4Yf6of54f5NP8K/5Uf6t/0oP9qP8WP9OD/eT/AT/SQ/2af5d/wU/66f6t/z0/x0P8PP9Ol+lp/t3/dz/Fw/z3/g5/sP/QK/0C/yi/0S/5Ff6pf5DP+xX+4/8Zl+hV/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/nt/lO/w+/0u/xuv8fv9fv8Z36//9wf8F/4LP+lP+j/4g/5r/xh/7XP9t/4I/5bf9R/54/57/1x/4M/4U/6U/5Hf9r/5M/4s/6cP+8v+J/9RX/JX/7b36yJP3jcHfM//TydMcYYY+x/t7Q/6O8zM/jda+I326y+AHD9zoLZv+2XALA531/b/UUiRADg2d5dG/3tql49NTX113szJQRFFwL8ctOvftmi/RqvgHbwNKRAWyj9D+fXX3S/QH8wfvROgLjf5MT+9WsO/tP4t/8X4z/x1Jil5cJzCf9k/IUASUWv5uSGq/HV8cv8F+Pnb/0H88/9VRpAm9/kxMPV+Or4yfAkPAcpf3cnY4wxxhhjjDH2V/1Fxc505UQM//x8nqiu5uSCq/Efnc8ZY4wxxhhjjDF27b3QvcczT6SktO3MDW5wgxv/0bjWv5kYY4wxxhhjf7arm/5rPRPGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyzn+v/xdWLXeo2MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYtfZ/AgAA//8QpTsf")

5.298949013s ago: executing program 38 (id=4037):
syz_mount_image$exfat(&(0x7f0000000700), &(0x7f0000000000)='./file0\x00', 0x810000, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRES32], 0x0, 0x1509, &(0x7f0000001c80)="$eJzs3AuYjtXaOPD7Xms9Y0yT3iY5DGut++FNg2WSJIeEHJIkCUlOCUmTJAmJIackJDkfJslhCMkpJo3z+ZBz0mRLkyQhOYX1v7Tbn/bX/nb/77/7/r5rz/27ruey7nc993rXcs8171rPdc37XdfhNZvUqtaQiOBfgn/9JxUAYgFgEADcAAABAJRNKJtwpT+3xNR/7U3Yn6tR+rWeAbuWuP45G9c/Z+P652xc/5yN65+zcf1zNq5/zsb1Zywn2z6r4I185dyLn//nZPz5/28ku9TErzaWurnbfyOF65+zcf1zNq5/jtHoH77I9c/RuP45G9f/31/Vf9LH9c/ZuP6M5WTX+vkzX9f2utY/f4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGcoZz/ioFAH9rX+t5McYYY4wxxhhj7M/jc13rGTDGGGOMMcYYY+x/HoIACQoCiIFcEAu5IQ6ug3i4HvLADRCBGyEBboK8cDPkg/xQAApCIhSCwqDBgAWCEIpAUYjCLVAMboUkKA4loCQ4KAXJcBuUhtuhDNwBZeFOKAd3QXmoABWhEtwNleEeqAJVoRrcC9WhBtSEWnAf1Ib7oQ48AHXhQagHD0F9eBgawCPQEBpBY3gUmsBj0BQeh2bQHFpAS2j1/5T/MvSEV6AX9IZU6AN94VXoB/1hAAyEQfAaDIbXYQi8AUNhGAyHN2EEvAUj4W0YBaNhDIyFcTAeJsBEmASTIQ3egSnwLkyF92AaTIcZMBPSYRbMhvdhDsyFefABzIcPYQEshEWwGJbAR7AUlkEGfAzL4RPIhBWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHT2EH7IRdsBv2wF7YB5/BfvgcDsAXkAVf/jfzz/6n/G4ICChQoEKFMRiDsRiLcRiH8RiPeTAPRjCCCZiAeTEv5sN8WAALYCImYmEsjAYNEhIWwSIYxSgWw2KYhElYAkugQ4fJmIyl8XYsg2WwLJbFclgOy2MFrICVsBJWxspYBatgNayG1bE61sSaeB/eh/djHawTUxfrYj2sh/WxPjbABtgQG2JjbIxNsAk2xabYDJthC2yBrbAVtsbW2AbbYDtsh+2xPXbADpiCKdgRO2In7ISdsTN2wS7YFbtiN+yO3fFlfBlfwVewN1YXfbAv9sV+2A8H4EAciK/hYHwdX8c3cCgOw+H4Jr6Jb+FIPIOjcDSOwTFYWYzHCTgRSUzGNEzDKTgFp+JUnIbTcTrOxHSchbNxNs7BuTgXP8D5+CF+iAtxIS7GJbgEl+IyzMAMXI5nMRNX4EpchatxDa7Gdbge1+FG3IQbcQtuwW24DT/FT3En7sTduBv34l78DD/Dz/FzHIpZmIUH8SAewkN4GA9jNmbjETyCR/EoHsNjeByP4wk8iafwJJ7G03gGz+I5PIcX8AJexBcTv2m8t/iGoSCuUEKJGBEjYkWsiBNxIl7Eizwij4iIiEgQCSKvyCvyiXyigCggEkWiKCwKCyOMIBGKIqKIiIqoKCaKiSSRJEqIEsIJJ5JFsigtSosyoowoK+4U5cRdoryoINq6SqKSqCzauSqiqqgmqonqooaoKWqJWqK2qC3qiDqirqgr6ol6or54WDQQfXAANhJXKtNEDMOmYjg2E81FC9FSvIVPiNZiJLYRbUU78ZQYjaOwg2jtUsSzoqOYgJ3E82IiviC6iMnYVbwkuonuood4WfQUbVwv0VtMwz6ir5iJ/UR/MUAMFHOwhrhSsZriDTFUDBPDxZtiMb4lRoq3xSgxWowRY8U4MV5MEBPFJDFZpIl3xBTxrpgq3hPTxHQxQ8wU6WKWmC3eF3PEXDFPfCDmiw/FArFQLBKLxRLxkVgqlokM8bFYLj4RmWKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iU7FD7BS7xG6xR+wV+8RnYr/4XBwQX4gs8aU4KP4iDomvxGHxtcgW34gj4ltxVHwnjonvxXHxgzghTopT4kdxWvwkzoiz4pw4Ly6In8VFcUlcFl6ARCmklEoGMkbmkrEyt4yT18l4eb3MI2+QEXmjTJA3ybzyZplP5pcFZEGZKAvJwlJLI60kGcoisqiMyltkMXmrTJLFZQlZUjpZSibL22RpebssI++QZeWdspy8S5aXFWRFWUneLSvLe2QVWVVWk/fK6rKGrClryftkbXm/rCMfkHXlg7KefEjWlw/LBvIR2VA2ko3lo7KJfEw2lY/LZrK5bCFbylbyCdlaPinbyLaynXxKtpdPyw7yGZkin5Ud5XOyk3xedpYvyC7yRdlVviS7ye6yh7wkL0sve8neMlX2kX3lq7Kf7C8HyIFykHxNDpavyyHyDTlUDpPD5ZtyhHxLjpRvy1FytBwjx8pxcrycICfKSXKyTJPvyCnyXTlVvienyelyhpwp0+UsOeDXkeb9X+S/+w/yh/zy7tvkdvmp3CF3yl1yt9wj98p9cp/cL/fLA/KAzJJZ8qA8KA/JQ/KwPCyzZbY8Io/Io/KoPCaPyePyuDwhT8rz8kd5Wv4kz8iz8qw8Ly/IC/Lir/8HoFAJJZVSgYpRuVSsyq3i1HUqXl2v8qgbVETdqBLUTSqvulnlU/lVAVVQJapCqrDSyiirSIWqiCqqouoWVUzdqpJUcVVClVROlVLJ6rZ/Of+P5tdKtVKtVWvVRrVR7VQ71V61Vx1UB5WiUlRH1VF1Up1UZ9VZdVFdVFfVVXVT3VQP1UP1VD1VL9VLpapU1Ve9qvqp/mqAGqgGqdfUYDVYDVFD1FA1VA1Xw9UINUKNVCPVKDVKjVFj1Dg1Tk1QE9QkNUmlqTQ1RU1RU9VUNU1NUzPUDJWu0tVsNVvNUXPUPDVPzVfz1QK1QC1Si9QStUQtVUtVhspQy9VylalWqBVqlVql1qg1ap1apzaoDWqT2qS2qC0qU21X29UOtUPtUrvUHrVH7VP71H61Xx1QB1SWylIH1UF1SB1Sh9Vhla2y1RF1RB1VR9UxdUwdV8fVCXVCnVKn1Gl1Wp1RZ9Q5dU5dUBfURXVRXVaXr2z7AhGIQAUqiAligtggNogL4oL4ID7IE+QJIkEkSAgSgrzBzUG+IH9QICgYJAaFgsKBDkxgAwrCoEhQNIgGtwTFgluDpKB4UCIoGbigVJAc3BaUDm4PygR3BGWDO4NywV1B+aBCUDGoFNwdVA7uCaoEVYNqwb1B9aBGUDOoFdwX1A7uD+oEDwR1gweDesFDQf3g4aBB8EjQMGgUNA4eDZoEjwVNg8eDZkHzoEXQMmj1p47v/Zn8T7peurdO1X10X/2q7qf76wF6oB6kX9OD9et6iH5DD9XD9HD9ph6h39Ij9dt6lB6tx+ixepweryfoiXqSnqzT9Dt6in5XT9Xv6Wl6up6hZ+p0PUvP1u/rOXqunqc/0PP1h3qBXqgX6cV6if5IL9XLdIb+WC/Xn+hMvUKv1Kv0ar1Gr9Xr9Hq9QW/Um/RmvUVv1dv0dv2p3qF36l16t96j9+p9+jO9X3+uD+gvdJb+Uh/Uf9GH9Ff6sP5aZ+tv9BH9rT6qv9PH9Pf6uP5Bn9An9Sn9oz6tf9Jn9Fl9Tp/XF/TP+qK+pC9rf2Vzf+Xj3SijTIyJMbEm1sSZOBNv4k0ek8dETMQkmAST1+Q1+Uw+U8AUMIkm0RQ2hc0VZMgUMUVM1ERNMVPMJJkkU8KUMM44k2ySTWlT2pQxZUxZU9aUM+VMeVPeVDQVzd3mbnOPucdUNVXNveZeU8PUMLVMLVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTWPTxDQxTU1T08w0My1MC9PKtDKtTWvTxrQx7Uw70960Nx1MB5NiUkxH09F0Mp1MZ9PZdDFdTFfT1XQz3UwP08P0ND1NL9PLpJpU09f0Nf1MPzPADDCDzCAz2Aw2Q8wQM7b0pqpXTk4jzAgz0ow0o8xoM8aMNePMeDPBTDSTzGSTZtLMFDPFTDVTzTQzzcwwM0y6STezzWwzx8wx88w8M9/MNwvMArMIfz2KmaUmw2SY5Wa5yTSZZqVZaVab1WatWWvWm/Vmo9loNpvNZqvZarab7WaH2WF2mV1mj9lj9pl9Zr/Zbw6YAybLZJmD5qA5ZA6Zw+awyTbZ5og5Yo6ao+aYOWaOm+PmhDlhTplT5rQ5bc6YM+acOWcumJ/NRXPJXDbexFoBcfY6G2+vt3nsDTbW5ra/jQvYgjbRFrKFrbb5bP6/i421NskWtyVsSetsKZtsb/tdXN5WsBVtJXu3rWzvsVV+F9e299s69gFb1z5oa9n7/i6uZx+y9e1jtoF93Da0zW1j29I2sY/ZpvZx28w2ty1sS9vePm072Gdsin3WdrTP/S5eapfZ9XaD3Wg32f32c3vOnrdH7Xf2gv3Z9rK97SD7mh1sX7dD7Bt2qB32u3iMHWvH2fF2gp1oJ9nJv4tn2Jk23c6ys+37do6d+7t4if3IzrcZdoFdaBfZxb/EV+aUYT+2y+0nNtOusCvtKrvarrFr7br/mOsqu8VutdvsPvuZ3WF32l12t91j9/4SX1nHAfuFzbJf2iP2W3vIfmUP22M2237zS3xlfQDf2+P2B3vCnrSn7I/2tP3JnrFnf1n/lbX/aC/Zy9ZbICRBkhQFFEO5KJZyUxxdR/F0PeWhGyhCN1IC3UR56WbKR/mpABWkRCpEhUmTIUtEIRWhohSlW6gY3UpJVJxKUElyVIqS6TYqTbdTGbqDytKdVI7uovJUgSpSJbqbKtM9VIWqUjW6l6pTDapJteg+qk33Ux16gOrSg1SPHqL69DA1oEeoITWixvQoNaHHqCk9Ts2oObWgltSKnqDW9CS1obbUjp6i9vQ0daBnKIWepY70HHWi56kzvUBd6EXqSi9RN+pOPehl6kmvUC/qTanUh/rSq9SP+tMAGkiD6DUaTK/TEHqDhtIwGk5v0gh6i0bS2zSKRtMYGkvjaDxNoIk0iSZTGr1DU+hdmkrv0TSaTjNoJqXTLJpN79Mcmkvz6AOaTx/SAlpIi2gxLaGPaCktowz6mJbTJ5RJK2glraLVtIbW0jpaTxtoI22izbSFttI22k6f0g7aSbtoN+2hvbSPPqP99DkdoC8oi76kg/QXOkRf0WH6mrLpGzpC39JR+o6O0fd0nH6gE3SSTtGPdJp+ojN0ls7RebpAP9NFukSXyROEGIpQhioMwpgwVxgb5g7jwuvC+PD6ME94QxgJbwwTwpvCvOHNYb4wf1ggLBgmhoXCwqEOTWhDCsOwSFg0jIa3hMXCW8OksHhYIiwZurBUmBzeFpYObw/LhHeEZcM7w3LhXWH5sEL42IOVwrvDyuE9YZWwalgtvDesHtYIa4a1wvvC2uH9YZ3wgbBu+GBYJnworB8+HDYIHwkbho3CxuGjYZPwsbBp+HjYLGwetghbhq3CJ8LW4ZNhm7Bt2C58KmwfPh12CJ8JU8Jnw47hc3/Ynxr2CfuGr4avht4/IBdFF0eXRD+KLo0ui2ZEP44uj34SzYyuiK6Mroqujq6Jro2ui66PbohujG6Kbo5uiW6Nbot6XysXOHTCSadc4GJcLhfrcrs4d52Ld9e7PO4GF3E3ugR3k8vrbnb5XH5XwBV0ia6QK+y0M846cqEr4oq6qLvFFXO3uiRX3JVwJZ1zpVyya+lauVautXvStXFtXTv3lHvKPe2eds+4Z9yzrqN7znVyz7vO7gXXxb3oXnQvuW6uu+vhXnY93Suul+vtUl2q6+v6un6unxvgBrhBbpAb7Aa7IW6IG+qGuuFuuBvhRriRbqQb5Ua5MW6MG+fGuQlugpvkJrk0l+am5Jriprqpbpqb5ma4GS7dpbvZbrab4+a4eW6em5803y1wC9wit8gtcUvcUrfUZbgMt9wtd5ku0610K91qt9qtdWvderfebXQb3Wa32W11W912t93tcDvcLrfL7XF73D63z+13+90Bd8BluSx30B10h9whd9h97bLdN+6I+9Yddd+5Y+57d9z94E64k+6U+9Gddj+5M+6sO+fOuwvuZ3fRXXKXnXdpkXciUyLvRqZG3otMi0yPzIjMjKRHZkVmR96PzInMjcyLfBCZH/kwsiCyMLIosjiyJPJRZGlkWSQj8nFkeeSTSGZkRWRlZFVkdWRNxPtCO0JfxBf1UX+LL+Zv9Um+uC/hS3rnS/lkf5sv7W/3Zfwdvqy/05fzd/nyvoKv6B/3zXxz38K39K38E761f9K38W19O/+Ub++f9h38Mz7FP+s7+ud8J/+87+xf8F38i76rf8l38919D/+y7+lf8b18b5/q+/i+/lXfz/f3A/xAP8i/5gf71/0Q/4Yf6of54f5NP8K/5Uf6t/0oP9qP8WP9OD/eT/AT/SQ/2af5d/wU/66f6t/z0/x0P8PP9Ol+lp/t3/dz/Fw/z3/g5/sP/QK/0C/yi/0S/5Ff6pf5DP+xX+4/8Zl+hV/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/nt/lO/w+/0u/xuv8fv9fv8Z36//9wf8F/4LP+lP+j/4g/5r/xh/7XP9t/4I/5bf9R/54/57/1x/4M/4U/6U/5Hf9r/5M/4s/6cP+8v+J/9RX/JX/7b36yJP3jcHfM//TydMcYYY+x/t7Q/6O8zM/jda+I326y+AHD9zoLZv+2XALA531/b/UUiRADg2d5dG/3tql49NTX113szJQRFFwL8ctOvftmi/RqvgHbwNKRAWyj9D+fXX3S/QH8wfvROgLjf5MT+9WsO/tP4t/8X4z/x1Jil5cJzCf9k/IUASUWv5uSGq/HV8cv8F+Pnb/0H88/9VRpAm9/kxMPV+Or4yfAkPAcpf3cnY4wxxhhjjDH2V/1Fxc505UQM//x8nqiu5uSCq/Efnc8ZY4wxxhhjjDF27b3QvcczT6SktO3MDW5wgxv/0bjWv5kYY4wxxhhjf7arm/5rPRPGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyzn+v/xdWLXeo2MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYtfZ/AgAA//8QpTsf")

2.277431617s ago: executing program 8 (id=4074):
syz_emit_ethernet(0x2a, &(0x7f0000001480)={@random="a5050f0000b5", @random="0000009000", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0x2}}}}}, 0x0)

2.160830762s ago: executing program 8 (id=4076):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910000000000000c30418180001000095007400000000"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0xe4}, 0x94)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000000000000ac1414bb0000000000000000000000000000e9d8000100c40a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000)

2.071017607s ago: executing program 8 (id=4077):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
ioctl$LOOP_SET_STATUS(r0, 0x80081272, 0x0)

2.007724148s ago: executing program 8 (id=4078):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000003c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0}}], 0x1, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

1.948156788s ago: executing program 8 (id=4079):
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040081}, 0x0)
r0 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x1ef}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0xffffffffffffff8a)

1.9477042s ago: executing program 8 (id=4080):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x107734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2d, 0x0, 0x0, 0x6}]}, 0xfffffffffffffeea)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0xfac7, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

360.508889ms ago: executing program 4 (id=4083):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
chroot(&(0x7f0000000000)='./file0\x00')

360.295162ms ago: executing program 4 (id=4084):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4, '\x00', r1, 0x0}, 0x50)

213.450807ms ago: executing program 4 (id=4085):
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x37}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

213.363402ms ago: executing program 9 (id=4038):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
recvmmsg(0xffffffffffffffff, &(0x7f00000022c0)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000040)=""/48, 0x30}], 0x1}, 0x9}], 0x1, 0x2, 0x0)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00)

150.965875ms ago: executing program 4 (id=4086):
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x22342, 0x0)
write$binfmt_script(r0, 0x0, 0x0)

70.44724ms ago: executing program 9 (id=4087):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x60)

70.313584ms ago: executing program 4 (id=4088):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
splice(r0, 0x0, r0, 0x0, 0xa, 0x9)

220.66µs ago: executing program 9 (id=4089):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@updpolicy={0xcc, 0x1b, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xf, 0x0, 0x9, 0x0, 0x3}, {0x0, 0x2, 0x2}, 0x2, 0x8}, [@srcaddr={0x14, 0xd, @in=@local}]}, 0xcc}}, 0x0)

100.944µs ago: executing program 4 (id=4090):
r0 = socket(0x11, 0x2, 0x0)
setsockopt(r0, 0x107, 0x1, &(0x7f00000001c0)="110000000000060000071a80010061cc", 0x10)

0s ago: executing program 9 (id=4091):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
fcntl$F_SET_RW_HINT(r0, 0x40c, 0x0)

kernel console output (not intermixed with test programs):

ly
[  523.219199][T12028] bcachefs (loop8): finished waiting for writes to stop
[  523.224633][T12028] bcachefs (loop8): flushing journal and stopping allocators, journal seq 3
[  523.249176][ T9526] printk: udevd: 70 output lines suppressed due to ratelimiting
[  523.300182][T12028] bcachefs (loop8): flushing journal and stopping allocators complete, journal seq 3
[  523.304729][T12028] bcachefs (loop8): clean shutdown complete, journal seq 4
[  523.307420][T12028] bcachefs (loop8): marking filesystem clean
[  523.371233][    C0] hpet: Lost 2 RTC interrupts
[  523.422549][T12028] bcachefs (loop8): shutdown complete
[  523.815486][T14342] team0: No ports can be present during mode change
[  524.656169][T14352] loop4: detected capacity change from 0 to 512
[  524.659141][T14352] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  524.812562][T14354] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  524.833370][ T5896] lo speed is unknown, defaulting to 1000
[  524.835734][ T5896] syz2: Port: 1 Link ACTIVE
[  525.442384][T14372] loop6: detected capacity change from 0 to 256
[  525.448181][T14372] exFAT-fs (loop6): failed to read boot sector
[  525.455109][T14372] exFAT-fs (loop6): failed to recognize exfat type
[  525.556742][T14378] netlink: 'syz.6.3004': attribute type 2 has an invalid length.
[  525.559175][T14378] netlink: 144 bytes leftover after parsing attributes in process `syz.6.3004'.
[  525.675425][T14384] loop4: detected capacity change from 0 to 256
[  525.693995][T14384] FAT-fs (loop4): Directory bread(block 64) failed
[  525.696865][T14384] FAT-fs (loop4): Directory bread(block 65) failed
[  525.699810][T14384] FAT-fs (loop4): Directory bread(block 66) failed
[  525.704143][T14384] FAT-fs (loop4): Directory bread(block 67) failed
[  525.709235][T14384] FAT-fs (loop4): Directory bread(block 68) failed
[  525.714402][T14384] FAT-fs (loop4): Directory bread(block 69) failed
[  525.717246][T14384] FAT-fs (loop4): Directory bread(block 70) failed
[  525.739201][T14384] FAT-fs (loop4): Directory bread(block 71) failed
[  525.745908][T14384] FAT-fs (loop4): Directory bread(block 72) failed
[  525.748554][T14384] FAT-fs (loop4): Directory bread(block 73) failed
[  526.764858][T14380] loop8: detected capacity change from 0 to 262144
[  526.768238][T14380] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3005 (14380)
[  526.777644][T14380] BTRFS info (device loop8): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  526.781988][T14380] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm
[  526.851608][T14380] BTRFS info (device loop8): enabling ssd optimizations
[  526.854494][T14380] BTRFS info (device loop8): using spread ssd allocation scheme
[  526.857612][T14380] BTRFS info (device loop8): enabling free space tree
[  526.884038][   T33] audit: type=1800 audit(2000000092.900:133): pid=14380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.3005" name="bus" dev="loop8" ino=263 res=0 errno=0
[  526.969677][T14418] loop4: detected capacity change from 0 to 512
[  526.989710][T14418] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  527.006338][T14407] loop6: detected capacity change from 0 to 32768
[  527.013408][T14407] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  527.017108][T14418] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  527.020458][T14418] System zones: 0-2, 18-18, 34-34
[  527.027953][T14418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  527.033609][T14418] ext4 filesystem being mounted at /529/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  527.034550][T14407] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  527.081177][T14407] (syz.6.3014,14407,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=9
[  527.081733][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  527.088396][T14407] (syz.6.3014,14407,1):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  527.088448][T14407] (syz.6.3014,14407,1):ocfs2_mknod:301 ERROR: status = -2
[  527.088466][T14407] (syz.6.3014,14407,1):ocfs2_mknod:505 ERROR: status = -2
[  527.088479][T14407] (syz.6.3014,14407,1):ocfs2_mkdir:661 ERROR: status = -2
[  527.132950][ T9537] ocfs2: Unmounting device (7,6) on (node local)
[  527.166011][T12028] BTRFS info (device loop8): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  527.187444][T14426] loop4: detected capacity change from 0 to 512
[  527.198760][T14426] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  527.552815][ T5896] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  527.723354][ T5896] usb 7-1: Using ep0 maxpacket: 16
[  527.727654][ T5896] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[  527.731263][ T5896] usb 7-1: config 0 has no interface number 0
[  527.733803][ T5896] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  527.738236][ T5896] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  527.744646][ T5896] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  527.749569][ T5896] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  527.753156][ T5896] usb 7-1: Product: syz
[  527.755133][ T5896] usb 7-1: SerialNumber: syz
[  527.759314][ T5896] usb 7-1: config 0 descriptor??
[  527.766795][ T5896] cm109 7-1:0.8: invalid payload size 0, expected 4
[  527.771395][ T5896] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input21
[  527.793651][T14432] loop8: detected capacity change from 0 to 256
[  527.802966][T14432] exFAT-fs (loop8): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  528.009454][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  528.215933][T12156] usb 7-1: USB disconnect, device number 24
[  528.247999][T12156] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  529.198944][T14462] loop8: detected capacity change from 0 to 512
[  529.323052][T14459] loop4: detected capacity change from 0 to 40427
[  529.327498][T14459] F2FS-fs (loop4): build fault injection rate: 14
[  529.328323][T14462] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  529.330083][T14459] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  529.338438][T14459] F2FS-fs (loop4): invalid crc value
[  529.339976][T14462] ext4 filesystem being mounted at /305/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  529.365017][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  529.377121][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  529.473331][T14459] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  529.477050][T14459] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  529.484662][T14459] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  529.507406][T14459] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  529.511856][   T33] audit: type=1800 audit(2000000351.525:134): pid=14459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3031" name="file2" dev="loop4" ino=10 res=0 errno=0
[  529.521431][T14459] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x249/0x1cf0
[  529.527676][T14459] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  529.547691][T14459] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  529.557176][T14459] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_write_begin+0x952/0x2290
[  529.562477][T14459] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:14, node_footer[nid:14,ino:14,ofs:0,cpver:0,blkaddr:0]
[  529.612346][ T9573] syz-executor: attempt to access beyond end of device
[  529.612346][ T9573] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  529.629232][ T9573] CPU: 1 UID: 0 PID: 9573 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  529.629245][ T9573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  529.629250][ T9573] Call Trace:
[  529.629254][ T9573]  <TASK>
[  529.629259][ T9573]  dump_stack_lvl+0x189/0x250
[  529.629287][ T9573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  529.629301][ T9573]  ? __pfx_queue_work_on+0x10/0x10
[  529.629312][ T9573]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  529.629327][ T9573]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  529.629346][ T9573]  f2fs_handle_critical_error+0x37c/0x540
[  529.629366][ T9573]  f2fs_write_end_io+0x886/0xb60
[  529.629388][ T9573]  __submit_merged_bio+0x27a/0x6a0
[  529.629406][ T9573]  __submit_merged_write_cond+0x255/0x530
[  529.629425][ T9573]  f2fs_write_data_pages+0x261d/0x3000
[  529.629441][ T9573]  ? ktime_get+0x3e/0x1f0
[  529.629497][ T9573]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  529.629513][ T9573]  ? __switch_to+0xdae/0x1670
[  529.629557][ T9573]  ? rcu_is_watching+0x15/0xb0
[  529.629569][ T9573]  ? trace_sched_exit_tp+0x36/0x110
[  529.629584][ T9573]  ? __schedule+0x17ae/0x4cc0
[  529.629601][ T9573]  ? folios_put_refs+0x560/0x640
[  529.629619][ T9573]  ? __lock_acquire+0xab9/0xd20
[  529.629632][ T9573]  ? do_raw_spin_lock+0x121/0x290
[  529.629645][ T9573]  ? do_raw_spin_unlock+0x4d/0x240
[  529.629653][ T9573]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  529.629664][ T9573]  do_writepages+0x32e/0x550
[  529.629678][ T9573]  ? do_raw_spin_unlock+0x4d/0x240
[  529.629688][ T9573]  filemap_fdatawrite+0x199/0x240
[  529.629698][ T9573]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  529.629724][ T9573]  ? do_raw_spin_unlock+0x4d/0x240
[  529.629734][ T9573]  f2fs_sync_dirty_inodes+0x31f/0x830
[  529.629747][ T9573]  f2fs_write_checkpoint+0x95a/0x1df0
[  529.629763][ T9573]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  529.629788][ T9573]  ? kill_f2fs_super+0x298/0x6c0
[  529.629797][ T9573]  kill_f2fs_super+0x2c3/0x6c0
[  529.629807][ T9573]  ? __pfx_kill_f2fs_super+0x10/0x10
[  529.629813][ T9573]  ? radix_tree_delete_item+0x2b6/0x400
[  529.629825][ T9573]  ? shrinker_free+0x2ce/0x3e0
[  529.629834][ T9573]  deactivate_locked_super+0xbc/0x130
[  529.629844][ T9573]  cleanup_mnt+0x425/0x4c0
[  529.629852][ T9573]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.629885][ T9573]  task_work_run+0x1d4/0x260
[  529.629898][ T9573]  ? __pfx_task_work_run+0x10/0x10
[  529.629907][ T9573]  ? __x64_sys_umount+0x122/0x160
[  529.629918][ T9573]  ? exit_to_user_mode_loop+0x40/0x110
[  529.629929][ T9573]  exit_to_user_mode_loop+0xec/0x110
[  529.629939][ T9573]  do_syscall_64+0x2bd/0x3b0
[  529.629949][ T9573]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.629958][ T9573]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.629965][ T9573]  ? exc_page_fault+0x9f/0xf0
[  529.629975][ T9573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.629982][ T9573] RIP: 0033:0x7ff028b8ff17
[  529.629990][ T9573] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  529.629996][ T9573] RSP: 002b:00007ffc211a5e08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  529.630005][ T9573] RAX: 0000000000000000 RBX: 00007ff028c11c05 RCX: 00007ff028b8ff17
[  529.630010][ T9573] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc211a5ec0
[  529.630015][ T9573] RBP: 00007ffc211a5ec0 R08: 0000000000000000 R09: 0000000000000000
[  529.630019][ T9573] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc211a6f50
[  529.630024][ T9573] R13: 00007ff028c11c05 R14: 0000000000081422 R15: 00007ffc211a6f90
[  529.630035][ T9573]  </TASK>
[  529.630107][ T9573] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  529.726528][T14485] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3040'.
[  529.728938][ T9573] CPU: 1 UID: 0 PID: 9573 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  529.728955][ T9573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  529.728963][ T9573] Call Trace:
[  529.728969][ T9573]  <TASK>
[  529.728974][ T9573]  dump_stack_lvl+0x189/0x250
[  529.728995][ T9573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  529.729009][ T9573]  ? __pfx_queue_work_on+0x10/0x10
[  529.729021][ T9573]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  529.729037][ T9573]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  529.729061][ T9573]  f2fs_handle_critical_error+0x37c/0x540
[  529.729086][ T9573]  f2fs_write_end_io+0x886/0xb60
[  529.729113][ T9573]  __submit_merged_bio+0x27a/0x6a0
[  529.729135][ T9573]  __submit_merged_write_cond+0x255/0x530
[  529.729158][ T9573]  f2fs_write_data_pages+0x261d/0x3000
[  529.729174][ T9573]  ? ktime_get+0x3e/0x1f0
[  529.729213][ T9573]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  529.729227][ T9573]  ? __switch_to+0xdae/0x1670
[  529.729278][ T9573]  ? rcu_is_watching+0x15/0xb0
[  529.729300][ T9573]  ? trace_sched_exit_tp+0x36/0x110
[  529.729313][ T9573]  ? __schedule+0x17ae/0x4cc0
[  529.729331][ T9573]  ? folios_put_refs+0x560/0x640
[  529.729357][ T9573]  ? __lock_acquire+0xab9/0xd20
[  529.729379][ T9573]  ? do_raw_spin_lock+0x121/0x290
[  529.729402][ T9573]  ? do_raw_spin_unlock+0x4d/0x240
[  529.729417][ T9573]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  529.729435][ T9573]  do_writepages+0x32e/0x550
[  529.729461][ T9573]  ? do_raw_spin_unlock+0x4d/0x240
[  529.729479][ T9573]  filemap_fdatawrite+0x199/0x240
[  529.729496][ T9573]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  529.729552][ T9573]  ? do_raw_spin_unlock+0x4d/0x240
[  529.729570][ T9573]  f2fs_sync_dirty_inodes+0x31f/0x830
[  529.729595][ T9573]  f2fs_write_checkpoint+0x95a/0x1df0
[  529.729628][ T9573]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  529.729679][ T9573]  ? kill_f2fs_super+0x298/0x6c0
[  529.729698][ T9573]  kill_f2fs_super+0x2c3/0x6c0
[  529.729716][ T9573]  ? __pfx_kill_f2fs_super+0x10/0x10
[  529.729726][ T9573]  ? radix_tree_delete_item+0x2b6/0x400
[  529.729747][ T9573]  ? shrinker_free+0x2ce/0x3e0
[  529.729763][ T9573]  deactivate_locked_super+0xbc/0x130
[  529.729780][ T9573]  cleanup_mnt+0x425/0x4c0
[  529.729795][ T9573]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.729814][ T9573]  task_work_run+0x1d4/0x260
[  529.729832][ T9573]  ? __pfx_task_work_run+0x10/0x10
[  529.729846][ T9573]  ? __x64_sys_umount+0x122/0x160
[  529.729891][ T9573]  ? exit_to_user_mode_loop+0x40/0x110
[  529.729913][ T9573]  exit_to_user_mode_loop+0xec/0x110
[  529.729930][ T9573]  do_syscall_64+0x2bd/0x3b0
[  529.729946][ T9573]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.729961][ T9573]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.729974][ T9573]  ? exc_page_fault+0x9f/0xf0
[  529.729992][ T9573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.730004][ T9573] RIP: 0033:0x7ff028b8ff17
[  529.730017][ T9573] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  529.730027][ T9573] RSP: 002b:00007ffc211a5e08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  529.730041][ T9573] RAX: 0000000000000000 RBX: 00007ff028c11c05 RCX: 00007ff028b8ff17
[  529.730048][ T9573] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc211a5ec0
[  529.730056][ T9573] RBP: 00007ffc211a5ec0 R08: 0000000000000000 R09: 0000000000000000
[  529.730063][ T9573] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc211a6f50
[  529.730071][ T9573] R13: 00007ff028c11c05 R14: 0000000000081422 R15: 00007ffc211a6f90
[  529.730113][ T9573]  </TASK>
[  529.731164][ T9573] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  529.817579][T14489] loop6: detected capacity change from 0 to 1024
[  529.959574][T14489] hfsplus: bad catalog entry type
[  530.015254][ T1089] hfsplus: b-tree write err: -5, ino 4
[  530.185664][T14491] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3043'.
[  530.848991][T14509] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3050'.
[  531.204989][T12028] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  531.247312][T14507] loop6: detected capacity change from 0 to 32768
[  531.247810][T14514] loop4: detected capacity change from 0 to 1024
[  531.251511][T14507] btrfs: Deprecated parameter 'usebackuproot'
[  531.254698][T14507] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  531.266274][T14507] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.3049 (14507)
[  531.277116][T14507] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  531.282908][T14507] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  531.398756][ T1147] BTRFS warning (device loop6): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  531.419208][T14507] BTRFS error (device loop6): failed to load root extent
[  531.422945][T14507] BTRFS warning (device loop6): try to load backup roots slot 1
[  531.423752][T14540] lo speed is unknown, defaulting to 1000
[  531.426481][   T40] BTRFS warning (device loop6): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  531.435008][T14507] BTRFS warning (device loop6): couldn't read tree root
[  531.438184][T14507] BTRFS warning (device loop6): try to load backup roots slot 2
[  531.442945][ T1147] BTRFS error (device loop6): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  531.448323][T14507] BTRFS warning (device loop6): couldn't read tree root
[  531.454039][T14507] BTRFS warning (device loop6): try to load backup roots slot 3
[  531.466430][T14507] BTRFS info (device loop6): rebuilding free space tree
[  531.494123][T14507] BTRFS info (device loop6): checking UUID tree
[  531.499832][T14507] BTRFS info (device loop6): setting nodatasum
[  531.502394][T14507] BTRFS info (device loop6): setting nodatacow
[  531.505021][T14507] BTRFS info (device loop6): enabling ssd optimizations
[  531.508421][T14507] BTRFS info (device loop6): turning off barriers
[  531.513568][T14507] BTRFS info (device loop6): turning on sync discard
[  531.516443][T14507] BTRFS info (device loop6): enabling free space tree
[  531.524426][T14507] BTRFS info (device loop6): force clearing of disk cache
[  531.529818][T14507] BTRFS info (device loop6): trying to use backup root at mount time
[  531.533217][T14507] BTRFS info (device loop6): max_inline set to 0
[  531.560773][T14540] netlink: 'syz.4.3059': attribute type 2 has an invalid length.
[  531.674106][ T9537] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  532.168903][T14569] loop6: detected capacity change from 0 to 512
[  532.172876][T14569] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  532.178471][T14569] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0102]
[  532.184704][T14569] EXT4-fs (loop6): orphan cleanup on readonly fs
[  532.197766][T14569] EXT4-fs error (device loop6): ext4_get_branch:178: inode #11: block 33619980: comm syz.6.3070: invalid block
[  532.206095][T14569] EXT4-fs (loop6): Remounting filesystem read-only
[  532.209629][T14569] EXT4-fs (loop6): 1 truncate cleaned up
[  532.213119][T14569] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback.
[  532.242991][ T9537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  532.280413][T11543] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  532.413664][T14582] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3076'.
[  532.432597][T11543] usb 5-1: Using ep0 maxpacket: 32
[  532.440928][T11543] usb 5-1: unable to get BOS descriptor or descriptor too short
[  532.451997][T11543] usb 5-1: config 4 has an invalid interface number: 91 but max is 0
[  532.455404][T11543] usb 5-1: config 4 has no interface number 0
[  532.462044][T11543] usb 5-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=6c.05
[  532.465772][T11543] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.469525][T11543] usb 5-1: Product: syz
[  532.471494][T11543] usb 5-1: Manufacturer: syz
[  532.473438][T11543] usb 5-1: SerialNumber: syz
[  532.688522][T11543] empeg 5-1:4.91: empeg converter detected
[  532.691213][T11543] usb 5-1: active config #4 != 1 ??
[  532.696421][T11543] usb 5-1: USB disconnect, device number 29
[  532.825082][T14589] loop6: detected capacity change from 0 to 512
[  532.936143][T14595] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[  533.859065][T14614] loop4: detected capacity change from 0 to 40427
[  533.865051][T14614] F2FS-fs (loop4): invalid crc value
[  533.920105][T14614] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  533.924394][T14614] F2FS-fs (loop4): Start checkpoint disabled!
[  533.932457][T14614] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  534.402824][T14636] trusted_key: encrypted_key: keylen parameter is missing
[  535.419507][T14647] loop4: detected capacity change from 0 to 32768
[  535.424015][T14647] *** Log Is Dirty ! ***
[  535.426203][T14647] lmLogInit: exit(-22)
[  535.427853][T14647] lmLogOpen: exit(-22)
[  535.429436][T14647] jfs_mount_rw failed, return code = -22
[  535.556831][   T33] audit: type=1400 audit(2000000357.568:135): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5D15F47DB2D pid=14652 comm="syz.4.3106"
[  535.994628][T14667] sg_write: data in/out 91/14 bytes for SCSI command 0x0-- guessing data in;
[  535.994628][T14667]    program syz.4.3111 not setting count and/or reply_len properly
[  536.497204][ T9519] Bluetooth: hci2: Entering manufacturer mode failed (-110)
[  537.094858][T14673] loop8: detected capacity change from 0 to 32768
[  537.100833][T14673] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3114 (14673)
[  537.114012][T14673] BTRFS info (device loop8): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  537.117431][T14673] BTRFS info (device loop8): using blake2b (blake2b-256-generic) checksum algorithm
[  537.242308][T14673] BTRFS info (device loop8): enabling ssd optimizations
[  537.244817][T14673] BTRFS info (device loop8): enabling free space tree
[  537.337154][T12028] BTRFS info (device loop8): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  537.621786][T14696] loop8: detected capacity change from 0 to 2048
[  537.626538][T14696] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  537.632476][T14698] loop4: detected capacity change from 0 to 256
[  537.638352][T14698] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  537.642692][T14698] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  537.661218][T14698] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  537.754918][T14704] netlink: 'syz.4.3122': attribute type 21 has an invalid length.
[  537.760064][T14704] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3122'.
[  537.763794][T14704] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3122'.
[  537.878681][T14712] loop4: detected capacity change from 0 to 128
[  537.884066][T14712] EXT4-fs (loop4): Test dummy encryption mode enabled
[  537.889596][T14714] ALSA: mixer_oss: invalid OSS volume 'file1'
[  537.891021][T14712] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  537.898338][T14712] ext4 filesystem being mounted at /571/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  537.938965][   T24] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  538.101411][   T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  538.114316][   T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  538.127529][   T24] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  538.141006][   T24] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  538.145160][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.167791][   T24] usb 9-1: config 0 descriptor??
[  538.377350][T11543] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  538.546134][T11543] usb 7-1: Using ep0 maxpacket: 16
[  538.557421][T11543] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  538.561434][T11543] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  538.573456][T11543] usb 7-1: New USB device found, idVendor=1f6b, idProduct=0101, bcdDevice= 0.40
[  538.579343][T11543] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.582754][T11543] usb 7-1: Product: syz
[  538.584565][T11543] usb 7-1: Manufacturer: syz
[  538.587887][T11543] usb 7-1: SerialNumber: syz
[  538.635915][   T24] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  538.854755][   T24] usb 9-1: USB disconnect, device number 10
[  538.861059][T11543] usb 7-1: 0:66 : does not exist
[  538.863309][T11543] usb 7-1: unit 4 not found!
[  538.890774][T11543] usb 7-1: USB disconnect, device number 25
[  539.333318][ T9573] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  539.533293][T14746] loop4: detected capacity change from 0 to 256
[  539.540707][T14746] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  539.549269][T14746] exFAT-fs (loop4): error, data size is invalid(10)
[  539.555205][T14746] exFAT-fs (loop4): Filesystem has been set read-only
[  539.580034][T14750] netlink: 'syz.8.3143': attribute type 1 has an invalid length.
[  539.609552][T14756] loop8: detected capacity change from 0 to 512
[  539.612109][T14756] EXT4-fs: Ignoring removed bh option
[  539.614302][T14756] EXT4-fs: Ignoring removed mblk_io_submit option
[  539.623445][T14756] EXT4-fs (loop8): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  539.637601][T14756] EXT4-fs (loop8): revision level too high, forcing read-only mode
[  539.640452][T14756] EXT4-fs (loop8): orphan cleanup on readonly fs
[  539.643940][T14756] Quota error (device loop8): do_insert_tree: Free block already used in tree: block 4
[  539.647783][T14756] Quota error (device loop8): qtree_write_dquot: Error -5 occurred while creating quota
[  539.653392][T14756] EXT4-fs error (device loop8): ext4_acquire_dquot:6937: comm syz.8.3146: Failed to acquire dquot type 1
[  539.659082][T14756] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:483: comm syz.8.3146: Invalid block bitmap block 0 in block_group 0
[  539.667791][T14756] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:483: comm syz.8.3146: Invalid block bitmap block 0 in block_group 0
[  539.673513][T14756] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:483: comm syz.8.3146: Invalid block bitmap block 0 in block_group 0
[  539.678623][T14756] Quota error (device loop8): write_blk: dquota write failed
[  539.681234][T14756] Quota error (device loop8): qtree_write_dquot: Error -28 occurred while creating quota
[  539.695626][T14756] EXT4-fs error (device loop8): ext4_acquire_dquot:6937: comm syz.8.3146: Failed to acquire dquot type 1
[  539.700971][T14756] Quota error (device loop8): write_blk: dquota write failed
[  539.703451][T14756] Quota error (device loop8): qtree_write_dquot: Error -28 occurred while creating quota
[  539.707238][T14756] EXT4-fs error (device loop8): ext4_acquire_dquot:6937: comm syz.8.3146: Failed to acquire dquot type 1
[  539.714073][T14756] EXT4-fs (loop8): 1 orphan inode deleted
[  539.714147][T14762] loop4: detected capacity change from 0 to 8
[  539.722289][T14756] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  539.723338][T14762] SQUASHFS error: zlib decompression failed, data probably corrupt
[  539.730931][T14762] SQUASHFS error: Failed to read block 0x9b: -5
[  539.733403][T14762] SQUASHFS error: Unable to read metadata cache entry [99]
[  539.736911][T14762] SQUASHFS error: Unable to read inode 0x127
[  539.758483][T12028] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.086576][T14801] loop6: detected capacity change from 0 to 32768
[  541.090535][T14801] (syz.6.3164,14801,0):ocfs2_verify_volume:2303 ERROR: found superblock with bad version: found 9.0, should be 0.90
[  541.095514][T14801] (syz.6.3164,14801,0):ocfs2_verify_volume:2331 ERROR: status = -22
[  541.098801][T14801] (syz.6.3164,14801,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  541.102281][T14801] (syz.6.3164,14801,0):ocfs2_fill_super:1177 ERROR: status = -22
[  541.703174][T14845] loop4: detected capacity change from 0 to 256
[  541.706095][T14845] exfat: Deprecated parameter 'namecase'
[  541.711162][T14845] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x2b52634e, utbl_chksum : 0xe619d30d)
[  541.722096][T14847] ALSA: mixer_oss: invalid OSS volume 'LI'
[  542.114109][T14862] loop4: detected capacity change from 0 to 8
[  542.129946][T14862] netlink: zone id is out of range
[  542.133246][T14862] netlink: zone id is out of range
[  542.137437][T14862] netlink: zone id is out of range
[  542.139658][T14862] netlink: zone id is out of range
[  542.141768][T14862] netlink: zone id is out of range
[  542.143855][T14862] netlink: zone id is out of range
[  542.146735][T14862] netlink: zone id is out of range
[  542.148940][T14862] netlink: zone id is out of range
[  542.151013][T14862] netlink: zone id is out of range
[  542.153108][T14862] netlink: zone id is out of range
[  542.194475][ T5910] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  542.375725][ T5910] usb 9-1: Using ep0 maxpacket: 32
[  542.382312][ T5910] usb 9-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  542.386115][ T5910] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.389455][ T5910] usb 9-1: Product: syz
[  542.391346][ T5910] usb 9-1: Manufacturer: syz
[  542.393503][ T5910] usb 9-1: SerialNumber: syz
[  542.399602][ T5910] usb 9-1: config 0 descriptor??
[  542.514250][ T5896] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  542.607831][ T5910] peak_usb 9-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  542.611359][ T5910] peak_usb 9-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  542.666536][ T5910] peak_usb 9-1:0.0: probe with driver peak_usb failed with error -71
[  542.700393][ T5896] usb 5-1: config index 0 descriptor too short (expected 3133, got 61)
[  542.706478][ T5910] usb 9-1: USB disconnect, device number 11
[  542.727310][ T5896] usb 5-1: config 0 has an invalid interface number: 156 but max is 1
[  542.751254][ T5896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.773125][ T5896] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  542.790861][ T5896] usb 5-1: config 0 has no interface number 0
[  542.795509][ T5896] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  542.799538][ T5896] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  542.807844][ T5896] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  542.811467][ T5896] usb 5-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  542.822933][ T5896] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  542.835075][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.853647][ T5896] usb 5-1: config 0 descriptor??
[  542.867600][ T5896] gspca_main: spca561-2.14.0 probing abcd:cdee
[  543.062250][ T5896] spca561 5-1:0.156: probe with driver spca561 failed with error -22
[  543.066585][ T5896] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  543.069692][ T5896] usb 5-1: MIDIStreaming interface descriptor not found
[  543.096647][ T5896] usb 5-1: USB disconnect, device number 30
[  543.341101][T14882] batadv_slave_1: entered promiscuous mode
[  543.353315][T14881] batadv_slave_1: left promiscuous mode
[  543.448557][T14890] input: syz0 as /devices/virtual/input/input23
[  543.700001][T14910] input: syz0 as /devices/virtual/input/input24
[  543.876431][T14912] loop6: detected capacity change from 0 to 32768
[  543.880368][T14912] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.3215 (14912)
[  543.888133][T14912] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  543.892287][T14912] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  543.943627][T12156] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  544.041919][T14912] BTRFS info (device loop6): rebuilding free space tree
[  544.052386][T14912] BTRFS info (device loop6): setting nodatasum
[  544.055112][T14912] BTRFS info (device loop6): enabling ssd optimizations
[  544.057554][T14912] BTRFS info (device loop6): enabling free space tree
[  544.059945][T14912] BTRFS info (device loop6): force clearing of disk cache
[  544.062609][T14912] BTRFS info (device loop6): enabling auto defrag
[  544.067390][T14946] loop4: detected capacity change from 0 to 256
[  544.070372][T14946] exfat: Deprecated parameter 'utf8'
[  544.081134][T14912] BTRFS info (device loop6): setting incompat feature flag for DEFAULT_SUBVOL (0x2)
[  544.105942][T12156] usb 9-1: config 160 has an invalid interface number: 200 but max is 0
[  544.113589][ T9537] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  544.117622][T12156] usb 9-1: config 160 has no interface number 0
[  544.120410][T12156] usb 9-1: config 160 interface 200 has no altsetting 0
[  544.136066][T12156] usb 9-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  544.142873][T12156] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.151816][T12156] usb 9-1: Product: syz
[  544.156759][T12156] usb 9-1: Manufacturer: syz
[  544.158818][T12156] usb 9-1: SerialNumber: syz
[  544.392563][   T55] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  544.402561][T12156] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  544.440786][T12156] usb 9-1: MIDIStreaming interface descriptor not found
[  544.488928][T12156] usb 9-1: USB disconnect, device number 12
[  544.911746][T14992] loop4: detected capacity change from 0 to 256
[  544.916985][T14992] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  544.921312][T14992] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  544.932385][T14992] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  545.684107][T15016] loop6: detected capacity change from 0 to 16
[  545.688217][T15016] erofs (device loop6): mounted with root inode @ nid 36.
[  545.697459][T15016] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  545.701282][T15016] erofs (device loop6): failed to decompress -29 in[58, 4038] out[1851]
[  545.704103][  T792] usb 9-1: new full-speed USB device number 13 using dummy_hcd
[  545.705251][T15016] erofs (device loop6): read error -117 @ 43 of nid 36
[  545.767903][T15017] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  545.771545][T15017] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  545.777277][T15017] erofs (device loop6): readahead error at folio 42 @ nid 36
[  545.780087][T15017] erofs (device loop6): bogus lookback distance 774 @ lcn 40 of nid 36
[  545.783903][T15017] erofs (device loop6): readahead error at folio 41 @ nid 36
[  545.786566][T15017] erofs (device loop6): bogus lookback distance 774 @ lcn 40 of nid 36
[  545.789718][T15017] erofs (device loop6): readahead error at folio 40 @ nid 36
[  545.792002][T15017] erofs (device loop6): readahead error at folio 39 @ nid 36
[  545.794704][T15017] erofs (device loop6): readahead error at folio 38 @ nid 36
[  545.798919][T15017] erofs (device loop6): readahead error at folio 36 @ nid 36
[  545.801816][T15017] erofs (device loop6): bogus lookback distance 1468 @ lcn 31 of nid 36
[  545.804482][T15017] erofs (device loop6): readahead error at folio 31 @ nid 36
[  545.807182][T15017] erofs (device loop6): readahead error at folio 25 @ nid 36
[  545.809866][T15017] erofs (device loop6): readahead error at folio 24 @ nid 36
[  545.813331][T15017] erofs (device loop6): readahead error at folio 19 @ nid 36
[  545.816463][T15017] syz.6.3256: attempt to access beyond end of device
[  545.816463][T15017] loop6: rw=524288, sector=784, nr_sectors = 64 limit=16
[  545.824602][T15018] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  545.827347][T15018] erofs (device loop6): read error -117 @ 43 of nid 36
[  545.830592][T15017] syz.6.3256: attempt to access beyond end of device
[  545.830592][T15017] loop6: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  545.837874][T15017] syz.6.3256: attempt to access beyond end of device
[  545.837874][T15017] loop6: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  545.843153][T15017] erofs (device loop6): failed to decompress -29 in[58, 4038] out[2639]
[  545.848318][T15017] erofs (device loop6): bogus lookback distance 1586 @ lcn 46 of nid 36
[  545.851044][T15017] erofs (device loop6): readahead error at folio 47 @ nid 36
[  545.854677][T15017] erofs (device loop6): bogus lookback distance 1586 @ lcn 46 of nid 36
[  545.858130][T15017] erofs (device loop6): readahead error at folio 46 @ nid 36
[  545.861194][T15017] erofs (device loop6): readahead error at folio 45 @ nid 36
[  545.864302][  T792] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  545.867770][  T792] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  545.871144][T15017] syz.6.3256: attempt to access beyond end of device
[  545.871144][T15017] loop6: rw=524288, sector=16, nr_sectors = 16 limit=16
[  545.876350][  T792] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  545.879322][  T792] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.885555][T15017] erofs (device loop6): failed to decompress -29 in[58, 4038] out[3537]
[  545.889347][  T792] usb 9-1: config 0 descriptor??
[  546.124832][T15020] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  546.299791][  T792] konepure 0003:1E7D:2DBE.0013: unbalanced collection at end of report description
[  546.309944][  T792] konepure 0003:1E7D:2DBE.0013: parse failed
[  546.318183][  T792] konepure 0003:1E7D:2DBE.0013: probe with driver konepure failed with error -22
[  546.367277][T15024] netlink: 'syz.4.3259': attribute type 4 has an invalid length.
[  546.509129][T11543] usb 9-1: USB disconnect, device number 13
[  546.516959][T15032] loop4: detected capacity change from 0 to 64
[  546.524169][T15032] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  546.626987][T15040] ptrace attach of "/syz-executor exec"[9573] was attempted by "\x09                                        0                                           "[15040]
[  546.671739][T15042] netlink: 'syz.4.3268': attribute type 3 has an invalid length.
[  546.812056][   T24] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  546.942004][T12156] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  546.971901][   T24] usb 7-1: Using ep0 maxpacket: 8
[  546.978217][   T24] usb 7-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  546.983979][   T24] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  546.987321][   T24] usb 7-1: Product: syz
[  546.989088][   T24] usb 7-1: Manufacturer: syz
[  546.991073][   T24] usb 7-1: SerialNumber: syz
[  546.995175][   T24] usb 7-1: config 0 descriptor??
[  547.092685][T12156] usb 5-1: Using ep0 maxpacket: 16
[  547.106958][T12156] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  547.111291][T12156] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  547.116804][T12156] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0
[  547.120702][T12156] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  547.138216][T12156] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  547.141203][T12156] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.148395][T12156] usb 5-1: Product: syz
[  547.150084][T12156] usb 5-1: Manufacturer: syz
[  547.152157][T12156] usb 5-1: SerialNumber: syz
[  547.155161][T12156] usb 5-1: config 0 descriptor??
[  547.158830][T12156] port100 5-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  547.226110][T15054] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3274'.
[  547.265870][   T24] usb 7-1: USB disconnect, device number 26
[  547.368026][  T792] usb 5-1: USB disconnect, device number 31
[  547.876257][   T33] audit: type=1326 audit(2000000369.894:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x7ffc0000
[  547.898021][   T33] audit: type=1326 audit(2000000369.914:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x7ffc0000
[  547.920387][   T33] audit: type=1326 audit(2000000369.914:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa643f8d550 code=0x7ffc0000
[  547.930336][   T33] audit: type=1326 audit(2000000369.914:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x7ffc0000
[  547.939427][   T33] audit: type=1326 audit(2000000369.914:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x7ffc0000
[  547.951416][   T33] audit: type=1326 audit(2000000369.914:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7fa643f8ebe9 code=0x7ffc0000
[  547.959720][   T33] audit: type=1326 audit(2000000369.914:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.6.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x7ffc0000
[  548.093518][T15088] loop4: detected capacity change from 0 to 512
[  548.097408][T15088] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  548.113004][T15088] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.3290: invalid indirect mapped block 4294967295 (level 0)
[  548.132412][T15088] EXT4-fs (loop4): Remounting filesystem read-only
[  548.135281][T15088] EXT4-fs (loop4): 1 orphan inode deleted
[  548.137594][T15088] EXT4-fs (loop4): 1 truncate cleaned up
[  548.150419][T15092] loop6: detected capacity change from 0 to 1024
[  548.155125][T15088] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  548.187129][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.594996][T15099] loop8: detected capacity change from 0 to 4096
[  548.639285][T15099] ntfs3(loop8): ino=b, mi_enum_attr
[  548.642168][T15099] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[  548.645294][T15099] ntfs3(loop8): Failed to load $Extend (-22).
[  548.647790][T15099] ntfs3(loop8): Failed to initialize $Extend.
[  549.455044][T15113] input: syz1 as /devices/virtual/input/input25
[  549.695925][T15113] netlink: 'syz.8.3299': attribute type 10 has an invalid length.
[  549.705251][T15113] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3299'.
[  549.728565][T15113] batadv0: entered promiscuous mode
[  549.735180][T15113] batadv0: entered allmulticast mode
[  549.765100][T15113] bridge0: port 3(batadv0) entered blocking state
[  549.780112][T15113] bridge0: port 3(batadv0) entered disabled state
[  549.817797][T15113] bridge0: port 3(batadv0) entered blocking state
[  549.820428][T15113] bridge0: port 3(batadv0) entered forwarding state
[  549.824189][   T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  549.828108][   T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  550.024041][   T40] hfsplus: b-tree write err: -5, ino 4
[  550.104254][T15120] PKCS7: Unknown OID: [4] 5.25.373.87(bad)
[  550.111936][T15120] PKCS7: Only support pkcs7_signedData type
[  550.314258][T15133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3308'.
[  550.319225][T15133] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3308'.
[  550.325334][T15133] netlink: 'syz.4.3308': attribute type 12 has an invalid length.
[  550.330534][T15133] netlink: 'syz.4.3308': attribute type 11 has an invalid length.
[  550.372597][T15135] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3309'.
[  550.403995][T15139] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3311'.
[  550.408260][T15139] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614)
[  550.412320][T15139] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[  550.539176][T15149] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3316'.
[  550.592232][T15153] loop4: detected capacity change from 0 to 512
[  550.596023][T15153] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  550.606212][T15153] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[  550.609526][T15153] EXT4-fs (loop4): orphan cleanup on readonly fs
[  550.626012][T15153] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3318: bg 0: block 361: padding at end of block bitmap is not set
[  550.648233][T15153] EXT4-fs (loop4): Remounting filesystem read-only
[  550.656387][T15153] EXT4-fs (loop4): 1 truncate cleaned up
[  550.672341][T15153] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  550.955402][T15167] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.3318: dx entry: limit 0 != root limit 125
[  550.959397][T15167] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3318: Corrupt directory, running e2fsck is recommended
[  550.965163][T15167] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.3318: dx entry: limit 0 != root limit 125
[  550.969067][T15167] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3318: Corrupt directory, running e2fsck is recommended
[  550.974691][T15167] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.3318: dx entry: limit 0 != root limit 125
[  550.979309][T15167] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3318: Corrupt directory, running e2fsck is recommended
[  550.984999][T15167] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.3318: dx entry: limit 0 != root limit 125
[  550.988972][T15167] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3318: Corrupt directory, running e2fsck is recommended
[  551.463767][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  551.494846][T15171] loop4: detected capacity change from 0 to 8
[  551.498106][T15171] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  551.831645][   T52] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  551.885140][T15184] loop4: detected capacity change from 0 to 2048
[  551.913488][T15184] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  551.954388][T15188] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3331'.
[  551.958025][T15188] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3331'.
[  552.000076][   T52] usb 9-1: Using ep0 maxpacket: 8
[  552.013056][   T52] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  552.017196][   T52] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  552.033207][   T52] usb 9-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01
[  552.036902][   T52] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.047120][   T52] usb 9-1: Product: syz
[  552.051370][   T52] usb 9-1: Manufacturer: syz
[  552.055805][   T52] usb 9-1: SerialNumber: syz
[  552.072890][   T52] usb 9-1: config 0 descriptor??
[  552.081105][   T52] radioshark 9-1:0.0: Invalid radioSHARK device
[  552.085565][   T52] radioshark 9-1:0.0: probe with driver radioshark failed with error -22
[  552.092727][   T52] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  552.126116][T15195] loop6: detected capacity change from 0 to 128
[  552.133387][T15195] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  552.137806][T15195] ext4 filesystem being mounted at /693/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  552.144627][T15195] EXT4-fs warning (device loop6): verify_group_input:137: Cannot add at group 7 (only 1 groups)
[  552.157593][ T9537] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  552.290406][   T52] usb 9-1: USB disconnect, device number 14
[  552.445429][T15202] loop6: detected capacity change from 0 to 40427
[  552.460656][T15202] F2FS-fs (loop6): invalid crc value
[  552.545034][T15202] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  552.558196][T15202] F2FS-fs (loop6): Start checkpoint disabled!
[  552.567777][T15202] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  552.577137][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  552.628295][ T1033] kworker/u10:3: attempt to access beyond end of device
[  552.628295][ T1033] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  552.643429][ T1033] CPU: 1 UID: 0 PID: 1033 Comm: kworker/u10:3 Not tainted syzkaller #0 PREEMPT(full) 
[  552.643450][ T1033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  552.643459][ T1033] Workqueue: writeback wb_workfn (flush-7:6)
[  552.643481][ T1033] Call Trace:
[  552.643487][ T1033]  <TASK>
[  552.643493][ T1033]  dump_stack_lvl+0x189/0x250
[  552.643512][ T1033]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.643527][ T1033]  ? __pfx_queue_work_on+0x10/0x10
[  552.643567][ T1033]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  552.643583][ T1033]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  552.643606][ T1033]  f2fs_handle_critical_error+0x37c/0x540
[  552.643627][ T1033]  f2fs_write_end_io+0x886/0xb60
[  552.643651][ T1033]  __submit_merged_bio+0x27a/0x6a0
[  552.643672][ T1033]  __submit_merged_write_cond+0x255/0x530
[  552.643693][ T1033]  f2fs_write_data_pages+0x261d/0x3000
[  552.643732][ T1033]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  552.643758][ T1033]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  552.643793][ T1033]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  552.643809][ T1033]  ? look_up_lock_class+0x74/0x170
[  552.643833][ T1033]  ? trace_f2fs_writepages+0x7f/0x200
[  552.643850][ T1033]  ? f2fs_write_node_pages+0x478/0x6e0
[  552.643868][ T1033]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  552.643895][ T1033]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  552.643911][ T1033]  do_writepages+0x32e/0x550
[  552.643931][ T1033]  ? reacquire_held_locks+0x127/0x1d0
[  552.643950][ T1033]  ? writeback_sb_inodes+0x384/0x1010
[  552.643970][ T1033]  __writeback_single_inode+0x145/0xff0
[  552.643986][ T1033]  ? do_raw_spin_unlock+0x4d/0x240
[  552.644003][ T1033]  writeback_sb_inodes+0x6c7/0x1010
[  552.644035][ T1033]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  552.644076][ T1033]  ? rcu_is_watching+0x15/0xb0
[  552.644094][ T1033]  wb_writeback+0x43b/0xaf0
[  552.644114][ T1033]  ? queue_io+0x3b1/0x590
[  552.644130][ T1033]  ? __pfx_wb_writeback+0x10/0x10
[  552.644151][ T1033]  ? _raw_spin_unlock_irq+0x23/0x50
[  552.644169][ T1033]  wb_workfn+0x409/0xef0
[  552.644192][ T1033]  ? __pfx_wb_workfn+0x10/0x10
[  552.644209][ T1033]  ? __lock_acquire+0xab9/0xd20
[  552.644233][ T1033]  ? process_scheduled_works+0x9ef/0x17b0
[  552.644250][ T1033]  ? _raw_spin_unlock_irq+0x23/0x50
[  552.644264][ T1033]  ? process_scheduled_works+0x9ef/0x17b0
[  552.644275][ T1033]  ? process_scheduled_works+0x9ef/0x17b0
[  552.644287][ T1033]  process_scheduled_works+0xae1/0x17b0
[  552.644320][ T1033]  ? __pfx_process_scheduled_works+0x10/0x10
[  552.644345][ T1033]  worker_thread+0x8a0/0xda0
[  552.644360][ T1033]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  552.644380][ T1033]  ? __kthread_parkme+0x7b/0x200
[  552.644400][ T1033]  kthread+0x711/0x8a0
[  552.644418][ T1033]  ? __pfx_worker_thread+0x10/0x10
[  552.644430][ T1033]  ? __pfx_kthread+0x10/0x10
[  552.644444][ T1033]  ? _raw_spin_unlock_irq+0x23/0x50
[  552.644458][ T1033]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.644474][ T1033]  ? __pfx_kthread+0x10/0x10
[  552.644488][ T1033]  ret_from_fork+0x3fc/0x770
[  552.644502][ T1033]  ? __pfx_ret_from_fork+0x10/0x10
[  552.644520][ T1033]  ? __switch_to_asm+0x39/0x70
[  552.644559][ T1033]  ? __switch_to_asm+0x33/0x70
[  552.644572][ T1033]  ? __pfx_kthread+0x10/0x10
[  552.644586][ T1033]  ret_from_fork_asm+0x1a/0x30
[  552.644612][ T1033]  </TASK>
[  552.644618][ T1033] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  552.764590][T15211] net_ratelimit: 41 callbacks suppressed
[  552.764605][T15211] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  552.898086][T15219] openvswitch: netlink: Missing key (keys=40, expected=100)
[  553.048636][T15231] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3348'.
[  553.104690][T15221] loop8: detected capacity change from 0 to 32768
[  553.111679][T15221] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  553.134411][T15221] XFS (loop8): Ending clean mount
[  553.151317][T15245] loop6: detected capacity change from 0 to 764
[  553.162369][T12028] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  553.179083][T15245] rock: directory entry would overflow storage
[  553.181890][T15245] rock: sig=0x5850, size=36, remaining=7
[  553.432504][T15258] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  553.435785][T15258] IPv6: NLM_F_CREATE should be set when creating new route
[  553.439498][T15258] IPv6: NLM_F_CREATE should be set when creating new route
[  553.442736][T15258] IPv6: NLM_F_CREATE should be set when creating new route
[  554.093709][T15270] netlink: 68 bytes leftover after parsing attributes in process `syz.8.3363'.
[  554.268810][T11543] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  554.448841][T11543] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  554.453091][T11543] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  554.471752][T11543] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  554.475599][T11543] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  554.479359][T11543] usb 5-1: SerialNumber: syz
[  554.720420][T11543] usb 5-1: 0:2 : does not exist
[  554.745819][T11543] usb 5-1: USB disconnect, device number 32
[  555.484709][T15297] tipc: Started in network mode
[  555.486655][T15297] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  555.503008][T15297] tipc: Enabled bearer <udp:s>, priority 10
[  555.813127][T15299] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  555.815381][T15299] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  555.825780][T15299] vhci_hcd vhci_hcd.0: Device attached
[  556.257722][T11543] usb 41-1: new high-speed USB device number 3 using vhci_hcd
[  556.611522][T15308] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  556.742576][T15300] vhci_hcd: connection reset by peer
[  556.748988][   T12] vhci_hcd: stop threads
[  556.750791][   T12] vhci_hcd: release socket
[  556.764983][T15310] loop8: detected capacity change from 0 to 2048
[  556.777151][   T12] vhci_hcd: disconnect device
[  556.783464][T15310] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  556.823612][T15313] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  556.878368][   T52] tipc: Node number set to 4269801488
[  557.236797][T12156] usb 7-1: new full-speed USB device number 27 using dummy_hcd
[  557.402259][T12156] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  557.410490][T12156] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  557.413704][T12156] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  557.414290][T15332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3389'.
[  557.417913][T12156] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  557.417928][T12156] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  557.417949][T12156] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  557.417958][T12156] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.425755][T15320] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  557.440848][T12156] hub 7-1:1.0: bad descriptor, ignoring hub
[  557.443742][T12156] hub 7-1:1.0: probe with driver hub failed with error -5
[  557.447130][T12156] cdc_wdm 7-1:1.0: skipping garbage
[  557.449207][T12156] cdc_wdm 7-1:1.0: skipping garbage
[  557.452132][T12156] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  557.454803][T12156] cdc_wdm 7-1:1.0: Unknown control protocol
[  557.482529][T15336] loop4: detected capacity change from 0 to 512
[  557.488795][T15336] EXT4-fs error (device loop4): ext4_orphan_get:1392: comm syz.4.3391: inode #13: comm syz.4.3391: iget: illegal inode #
[  557.493283][T15336] EXT4-fs (loop4): Remounting filesystem read-only
[  557.496063][T15336] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  557.517030][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.593631][T15340] block nbd4: shutting down sockets
[  557.704832][T15342] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3393'.
[  557.752350][T12156] usb 7-1: USB disconnect, device number 27
[  558.407680][T15356] loop6: detected capacity change from 0 to 1024
[  559.155006][T15380] loop6: detected capacity change from 0 to 1024
[  559.169884][T15380] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  559.221522][ T9537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.642935][T15392] netlink: 'syz.6.3415': attribute type 10 has an invalid length.
[  559.650483][T15392] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3415'.
[  559.663304][T15392] geneve0: entered promiscuous mode
[  559.669612][T15392] geneve0: entered allmulticast mode
[  559.674674][T15392] team0: Port device geneve0 added
[  559.695608][T12156] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  559.924720][T12156] usb 9-1: Using ep0 maxpacket: 16
[  560.130962][T12156] usb 9-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  560.136505][T12156] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.146623][T12156] usb 9-1: config 0 descriptor??
[  560.155811][T12156] gspca_main: sonixj-2.14.0 probing 0471:0327
[  560.194384][T15398] loop4: detected capacity change from 0 to 128
[  560.204146][T15398] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  560.211006][T15398] ext4 filesystem being mounted at /684/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  560.261412][ T9573] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  560.521347][T15405] loop4: detected capacity change from 0 to 32768
[  560.543264][T15405] JBD2: Ignoring recovery information on journal
[  560.592717][T15405] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  560.637968][ T9573] ocfs2: Unmounting device (7,4) on (node local)
[  560.787013][T15417] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3423'.
[  560.964502][T12156] gspca_sonixj: reg_r err -71
[  560.968216][T12156] sonixj 9-1:0.0: probe with driver sonixj failed with error -71
[  561.107332][   T24] IPVS: starting estimator thread 0...
[  561.194984][T15427] IPVS: using max 41 ests per chain, 98400 per kthread
[  561.241380][T12156] usb 9-1: USB disconnect, device number 15
[  561.333135][T15431] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3430'.
[  561.337617][T15431] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3430'.
[  561.357370][T11543] vhci_hcd: vhci_device speed not set
[  561.606495][T15434] loop4: detected capacity change from 0 to 32768
[  561.616912][T15434] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  561.643014][T15451] loop8: detected capacity change from 0 to 512
[  561.647113][T15451] EXT4-fs (loop8): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  561.651468][T15451] EXT4-fs (loop8): ext4_check_descriptors: Inode table for group 0 not in group (block 2)!
[  561.660208][T15451] EXT4-fs (loop8): group descriptors corrupted!
[  561.719592][T15434] XFS (loop4): Ending clean mount
[  561.735795][T15456] netlink: 146780 bytes leftover after parsing attributes in process `syz.8.3437'.
[  561.738098][T15434] XFS (loop4): Quotacheck needed: Please wait.
[  561.774788][T15434] XFS (loop4): Quotacheck: Done.
[  561.822279][ T9573] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  562.128932][T15482] loop8: detected capacity change from 0 to 128
[  562.134946][T15484] loop4: detected capacity change from 0 to 128
[  562.138112][T15484] hpfs: hpfs_map_4sectors(): unaligned read
[  562.140140][T15484] hpfs: filesystem error: can't load hotfix map; already mounted read-only
[  562.151944][T15484] hpfs: hpfs_map_sector(): read error
[  562.238736][T15493] loop4: detected capacity change from 0 to 512
[  562.263730][T15493] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  562.269290][T15493] ext4 filesystem being mounted at /698/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  562.307590][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.432957][T15491] loop6: detected capacity change from 0 to 32768
[  562.527870][T15506] veth0: entered promiscuous mode
[  562.535034][T15505] veth0: left promiscuous mode
[  562.661743][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  562.667705][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  563.044126][T11543] usb 7-1: new low-speed USB device number 28 using dummy_hcd
[  563.192079][   T33] audit: type=1326 audit(2000000385.212:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.201422][   T33] audit: type=1326 audit(2000000385.212:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.209595][   T33] audit: type=1326 audit(2000000385.232:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.218705][   T33] audit: type=1326 audit(2000000385.232:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.227175][   T33] audit: type=1326 audit(2000000385.232:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.236893][   T33] audit: type=1326 audit(2000000385.232:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.244637][T11543] usb 7-1: No LPM exit latency info found, disabling LPM.
[  563.247359][   T33] audit: type=1326 audit(2000000385.232:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15543 comm="syz.8.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84098ebe9 code=0x7ffc0000
[  563.257004][T11543] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  563.260127][T11543] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  563.263419][T11543] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  563.271433][T11543] usb 7-1: string descriptor 0 read error: -22
[  563.274209][T11543] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  563.277675][T11543] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.286506][T11543] usb 7-1: 0:2 : does not exist
[  563.492918][   T52] usb 7-1: USB disconnect, device number 28
[  563.603432][T15563] loop8: detected capacity change from 0 to 2048
[  563.608623][T15563] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  563.621874][T15564] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  564.059233][T15577] loop8: detected capacity change from 0 to 32768
[  564.062869][T15577] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3489 (15577)
[  564.074558][T15577] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  564.078096][T15577] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[  564.148064][T15577] BTRFS info (device loop8): setting nodatasum
[  564.150774][T15577] BTRFS info (device loop8): enabling ssd optimizations
[  564.154189][T15577] BTRFS info (device loop8): disabling tree log
[  564.157038][T15577] BTRFS info (device loop8): enabling free space tree
[  564.160191][T15577] BTRFS info (device loop8): enabling auto defrag
[  564.247023][T15604] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3495'.
[  564.293986][T12028] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  564.327899][T15607] loop6: detected capacity change from 0 to 512
[  564.330964][T15607] EXT4-fs: Ignoring removed bh option
[  564.333050][T15607] EXT4-fs: Ignoring removed mblk_io_submit option
[  564.336713][T15607] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  564.340407][T15607] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  564.359496][T15607] EXT4-fs error (device loop6): __ext4_get_inode_loc:4861: comm syz.6.3497: Invalid inode table block 0 in block_group 0
[  564.364390][T15607] EXT4-fs (loop6): Remounting filesystem read-only
[  564.367030][T15607] EXT4-fs (loop6): get root inode failed
[  564.369331][T15607] EXT4-fs (loop6): mount failed
[  564.554781][   T40] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.598532][T15616] loop8: detected capacity change from 0 to 128
[  564.602543][T15616] ufs: You didn't specify the type of your ufs filesystem
[  564.602543][T15616] 
[  564.602543][T15616] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  564.602543][T15616] 
[  564.602543][T15616] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  564.621756][T15610] loop4: detected capacity change from 0 to 32768
[  564.625726][T15616] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[  564.627763][T15610] XFS: attr2 mount option is deprecated.
[  564.642844][T15610] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  564.646550][T15610] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  564.675445][   T55] Bluetooth: hci0: unexpected cc 0x203e length: 2 > 1
[  564.679548][T15610] XFS (loop4): Ending clean mount
[  564.680153][   T55] Bluetooth: hci0: unexpected event for opcode 0x203e
[  564.682259][T15610] XFS (loop4): Quotacheck needed: Please wait.
[  564.721114][T15627] loop6: detected capacity change from 0 to 4096
[  564.730993][T15610] XFS (loop4): Quotacheck: Done.
[  564.734504][T15627] EXT4-fs: Conflicting test_dummy_encryption options
[  564.757066][T15630] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3503'.
[  564.773024][T15630] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.775420][T15630] bridge0: port 2(bridge_slave_1) entered forwarding state
[  564.788767][ T9573] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  564.837756][T15635] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3506'.
[  564.841554][T15635] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  564.902263][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3508'.
[  564.964595][T15638] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3508'.
[  565.529100][T15651] loop6: detected capacity change from 0 to 40427
[  565.542586][T15651] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  565.549048][T15651] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  565.650857][T15651] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  565.663560][T15651] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  565.669784][T15651] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  565.690111][T15668] loop8: detected capacity change from 0 to 32768
[  565.718325][T15668] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  565.788642][T12028] ocfs2: Unmounting device (7,8) on (node local)
[  566.139572][T15688] loop8: detected capacity change from 0 to 128
[  566.145725][T15688] FAT-fs (loop8): bogus number of reserved sectors
[  566.148210][T15688] FAT-fs (loop8): This looks like a DOS 1.x volume, but isn't a recognized floppy size (128 sectors)
[  566.153915][T15688] FAT-fs (loop8): Can't find a valid FAT filesystem
[  566.191786][T15691] sg_write: data in/out 16514940/4 bytes for SCSI command 0x1c-- guessing data in;
[  566.191786][T15691]    program syz.8.3529 not setting count and/or reply_len properly
[  566.809639][T15713] loop8: detected capacity change from 0 to 32768
[  566.821264][T15713] ea_get: invalid extended attribute
[  566.890890][   T33] audit: type=1326 audit(2000000388.914:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15682 comm="syz.6.3526" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x7fc00000
[  566.911034][T15715] loop8: detected capacity change from 0 to 64
[  566.952715][T15719] loop6: detected capacity change from 0 to 128
[  566.959116][T15719] EXT4-fs (loop6): Test dummy encryption mode enabled
[  566.965820][T15719] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  566.969722][T15719] ext4 filesystem being mounted at /755/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  567.049590][ T9537] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  567.095115][   T52] lo speed is unknown, defaulting to 1000
[  567.096944][   T52] syz2: Port: 1 Link DOWN
[  567.180279][T15737] loop8: detected capacity change from 0 to 512
[  567.252742][   T24] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  567.403361][   T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  567.407590][   T24] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  567.411153][   T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  567.414928][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.420660][T15725] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  567.429968][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  567.454567][T15745] loop6: detected capacity change from 0 to 32768
[  567.460423][T15745] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  567.472479][T15745] XFS (loop6): Ending clean mount
[  567.484011][T15745] XFS (loop6): Quotacheck needed: Please wait.
[  567.514694][T15745] XFS (loop6): Quotacheck: Done.
[  567.550154][ T9537] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  567.645717][ T5883] usb 5-1: USB disconnect, device number 33
[  567.849679][T15756] loop6: detected capacity change from 0 to 40427
[  567.854182][T15756] F2FS-fs (loop6): invalid crc value
[  567.889034][T15756] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  567.894917][T15756] F2FS-fs (loop6): Start checkpoint disabled!
[  567.899100][T15756] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  568.126279][T15764] loop6: detected capacity change from 0 to 128
[  568.130861][T15764] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002]
[  568.134410][T15764] System zones: 1-3, 19-19, 35-36
[  568.137121][T15764] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  568.142447][T15764] ext4 filesystem being mounted at /762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  568.155353][T15764] EXT4-fs warning (device loop6): verify_group_input:137: Cannot add at group 8199 (only 1 groups)
[  568.256223][ T9537] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  568.305847][T15767] loop6: detected capacity change from 0 to 1024
[  568.388691][ T1091] hfsplus: b-tree write err: -5, ino 4
[  568.721128][ T5883] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  568.723290][   T55] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  568.727572][   T55] Bluetooth: hci0: Injecting HCI hardware error event
[  568.732962][   T55] Bluetooth: hci0: hardware error 0x00
[  568.875227][ T5883] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  568.878326][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.881119][ T5883] usb 7-1: Product: syz
[  568.882817][ T5883] usb 7-1: Manufacturer: syz
[  568.884629][ T5883] usb 7-1: SerialNumber: syz
[  568.888187][ T5883] usb 7-1: config 0 descriptor??
[  569.038168][T15785] loop8: detected capacity change from 0 to 16
[  569.044264][T15785] erofs (device loop8): bogus i_mode (6) @ nid 36
[  569.106407][ T5883] usb 7-1: USB disconnect, device number 29
[  569.164464][T15791] 9pnet: p9_errstr2errno: server reported unknown error t/event#
[  569.510663][   T52] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  569.662374][   T52] usb 9-1: config 0 has an invalid interface number: 85 but max is 0
[  569.665861][   T52] usb 9-1: config 0 has no interface number 0
[  569.672319][   T52] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=4f.5d
[  569.675322][   T52] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.678493][   T52] usb 9-1: Product: syz
[  569.680105][   T52] usb 9-1: Manufacturer: syz
[  569.682120][   T52] usb 9-1: SerialNumber: syz
[  569.685097][   T52] usb 9-1: config 0 descriptor??
[  569.688618][   T52] usbtest 9-1:0.85: Linux gadget zero
[  569.690632][   T52] usbtest 9-1:0.85: high-speed {control in/out int-out} tests (+alt)
[  569.690805][T12156] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  569.844971][T12156] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  569.848892][T12156] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.857315][T12156] usb 5-1: Product: syz
[  569.859143][T12156] usb 5-1: Manufacturer: syz
[  569.863087][T12156] usb 5-1: SerialNumber: syz
[  569.867837][T12156] usb 5-1: config 0 descriptor??
[  569.873817][T12156] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 034
[  569.892557][   T52] usb 9-1: USB disconnect, device number 16
[  569.946526][T15813] netlink: 'syz.6.3579': attribute type 13 has an invalid length.
[  569.979525][T15813] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  569.989235][   T24] lo speed is unknown, defaulting to 1000
[  569.995193][   T24] syz2: Port: 1 Link ACTIVE
[  570.061826][T15817] loop6: detected capacity change from 0 to 128
[  570.067973][T15817] FAT-fs (loop6): Directory bread(block 11554) failed
[  570.070775][T15817] FAT-fs (loop6): Directory bread(block 11555) failed
[  570.073154][T15817] FAT-fs (loop6): Directory bread(block 11556) failed
[  570.075459][T15817] FAT-fs (loop6): Directory bread(block 11557) failed
[  570.077782][T15817] FAT-fs (loop6): Directory bread(block 11558) failed
[  570.080919][T15817] FAT-fs (loop6): Directory bread(block 11559) failed
[  570.083128][T15817] FAT-fs (loop6): Directory bread(block 11560) failed
[  570.085367][T15817] FAT-fs (loop6): Directory bread(block 11561) failed
[  570.088215][T15817] FAT-fs (loop6): Directory bread(block 11562) failed
[  570.090941][T15817] FAT-fs (loop6): Directory bread(block 11563) failed
[  570.292380][T12156]  (null): failure reading functionality
[  570.329644][T12156] i2c i2c-2: connected i2c-tiny-usb device
[  570.578851][T12156] usb 5-1: USB disconnect, device number 34
[  570.959972][   T55] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  570.990106][T15828] loop8: detected capacity change from 0 to 32768
[  571.000355][T15828] JBD2: Ignoring recovery information on journal
[  571.029548][T15828] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  571.113624][T12028] ocfs2: Unmounting device (7,8) on (node local)
[  571.327846][T15848] binder: 15847:15848 ioctl c0306201 200000000080 returned -14
[  571.401424][T12156] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  571.426998][T15860] loop6: detected capacity change from 0 to 512
[  571.551106][T12156] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD6, changing to 0x86
[  571.554929][T12156] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  571.558492][T12156] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  571.563964][T12156] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  571.566714][T12156] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.569108][T12156] usb 5-1: Product: syz
[  571.570527][T12156] usb 5-1: Manufacturer: syz
[  571.572065][T12156] usb 5-1: SerialNumber: syz
[  571.574602][T12156] usb 5-1: config 0 descriptor??
[  571.783626][T12156] powermate: unknown product id 0240
[  571.785409][T12156] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[  571.787908][T12156] powermate 5-1:0.0: probe with driver powermate failed with error -5
[  571.792742][T12156] usb 5-1: USB disconnect, device number 35
[  571.799086][T15873] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3605'.
[  571.802728][T15873] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3605'.
[  571.868501][T15877] netlink: 136 bytes leftover after parsing attributes in process `syz.6.3607'.
[  571.872789][T15877] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  572.601300][T15908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3621'.
[  573.881436][ T5883] usb 7-1: new full-speed USB device number 30 using dummy_hcd
[  574.068446][ T5883] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  574.072999][ T5883] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  574.081983][ T5883] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  574.085928][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  574.091845][ T5883] usb 7-1: Manufacturer: syz
[  574.094004][ T5883] usb 7-1: SerialNumber: syz
[  574.099794][ T5883] usb 7-1: config 0 descriptor??
[  574.104955][T15922] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  574.120276][ T5883] usb 7-1: ucan: probing device on interface #0
[  574.122998][ T5883] usb 7-1: ucan: invalid endpoint configuration
[  574.125677][ T5883] usb 7-1: ucan: probe failed; try to update the device firmware
[  574.315439][T15930] loop4: detected capacity change from 0 to 32768
[  574.323964][ T5883] usb 7-1: USB disconnect, device number 30
[  575.285624][T15954] tipc: Started in network mode
[  575.287406][T15954] tipc: Node identity ac14140f, cluster identity 4711
[  575.292589][T15954] tipc: New replicast peer: 255.255.255.255
[  575.296428][T15954] tipc: Enabled bearer <udp:syz2>, priority 10
[  575.610747][T15958] loop6: detected capacity change from 0 to 128
[  575.615198][T15958] EXT4-fs: Ignoring removed nobh option
[  575.618304][T15959] loop4: detected capacity change from 0 to 256
[  575.627883][T15959] FAT-fs (loop4): Directory bread(block 1285) failed
[  575.631515][T15958] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  575.636317][T15958] ext4 filesystem being mounted at /800/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  575.641501][T15959] FAT-fs (loop4): Directory bread(block 1285) failed
[  575.654525][T15958] EXT4-fs error (device loop6): ext4_validate_block_bitmap:423: comm syz.6.3641: bg 0: bad block bitmap checksum
[  575.688417][ T9537] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  575.811248][T15973] loop6: detected capacity change from 0 to 1764
[  576.057116][T15977] loop6: detected capacity change from 0 to 32768
[  576.060149][T15977] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.3650 (15977)
[  576.068463][T15977] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  576.071900][T15977] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  576.082116][T15985] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3653'.
[  576.117056][T15977] BTRFS info (device loop6): rebuilding free space tree
[  576.124816][T16000] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3654'.
[  576.131373][T15977] BTRFS info (device loop6): allowing degraded mounts
[  576.133485][T16000] team_slave_0: entered promiscuous mode
[  576.134139][T15977] BTRFS info (device loop6): enabling ssd optimizations
[  576.136355][T16000] team_slave_1: entered promiscuous mode
[  576.139317][T15977] BTRFS info (device loop6): enabling free space tree
[  576.142641][T16000] team0: Device macsec1 is already an upper device of the team interface
[  576.143911][T15977] BTRFS info (device loop6): force clearing of disk cache
[  576.151047][T15977] BTRFS info (device loop6): max_inline set to 0
[  576.151688][T16000] team_slave_0: left promiscuous mode
[  576.155598][T16000] team_slave_1: left promiscuous mode
[  576.182061][ T9537] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  576.373506][T16004] IPv6: NLM_F_CREATE should be specified when creating new route
[  576.409468][   T52] tipc: Node number set to 2886997007
[  576.505322][T16002] loop8: detected capacity change from 0 to 32768
[  576.510052][T16002] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value
[  576.732739][T16010] loop6: detected capacity change from 0 to 32768
[  576.742598][T16010] (syz.6.3659,16010,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  576.749990][T16010] (syz.6.3659,16010,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  576.777480][T16010] JBD2: Ignoring recovery information on journal
[  576.809228][T16010] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  576.901550][T16014] loop4: detected capacity change from 0 to 32768
[  576.909788][T16014] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  576.946403][T16014] XFS (loop4): Ending clean mount
[  576.956680][T16014] XFS (loop4): Quotacheck needed: Please wait.
[  577.003804][T16014] XFS (loop4): Quotacheck: Done.
[  577.008423][ T9537] ocfs2: Unmounting device (7,6) on (node local)
[  577.085051][ T9573] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  577.271786][T16030] loop8: detected capacity change from 0 to 32768
[  577.301164][T16030] XFS (loop8): DAX unsupported by block device. Turning off DAX.
[  577.305260][T16030] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  577.331147][T16044] netlink: 'syz.4.3667': attribute type 1 has an invalid length.
[  577.334952][T16030] XFS (loop8): Ending clean mount
[  577.337344][T16044] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  577.339066][T16030] XFS (loop8): Quotacheck needed: Please wait.
[  577.375439][T16030] XFS (loop8): Quotacheck: Done.
[  577.416245][T12028] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  577.561555][T16052] ip6gre1: entered promiscuous mode
[  577.674886][T16058] netlink: 'syz.4.3674': attribute type 21 has an invalid length.
[  577.681365][T16058] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3674'.
[  577.685068][T16058] netlink: 'syz.4.3674': attribute type 5 has an invalid length.
[  577.688313][T16058] netlink: 'syz.4.3674': attribute type 6 has an invalid length.
[  577.693011][T16058] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3674'.
[  577.764061][T16066] loop4: detected capacity change from 0 to 256
[  578.056105][T16084] loop4: detected capacity change from 0 to 4096
[  578.063335][T16084] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  578.082357][T16084] ntfs3(loop4): Failed to load $Extend (-22).
[  578.084941][T16084] ntfs3(loop4): Failed to initialize $Extend.
[  578.348115][T16090] loop4: detected capacity change from 0 to 1024
[  578.485815][T16094] loop6: detected capacity change from 0 to 512
[  578.498134][T16094] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  578.502999][T16094] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2
[  578.511678][T16094] EXT4-fs (loop6): 1 truncate cleaned up
[  578.515493][T16094] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.531443][T16094] EXT4-fs: group quota file already specified
[  578.563627][ T9537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.624032][T16097] netlink: 348 bytes leftover after parsing attributes in process `syz.6.3692'.
[  578.979811][T16113] loop6: detected capacity change from 0 to 4096
[  578.983802][T16113] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[  579.000821][T16113] ntfs3(loop6): ino=19, mi_enum_attr
[  579.003122][T16113] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  579.252779][T16116] loop6: detected capacity change from 0 to 32768
[  579.256970][T16116] bcachefs (/dev/loop6): error validating superblock: Invalid superblock section replicas: invalid device 1 in entry (unknown data_type 122): 119/246 [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 4 5 5 6 8 8 9 9 10 11 14 24 27 31 35 37 43 47 47 51 56 65 80 89 96 102 128 132 172 173 174 179 205 222 235 245]
[  579.256970][T16116] replicas (size 64):
[  579.256970][T16116] (unknown data_type 122): 119/246 [43 0 222 65 89 132 205 31 174 173 5 172 235 128 0 0 0 0 0 0 0 0 0 0 1 8 0 0 0 179 245 51 102 0 0 0 0 0 0 14 96 0 0 0 0 0 0 0 0 0 0 0 0 5 0 0 0 9 0 0 0 9 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 24 0 0 0 0 0 0 0 37 0 0 0 0 0 0 0 80 0 0 0 10 0 0 0 0 0 0 0 0 0 0 0 56 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
[  579.257100][T16116] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  582.197105][T16171] loop4: detected capacity change from 0 to 8
[  582.215818][T16171] SQUASHFS error: lzo decompression failed, data probably corrupt
[  582.218449][T16171] SQUASHFS error: Failed to read block 0x91: -5
[  582.220446][T16171] SQUASHFS error: Unable to read metadata cache entry [8f]
[  582.223210][T16171] SQUASHFS error: Unable to read inode 0x11f
[  583.504808][T16189] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  583.742322][T16183] loop4: detected capacity change from 0 to 40427
[  583.752999][T16183] F2FS-fs (loop4): invalid crc value
[  583.845901][T16183] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  583.849991][T16183] F2FS-fs (loop4): Start checkpoint disabled!
[  583.857859][T16183] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  583.948392][T16183] F2FS-fs (loop4): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  583.977842][T16210] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3739'.
[  584.032776][ T1089] kworker/u10:4: attempt to access beyond end of device
[  584.032776][ T1089] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  584.049009][ T1089] CPU: 1 UID: 0 PID: 1089 Comm: kworker/u10:4 Not tainted syzkaller #0 PREEMPT(full) 
[  584.049027][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  584.049036][ T1089] Workqueue: writeback wb_workfn (flush-7:4)
[  584.049057][ T1089] Call Trace:
[  584.049062][ T1089]  <TASK>
[  584.049069][ T1089]  dump_stack_lvl+0x189/0x250
[  584.049119][ T1089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.049135][ T1089]  ? __pfx_queue_work_on+0x10/0x10
[  584.049147][ T1089]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  584.049164][ T1089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  584.049190][ T1089]  f2fs_handle_critical_error+0x37c/0x540
[  584.049214][ T1089]  f2fs_write_end_io+0x886/0xb60
[  584.049240][ T1089]  __submit_merged_bio+0x27a/0x6a0
[  584.049261][ T1089]  __submit_merged_write_cond+0x255/0x530
[  584.049282][ T1089]  f2fs_write_data_pages+0x261d/0x3000
[  584.049329][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  584.049413][ T1089]  ? f2fs_write_meta_pages+0x357/0x450
[  584.049439][ T1089]  ? __lock_acquire+0xab9/0xd20
[  584.049460][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  584.049478][ T1089]  do_writepages+0x32e/0x550
[  584.049499][ T1089]  ? reacquire_held_locks+0x127/0x1d0
[  584.049517][ T1089]  ? writeback_sb_inodes+0x384/0x1010
[  584.049538][ T1089]  __writeback_single_inode+0x145/0xff0
[  584.049553][ T1089]  ? do_raw_spin_unlock+0x4d/0x240
[  584.049571][ T1089]  writeback_sb_inodes+0x6c7/0x1010
[  584.049605][ T1089]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  584.049651][ T1089]  ? rcu_is_watching+0x15/0xb0
[  584.049671][ T1089]  wb_writeback+0x43b/0xaf0
[  584.049695][ T1089]  ? queue_io+0x3b1/0x590
[  584.049713][ T1089]  ? __pfx_wb_writeback+0x10/0x10
[  584.049737][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  584.049758][ T1089]  wb_workfn+0x409/0xef0
[  584.049786][ T1089]  ? __pfx_wb_workfn+0x10/0x10
[  584.049803][ T1089]  ? __lock_acquire+0xab9/0xd20
[  584.049831][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  584.049849][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  584.049863][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  584.049874][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  584.049887][ T1089]  process_scheduled_works+0xae1/0x17b0
[  584.049927][ T1089]  ? __pfx_process_scheduled_works+0x10/0x10
[  584.049955][ T1089]  worker_thread+0x8a0/0xda0
[  584.049992][ T1089]  kthread+0x711/0x8a0
[  584.050010][ T1089]  ? __pfx_worker_thread+0x10/0x10
[  584.050022][ T1089]  ? __pfx_kthread+0x10/0x10
[  584.050039][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  584.050053][ T1089]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.050068][ T1089]  ? __pfx_kthread+0x10/0x10
[  584.050109][ T1089]  ret_from_fork+0x3fc/0x770
[  584.050127][ T1089]  ? __pfx_ret_from_fork+0x10/0x10
[  584.050145][ T1089]  ? __switch_to_asm+0x39/0x70
[  584.050159][ T1089]  ? __switch_to_asm+0x33/0x70
[  584.050173][ T1089]  ? __pfx_kthread+0x10/0x10
[  584.050188][ T1089]  ret_from_fork_asm+0x1a/0x30
[  584.050215][ T1089]  </TASK>
[  584.050220][ T1089] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  584.185765][T16221] loop6: detected capacity change from 0 to 1024
[  584.267158][   T86] hfsplus: b-tree write err: -5, ino 8
[  584.410896][T16233] loop6: detected capacity change from 0 to 2048
[  584.418394][T16233] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  584.423175][T16233] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  584.426294][T16233] UDF-fs: Scanning with blocksize 512 failed
[  584.431711][T16233] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  584.439142][T16233] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  584.442315][T16233] UDF-fs: Scanning with blocksize 1024 failed
[  584.446579][T16233] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  584.451363][T16233] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=512, location=512
[  584.460298][T16233] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  584.464166][T16233] UDF-fs: Scanning with blocksize 2048 failed
[  584.470181][T16233] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  584.477632][T16233] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  584.482885][T16233] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=512, location=512
[  584.487181][T16233] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  584.490540][T16233] UDF-fs: Scanning with blocksize 4096 failed
[  584.496225][T16233] UDF-fs: warning (device loop6): udf_fill_super: No partition found (1)
[  584.600254][T16241] loop6: detected capacity change from 0 to 4096
[  584.617231][T16241] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  584.620404][T16241] ntfs3(loop6): Failed to initialize $Extend/$ObjId.
[  584.630171][T16241] ntfs3(loop6): ino=1e, "file1" attr_set_size
[  584.633979][  T792] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  584.730871][T16252] Bluetooth: MGMT ver 1.23
[  584.855445][  T792] usb 9-1: Using ep0 maxpacket: 8
[  584.864341][  T792] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  584.869553][  T792] usb 9-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[  584.872452][  T792] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.881244][  T792] usb 9-1: Product: syz
[  584.882689][  T792] usb 9-1: Manufacturer: syz
[  584.886510][  T792] usb 9-1: SerialNumber: syz
[  584.896065][  T792] usb 9-1: config 0 descriptor??
[  584.913449][  T792] cdc_phonet 9-1:0.0: probe with driver cdc_phonet failed with error -22
[  585.130387][  T792] usb 9-1: USB disconnect, device number 17
[  585.625995][T16263] loop4: detected capacity change from 0 to 32768
[  585.642369][T16263] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3764 (16263)
[  585.679445][T16263] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  585.690291][T16263] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  585.895871][T16263] BTRFS info (device loop4): enabling ssd optimizations
[  585.898410][T16263] BTRFS info (device loop4): enabling free space tree
[  586.004953][ T9573] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  586.672145][  T792] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  586.851918][  T792] usb 9-1: Using ep0 maxpacket: 8
[  586.855602][  T792] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  586.858676][  T792] usb 9-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  586.861371][  T792] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.882463][  T792] usb 9-1: config 0 descriptor??
[  587.035552][T16321] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.3783'.
[  587.303560][  T792] kye 0003:0458:5015.0014: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  587.308648][  T792] kye 0003:0458:5015.0014: item fetching failed at offset 0/2
[  587.313534][  T792] kye 0003:0458:5015.0014: parse failed
[  587.315795][  T792] kye 0003:0458:5015.0014: probe with driver kye failed with error -22
[  587.515595][ T5883] usb 9-1: USB disconnect, device number 18
[  587.591737][T12156] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  587.744692][T12156] usb 7-1: unable to get BOS descriptor or descriptor too short
[  587.749142][T12156] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  587.752826][T12156] usb 7-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  587.758261][T12156] usb 7-1: config 1 interface 0 has no altsetting 1
[  587.763399][T12156] usb 7-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  587.767181][T12156] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.770487][T12156] usb 7-1: Product: syz
[  587.772401][T12156] usb 7-1: Manufacturer: syz
[  587.774406][T12156] usb 7-1: SerialNumber: syz
[  587.780889][T12156] smsusb:smsusb_probe: board id=8, interface number 0
[  587.984345][T12156] smsusb:smsusb_probe: Device initialized with return code -19
[  588.187410][  T792] usb 7-1: USB disconnect, device number 31
[  589.418542][T16374] loop4: detected capacity change from 0 to 512
[  589.429330][T16374] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  589.447970][T16374] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  589.451602][T16374] System zones: 0-2, 18-18, 34-34
[  589.456500][T16374] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.461879][T16374] ext4 filesystem being mounted at /800/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  589.530111][T16383] netlink: 'syz.8.3807': attribute type 23 has an invalid length.
[  589.554841][ T9573] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.699742][T16392] loop4: detected capacity change from 0 to 4096
[  589.708375][T16392] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  589.767693][T16392] ntfs3(loop4): Failed to initialize $Extend/$ObjId.
[  590.164533][T16399] loop6: detected capacity change from 0 to 32768
[  590.168149][T16399] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.3814 (16399)
[  590.238119][T16399] BTRFS info (device loop6): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  590.242069][T16399] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  590.260399][T16399] BTRFS info (device loop6): enabling ssd optimizations
[  590.262913][T16399] BTRFS info (device loop6): enabling free space tree
[  590.287968][ T9537] BTRFS info (device loop6): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  590.380834][T16421] loop4: detected capacity change from 0 to 736
[  590.788697][T16430] loop6: detected capacity change from 0 to 128
[  590.792932][T16430] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  590.814538][T16430] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  590.846124][T16430] UDF-fs: error (device loop6): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  590.856775][T16430] UDF-fs: error (device loop6): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  590.981456][T16439] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3823'.
[  591.132185][T16443] loop4: detected capacity change from 0 to 4096
[  591.177586][T16448] loop8: detected capacity change from 0 to 1024
[  591.185627][T16449] loop6: detected capacity change from 0 to 1024
[  591.200119][T16449] EXT4-fs: Ignoring removed nomblk_io_submit option
[  591.204614][T16449] EXT4-fs: Mount option(s) incompatible with ext3
[  592.959072][T16467] loop8: detected capacity change from 0 to 4096
[  592.986808][T16468] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  592.992515][T16467] NILFS error (device loop8): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  593.006260][T16467] NILFS (loop8): mounting fs with errors
[  593.354811][T16477] tipc: Started in network mode
[  593.356911][T16477] tipc: Node identity ac1414aa, cluster identity 4711
[  593.369765][T16477] tipc: Enabled bearer <udp:s>, priority 10
[  593.370631][T16478] loop8: detected capacity change from 0 to 2048
[  593.384336][T16478] UDF-fs: error (device loop8): udf_process_sequence: Primary Volume Descriptor not found!
[  593.718741][T16489] netlink: 'syz.4.3847': attribute type 1 has an invalid length.
[  593.737260][T16486] loop8: detected capacity change from 0 to 4096
[  594.126934][T16504] netlink: 452 bytes leftover after parsing attributes in process `syz.8.3853'.
[  594.489569][T12156] tipc: Node number set to 2886997162
[  595.515554][T16519] loop4: detected capacity change from 0 to 256
[  595.520362][T16519] exfat: Deprecated parameter 'utf8'
[  595.522987][T16519] exfat: Deprecated parameter 'namecase'
[  595.549161][T16519] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  595.731297][T16531] loop8: detected capacity change from 0 to 256
[  595.793306][T16537] netlink: 276 bytes leftover after parsing attributes in process `syz.4.3868'.
[  595.891760][T16547] netdevsim netdevsim6 netdevsim0: left promiscuous mode
[  595.894897][T16547] netdevsim netdevsim6 netdevsim0: left allmulticast mode
[  596.067981][  T792] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  596.099814][T16557] loop6: detected capacity change from 0 to 1024
[  596.201539][T16559] loop6: detected capacity change from 0 to 256
[  596.227356][  T792] usb 9-1: Using ep0 maxpacket: 32
[  596.235883][  T792] usb 9-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.245670][  T792] usb 9-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  596.255166][  T792] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  596.261468][  T792] usb 9-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  596.266217][  T792] usb 9-1: Product: syz
[  596.269995][  T792] usb 9-1: Manufacturer: syz
[  596.283638][  T792] hub 9-1:4.0: USB hub found
[  596.496157][  T792] hub 9-1:4.0: 2 ports detected
[  596.506865][T16566] loop6: detected capacity change from 0 to 16
[  596.514662][T16566] erofs (device loop6): mounted with root inode @ nid 36.
[  596.908468][T16572] loop6: detected capacity change from 0 to 32768
[  597.529143][T16588] loop6: detected capacity change from 0 to 4096
[  597.536965][T16589] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  597.655627][T16595] loop6: detected capacity change from 0 to 4096
[  597.664284][T16595] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  597.671445][T16595] ntfs3(loop6): Failed to load $Extend (-22).
[  597.673871][T16595] ntfs3(loop6): Failed to initialize $Extend.
[  597.715600][  T792] hub 9-1:4.0: activate --> -90
[  597.922425][  T792] hub 9-1:4.0: hub_ext_port_status failed (err = -71)
[  597.923088][ T5883] usb 9-1: USB disconnect, device number 19
[  598.779411][T16618] team_slave_1: entered promiscuous mode
[  598.784342][T16618] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  598.820018][T16618] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  598.879231][T16620] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3907'.
[  598.882523][T16620] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3907'.
[  598.888437][  T792] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  599.069682][  T792] usb 9-1: Using ep0 maxpacket: 8
[  599.078594][  T792] usb 9-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  599.082701][  T792] usb 9-1: config 1 has no interface number 1
[  599.085580][  T792] usb 9-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  599.096010][  T792] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  599.102100][  T792] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.105744][  T792] usb 9-1: Product: syz
[  599.107954][  T792] usb 9-1: Manufacturer: syz
[  599.110052][  T792] usb 9-1: SerialNumber: syz
[  599.200216][T16627] loop4: detected capacity change from 0 to 4096
[  599.207162][T16627] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  599.213526][T16627] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096)
[  599.217936][T16627] NILFS (loop4): mounting unchecked fs
[  599.226283][T16627] NILFS (loop4): invalid segment: Checksum error in segment payload
[  599.230017][T16627] NILFS (loop4): unable to fall back to spare super block
[  599.233238][T16627] NILFS (loop4): error -22 while searching super root
[  599.330834][  T792] usb 9-1: 2:1 : format type 0 is detected, processed as PCM
[  599.333920][  T792] usb 9-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  599.340836][  T792] usb 9-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  599.343353][  T792] usb 9-1: 2:1 : invalid channels 0
[  599.353665][T16631] loop6: detected capacity change from 0 to 64
[  599.354063][  T792] usb 9-1: USB disconnect, device number 20
[  599.682698][T16633] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  599.686832][T16633] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  599.802704][   T33] audit: type=1800 audit(2000000933.825:151): pid=16634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3912" name="file1" dev="loop6" ino=5 res=0 errno=0
[  599.849921][T16634] minix: Unknown parameter '18446744073709551615@LqE: 艞t}0$'
[  599.880656][   T33] audit: type=1800 audit(2000000933.835:152): pid=16634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3912" name="file2" dev="loop6" ino=6 res=0 errno=0
[  600.767398][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  601.306364][ T5883] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  601.456294][ T5883] usb 9-1: Using ep0 maxpacket: 16
[  601.460901][ T5883] usb 9-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.465271][ T5883] usb 9-1: config 0 interface 0 has no altsetting 0
[  601.469588][ T5883] usb 9-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  601.472694][ T5883] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.476815][ T5883] usb 9-1: config 0 descriptor??
[  601.875088][T16664] loop6: detected capacity change from 0 to 16
[  601.882895][T16664] erofs (device loop6): mounted with root inode @ nid 36.
[  601.891177][T16664] erofs (device loop6): unknown HEAD2 format 8 for nid 36, please upgrade kernel
[  601.894875][T16664] erofs (device loop6): unknown HEAD2 format 8 for nid 36, please upgrade kernel
[  601.902082][T16664] erofs (device loop6): read error -95 @ 8200 of nid 36
[  601.902700][ T5883] nzxt-smart2 0003:1E71:2009.0015: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.8-1/input0
[  601.924632][T16666] loop4: detected capacity change from 0 to 128
[  601.929931][T16666] qnx6: superblock #1 checksum error
[  602.294395][  T792] usb 9-1: USB disconnect, device number 21
[  602.931050][T16688] loop8: detected capacity change from 0 to 512
[  602.938529][T16688] EXT4-fs (loop8): blocks per group (95) and clusters per group (32768) inconsistent
[  603.940839][T16697] loop4: detected capacity change from 0 to 32768
[  603.951071][T16697] 
[  603.951071][T16697]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  603.951071][T16697] 
[  603.970885][T16697] ERROR: (device loop4): diWrite: ixpxd invalid
[  603.970885][T16697] 
[  603.978399][T16697] ERROR: (device loop4): txCommit: 
[  603.978399][T16697] 
[  604.015365][ T9573] 
[  604.015365][ T9573]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  604.015365][ T9573] 
[  604.022999][ T9573] 
[  604.022999][ T9573]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  604.022999][ T9573] 
[  604.139820][T16711] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3943'.
[  605.192945][T16754] loop8: detected capacity change from 0 to 32768
[  605.196994][T16754] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3962 (16754)
[  605.206186][T16754] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  605.210399][T16754] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[  605.249623][T16754] BTRFS info (device loop8): allowing degraded mounts
[  605.252617][T16754] BTRFS info (device loop8): enabling ssd optimizations
[  605.255534][T16754] BTRFS info (device loop8): enabling free space tree
[  605.259926][T16754] BTRFS info (device loop8): use zlib compression, level 3
[  605.300672][T12028] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  605.362754][ T5883] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  605.528408][ T5883] usb 7-1: unable to get BOS descriptor or descriptor too short
[  605.532634][ T5883] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  605.542742][ T5883] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  605.546736][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.550132][ T5883] usb 7-1: Product: syz
[  605.551934][ T5883] usb 7-1: Manufacturer: syz
[  605.553866][ T5883] usb 7-1: SerialNumber: syz
[  606.008192][ T5883] usb 7-1: USB disconnect, device number 32
[  606.703552][T16811] libceph: resolve '400' (ret=-3): failed
[  606.804577][T16818] veth0: entered promiscuous mode
[  606.825345][T16817] veth0: left promiscuous mode
[  607.906135][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  608.612966][T16842] loop0: Can't mount, would change RO state
[  608.691294][T16846] loop8: detected capacity change from 0 to 128
[  608.709408][T16846] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  608.715278][T16846] ext4 filesystem being mounted at /600/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  608.768866][T12028] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  608.891850][   T33] audit: type=1326 audit(2000001198.926:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16857 comm="syz.6.4000" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa643f8ebe9 code=0x0
[  608.932476][  T792] kernel write not supported for file /sg0 (pid: 792 comm: kworker/1:2)
[  610.014279][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  610.282219][T16903] loop4: detected capacity change from 0 to 4096
[  610.289412][T16903] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  610.451225][T16889] loop6: detected capacity change from 0 to 131072
[  610.457286][T16889] F2FS-fs (loop6): Wrong CP boundary, start(512) end(1536) blocks(0)
[  610.460603][T16889] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  610.466109][T16889] F2FS-fs (loop6): invalid crc value
[  610.503872][T16903] ntfs3(loop4): Failed to load $Extend (-22).
[  610.506675][T16903] ntfs3(loop4): Failed to initialize $Extend.
[  610.519540][T16889] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  610.526870][T16889] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  610.529857][T16889] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  610.598265][   T24] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  610.755969][   T24] usb 9-1: Using ep0 maxpacket: 8
[  610.761740][   T24] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  610.765117][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.769683][   T24] usb 9-1: Product: syz
[  610.771199][   T24] usb 9-1: Manufacturer: syz
[  610.772910][   T24] usb 9-1: SerialNumber: syz
[  610.778608][   T24] usb 9-1: config 0 descriptor??
[  610.982444][   T24] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  611.379106][T16928] loop6: detected capacity change from 0 to 512
[  611.392342][T16928] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  611.400221][T16928] ext4 filesystem being mounted at /942/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  611.459572][T16928] loop6: detected capacity change from 512 to 64
[  611.534936][T12607] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  611.589640][   T24] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  611.594346][   T24] usb 9-1: USB disconnect, device number 22
[  611.845392][ T5866] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  611.952929][ T5866] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.061118][ T5866] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.225667][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  612.234706][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  612.240603][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  612.248290][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  612.251899][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  612.277845][ T5866] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.323985][T16953] lo speed is unknown, defaulting to 1000
[  612.745179][ T5866] team0: left allmulticast mode
[  612.755941][ T5866] team_slave_0: left allmulticast mode
[  612.758258][ T5866] team_slave_1: left allmulticast mode
[  612.760631][ T5866] geneve0: left allmulticast mode
[  612.762920][ T5866] team0: left promiscuous mode
[  612.764973][ T5866] team_slave_0: left promiscuous mode
[  612.768046][ T5866] team_slave_1: left promiscuous mode
[  612.772044][ T5866] geneve0: left promiscuous mode
[  612.774289][ T5866] bridge0: port 3(team0) entered disabled state
[  612.779556][ T5866] bridge_slave_1: left allmulticast mode
[  612.781769][ T5866] bridge_slave_1: left promiscuous mode
[  612.786062][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.801737][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state
[  613.170187][ T5866] dvmrp0 (unregistering): left allmulticast mode
[  613.199316][ T5866] team0: Port device geneve0 removed
[  613.264730][ T5866] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  613.270025][ T5866] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  613.274104][ T5866] bond0 (unregistering): Released all slaves
[  613.280838][ T5866] bond1 (unregistering): Released all slaves
[  613.390096][T16953] chnl_net:caif_netlink_parms(): no params data found
[  613.479224][T16953] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.482575][T16953] bridge0: port 1(bridge_slave_0) entered disabled state
[  613.485750][T16953] bridge_slave_0: entered allmulticast mode
[  613.490011][T16953] bridge_slave_0: entered promiscuous mode
[  613.494732][T16953] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.497978][T16953] bridge0: port 2(bridge_slave_1) entered disabled state
[  613.501158][T16953] bridge_slave_1: entered allmulticast mode
[  613.505103][T16953] bridge_slave_1: entered promiscuous mode
[  613.537429][T16953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  613.543782][T16953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  613.577011][T16953] team0: Port device team_slave_0 added
[  613.582292][T16953] team0: Port device team_slave_1 added
[  613.622709][T16991] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4053'.
[  613.631104][T16953] batman_adv: batadv0: Adding interface: batadv_slave_0
[  613.638866][T16953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  613.651784][T16953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  613.662465][T16953] batman_adv: batadv0: Adding interface: batadv_slave_1
[  613.665409][T16953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  613.681708][T16953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.692140][T16993] loop4: detected capacity change from 0 to 8
[  613.695503][T16993] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  613.725052][T16953] hsr_slave_0: entered promiscuous mode
[  613.729423][T16953] hsr_slave_1: entered promiscuous mode
[  613.732398][T16953] debugfs: 'hsr0' already exists in 'hsr'
[  613.734915][T16953] Cannot create hsr debugfs directory
[  614.052781][T16997] cramfs: Error -3 while decompressing!
[  614.055483][T16997] cramfs: ffffffff99bec668(26)->ffff888030d94000(4096)
[  614.058532][T16997] cramfs: Error -3 while decompressing!
[  614.060879][T16997] cramfs: ffffffff99bec682(26)->ffff888030d93000(4096)
[  614.063954][T16997] cramfs: Error -3 while decompressing!
[  614.066684][T16997] cramfs: ffffffff99bec69c(16)->ffff888030d92000(4096)
[  614.069815][T16997] cramfs: Error -3 while decompressing!
[  614.072161][T16997] cramfs: ffffffff99bec668(26)->ffff888030d94000(4096)
[  614.306177][ T9519] Bluetooth: hci0: command tx timeout
[  614.347689][T16953] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  614.355692][T16953] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  614.366466][T16953] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  614.380194][T16953] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  614.492535][T16953] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.509457][T16953] 8021q: adding VLAN 0 to HW filter on device team0
[  614.604541][ T9520] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.608091][ T9520] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.651204][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.654210][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  614.821483][T17036] loop8: detected capacity change from 0 to 512
[  614.843485][T17036] EXT4-fs: Ignoring removed nomblk_io_submit option
[  614.851125][T16953] 8021q: adding VLAN 0 to HW filter on device batadv0
[  614.872362][T17043] loop4: detected capacity change from 0 to 256
[  614.875099][T17043] exfat: Deprecated parameter 'namecase'
[  614.880330][T17036] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  614.883103][T17043] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  614.884436][T17036] ext4 filesystem being mounted at /628/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  614.895187][   T33] audit: type=1800 audit(2000001204.936:154): pid=17043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4072" name="file1" dev="loop4" ino=1048662 res=0 errno=0
[  614.925130][   T33] audit: type=1800 audit(2000001204.966:155): pid=17036 uid=60929 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4070" name="file1" dev="loop8" ino=15 res=0 errno=0
[  614.964986][T12028] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  615.022207][ T5866] tipc: Disabling bearer <udp:syz2>
[  615.025751][ T5866] tipc: Left network mode
[  615.052881][T16953] veth0_vlan: entered promiscuous mode
[  615.058290][T16953] veth1_vlan: entered promiscuous mode
[  615.109224][T16953] veth0_macvtap: entered promiscuous mode
[  615.113269][T16953] veth1_macvtap: entered promiscuous mode
[  615.124295][T16953] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.138804][T16953] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.155414][ T5717] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.184378][ T5717] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.197488][ T5717] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.200789][ T5717] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.230020][T17054] loop4: detected capacity change from 0 to 32768
[  615.234730][T17054] BTRFS warning: excessive commit interval 2147483647, use with care
[  615.239979][T17054] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4075 (17054)
[  615.247195][T17054] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  615.256546][T17054] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  615.259914][T17054] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  615.360227][ T9520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.362824][ T9520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.403847][ T4023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.406625][ T4023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.411112][T17054] BTRFS info (device loop4): rebuilding free space tree
[  615.443411][ T5866] hsr_slave_0: left promiscuous mode
[  615.457756][ T5866] hsr_slave_1: left promiscuous mode
[  615.459519][T17054] BTRFS info (device loop4): disabling free space tree
[  615.460566][ T5866] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  615.463010][T17054] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  615.467614][ T5866] batman_adv: batadv0: Removing interface: batadv_slave_0
[  615.475942][T17054] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  615.495328][T17054] BTRFS info (device loop4): setting nodatasum
[  615.503604][T17054] BTRFS info (device loop4): enabling ssd optimizations
[  615.509883][ T5866] veth1_macvtap: left promiscuous mode
[  615.511626][ T5866] veth0_macvtap: left promiscuous mode
[  615.513443][ T5866] veth1_vlan: left promiscuous mode
[  615.516024][T17054] BTRFS info (device loop4): turning off barriers
[  615.518812][T17054] BTRFS info (device loop4): turning on flush-on-commit
[  615.521756][T17054] BTRFS info (device loop4): enabling disk space caching
[  615.524814][T17054] BTRFS info (device loop4): force clearing of disk cache
[  615.531915][T17054] BTRFS info (device loop4): doing ref verification
[  615.536146][T17054] BTRFS info (device loop4): max_inline set to 0
[  615.653490][ T9573] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  616.317168][ T5866] team0 (unregistering): Port device team_slave_1 removed
[  616.372356][ T5866] team0 (unregistering): Port device team_slave_0 removed
[  616.386133][ T9519] Bluetooth: hci0: command tx timeout
[  616.970996][ T5896] lo speed is unknown, defaulting to 1000
[  616.974422][ T5896] infiniband syz2: ib_query_port failed (-19)
[  617.219533][T17104] netlink: 12 bytes leftover after parsing attributes in process `syz.9.4089'.
[  617.264689][ T5866] IPVS: stop unused estimator thread 0...
[  617.298569][ T5866] ------------[ cut here ]------------
[  617.301410][ T5866] WARNING: CPU: 1 PID: 5866 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x26d/0x2f0
[  617.306047][ T5866] Modules linked in:
[  617.308285][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  617.314168][ T5866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  617.319385][ T5866] Workqueue: netns cleanup_net
[  617.321351][ T5866] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[  617.324849][ T5866] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ab e5 00 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 a9 a3 e1 f7 e8 74 77 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 66 77 9d f7 90 0f 0b 90 e9 60 fe ff ff
[  617.332248][ T5866] RSP: 0018:ffffc9000442f898 EFLAGS: 00010293
[  617.336228][ T5866] RAX: ffffffff8a22341c RBX: ffff88802492c880 RCX: ffff888023419cc0
[  617.339721][ T5866] RDX: 0000000000000000 RSI: ffffffff8dba6cac RDI: ffff888023419cc0
[  617.343404][ T5866] RBP: ffffc9000442f9b0 R08: ffffffff8fa38a37 R09: 1ffffffff1f47146
[  617.347152][ T5866] R10: dffffc0000000000 R11: fffffbfff1f47147 R12: ffffffff8f631640
[  617.350465][ T5866] R13: 1ffff92000885f40 R14: ffff88802492dd00 R15: dffffc0000000000
[  617.353900][ T5866] FS:  0000000000000000(0000) GS:ffff8881a3c1b000(0000) knlGS:0000000000000000
[  617.358033][ T5866] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  617.360914][ T5866] CR2: 00007ff0298f56c0 CR3: 00000001106ac000 CR4: 00000000000006f0
[  617.364376][ T5866] Call Trace:
[  617.365983][ T5866]  <TASK>
[  617.367290][ T5866]  xfrm_net_exit+0x2d/0x70
[  617.369269][ T5866]  ops_undo_list+0x49a/0x990
[  617.371287][ T5866]  ? __pfx_ops_undo_list+0x10/0x10
[  617.373459][ T5866]  ? do_raw_spin_unlock+0x4d/0x240
[  617.375558][ T5866]  cleanup_net+0x4c5/0x800
[  617.377632][ T5866]  ? __pfx_cleanup_net+0x10/0x10
[  617.379724][ T5866]  ? _raw_spin_unlock_irq+0x23/0x50
[  617.382031][ T5866]  ? process_scheduled_works+0x9ef/0x17b0
[  617.384515][ T5866]  ? process_scheduled_works+0x9ef/0x17b0
[  617.387090][ T5866]  process_scheduled_works+0xae1/0x17b0
[  617.389521][ T5866]  ? __pfx_process_scheduled_works+0x10/0x10
[  617.392091][ T5866]  worker_thread+0x8a0/0xda0
[  617.394132][ T5866]  kthread+0x711/0x8a0
[  617.395929][ T5866]  ? __pfx_worker_thread+0x10/0x10
[  617.397898][ T5866]  ? __pfx_kthread+0x10/0x10
[  617.399560][ T5866]  ? _raw_spin_unlock_irq+0x23/0x50
[  617.401402][ T5866]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.403600][ T5866]  ? __pfx_kthread+0x10/0x10
[  617.405497][ T5866]  ret_from_fork+0x3fc/0x770
[  617.407446][ T5866]  ? __pfx_ret_from_fork+0x10/0x10
[  617.409516][ T5866]  ? __switch_to_asm+0x39/0x70
[  617.411505][ T5866]  ? __switch_to_asm+0x33/0x70
[  617.413491][ T5866]  ? __pfx_kthread+0x10/0x10
[  617.415391][ T5866]  ret_from_fork_asm+0x1a/0x30
[  617.417466][ T5866]  </TASK>
[  617.418841][ T5866] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  617.421890][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  617.425911][ T5866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  617.429903][ T5866] Workqueue: netns cleanup_net
[  617.431905][ T5866] Call Trace:
[  617.433308][ T5866]  <TASK>
[  617.434575][ T5866]  dump_stack_lvl+0x99/0x250
[  617.436513][ T5866]  ? __asan_memcpy+0x40/0x70
[  617.438454][ T5866]  ? __pfx_dump_stack_lvl+0x10/0x10
[  617.440566][ T5866]  ? __pfx__printk+0x10/0x10
[  617.442548][ T5866]  vpanic+0x281/0x750
[  617.444230][ T5866]  ? __pfx__printk+0x10/0x10
[  617.445921][ T5866]  ? __pfx_vpanic+0x10/0x10
[  617.447464][ T5866]  ? is_bpf_text_address+0x292/0x2b0
[  617.449472][ T5866]  panic+0xb9/0xc0
[  617.450906][ T5866]  ? __pfx_panic+0x10/0x10
[  617.452548][ T5866]  __warn+0x31b/0x4b0
[  617.454229][ T5866]  ? xfrm_state_fini+0x26d/0x2f0
[  617.455964][ T5866]  ? xfrm_state_fini+0x26d/0x2f0
[  617.457579][ T5866]  report_bug+0x2be/0x4f0
[  617.459142][ T5866]  ? xfrm_state_fini+0x26d/0x2f0
[  617.461186][ T5866]  ? xfrm_state_fini+0x26d/0x2f0
[  617.463234][ T5866]  ? xfrm_state_fini+0x26f/0x2f0
[  617.465295][ T5866]  handle_bug+0x84/0x160
[  617.466996][ T5866]  exc_invalid_op+0x1a/0x50
[  617.468794][ T5866]  asm_exc_invalid_op+0x1a/0x20
[  617.470580][ T5866] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[  617.472425][ T5866] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ab e5 00 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 a9 a3 e1 f7 e8 74 77 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 66 77 9d f7 90 0f 0b 90 e9 60 fe ff ff
[  617.478781][ T5866] RSP: 0018:ffffc9000442f898 EFLAGS: 00010293
[  617.481300][ T5866] RAX: ffffffff8a22341c RBX: ffff88802492c880 RCX: ffff888023419cc0
[  617.484553][ T5866] RDX: 0000000000000000 RSI: ffffffff8dba6cac RDI: ffff888023419cc0
[  617.487372][ T5866] RBP: ffffc9000442f9b0 R08: ffffffff8fa38a37 R09: 1ffffffff1f47146
[  617.490470][ T5866] R10: dffffc0000000000 R11: fffffbfff1f47147 R12: ffffffff8f631640
[  617.493435][ T5866] R13: 1ffff92000885f40 R14: ffff88802492dd00 R15: dffffc0000000000
[  617.496672][ T5866]  ? xfrm_state_fini+0x26c/0x2f0
[  617.498742][ T5866]  ? xfrm_state_fini+0x26c/0x2f0
[  617.500791][ T5866]  xfrm_net_exit+0x2d/0x70
[  617.502702][ T5866]  ops_undo_list+0x49a/0x990
[  617.504634][ T5866]  ? __pfx_ops_undo_list+0x10/0x10
[  617.506751][ T5866]  ? do_raw_spin_unlock+0x4d/0x240
[  617.508859][ T5866]  cleanup_net+0x4c5/0x800
[  617.510384][ T5866]  ? __pfx_cleanup_net+0x10/0x10
[  617.512341][ T5866]  ? _raw_spin_unlock_irq+0x23/0x50
[  617.514175][ T5866]  ? process_scheduled_works+0x9ef/0x17b0
[  617.516784][ T5866]  ? process_scheduled_works+0x9ef/0x17b0
[  617.519146][ T5866]  process_scheduled_works+0xae1/0x17b0
[  617.521184][ T5866]  ? __pfx_process_scheduled_works+0x10/0x10
[  617.523526][ T5866]  worker_thread+0x8a0/0xda0
[  617.525371][ T5866]  kthread+0x711/0x8a0
[  617.526926][ T5866]  ? __pfx_worker_thread+0x10/0x10
[  617.528616][ T5866]  ? __pfx_kthread+0x10/0x10
[  617.530150][ T5866]  ? _raw_spin_unlock_irq+0x23/0x50
[  617.531936][ T5866]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.534075][ T5866]  ? __pfx_kthread+0x10/0x10
[  617.535923][ T5866]  ret_from_fork+0x3fc/0x770
[  617.537627][ T5866]  ? __pfx_ret_from_fork+0x10/0x10
[  617.539732][ T5866]  ? __switch_to_asm+0x39/0x70
[  617.541389][ T5866]  ? __switch_to_asm+0x33/0x70
[  617.543005][ T5866]  ? __pfx_kthread+0x10/0x10
[  617.544573][ T5866]  ret_from_fork_asm+0x1a/0x30
[  617.546208][ T5866]  </TASK>
[  617.548059][ T5866] Kernel Offset: disabled
[  617.549534][ T5866] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:07:17  Registers:
info registers vcpu 0

CPU#0
RAX=0000000010000000 RBX=ffff888107b31bc0 RCX=ffffc900000bb000 RDX=0000000000000000
RSI=000000000000001c RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc90001bff420
R8 =ffffffff8fa38a37 R9 =1ffffffff1f47146 R10=dffffc0000000000 R11=ffffffff86538020
R12=000000000000001c R13=dffffc0000000000 R14=ffff888107b31bc8 R15=ffff888022a18028
RIP=ffffffff865381df RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055555fb24808 CR3=000000002f33c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f6e6e212e53
XMM06=0000000000000000 00007f6e6e212e4d XMM07=0000000000000000 00007f6e6e212e61
XMM08=0000000000000000 00007f6e6e212ee7 XMM09=0000000000000000 00007f6e6e212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000005d RBX=000000000000005d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000442f030
R8 =ffff888106d90237 R9 =1ffff11020db2046 R10=dffffc0000000000 R11=ffffffff854f3380
R12=dffffc0000000000 R13=ffffffff99afa8d6 R14=ffffffff99def420 R15=0000000000000000
RIP=ffffffff854f33fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff0298f56c0 CR3=00000001106ac000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff812b2d05 ffffffff812b2d05
XMM02=00007fd840b97498 ffffffff812b2d05 XMM03=00007fd840b974a8 00007fd840b974a0
XMM04=00007fd8416fd100 00007fd840b97460 XMM05=00007fd840b97478 00007fd840b974c0
XMM06=00007fd840b974b8 00007fd840b974b0 XMM07=00007fd840b974a8 00007fd840b974a0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
