last executing test programs:

3m15.390557141s ago: executing program 0 (id=93):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f0000000300)='./file0\x00', 0x20)

3m15.171096594s ago: executing program 0 (id=99):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000000))

3m15.110913566s ago: executing program 0 (id=101):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0xfffffffd, 0x4, 0x0, 'queue0\x00', 0x2})
writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2)

3m15.11068131s ago: executing program 0 (id=102):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x9})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000380)={0x28, 0x2, r1, r1, 0x1000, 0x5, 0x9})

3m15.110126453s ago: executing program 0 (id=103):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file3\x00', 0x100481e, &(0x7f00000022c0)=ANY=[@ANYBLOB='keep_last_dots,uid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0xee00, @ANYBLOB=',iocharset=cp866,discard,iocharset=cp437,errors=remount-ro,discard,umask=00000000000000000000007,umask=0000000000000003,keep_last_dots,\x00\x00\x00\x00\x00\x00\x00\x00'], 0xb, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

3m15.020785282s ago: executing program 0 (id=104):
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0)

2m59.494312165s ago: executing program 32 (id=104):
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0)

1m56.390816811s ago: executing program 1 (id=1023):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x1de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a601a80000fc020000000000000000000000000000fe8000000000000000000000000000aa223407d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f"], 0x0)

1m56.390582742s ago: executing program 1 (id=1024):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000001c0)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="88a44da5c7", 0x5}, {&(0x7f0000000140)="84", 0x1}], 0x2}}], 0x1, 0x4400c800)
sendto$inet6(r0, &(0x7f0000000600)="5cf3", 0x2, 0x3b00, 0x0, 0x0)

1m56.390365435s ago: executing program 1 (id=1025):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f00000001c0)={'\x00', 0xfffffff9, 0x0, 0x80})

1m56.330852819s ago: executing program 1 (id=1026):
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f00000000c0)=ANY=[], 0x1, 0x1513, &(0x7f0000002d00)="$eJzs3Au4TlW3OPAx5pxLm9Cb5D7HHIs3uUySJJeERJIkSZJbQpIkSUhscktCEnJPcg/JLST3+y33kHySJAkJSeb/0df3d77Td0595+sc5zl7/J5nPXuOvd4x1lh77Od911rPs/c37QdWrlulYm1mhn8J/vVLKgCkAEAfALgGACIAKJGlRBbAIZBeY+q/dhDx53poypXuQFxJMv+0Teaftsn80zaZf9om80/bZP5pm8w/bZP5C5GWbZma81rZ0u72P/f8H+T5//868vn/f8jhIqO+WFfk+g7/RIrMP22T+adtMv+0Teaftsn80zaZ//9xEUCF/2S3zD9tk/kLkZZd6efPsl3Z7Ur//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESBvOhcsMAPxtfaX7EkIIIYQQQgghxJ8nXHWlOxBCCCGEEEIIIcR/PwQFGgxEkA6ughRIDxngasgImSAzXAMJuBaywHWQFa6HbJAdckBOyAW5IQ9YIHDAEENeyAdJuAHyw41QAApCISgMHopAUbgJisHNUBxugRJwK5SE26AUlIYyUBZuh3JwB5SHClAR7oRKcBdUhipwN1SFe6Aa3AvV4T6oAfdDTXgAasGDUBsegjrwMNSFR6AePAr1oQE0hEbQ+L+U/yJ0hpegC3SFVOgG3eFl6AE9oRf0hj7wCvSFV6EfvAb9YQAMhNdhELwBg+FNGAJDYRi8BcNhBIyEUTAaxsBYeBvGwTswHt6FCTARJsFkmAJTYRq8B9NhBsyE92EWfACzYQ7MhXkwHz6EBbAQFsFHsBg+hiWwFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLfAJbIVtsB12wE7YBbvhU9gDe2EffAb74fN/Mv/sv8vvgICAChUaNJgO02EKpmAGzIAZMSNmxsyYwARmwSyYFbNiNsyGOTAH5sJcmAfzICEhI2NezItJTGJ+zI8FsAAWwkLo0WNRLIrF8GYsjsWxBJbAklgSS2FpLI1lsSyWw3JYHstjRayIlbASVsbKeDfejfdgNayG1REBoAbWxJpYC2thbayNdbAO1sW6WA/rYX2sjw2xITbGxtgEm2BTbIrNsTm2wBbYEltiK2yFrbE1tsE22BbbYjtsh+2xPXbAjtgRX8QX8SV8CbtiJdUNu2N37IE9sBf2xt74CvbFV/FVfA374wAciK/j6/gGDsYzOASH4jAchuXUCByJo5DVGByLY3EcjsPxOB4n4ESciJNxCk7FaTgNp+MMnIHv4yz8AD/AOTgH5+F8nI8LcCEuwkW4GM/iElyKy3A5rsCVuAJX4xpcjetwPa7DjbgRN+Nm/AQ/wW24DXfgDtyFu/BT/BT34l7sj/txPx7AA3gQD+IhPISH8TAewSN4FI/iMTyGx/E4nsCTeApP4mk8jWfwLJ7Dc3gez+MFfD7XV3V2FVzbH9QlRhmVTqVTKSpFZVAZVEaVUWVWmVVCJVQWlUVlVVlVNpVN5VA5VC6VS+VReRQpUqxilVflVUmVVPlVflVAFVCFVCHllVdFVVFVTBVTxVVxVULdqkqq21QpVVo182VVWVVONfflVQVVUVVUldRdqrKqoqqoqqqqqqaqqeqquqqhaqia6gFVS3XDXviQujSZumoA1lMDsb5qoBqqRuoNfEw1UYOxqWqmmqsn1FAcgi1VE99KPa1aq5HYRj2rRuFzqp0ag+3VC6qD6qg6qRdVZ9XUd0n361ugmow9VE/VS/VWmeAudWlildVrqr8aoAaq19U8fEMNVm+qIWqoGqbeUsPVCDVSjVKj1Rg1Vr2txql31Hj1rpqgJqpJarKaoqaqaeo9NV3NUDPV+2qW+kDNVnPUXDVPzVcfqgVqoVqkPlKL1cdqiVqqlqnlaoVaqVap1WqNWqvWqfVqg9qoNqnNaov6RG1V29R2tUPtVLvUbvWp2qP2qn3qM7Vffa4OqL+og+oLdUh9qQ6rr9QR9bU6qr5Rx9S36rj6Tp1QJ9Up9b06rX5QZ9RZdU79qM6rn9QF9bO6qIICjVpprY2OdDp9lU7R6XUGfbXOqDPpzPoandDX6iz6Op1VX6+z6ew6h86pc+ncOo+2mrTTrGOdV+fTSX2Dzq9v1AV0QV1IF9ZeF9FF9U26mL5ZF9e36BL6Vl1S36ZL6dK6jC6rb9fl9B26vK6gK+o7dSV9l66sq+i7dVV9j66m79XV9X26hr5f19QP6Fr6QV1bP6Tr6Id1Xf2Irqcf1fV1A91QN9KN9WO6iX5cN9XNdHP9hG6hn9Qt9VO6lX5at9bP6Db6Wd1WP6fb6ed1e/2C7qA76k76Z31RB91Fd9Wpupvurl/WPXRP3Uv31n30K7qvflX306/p/nqAHqhf14P0G3qwflMP0UP1MP2WHq5H6JF6lB6tx+ix+m09Tr+jx+t39QQ9UU/Sk/UUPVX3+rXSzD+Q/84/yO/3y9E36y36E71Vb9Pb9Q69U+/Su/VuvUfv0fv0Pr1f79cH9AF9UB/Uh/QhfVgf1kf0EX1UH9XH9DF9XB/XJ/RJ/aP+Xp/WP+gz+qw+q3/U5/V5feHXnwEYNMpoY0xk0pmrTIpJbzKYq01Gk8lkNteYhLnWZDHXmazmepPNZDc5TE6Ty+Q2eYw1ZJxhE5u8Jp9JmhtMfnOjKWAKmkKmsPGmiClqbvqX83+vv8amsWlimpimpqlpbpqbFqaFaWlamlamlWltWps2po1pa9qadqadaW/amw6mg+lkOpnOprPpYrqYVJNqupuXTQ/T0/QyvU0f84rpa/qafqaf6W/6m4FmoBlkBpnBZrAZYoaYYWaYGW6Gm5FmpBltRpuxZqwZZ8aZ8Wa8mWAmmElmkplipphpZpqZbqabmWammWVmmdlmtplr5pr5Zr5ZYBaYRWaRWWwWmyVmqVlqlpvlZqVZaVab1WatWWvWm/Vmo9lolpgtZovZaraa7Wa72Wl2mt1mt9lj9ph9Zp/Zb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6OmxPmhDllTpnT5rQ5Y86Yc+acOW/OmwvmgrloLl667ItUpCITmShdlC5KiVKiDFGGKGOUMcocZY4SUSLKEmWJskbXR9mi7FGOKGeUK8odpYKNKHIRR3GUN8oXJaMbovzRjVGBqGBUKCoc+ahIVDS6KSoW3RwVj26JSkS3RiWj26JSUemoTFQ2uj0qF90RlY8qRBWjO6NK0V1R5ahKdHdUNbonqhbdG1WP7otqRPdHNaMHolrRg1Ht6KGoTvRwVDd6JKoXPRrVjxpEDaNGUeM/tX4IZ7I/7rvYrjbVdrPd7cu2h+1pe9neto99xfa1r9p+9jXb3w6wA+3rdpB9ww62b9ohdqgdZt+yw+0IO9KOsqPtGDvWvm3H2XfsePuunWAn2kl2sp1ip9pp9j073c6wM+37dpb9wM62c+xcO8/Otx/aBXahXWQ/sovtx3aJXWqX2eV2hV1pV9nVdo1da9fZ9XaD3Wg32c12i/3EbrXb7Ha7w+60u+xu+6ndY/faffYzu99+bg/Yv9iD9gt7yH5pD9uv7BH7tT1qv7HH7Lf2uP3OnrAn7Sn7vT1tf7Bn7Fl7zv5oz9uf7AX7s71ow6WL+0sf72TIUDpKRymUQhkoA2WkjJSZMlOCEpSFslBWykrZKBvloByUi3JRHspDlzAx5aW8lKQk5af8VIAKUCEqRJ48FaWiVIyKUXEqTiWoBJWkklSKSlEZKkO30+10B91BFagC3Ul30l10F1WhKlSVqlI1qkbVqTrVoBpUk2pSLapFtak21aE6VJfqUj2qR/WpPjWkhtSYGlMTakJNqSk1p+bUglpQS2pJragVtabW1IbaUFtqS+2oHbWn9tSBOlAn6kSdqTN1oS6USqnUnbpTD+pBvagX9aE+1Jf6Uj/qR/2pPw2kgTSIBtFgGkxDaCgNo7doOI2gkTSKRtMYGktjaRyNo/E0nibQBJpEk2gKTaFpNI2m03SaSTNpFs2i2TSb5tJcmk/zaQEtoEW0iBbTYlpCS2gZLaMVtIJW0SpaQ2toHa2jDbSBNtEm2kJbaCttpe20nXbSTtpNu2kP7aF9tI/20346QAfoIB2kQ3SIDtNhOkJH6CgdpWN0jI7TcTpBJ+gUnaLTdJrO0Bk6R+foPP1EF+hnukiBUpyCDO5ql9FlcpndNS7FpXcZ3F8vmC7FOVxOl8vldnmcddlc9r+LyTlXwBV0hVxh510RV9Td9Ju4lCvtyriy7nZXzt3hyv8mrurucdXcva66u89VcXf/XVzD3e9qukdcLfeoq+0auDqukavrHnH13KOuvmvgGrpGroV70rV0T7lW7mnX2j3zm3iBW+jWuLVunVvv9ri97pz70R1137jz7ifXxXV1fdwrrq971fVzr7n+bsBv4mHuLTfcjXAj3Sg32o35TTzJTXZT3FQ3zb3nprsZv4nnuw/dLLfIzXZz3Fw375f4Uk+L3EdusfvYLXFL3TK33K1wK90qt/r/97rcbXSb3Ga3233qtrptbrvb4Xa6Xb/El85jn/vM7XefuyPua3fQfeEOuWPusPvql/jS+R1z37rj7jt3wp10p9z37rT7wZ1xZ385/0vn/r372V10wQEjK9ZsOOJ0fBWncHrOwFdzRs7EmfkaTvC1nIWv46x8PWfj7JyDc3Iuzs152DKxY+aY83I+TvINnJ9v5AJckAtxYfZchIvyTVyMb+bifAuX4Fu5JN/Gpbg0l+GyfDuX4zu4PFfginwnVwqBK3MVvpur8j1cje/l6nwf1+D7uSY/wLX4Qa7ND3Edfpjr8iNcjx/l+tyAG3IjbsyPcRN+nJtyM27OT3ALfpJb8lPcip/m1vwMt+FnuS0/x+34eW7PL3AH7sid+EXuzC9xF+7KqdyNu/PL3IN7ci/uzX34Fe7Lr3I/fo378wAeyK/zIH6DB/ObPISH8jB+i4fzCB7Jo3g0j+Gx/DaP43d4PL/LE3giT+LJPIWn8jR+j6fzDJ7J7/Ms/oBn8xyey/N4Pn/IC3ghL+KPeDF/zEt4KS/j5byCV/IqXs1reC2v4/W8gTfyJt7MW/gT3srbeDvv4J28i3fzp7yH9/I+/oz38+d8gP/CB/kLPsRf8mH+io/w13yUv+Fj/C0f5+/4BJ/kU/w9n+Yf+Ayf5XP8I5/nn/gC/8wXOTDEGKtYxyaO4nTxVXFKnD7OEF8dZ4wzxZnja+JEfG2cJb4uzhpfH2eLs8c54pxxrjh3nCe2McUu5jiO88b54mR8Q5w/vjEuEBeMC8WFYx8XiYvGN8XF4pvj4vEtcYn41rhkfFtcKi4dP3Jf2fj2uFx8R1w+rhBXjO+MK8V3xZXjKvHdcdX4nrhafG9cPb4vLh7fH9eMH4hrxQ/GteOH4jrxw3Hd+JG4XvxoXD9uEDeMG8WN48fiJvHjcdO4Wdw8fiJuET8Zt4yfilvFT8et42d+d39q3C3uHr8cvxyHcK+em5yXnJ/8MLkguTC5KPlRcnHy4+SS5NLksuTy5IrkyuSq5OrkmuTa5Lrk+uSG5MbkpuTmZAhVrgKPXnntjY98On+VT/HpfQZ/tc/oM/nM/hqf8Nf6LP46n9Vf77P57D6Hz+lz+dw+j7eevPPsY5/X5/NJf4PP72/0BXxBX8gX9t4X8UV9I9/YN/ZN/OO+qW/mm/sn/BP+Sf+kf8o/5Z/2rf0zvo1/1rf1z/l2/nn/vH/Bd/AdfSf/ou/sX/JdfFef6lN9d9/d9/A9fC/fy/fxfXxf39f38/18f9/fD/QD/SA/yA/2g/0QP8QP88P8cD/cj/Qj/Wg/2o/1Y/04P86P9+P9BD/BT/KT/BQ/xU/z0/x0P93P9DP9rAKz/Gw/28/1c/18P98v8Av8Ir/IL/aL/RK/xC/zy/wKv8Kv8qv8Gr/Gr/Pr/Aa/wW/ym/wWv8Vv9Vv9dr/d7/Q7/W6/2+/xe/w+v8/v9/v9AX/AH/QH/SH/pT/sv/JH/Nf+qP/GH/Pf+uP+O3/Cn/Sn/Pf+tP/Bn/Fn/Tn/oz/vf/IX/M/+og9+bOLtxLjEO4nxiXcTExITE5MSkxNTElMT0xLvJaYnZiRmJt5PzEp8kJidmJOYm5iXmJ/4MLEgsTCxKPFRYnHi48SSxNLEssTyxIrEykQIubfGIW/IF5LhhpA/3BgKhIKhUCgcfCgSioabQrFwcygebgklwq2hZLgtlAqlQ5nwaKgfGoSGoVFoHB4LTcLjoWloFpqHJ0KL8GRoGZ4KrcLToXV4JrQJz4a24bnQLjwf2ocXQofQMXQKL4bO4aXQJXQNqaFb6B5eDj1Cz9Ar9A59wiuhb3g19Auvhf5hQBgYXg+DwhthcHgzDAlDw7DwVhgeRoSRYVQYHcaEseHtMC68E8aHd8OEMDFMCpPDlDA1TAvvhelhRpgZ3g+zwgdhdpgT5oZ5YX74MCwIC8Oi8FFYHD4OS8LSsCwsDyvCyrAqrA5rwtqwLqwPG8LGsClsDlvCJ2Fr2Ba2hx1hZ9gVdodPw56wN+wLn4X94fNwIPwlHAxfhEPhy3A4fBWOhK/D0fBNOBa+DcfDd+FEOBlOhe/D6fBDOBPOhnPhx3A+/BQuhJ/DRfmbNSGEEEKIP0T/zv5u/+B76QBA/bruDgCZtuU8/O9rbsj213VPlatFAgCe7tr+ob9tlSqlpqb++tolGqJ8cwAg8ff1/xYvhebwJLSCZlDsH/bXU3U8z79TP3krQIZ/k5MCl+PL9W/+D+o/9sSwBSXjc1n+k/pzAArku5yTHi7Hl+sX/w/qZ2/yO/2n/2IsQNN/k5MRLseX6xeFx+EZaPV3r/wDAxZCCCGEEEIIkSb0VGXa/t7986X781zmcs5VcDn+vftzIYQQQgghhBBCXHnPdez01GOtWjVr+8cW+OtzgX8u609b1Nq299lLh78yR5fFf3mBAPC/oA1Z/PHFFX5jEkIIIYQQQvzpLl/0X+lOhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKItOt/4t+JXelzFEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIa60/xcAAP//daA1bQ==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000d40))
write$FUSE_GETXATTR(r0, &(0x7f0000000300)={0x18, 0x0, 0x0, {0x37f}}, 0x18)

1m56.250857725s ago: executing program 1 (id=1027):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000340)=ANY=[@ANYBLOB="003106060000002b"], 0x0, 0x0, 0x0, 0x0, 0x0})

1m56.119266532s ago: executing program 1 (id=1033):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="0800320000000000050033"], 0x2c}}, 0x0)

1m56.037974871s ago: executing program 33 (id=1033):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="0800320000000000050033"], 0x2c}}, 0x0)

1m7.899192093s ago: executing program 4 (id=1652):
open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x0, &(0x7f0000001400)=ANY=[@ANYBLOB='nls=ascii,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c706172743d3078303030303030303030303030303062622c6e6f626172726965722c6e6f626172726965722c63726561746f723d7fcfb5b72c706172743d3078303030303030303030303030303130312c6769643d", @ANYRESHEX=0x0, @ANYRES8=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYRESHEX=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRESHEX=0x0], 0x5, 0x6fe, &(0x7f0000000b00)="$eJzs3TtsG+cdAPD/URQluoAjJ36kRYAQMZAWFWpLFpRWXeoWRaEhKIJ06EzYckyYlgNJKWSjqJU+9g6ZOqWDtqBDke4G2rlBiiKrxgAFsmTSVBZ3vONDpEjKliU1+f2E43133+O++x/vjuRB+AL42lqdj/KTSGJ1/s3tdHlvd6k5tbs0k2c3I6ISEaWIcnsWyXpkuTfzKb6ZrszLJ52G/9W/nQ8aK29/9uXe5+2lcj5l5ZO+euNVBlft5FPUImIqnw+aPqTFjw9uvq+9W4e2N6nuHqYBu1oELv70TK3CM2sN2OnkffTv7HWgzsVzneRRzlvgjEra980BcxHp2T4b0b7r51eH0sn27vjtnHYHAAAA4KiqR6/ywn7sx3acfx7dAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK+qfPz/JJ9KRboWSTH+fyVfF3n6DBo/EOKnM+35k+ffGQAAAAAAAAB47l7dj/3YjvPFcivJnvm/1vOM/xvxXmzGWmzEtdiOemzFVmzEYkTM9TRU2a5vbW0sZjUjLo6oeSM+GVLzxuF9vHnM+wwAAAAAAAAAZ9zsmPx704Prfhur3ef/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFiQRU+1ZNl0s0nNRKkfEbFFuJ+KTiKicbm+PJBm28snJ9wMAAACeyWz/YjI7QZ0XHsd+bMf5YrmVZN/5L2ffl2fjvViPrWjEVjRjLW7n36HTb/2lvd2l5t7u0v10Gmz3x18cqetZi9H+7WH4ll/OSlTjTjSyNdfiViTRypTyVl7e211K5/eH9+v9tE/Jj3IjejPVk76dvlz5OEv/sf9XhPKRdvEplQ7NmctypzsRWcj7lta4UERgeCT6js6wt0l55JYWo9T55efigS21+n9mGR7z90fv87kDpYb+cnMqDkbiRpQ6R+jy6JhHfPtvH/3ybnP93t07m/NnZ5eGejy2xMFILPVE4spXKBLjLWSRuNRZXo2fxS9iPr6YeSs2ohG/inpsxVqtyK/n7+f0dW50pD4917v01riepOdkrXP9GtanWvT1KWrx0yxVj9eyY/rfViOSeBARa/FG9ncjFjtXg+4RvjS639lZX5rgStvj6neyWSdMUT287F8ma/K4pHG90BPX3mvuXJbXu6YbpReHRqm4101+P+pR/laeSFv43cj7w0k7GInFnki8dNj7pR3SP2d3k83m+r2Nu/V3J9ze6/k8PY/+MPwucUrXlnRvXozZfOcuFF1pPc7zXurcYfvjVcmfuLSVBvIuderNxfloxM/jQdzuO1O/H8uxHCtZ6ctZ6emBO1aad6XTUv81PM1LP2mVOw92ej9vPYhm+/MQAGfbue+eq1T/U/1n9cPq76t3q2/O/mTmBzOvVGL6H9M/LC9MvV56JflrfBi/6X7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnt7mw0f36s3m2sbwRGl4VjK6Vr3ZKgYSG1GmL5Hko/ZMUDjZfPioNbbB0YmZvHtPWf04E8UwfOML10a2U36mbiQ7B4/X7PhjUYzyNMEmkoGAp5WfOnTFlrtrps/AoTyYqI0uU5ksdFmieMP2ZB393VsddrymImJY4TEXjqnjuPoAp+n61v13r28+fPS9xv36O2vvrK1PLy+vLKwsv7F0/U6jubbQfu2pcCKD3wInoffjREf6weTVgaID47KOGKgVAAAAAAAAAAAAeI5O4n8hTnsfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9vq/NRfhJJLC5cW0iX93aXmulUpLslyxFRiojk1xHJ3yNuRnuKuZ7mksO280Fj5e3Pvtz7vNtWuShfitg5tN5kdvIpahExlc+Pq71b49urdJMzQ7KTTmTSgF0tAgen7X8BAAD//5CS7ds=")

1m7.840961212s ago: executing program 4 (id=1653):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cf042bbd7000fedbdf251200000008000300", @ANYRES32=r2, @ANYBLOB="0a00060008021100000100000c004300f8ffff01f5fdffff0600b500bc"], 0x3c}}, 0x0)

1m7.779321675s ago: executing program 4 (id=1654):
syz_open_dev$tty20(0xc, 0x4, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
r1 = syz_open_pts(r0, 0x101)
r2 = dup3(r1, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000100), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

1m7.779176227s ago: executing program 4 (id=1655):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1000, 0x0)

1m7.696235666s ago: executing program 4 (id=1656):
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x0, 0x400, 0x0, 0x0, 0xfffffffffffffffe, 0x1}, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r1 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r1, r0, 0x0, 0xffffffff)

1m7.545084497s ago: executing program 4 (id=1657):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000000)={[{@utf8}, {@uni_xlateno}, {@fat=@sys_immutable}, {@fat=@quiet}, {@utf8no}, {@utf8}]}, 0x1, 0x34b, &(0x7f0000002980)="$eJzs3UFrY1UUAODTOrbDDG26EEFBvOhGN6Gtf8AgMyAWlDqV0YXwxr5q6GtS8sJIBrGCC7fzOwaX7gTxD3Tj3p27blwOOPikSVrSMTPWGdqk9Pug3AP3nr578/LC2STn4Pb9ne2tsr6VdWP23RSzETH7MGKpHw3MDMfZfjwXo76Lt2u3f3/t408/+6CxtnZjPaWbjVvvrKaUFl//5etvfnzj1+71T35a/Hk+9pc+P/hz9Y/9l/dfOfj71lfNMjXL1Gp3U5butNvd7E6Rp81mVaun9FGRZ2Wemq0y75yY3yrau7tXU9baXLi228nLMmWtXtrOe6nbTt1OL2VfZs1WqtfraeFaXBrfH0TEs5x348H6etY4xcLFZ/jnTIlOp5EdPsPz/5rZeDCRDQEAEzVl9f9RifK0+r83tv6fucT1/9BfVVX9v4xT1/9cYIf1/9zw+T1J/Q8AAAAAAAAAAAAAABfBw6qqVVVVOxof/5v0/jgf/3H/q70J74+zMfLFvasRxQ93N+5uDMbBfGMrmlFEHstRi0cR1bFBfPP9tRvLqW8pFnb2BvmH4wsn81eiFkvj81dSStVeSrGwMx8Rw/wX+79ocZy/GrV4aXz+6uD66eT15+KtN0fy61GL376IdhSxefiGHsn/diWl9z5ceyx/vr8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMuhno6N7d9frz9pfpB/3F9/OWrxaHx//uWx/fmvxKtXJnt2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhS9u5tZ0WRd6YoqIamZT/PF8ycYk3EU9dcf+LU/eFtPPdzxbS8vIIzCib8wQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMNLRHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEus7N3bzooi75xhMOkzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXCT/BAAA///vdSZB")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r0, 0x80000000, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000840)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

1m7.489850733s ago: executing program 34 (id=1657):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000000)={[{@utf8}, {@uni_xlateno}, {@fat=@sys_immutable}, {@fat=@quiet}, {@utf8no}, {@utf8}]}, 0x1, 0x34b, &(0x7f0000002980)="$eJzs3UFrY1UUAODTOrbDDG26EEFBvOhGN6Gtf8AgMyAWlDqV0YXwxr5q6GtS8sJIBrGCC7fzOwaX7gTxD3Tj3p27blwOOPikSVrSMTPWGdqk9Pug3AP3nr578/LC2STn4Pb9ne2tsr6VdWP23RSzETH7MGKpHw3MDMfZfjwXo76Lt2u3f3/t408/+6CxtnZjPaWbjVvvrKaUFl//5etvfnzj1+71T35a/Hk+9pc+P/hz9Y/9l/dfOfj71lfNMjXL1Gp3U5butNvd7E6Rp81mVaun9FGRZ2Wemq0y75yY3yrau7tXU9baXLi228nLMmWtXtrOe6nbTt1OL2VfZs1WqtfraeFaXBrfH0TEs5x348H6etY4xcLFZ/jnTIlOp5EdPsPz/5rZeDCRDQEAEzVl9f9RifK0+r83tv6fucT1/9BfVVX9v4xT1/9cYIf1/9zw+T1J/Q8AAAAAAAAAAAAAABfBw6qqVVVVOxof/5v0/jgf/3H/q70J74+zMfLFvasRxQ93N+5uDMbBfGMrmlFEHstRi0cR1bFBfPP9tRvLqW8pFnb2BvmH4wsn81eiFkvj81dSStVeSrGwMx8Rw/wX+79ocZy/GrV4aXz+6uD66eT15+KtN0fy61GL376IdhSxefiGHsn/diWl9z5ceyx/vr8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMuhno6N7d9frz9pfpB/3F9/OWrxaHx//uWx/fmvxKtXJnt2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhS9u5tZ0WRd6YoqIamZT/PF8ycYk3EU9dcf+LU/eFtPPdzxbS8vIIzCib8wQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMNLRHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEus7N3bzooi75xhMOkzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXCT/BAAA///vdSZB")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r0, 0x80000000, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000840)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

670.452266ms ago: executing program 3 (id=2596):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
syz_emit_ethernet(0x8e, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "00c222", 0x58, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x16, 0x2, 0x9, 0x0, 0x5, {[@sack={0x5, 0xa, [0x3ff, 0x2]}, @mptcp=@remove_addr={0x1e, 0x15, 0x4, 0x0, "8846c324bd48cff2b6a4f5beb215d79f09f1"}, @md5sig={0x13, 0x12, "93361b7a00c3c136a567598d45512671"}, @sack_perm={0x4, 0x2}, @generic={0x2, 0x6, "e1e64236"}, @fastopen={0x22, 0x8, "dbea53ca6995"}]}}}}}}}}, 0x0)

608.704679ms ago: executing program 3 (id=2598):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000000)={0x33, 0xfffffffe})

608.567853ms ago: executing program 5 (id=2599):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000100)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0)

608.40838ms ago: executing program 3 (id=2600):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f00000002c0)="20b907000000", 0x6}], 0x2, &(0x7f0000000580)=ANY=[@ANYBLOB="100000000000000001"], 0x30}, 0x840)

608.143233ms ago: executing program 5 (id=2601):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x39}}}, 0x0, 0xfff9}, 0x90)

608.004613ms ago: executing program 3 (id=2602):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x400)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xee0c)
ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x5e)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0x2e26, &(0x7f0000000000)={0x28, 0x8, 0x9})

527.82504ms ago: executing program 3 (id=2603):
r0 = add_key(&(0x7f0000000040)='rxrpc\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$read(0xb, r0, 0x0, 0x0)

527.707396ms ago: executing program 3 (id=2604):
syz_usb_connect(0x2, 0x60, &(0x7f0000000080)=ANY=[@ANYBLOB="12010003c3d10a08dc17020250f10102030109024e000104e9000909042000000e0100ff0a240102000502010209240703deec9e701b789b22e603009d0924030106030501f90c24080201000dacf34b4491052404"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})

527.405733ms ago: executing program 5 (id=2605):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ec0)=ANY=[@ANYBLOB="b702000024000080bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadcb74220e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57abb19700f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d58625cf9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333a8b1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807909727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486d658eec8bcaffbe800a041a378b40dc9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3d1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cb471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d7500760600f3ffb2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a082c5242c8fa7ff40007ff275df45508ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a0338c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b198246d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4c98274eeb666aa1f5fcf91990cf0dcfef9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e9101734a9e9c6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000061d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a381b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f2a70d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df620047bade4ba41ee014184395a479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2a65246779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04edac11aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f41253a8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd02000000bf48ea48e0e1f463d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a244609ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e7a5dd7503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d58bb5603895f265685fdd11263c946f8ef3ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0fb92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c8e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a18668298a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c1423cd597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a9adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cfa48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89f11a300510776934e87bb3c21394f46954a012b2a3b0760f1bad1dbd6b466ed7153bd18ee2c0b2353c38df9e0782eb000000000000000000000000001b58cadcc5aaf65e05663985a177aa1d1ea2ad1b8151c7d58f5b92827f550269b3585d98e1394e816a477e52ce2f6de2bd7192f46cf965e774968d151d2bda084b10ec4c8d2c6ab582b1e5e3ed874235ff128c661298ed75879d8a4025ad1c3d9ef6355dc7284c6e648a61da026a777fcc7ae2c60ce64a2f2b0000000000000000000000000000003022110d1230e998429a6fd8f35939a8ae5acc89125539d84b98df6f8ee2ad0b238759bf400ac14c591aefe9660076a494f73b0ea8f3cb4a9c2e4f745a2afb593fabb9481600b2f44e64dcb0d0d57d5aeae626d2700608bb283800000000008a4c26b16213f0d9d7c3c57413b1e5895c9c12259519274ca8fd3bce804c8176a297f28add10956f3aaa3db687abcc17d326fd3674b7680206e875332b82c1de5ff793f6971d98c787c6daef28f66b542f08eeb6c82fbe03a3dc625bddf98d2a200c94065db5d5414361a785ff39392d9b1c870d8a2287af0ee98231100efa30652f2dd84da00970b5d209c623b26770258fcf63690f17cce7a78aeba7f6cbc4c143f48b1d0a10afdc93eaaff72e6622fd4da72ca7b30cd30b568599a6b44a2dee51985d802ed8088391a6717c4d97"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe37}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="b907ef19edfff007049e0ff0888e", 0x0, 0x102a, 0x18000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

525.855942ms ago: executing program 5 (id=2606):
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f00000001c0)='./bus\x00', 0x2008cd2, &(0x7f0000000200)={[{@utf8}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@unhide}, {@check_strict}, {@overriderock}, {@hide}, {@check_strict}, {@map_off}, {@iocharset={'iocharset', 0x3d, 'iso8859-7'}}, {@mode={'mode', 0x3d, 0xb2eb}}, {@check_relaxed}, {@session={'session', 0x3d, 0x5e}}, {@unhide}]}, 0x4, 0xa1b, &(0x7f00000029c0)="$eJzs3U9sHFcdB/DvrO3EdUuStqGUqm02KUnd1ji2QxOiHkpibxIXO0a2IzXi0JTGQSGGQgNSWyE1lRAnKpBAHOBW9QQSqtQLvaDe4AYnDkioJ+4Vp3Aymt11vP67tuvYafr5ROPdmfnNe7/5+7Lr8bzw2TK3d9HY3Fx92OT4hT9sQ8bcwU6PfPzu+++Uw9s3sisdebb4c9KdpJp0Jnk46RoemZwYb1PQteRSko+SIsnuNF7X5VKKX+a+hfGPUvy+rHdVu9ZbMu3M8bm208cfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADciYrhkYGBwWJXRs9feLHakFSXGR6ZnCgyN7d8zvwyDR/We/0uPmxbb1KUQ7q757v6fnj/wuyHklQP5dHG2KP1DsnTnTfvfWjfcw92VuaXXy2bT2X3+ou9/sab116enZ15bfWQubca67A1ud1hztbOj05NjI6fOlurjk5NVE8ePz5w9NyZqeqZ0bHa1MWp6dp4dXiydmp6YrLaO/xUdfDkyWPVWv/FiQvnz470j9XmJ5746tDAwPHqC/3fqp2anJo4f/SF/qnhc6NjY6Pnz9ZjytllzInyQPzm6HR1unZqvFq9cnV25tiSnDqWbuwyaLDdmpRBQ+2ChgaGhgYHh4YG3272nn1rwvFnTz57YmCgc2CJLIu4TQctd5Z7Vt/NW3wFh82rNNr/fG8so6nkQl5MdcV/wxnJZCYyvsr8pvn2//DR2pr1trb/zVa+s2X2I+WPQ3m8Odq9Svu/Si7b9+963sibuZaXM5vZzOS11rld82uz01lu5N+uDeV7NrWcz2imMpHRjOdUfUq1OaWakzme4xnISzmXA5lKNWcymrHUMpWLmcp0avUjajiTqeVUpjORyVTTm+E8lWoGczIncyzV1NKfi5nIhZzP2YzkVL2UK7la3+7H1sjxVtDgeoKG1gha2piXx3o54U9J1tf+1+7W/wmyblt6/YZPY67Z/u9qH9o7vB0JAQAAAFvuy3/Lnv0P/PXfSZHH6t/Lnxkdqz2/02kBAAAAW6h+u96j5Uv9brXHuuuf/wd2Oi0AAABgCxX1v7ErkvTkQOPd/F9C+RIAAAAA7hL13/8/nuLAwgSf/wEAAOAu09H2Gfttn8Jf9M0//rd6ufF6uRnRGCt6zoyO1fqHJ8aeG8yR+lMGkjy2vLSOpOiq//nB0znYiDrY03jtWSixrLO7jBrsf24wT+dQI+JQ7xPlyxO9K0QONSKfbEQ+2RrZkUWRx8pIALjbHVqjPV5v+/90+hoRfY/Um/zOR1Zogwe0rABwp7jVx87/ml2ardD+NyMeX639/9oan//LiAdy5UDjloL+vJJXM5vL6UvzjoMDK5U63xtB4zaEvjbfBvQ0b1n4x4lK+pZ9H9B9a11bY2cylL4VvxFoKbeYz+FYI67j9uwDANhuh9Zsh9fX/ve1+fzf45ZCALij3OrBfgNv3tpI8Mxr13d6HQGAxbTSAAAAAAAAAAAAAAAAAAAAAAAAAAAAsPXW9QD/vx9JZmdnkk10FrDpN90byXDtN5VsdYZf2KaNsNE3HUl2qvbns+Glyn38KSr94z3Nxf+z81v+rnuzwxcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtkWRdKw0vZLsTjKQ5Oj2Z3X73NjpBLZKddemFitu5mZez54tzwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HOu+fz/Shqv9zYmpbOSHE5yKcm3dzrHrXRzpxO4PYr2Id9vBC48/7+SdGWuSGdjt6foGh6ZnBgviyp2l/M/fvf9d8qhfdnLe1UoCyhrWNS5RLOGlildi5e6v75Uz8jM9Ws/fvWH1ZHT9QPz9PSZsZHxs5PfWAh8qPggqaYxzJvP96eH//KrlsnNjhKKD8o1XdnSes/U6x1ZXu+XVlp6lXrX4erszFBZ03Ttxemf/ODq6y2zHsjB5InepHdxTd8th1VqOrh0ey5WfFL8vNiT3+ZSff+XW6OYK8pdtLe+/vdcuTo70//Kq7OXb+X01qKc9uVAkstJ9/pzOrD6sVk/6ipdZa0D9aDyx/425a2ppcTBVbbr/fVDpmdD61Btc3612e55r7PM6NiKGf36Rw/myIb39JE2Na6o+KT4V3Eu/8zPWvr/qJT7/3BWPDtXKKIe2XKktM5bdHpVGpH1fTHUOuOlpWWuelZyG/wi38nXb+3/Ssv1v7mvtud61FLjyudFsvHz4r29y1qUBfUWaf+SFql59VltmWae+xtRq+T5xTzTKHMDV5Rn2rXYt+n8/13Rm//mhv5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAO1+RdKw0vZIcTrIvyd5yvJrMLY25sYn6Kj3FZtLcMpvJ+bOnaF3R3Yvm3MzNvJ49O5EVAAAAAAAAAFvv9MjH777/TjnUfx/fka9UmnOqSWeSfcVvuoZHJifG2xTUlVya/5V+98ZyuFT+uG9h/KNy7OE2C+3s7QMA8Jn2/wAAAP//Dnxtlg==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x41, 0x14a)
open$dir(&(0x7f00000000c0)='./file1\x00', 0x0, 0x146)

448.689906ms ago: executing program 5 (id=2607):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000440)='dctcp\x00', 0x6)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)

448.437549ms ago: executing program 5 (id=2608):
socket(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r4)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, r5, 0x1, 0x70bd28, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4, @dev={0xac, 0x14, 0x14, 0x13}}}, {0x14, 0x2, @in={0x2, 0x4e23, @private=0xa010102}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)

349.36482ms ago: executing program 2 (id=2609):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f00000002c0)=0x7f)

349.129465ms ago: executing program 2 (id=2610):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000c80)='./file1\x00', 0x800000, &(0x7f00000000c0)=ANY=[], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000effc)
truncate(&(0x7f0000000200)='./file1\x00', 0x20fffffffc)

49.904237ms ago: executing program 2 (id=2611):
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)={<r1=>r0})
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001214010028bd7000fcdbdf250800", @ANYRES64=r1], 0x30}, 0x1, 0x0, 0x0, 0x4000014}, 0x20000000)

49.776341ms ago: executing program 2 (id=2612):
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x3, &(0x7f000000b000)={{}, {0x0, 0x989680}}, 0x0)
clock_settime(0x0, &(0x7f0000000040)={0x77359400})
readv(r0, &(0x7f0000003200)=[{&(0x7f0000001180)=""/4096, 0x1000}], 0x1)

348.302µs ago: executing program 2 (id=2613):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@multiplanar_overlay={0x9, 0x3, 0x4, 0x8, 0xa, {0x77359400}, {0x5, 0x1, 0x1, 0x0, 0x6, 0x0, "e2ebf340"}, 0x10001, 0x3, {0x0}, 0x7})

0s ago: executing program 2 (id=2614):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r0, 0x1000)
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
ioctl$HIDIOCGRAWPHYS(r1, 0x4004480d, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000000900)={{r0}, 0x0, 0x4, @inherit={0x58, &(0x7f0000000580)=ANY=[@ANYBLOB="00885315adad7db09c71d56a00000000000000020000000000000040c3000000000000040000000000000008000000000000000700000000007ffb32812c7e8bbb22cd436d8a1ccbde0000070c0000000000000400000000000000b428b3700ae6f5b05464b6e5e43d0958040000040000000004000000000000009e470020000000000c8d887448f6c33d6bba876e8849e334537bba2b8ff9885ae3771c204e6784155f7d7b0dc86cebe93044d4b53a472992bec3a5469a9e80e574710d8058b2238004c7809d5b8d7e1cbb00bca2a1b6e410c9651b7e643f1f8bb448e5418ce34a4e816365db7ba57a965c4d6ed074e43b929cdf62d24d9e8b4db3a3f70c2087b1fde367"]}, @name="f265ffcd4b648a41895e1804dfac4b227f5f5eea64f728201f586b1eed6f146364bf6f97298a483ee2855f5bdcd845696b36d6c656383238e3e0982a29f3b8ee4a55de92bafd61bc3b61cdff5cc764206898bc5fa5907ad7c7ee7b242d6660584f88a62e0dc15271242ed67e80bcecacdf5fc470c33232a2df914f0f1fb83d18a4e1783b23afb395ae134c9e0cd658bf334e51616086ec011a1ee66c167a967574d2f9ab60338672d596c3fe31797ed4f537efd3654809dd5d37fd95ad21ec53e7ac9004a343dca73bca24511bbc5f3782087569a57d11d39522de127538acee737a270a77f24bf343915fb7592793e28b94c7ff502a564c7acff3c4c4c310de4bb8403b616d9b8ee869b805618f3da7640262f0378d877d50fcc41cf77a648cba0e5050fbf62eecc991906d21f3763fcd04a436a3c1dd99c99f01323e150b22efe361b1a7507a97514b2f4b92d040f79a582f04c6e8f5deba9821701551eee9672369dd4f4ec28111481409f75254048127deedb203136c52c18f709dbd43ddb90115172441d389a203bcf23902b1683f04f073c91ecf0271c663a756fae1b8ab128b8ce9738da8fd6094edfeff2578b6fb8de1dacaa011bd3c91c8413c2d4910868cdc42425e1a3de7acd16f3840cce265fa23a41980424b0bd792aea379d6c3b98eeab26aa7bb97e7ae14bbaa9d1e0e3cf583b0499a0593e984847d180a9beb06feff8424d578df7736e056c02553af8ae4e768bc891bff482982d6e7b63c9de215a800e8ff5418ad1f6ff062e245562b02222e9ab6e5bf4b56c1334b08ff7950fea120105f7ad02af47c60b6a4f591a2db49f823bf5057b3b0b7efcfc8325d9a257a69502a7e3cd29d001d61736e49c60dced4786fe1da7d6701780bb6b8c3f1bf0778fb42f5f1b11c6c49e327ae1490c86b505679b6693a2de5e5f2f1fbbd1e96aa712adb0b633fc6c06fba1a4a506871301d634a54967885c2535e5774015c299ba32d3bc44094bb12852ee90ca9d5f6500e75e53dab8cf6cb89ac50e4ae5ba11dd358af2f5698aae4680763ac25141bef709e6bc1d97d54c48f512011f007e755b736bc6f9b57e8b6fdfbedffd2dbd963488d0133b0dc0ce40142130cff3f8e882a4564c5e52399453e351f3844134cbb2512bb9476f7bf95a79c5056c07d367a15798df9771f02b0e9c62d9493414f4fcb765dda49c3efb9407094efaed2dd3cb793b1a7b910b812462d762d35bf8b5d08f0ce7b7b01ef957b82ed2e7c991608c4026438736aea88f5ef4b83bc672763c955940b94f3e45b825406169275416fbbcbeecb029886c0b626e98c53ed225c93660995a485b0db115ea4816dba45c17edfe55b9dab827d14a762d99cdf4adb9eb6998e86cf0559cfc80ba20ebeed1b91e1fe8741687e30ce3b158fe99ecf6a3ca25a20f5b94000de4ac00fbeb0a10462fe4768216e6a52c4b4cad60d7de9c11f574879ac2d202af32a45fd855fb71ca6a6a73f1a5cae7c1c420ef672fa6333a2ab87b0d1bdb648e9b80ce2f2d3fdfe25cccd527c250b7a3f44ba5e92b600e6c4af7e21e3fca37fc8f361199a9140d473a1ef3c5180a4457965c4437993ba45f940afb0efe3928ff9fc6a130f4b688b460744e6289a70dff75ec743597fbc44a37be82483c92b1dd4fdeec4d4bb09487329d0653688704511264998b86dbf3a927b1b467eb24f758f7e58472679678cadbde546684185cd3d85cced477b881939edc0bfd805adfa88cb6025ca5be7c2d6e1ac8a40a33c4e3df6772032d62a3d720a9867c26f4d6422bf36d3ae7f49409518aebe5fbb79afbbf894107730e1be68ac52dde1a730beb11b29cc3237188cee5b1c880e673fa558dc37eed27cafc6918ce453cc112838286c26bc511318368b51dadd487ba11f504c6432f60dc26d9d908ea7d0d1ea9acc5f56ab66790bb71d801e1979ccb2a17ab6f234f474f5886175d49f195e64a6878c71c483081be48a5e0694d48828d1c41835af265c068e9e019cbbdde72f187c48b488c190fad2be30746043857914e302928105230ad4bed10319292541b0b6a615f86b96aa76ce4422d55636c496a305ab8e07b2d76f7c7b38604858d601502ab349875e844d1c9e25332ac28da2ead44e1d8df2beb1186bed407e25febea2440d09957446e60960d69aff492f048a0b4b89c0d0dcdca79fae52430f978a0d607902cbbdf1609d4d08f0896324456613f5c5ab7c13b74387e9a25813c10f6e647e45acbf9740a88f1425bc4b41f7733efc0f5b217e54d9e672cf97887c8069105c23e29712246be4f9b0153b23ae4f97356428503b2b0f66facb479af6a5ccbfb47893ac909c2f09b5effcc7da81e89583e4bee63cbe8f120ed7528bd11289d1fa2782245a2b5b6b5418e0e9626e5d36a7473ec276be813c52585ce7054208451b2c1346f87e76ae0d5599ce6abb157bea8f8b25dba4b77df511b9e9c6be930d19bbd96f3d1d76c06160fab937cd5f176e0dc944a227c804c2a9fd55e062a0d89822d8963a32dbe8d123c9ee6a10e4ecdcc67654aed96124a7544c4fbfbe82e3537202275d899a8ce61794c9ddd410da4dc17e54d62a4e5d0ce1f5365ead10c639c021933fe998ef1229469461fe06e584b11cd7fd094b40f7d69509b063b7a911aa8fa461146d87a5d18b10373878fe20d453c3557ad1bec2db5745f9d4ca7863689b41dc2a862bee0832873f4f8103ae87f442722128135d820025ff02ed0e52d5f7d71dc80f6aef5652f4aa215fee03f1354492f8bce91324e9cb842eceb3e20dc14a7a943fa056cc250e8880f9fa7910a008ce59f44a4d27b3fe74f147873f6d97a70a6602bd12c999e2bb8bd7c8bc4017dffddc1f127c3f482ad1b31514a0309dc41661583d65052e776ac46432599e46e36bf903df01fb480a9e21b7f9e4485c21cb7c1d83fafe8b11e662c42e715a24d997d905d3ec2e6f6aca2dfec324d51f02a1f3c8749137a483d848815fe3c6b2e0455755852f904e4552034214ee192662bd066a21daf720c40e3b6f0332d17b6c8109b41bdae8e1229b4598f200ec914423f3c8daaf4b3e7b8b5fe8bf3d0fe4aef820b270ce471cf496aeb300495b478b831bb13c3919cd421c7241ea1eadf6762bf6af813986dece741331bb11e6884768fedcb599295f0d79d3c504170a5dfc7589fa396b9d661cb4553fad720dbc30a4fd63aa394aee8e7f5c87cb6bfe54d4669978109464546bf4455cd1ef3e65720a5847732b5d29aa992eeabc5bdef21483979daa96c1ec34b972097f5e6de43e62e1a711349bc9b2c5b49ca188706d38c582fa1294b3e751d0796fdeea4bc962f70e9a6634e7e8a6382a456dd0ed19c2296af78b1d8f8c84e579211a81bc5ded12203f27a8f87fb95536ef1fda656ed53b1e2b11752746df82911ec27535f9d8f61b959a336eb2bff6ab1fe6b37e40676f7151d5bba5829d289b2622805fa22398910fc49a14db7df29c9438b265324595ce5ba813ce237ea6d31c5294ae52588b997e5453c4971607ed12528f64aadec23abc9f90f06e59e2444c286cb34c3a27fcb4e9429e25a66b3658ee3566502f52cd11c12c3a6fee916d6bd9a063d5719d76036867e759ff8c533360c32482f76bc7425b981528add867e2ccca1c286ca8c238f377bbd075b4b26d838fff76b398562bf538e89a3da30d3bdb0e2018779fc7400cdc2e95a3dca7412c1e022ac73e162116a67c11b95a4e3ee69d6eb12f2382a75d904c06f7484aab7bb8c89fc8e716ff4122f1031dda0c30d4673786395259a1260f01392d4147bf901d9a0f91b1fbee82c9a2d97dedf56f43bbd381e25a38e5e30c5f285ae6aafa0ae8323fe77bee173f55e9592d8135b18352d8c7ef4cffef369f339231b915d64f230f1ad3613fb5593d35e6335b9fdf133e20a9cdd18a146ceacf6cfab9cb048a375161455ad96d82305e92bb541f36a2497cf2d34a03094bdafa7c8b61d2578a8797da01684cf73dee46b6ce13be0e45464b6cebf5477cdb84f823a2819e6bfad728199ef5a3fca391ddd784caf460df904c301bb1fc01653f27761a9a2ad9a7da63f57e1117d8d57130998ae93979306a84753520868a4c73cf26aae8450a9ac4908234c7c12d3d1e7d80bf6a52c90ae89d0702aa8e2733ddeba3c9d276aeb944d5704cbc4c6b36daf65309a6b125a9dce6fd069f4c622369b14811a733634031d595aa4c52c3037299e30ed407c47cc646205108ba15bf38d4a2af6470548be8c0ad030e7710655ee61215c2d7d84c851de810eff7dae8c8eff5ddde7b8593927f88183f2360cf116d6c9495e0ed84e9da75f9d66a9e07970cdc8558e857e8077bc187a1a6ac1c1afe78225f7d24ec38daf0659ae6a04b02855cbdbb25109ea9f12a2f26b2e60dccf35205e6cdc7d8ad2363409baa8d3e42b68342ba23e29646e07c83e8c2bd2e9faf1608880504790bb0d592f4157f3fbcca3026dd1c9a3c55ed7be0fc62e123629c7dff12cb12d5b7edfc2af7ffb4a4f9eff23472d7d559095e50a059d684601c772846d70e52bdd95d4d0f13fd584764709a2fb0e7dd44ac06ae3c1cc062089f7b6ba35fe61900aee305b92cf4b0544f78902c587f827c45660f076707fc37b03bf27dbc9445bbc36ffaff5cb09e1f679713545d8268f5e794ae9a0bdd79a48aa16ce2d24ebf41671361e35125066c2f3ac8533e90ead6b728c2f0e7eda9f4f0f1395dba096ba9c1cf6b0d8691dd4c50ac30313836cd48fc52ad51a5503fdd81e9b8b85d9b384fbf53befcba3a1ed1dd38ed0bd1ea57ff290f68be1a082cbd9dd472d762f1c52c1239b4c787f20d98281c3a77dadf908c11e5b13ddeec536e85739843e5ec62e088c1d97027793e661b853efe9e7ec5e9fdd18cf1cdf3a34681d074bd28d3b766a63a7a019d5a3bc4879391c371b0b52d20cfdc5f27ebd2c978fefa8369291848c8213ccec2a70dd6d8c62654e86a81de903017cc7a5931ced1cf38fb7e22896a1a4c68b9958f3bd9235405c4f46a4d8a9034bbb74bc7e67816baa0ba05822c44dce49b4ee66d01e255d3b31315368ef016fcbead361528780513489c5a020cb11cd77acaabfdade2c893a09ece0e95546a6fd2798596f63b3362c2f20911825266e4629c49803807cd76c69734e22ecacf486cfe1f1a0a303e4acd83ebbe6f40da9f083f28b810c4ca7a5acbc0b9dacda7d4c0556d330e2797a13f9af5feccc866014b4c237f3855f4e2305468f68a0bd1b2f100230e870a596d8b24cc6556730d6112289b5b32e5fd04132fe00b69fe4722bd62c45a88db739e9b1ac8762ac0ddf561d174a72b8f94a824d7a003666d3644013931a4ca707256c6381ffa3f38cb8d5a0fcc2ffd2bbec403abd3547c93c96bedc18f1aef57504c9bdcd3472727e7de43ceb4a40f4be8b0ea51a1e3c7d84b8b20b80f4976a05ec17712fa2f373cd31cb5eaa2e66978f0963fa11bdc7f51172bdee2d2a7345e1ebb105d3213ca59c3656f2f2924b65ed346b61f7572076ae6147e6e7ac224c3a9395899e6f32495dd312bbd242586396a069d0c13d69426699c8ff02cd2ad01b504d714d52c639c9c13e247e74b805fd4c7d377d0c247c81a1353f09c635db93fad9b8eefa145495e90afab3a42e0654346795c0f23658082751f2c30c818d0ba70dc7520a6377c38fbe94454d2f3b1f8ae"})

kernel console output (not intermixed with test programs):

28xx 3-1:0.0: No AC97 audio processor
[  183.001138][T10521] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1650'.
[  183.154823][T10525] loop4: detected capacity change from 0 to 1024
[  183.161137][ T6202] hfsplus: b-tree write err: -5, ino 4
[  183.518521][ T5901] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.565125][ T5901] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.615005][ T5901] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.677123][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  183.680694][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  183.681003][ T5901] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.687195][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  183.691484][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  183.695044][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  183.710852][T10533] lo speed is unknown, defaulting to 1000
[  183.730279][  T791] usb 3-1: USB disconnect, device number 35
[  183.766284][ T5901] bridge_slave_1: left allmulticast mode
[  183.768224][ T5901] bridge_slave_1: left promiscuous mode
[  183.771525][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.775080][ T5901] bridge_slave_0: left allmulticast mode
[  183.777112][ T5901] bridge_slave_0: left promiscuous mode
[  183.779267][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.894694][ T5901] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  183.899779][ T5901] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  183.904310][ T5901] bond0 (unregistering): Released all slaves
[  183.944370][T10533] chnl_net:caif_netlink_parms(): no params data found
[  183.994247][T10533] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.997102][T10533] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.000142][T10533] bridge_slave_0: entered allmulticast mode
[  184.002779][T10533] bridge_slave_0: entered promiscuous mode
[  184.005809][T10533] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.008034][T10533] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.012861][T10533] bridge_slave_1: entered allmulticast mode
[  184.015670][T10533] bridge_slave_1: entered promiscuous mode
[  184.034328][T10533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.038976][T10533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.051688][T10533] team0: Port device team_slave_0 added
[  184.054596][T10533] team0: Port device team_slave_1 added
[  184.064760][T10533] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.066992][T10533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.078971][T10533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.083784][T10533] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.086042][T10533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.095472][T10533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.117315][T10533] hsr_slave_0: entered promiscuous mode
[  184.119899][T10533] hsr_slave_1: entered promiscuous mode
[  184.122058][T10533] debugfs: 'hsr0' already exists in 'hsr'
[  184.124225][T10533] Cannot create hsr debugfs directory
[  184.172713][ T5901] hsr_slave_0: left promiscuous mode
[  184.175171][ T5901] hsr_slave_1: left promiscuous mode
[  184.177093][ T5901] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.179818][ T5901] batman_adv: batadv0: Removing interface: batadv_slave_0
[  184.182953][ T5901] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.185973][ T5901] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.195212][ T5901] veth1_macvtap: left promiscuous mode
[  184.197623][ T5901] veth0_macvtap: left promiscuous mode
[  184.200913][ T5901] veth1_vlan: left promiscuous mode
[  184.203141][ T5901] veth0_vlan: left promiscuous mode
[  184.369223][ T5901] team0 (unregistering): Port device team_slave_1 removed
[  184.376920][ T5901] team0 (unregistering): Port device team_slave_0 removed
[  184.382306][T10565] loop2: detected capacity change from 0 to 4096
[  184.541022][T10533] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  184.555291][T10533] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  184.574344][T10533] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  184.605938][T10533] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  184.652716][T10533] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.655082][T10533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.657454][T10533] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.659874][T10533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.670339][T10590] netlink: 'syz.3.1669': attribute type 1 has an invalid length.
[  184.708517][T10533] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.720514][T10533] 8021q: adding VLAN 0 to HW filter on device team0
[  184.731259][ T1226] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.734193][ T1226] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.742561][ T1226] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.744994][ T1226] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.754247][ T1226] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.756925][ T1226] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.892424][T10533] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.936242][T10591] loop2: detected capacity change from 0 to 32768
[  184.943858][T10591] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1670 (10591)
[  184.980790][T10591] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  184.991971][T10591] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  185.044860][T10533] veth0_vlan: entered promiscuous mode
[  185.050036][T10591] BTRFS info (device loop2): rebuilding free space tree
[  185.057141][T10533] veth1_vlan: entered promiscuous mode
[  185.060470][T10591] BTRFS info (device loop2): enabling ssd optimizations
[  185.063179][T10591] BTRFS info (device loop2): turning on sync discard
[  185.065579][T10591] BTRFS info (device loop2): enabling free space tree
[  185.074535][T10591] BTRFS info (device loop2): force clearing of disk cache
[  185.080150][T10533] veth0_macvtap: entered promiscuous mode
[  185.083158][T10591] BTRFS info (device loop2): enabling auto defrag
[  185.086876][T10533] veth1_macvtap: entered promiscuous mode
[  185.089556][T10591] BTRFS info (device loop2): max_inline set to 0
[  185.109253][T10533] batman_adv: batadv0: Interface activated: batadv_slave_0
[  185.115719][   T33] audit: type=1800 audit(1755849727.806:65): pid=10591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1670" name="file1" dev="loop2" ino=260 res=0 errno=0
[  185.130569][T10533] batman_adv: batadv0: Interface activated: batadv_slave_1
[  185.146623][ T5713] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.164734][ T5713] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.181625][ T5713] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.192089][ T5713] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.249807][ T8430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.252239][ T8430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.262420][ T8430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.265412][ T8430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.537663][ T5852] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  185.621965][T10650] loop2: detected capacity change from 0 to 4096
[  185.625685][T10650] ntfs3(loop2): ino=0, mi_enum_attr
[  185.635184][T10650] ntfs3(loop2): ino=0, mi_enum_attr
[  185.689789][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  185.769767][ T5855] Bluetooth: hci0: command tx timeout
[  185.795430][T10652] loop2: detected capacity change from 0 to 40427
[  185.802068][T10652] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  185.805188][T10652] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  185.809309][T10652] F2FS-fs (loop2): invalid crc_offset: 33558524
[  185.837041][T10652] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  185.839673][   T24] usb 6-1: Using ep0 maxpacket: 16
[  185.841673][T10652] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  185.844253][   T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  185.845572][T10652] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  185.849317][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  185.861768][   T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  185.865387][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.868773][   T24] usb 6-1: Product: syz
[  185.870797][   T24] usb 6-1: Manufacturer: syz
[  185.872782][   T24] usb 6-1: SerialNumber: syz
[  185.877177][T10652] syz.2.1681: attempt to access beyond end of device
[  185.877177][T10652] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  185.900243][T10652] syz.2.1681: attempt to access beyond end of device
[  185.900243][T10652] loop2: rw=0, sector=45096, nr_sectors = 8 limit=40427
[  185.937793][ T5852] syz-executor: attempt to access beyond end of device
[  185.937793][ T5852] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  185.944359][ T5852] CPU: 0 UID: 0 PID: 5852 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  185.944374][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  185.944381][ T5852] Call Trace:
[  185.944385][ T5852]  <TASK>
[  185.944390][ T5852]  dump_stack_lvl+0x189/0x250
[  185.944409][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.944422][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[  185.944434][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  185.944448][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  185.944465][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[  185.944483][ T5852]  f2fs_write_end_io+0x886/0xb60
[  185.944496][ T5852]  __submit_merged_bio+0x27a/0x6a0
[  185.944512][ T5852]  ? up_write+0x1c4/0x420
[  185.944524][ T5852]  __submit_merged_write_cond+0x44c/0x530
[  185.944562][ T5852]  f2fs_sync_node_pages+0x1479/0x15e0
[  185.944580][ T5852]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  185.944602][ T5852]  ? up_write+0x1c4/0x420
[  185.944612][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  185.944651][ T5852]  f2fs_write_checkpoint+0xe6f/0x1df0
[  185.944669][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  185.944687][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[  185.944701][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[  185.944712][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[  185.944724][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[  185.944739][ T5852]  ? shrinker_free+0x2ce/0x3e0
[  185.944752][ T5852]  deactivate_locked_super+0xbc/0x130
[  185.944766][ T5852]  cleanup_mnt+0x425/0x4c0
[  185.944780][ T5852]  task_work_run+0x1d4/0x260
[  185.944796][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  185.944808][ T5852]  ? __x64_sys_umount+0x122/0x160
[  185.944825][ T5852]  ? __pfx___x64_sys_umount+0x10/0x10
[  185.944840][ T5852]  ? rcu_is_watching+0x15/0xb0
[  185.944853][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  185.944868][ T5852]  do_syscall_64+0x2bd/0x3b0
[  185.944884][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.944896][ T5852]  ? exc_page_fault+0x9f/0xf0
[  185.944910][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.944919][ T5852] RIP: 0033:0x7fda1038ff17
[  185.944932][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  185.944941][ T5852] RSP: 002b:00007ffd045661e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  185.944955][ T5852] RAX: 0000000000000000 RBX: 00007fda10411c05 RCX: 00007fda1038ff17
[  185.944962][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd045662a0
[  185.944969][ T5852] RBP: 00007ffd045662a0 R08: 0000000000000000 R09: 0000000000000000
[  185.944975][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd04567330
[  185.944990][ T5852] R13: 00007fda10411c05 R14: 000000000002d5cb R15: 00007ffd04567370
[  185.945000][ T5852]  </TASK>
[  185.945029][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  186.093098][   T24] usb 6-1: 0:2 : does not exist
[  186.103558][   T24] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  186.116955][   T24] usb 6-1: USB disconnect, device number 2
[  186.134926][ T6032] udevd[6032]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  186.469678][T10664] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  186.570295][ T5855] Bluetooth: hci1: command 0x0c1a tx timeout
[  186.619748][T10664] usb 3-1: Using ep0 maxpacket: 8
[  186.625038][T10664] usb 3-1: unable to get BOS descriptor or descriptor too short
[  186.629236][T10664] usb 3-1: config 0 has no interfaces?
[  186.633733][T10664] usb 3-1: New USB device found, idVendor=05ac, idProduct=1240, bcdDevice= 0.3c
[  186.637665][T10664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.641172][T10664] usb 3-1: Product: syz
[  186.642943][T10664] usb 3-1: Manufacturer: syz
[  186.644994][T10664] usb 3-1: SerialNumber: syz
[  186.650069][T10664] apple-mfi-fastcharge 3-1: config 0 descriptor??
[  186.931704][   T10] apple-mfi-fastcharge 3-1: USB disconnect, device number 36
[  187.460330][   T33] audit: type=1326 audit(1755849730.166:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.469165][   T33] audit: type=1326 audit(1755849730.166:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.477409][   T33] audit: type=1326 audit(1755849730.166:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.485795][   T33] audit: type=1326 audit(1755849730.166:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.494179][   T33] audit: type=1326 audit(1755849730.166:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.502577][   T33] audit: type=1326 audit(1755849730.166:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.511832][   T33] audit: type=1326 audit(1755849730.166:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.520761][   T33] audit: type=1326 audit(1755849730.166:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.531217][   T33] audit: type=1326 audit(1755849730.166:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.2.1696" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda1038ebe9 code=0x7ffc0000
[  187.719573][T10664] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  187.849704][ T5855] Bluetooth: hci0: command tx timeout
[  187.869544][T10664] usb 3-1: Using ep0 maxpacket: 32
[  187.873305][T10664] usb 3-1: config 4 has an invalid interface number: 10 but max is 0
[  187.876539][T10664] usb 3-1: config 4 has no interface number 0
[  187.879084][T10664] usb 3-1: config 4 interface 10 has no altsetting 0
[  187.884198][T10664] usb 3-1: New USB device found, idVendor=0979, idProduct=0280, bcdDevice=98.4c
[  187.888000][T10664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.891528][T10664] usb 3-1: Product: syz
[  187.893283][T10664] usb 3-1: Manufacturer: syz
[  187.895292][T10664] usb 3-1: SerialNumber: syz
[  188.104852][T10664] gspca_main: jeilinj-2.14.0 probing 0979:0280
[  188.110144][T10664] usb 3-1: USB disconnect, device number 37
[  188.152198][T10714] overlayfs: failed to clone upperpath
[  188.421117][T10664] IPVS: starting estimator thread 0...
[  188.519674][T10723] IPVS: using max 69 ests per chain, 165600 per kthread
[  188.739678][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  188.860128][ T5916] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  188.892035][   T10] usb 6-1: config 0 has an invalid interface number: 69 but max is 0
[  188.895276][   T10] usb 6-1: config 0 has no interface number 0
[  188.897849][   T10] usb 6-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  188.901933][   T10] usb 6-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  188.908504][   T10] usb 6-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  188.912266][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.915436][   T10] usb 6-1: Product: syz
[  188.917166][   T10] usb 6-1: Manufacturer: syz
[  188.919310][   T10] usb 6-1: SerialNumber: syz
[  188.923087][   T10] usb 6-1: config 0 descriptor??
[  188.927518][T10725] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  188.931942][   T10] cyberjack 6-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  188.937136][   T10] usb 6-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  189.011300][ T5916] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  189.016229][ T5916] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  189.020544][ T5916] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  189.024666][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.030468][T10727] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  189.036076][ T5916] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  189.133371][    C0] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22
[  189.322097][ T5916] usb 3-1: USB disconnect, device number 38
[  189.333845][T10664] usb 6-1: USB disconnect, device number 3
[  189.340742][T10664] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  189.345363][T10664] cyberjack 6-1:0.69: device disconnected
[  189.929873][ T5855] Bluetooth: hci0: command tx timeout
[  189.989604][T10748] loop5: detected capacity change from 0 to 1024
[  190.210127][  T972] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  190.250507][T10756] loop5: detected capacity change from 0 to 32768
[  190.265060][T10756] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  190.273945][T10756] XFS (loop5): Ending clean mount
[  190.276388][T10756] XFS (loop5): Quotacheck needed: Please wait.
[  190.284749][T10756] XFS (loop5): Quotacheck: Done.
[  190.304569][T10533] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  190.334167][T10782] IPVS: set_ctl: invalid protocol: 33 255.255.255.255:20004
[  190.363050][  T972] usb 3-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  190.366587][  T972] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.379549][  T972] usb 3-1: Product: syz
[  190.381130][  T972] usb 3-1: Manufacturer: syz
[  190.382792][  T972] usb 3-1: SerialNumber: syz
[  190.385115][  T972] usb 3-1: config 0 descriptor??
[  190.537127][T10788] loop5: detected capacity change from 0 to 32768
[  190.541926][T10788] (syz.5.1732,10788,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  190.547880][T10788] (syz.5.1732,10788,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  190.556565][T10788] JBD2: Ignoring recovery information on journal
[  190.581520][T10788] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  190.591244][   T33] audit: type=1800 audit(1755849733.296:75): pid=10788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1732" name="file1" dev="loop5" ino=16978 res=0 errno=0
[  190.602356][  T972] usb 3-1: USB disconnect, device number 39
[  191.218715][T10533] ocfs2: Unmounting device (7,5) on (node local)
[  191.463428][T10819] loop2: detected capacity change from 0 to 32768
[  191.501846][   T52] read_mapping_page failed!
[  191.503736][   T52] ERROR: (device loop2): txCommit: 
[  191.503736][   T52] 
[  191.506970][   T52] ERROR: (device loop2): remounting filesystem as read-only
[  191.510299][   T52] jfs_write_inode: jfs_commit_inode failed!
[  191.536017][T10833] loop5: detected capacity change from 0 to 4096
[  191.579777][T10833] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  191.613593][T10833] ntfs3(loop5): ino=1d, mi_enum_attr
[  191.615934][T10833] ntfs3(loop5): ino=1d, mi_enum_attr
[  191.618358][T10833] ntfs3(loop5): ino=1d, mi_enum_attr
[  191.759896][T10837] loop2: detected capacity change from 0 to 32768
[  191.768545][T10837] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1753 (10837)
[  191.792138][T10837] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  191.796317][T10837] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  191.831854][T10837] BTRFS info (device loop2): rebuilding free space tree
[  191.843289][T10837] BTRFS info (device loop2): enabling ssd optimizations
[  191.845628][T10837] BTRFS info (device loop2): using spread ssd allocation scheme
[  191.860085][T10837] BTRFS info (device loop2): enabling free space tree
[  191.862678][T10837] BTRFS info (device loop2): force clearing of disk cache
[  191.883531][ T5713] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  191.994044][T10869] loop5: detected capacity change from 0 to 32768
[  192.000343][T10869] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1761 (10869)
[  192.010280][ T5855] Bluetooth: hci0: command tx timeout
[  192.013767][T10869] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  192.020273][T10869] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  192.081285][T10869] BTRFS info (device loop5): enabling ssd optimizations
[  192.084316][T10869] BTRFS info (device loop5): enabling free space tree
[  192.103291][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  192.151559][T10533] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  192.331224][T10890] loop2: detected capacity change from 0 to 40427
[  192.334563][T10890] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  192.337469][T10890] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  192.342275][T10890] F2FS-fs (loop2): invalid crc value
[  192.366783][T10890] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  192.367793][T10903] Bluetooth: MGMT ver 1.23
[  192.372170][T10890] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  192.374554][T10890] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  192.563969][T10914] f2fs: Unknown parameter '01777777777777777777777	Z* m.Dc8'@C9G9?9S{1Jլ5æԌqqY糔'
[  192.591157][   T33] audit: type=1800 audit(1755849735.276:76): pid=10914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1762" name="file1" dev="loop2" ino=10 res=0 errno=0
[  192.758384][T10908] loop5: detected capacity change from 0 to 32768
[  192.776349][T10908] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  192.802488][T10533] ocfs2: Unmounting device (7,5) on (node local)
[  193.988864][T10949] loop2: detected capacity change from 0 to 16
[  193.994693][T10949] erofs (device loop2): mounted with root inode @ nid 36.
[  194.002227][T10949] erofs (device loop2): unknown HEAD1 format 5 for nid 36, please upgrade kernel
[  194.006332][T10949] erofs (device loop2): unknown HEAD1 format 5 for nid 36, please upgrade kernel
[  194.010964][T10949] erofs (device loop2): read error -95 @ 8200 of nid 36
[  194.091207][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  194.095451][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  194.164113][T10953] loop2: detected capacity change from 0 to 2048
[  194.187751][T10953] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  194.201916][   T33] audit: type=1800 audit(1755849736.906:77): pid=10953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1782" name="file1" dev="loop2" ino=1346 res=0 errno=0
[  194.419606][ T5853] Bluetooth: hci0: command 0x0000 tx timeout
[  194.454794][T10971] loop5: detected capacity change from 0 to 32768
[  194.458019][T10971] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1791 (10971)
[  194.463666][T10971] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  194.466865][T10971] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  194.488482][T10971] BTRFS info (device loop5): allowing degraded mounts
[  194.492193][T10971] BTRFS info (device loop5): enabling ssd optimizations
[  194.495175][T10971] BTRFS info (device loop5): enabling free space tree
[  194.498121][T10971] BTRFS info (device loop5): force zlib compression, level 3
[  194.579168][T10664] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  194.906378][T10533] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  194.980129][T10664] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  194.983848][T10664] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  194.987772][T10664] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  194.992107][T10664] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  194.995343][T10664] usb 3-1: SerialNumber: syz
[  195.202211][T10664] usb 3-1: 0:2 : does not exist
[  195.206168][T10664] usb 3-1: USB disconnect, device number 40
[  195.218992][ T6032] udevd[6032]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  195.299905][   T51] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[  195.456444][   T51] usb 6-1: unable to get BOS descriptor or descriptor too short
[  195.462719][   T51] usb 6-1: config 1 interface 0 altsetting 108 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  195.467415][   T51] usb 6-1: config 1 interface 0 has no altsetting 0
[  195.477654][   T51] usb 6-1: string descriptor 0 read error: -22
[  195.486769][   T51] usb 6-1: New USB device found, idVendor=05ac, idProduct=0263, bcdDevice= 0.40
[  195.491129][   T51] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.577392][T11001] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  195.629627][   T51] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input20
[  195.731023][ T5958] udevd[5958]: Unable to EVIOCGABS device "/dev/input/event3"
[  195.734390][ T5958] udevd[5958]: Unable to EVIOCGABS device "/dev/input/event3"
[  195.737923][ T5958] udevd[5958]: Unable to EVIOCGABS device "/dev/input/event3"
[  195.742072][ T5958] udevd[5958]: Unable to EVIOCGABS device "/dev/input/event3"
[  195.806812][ T5278] bcm5974 6-1:1.0: could not read from device
[  195.808664][   T10] usb 6-1: USB disconnect, device number 4
[  195.815340][ T5278] bcm5974 6-1:1.0: could not read from device
[  196.002222][T11012] loop2: detected capacity change from 0 to 32768
[  196.008114][T11012] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1798 (11012)
[  196.017352][T11012] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  196.022347][T11012] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  196.046409][T11012] BTRFS info (device loop2): enabling ssd optimizations
[  196.049406][T11012] BTRFS info (device loop2): enabling free space tree
[  196.052625][T11012] BTRFS info (device loop2): use zstd compression, level 3
[  196.071795][   T33] audit: type=1800 audit(1755849738.776:78): pid=11012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1798" name="file1" dev="loop2" ino=260 res=0 errno=0
[  196.110713][ T5852] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  196.683617][T11068] 9pnet_fd: Insufficient options for proto=fd
[  197.233559][T11083] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  197.547833][T11085] loop5: detected capacity change from 0 to 32768
[  197.564958][T11085] JBD2: Ignoring recovery information on journal
[  197.589313][T11085] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  197.629399][T10533] ocfs2: Unmounting device (7,5) on (node local)
[  197.932246][ T5848] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  198.018016][T11101] loop2: detected capacity change from 0 to 128
[  198.100045][ T5848] usb 6-1: Using ep0 maxpacket: 8
[  198.105858][ T5848] usb 6-1: unable to get BOS descriptor or descriptor too short
[  198.116081][ T5848] usb 6-1: config 7 has an invalid interface number: 148 but max is 0
[  198.125832][ T5848] usb 6-1: config 7 has no interface number 0
[  198.137930][ T5848] usb 6-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice=1c.76
[  198.142751][ T5848] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.145913][ T5848] usb 6-1: Product: syz
[  198.158646][ T5848] usb 6-1: Manufacturer: syz
[  198.160504][ T5848] usb 6-1: SerialNumber: syz
[  198.266998][T11111] loop2: detected capacity change from 0 to 32768
[  198.289557][T11111] JBD2: Ignoring recovery information on journal
[  198.292160][T11111] JBD2: Journal too short (blocks 2-2).
[  198.294183][T11111] JBD2: journal reset failed
[  198.296002][T11111] (syz.2.1821,11111,0):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  198.299155][T11111] (syz.2.1821,11111,0):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -22
[  198.304071][T11111] (syz.2.1821,11111,0):ocfs2_check_volume:2432 ERROR: status = -22
[  198.307093][T11111] (syz.2.1821,11111,0):ocfs2_mount_volume:1764 ERROR: status = -22
[  198.312634][T11111] (syz.2.1821,11111,0):ocfs2_fill_super:1177 ERROR: status = -22
[  198.369278][ T5848] ldusb 6-1:7.148: Interrupt in endpoint not found
[  198.382318][ T5848] usb 6-1: USB disconnect, device number 5
[  198.520247][T11132] ipip0: entered promiscuous mode
[  198.594191][T11138] netlink: 'syz.2.1834': attribute type 4 has an invalid length.
[  198.602654][ T5848] lo speed is unknown, defaulting to 1000
[  198.605056][ T5848] 3yz0: Port: 1 Link DOWN
[  198.608787][T11138] netlink: 'syz.2.1834': attribute type 4 has an invalid length.
[  198.614242][ T5848] lo speed is unknown, defaulting to 1000
[  198.616680][ T5848] 3yz0: Port: 1 Link ACTIVE
[  198.943011][T11144] lo speed is unknown, defaulting to 1000
[  199.269315][T11160] loop5: detected capacity change from 0 to 40427
[  199.274452][T11160] F2FS-fs (loop5): build fault injection rate: 14
[  199.281167][T11160] F2FS-fs (loop5): build fault injection type: 0x3bfe8c
[  199.285502][T11160] F2FS-fs (loop5): invalid crc value
[  199.288908][    C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  199.296686][    C1] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  199.324153][T11160] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  199.328119][T11160] F2FS-fs (loop5): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  199.335249][T11160] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  199.342781][T11160] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  199.348067][T11160] F2FS-fs (loop5): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0xfa/0x570
[  199.353686][T11160] F2FS-fs (loop5): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x18b/0xa40
[  199.358699][T11160] F2FS-fs (loop5): inject inconsistent footer in sanity_check_node_footer of f2fs_write_begin+0x952/0x2290
[  199.363797][T11160] F2FS-fs (loop5): inconsistent node block, node_type:1, nid:17, node_footer[nid:17,ino:17,ofs:0,cpver:0,blkaddr:0]
[  199.379181][T10533] syz-executor: attempt to access beyond end of device
[  199.379181][T10533] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  199.385191][T10533] CPU: 1 UID: 0 PID: 10533 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  199.385207][T10533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  199.385214][T10533] Call Trace:
[  199.385219][T10533]  <TASK>
[  199.385224][T10533]  dump_stack_lvl+0x189/0x250
[  199.385245][T10533]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.385258][T10533]  ? __pfx_queue_work_on+0x10/0x10
[  199.385270][T10533]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  199.385287][T10533]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  199.385306][T10533]  f2fs_handle_critical_error+0x37c/0x540
[  199.385326][T10533]  f2fs_write_end_io+0x886/0xb60
[  199.385343][T10533]  __submit_merged_bio+0x27a/0x6a0
[  199.385360][T10533]  __submit_merged_write_cond+0x255/0x530
[  199.385378][T10533]  f2fs_write_data_pages+0x261d/0x3000
[  199.385395][T10533]  ? lock_release+0x4b/0x3e0
[  199.385411][T10533]  ? lock_release+0x4b/0x3e0
[  199.385435][T10533]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.385456][T10533]  ? arch_stack_walk+0xfc/0x150
[  199.385479][T10533]  ? __mod_zone_page_state+0xd7/0x140
[  199.385499][T10533]  ? folios_put_refs+0x560/0x640
[  199.385516][T10533]  ? __pfx_folios_put_refs+0x10/0x10
[  199.385527][T10533]  ? rcu_is_watching+0x15/0xb0
[  199.385540][T10533]  ? lru_add+0xa2f/0xd80
[  199.385559][T10533]  ? lru_add+0x198/0xd80
[  199.385602][T10533]  ? do_raw_spin_lock+0x121/0x290
[  199.385620][T10533]  ? do_raw_spin_unlock+0x4d/0x240
[  199.385634][T10533]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.385652][T10533]  do_writepages+0x32e/0x550
[  199.385669][T10533]  ? rcu_is_watching+0x15/0xb0
[  199.385682][T10533]  ? do_raw_spin_unlock+0x4d/0x240
[  199.385697][T10533]  filemap_fdatawrite+0x199/0x240
[  199.385715][T10533]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  199.385743][T10533]  ? rcu_is_watching+0x15/0xb0
[  199.385756][T10533]  ? do_raw_spin_unlock+0x4d/0x240
[  199.385770][T10533]  f2fs_sync_dirty_inodes+0x31f/0x830
[  199.385787][T10533]  f2fs_write_checkpoint+0x95a/0x1df0
[  199.385805][T10533]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  199.385831][T10533]  ? kill_f2fs_super+0x298/0x6c0
[  199.385844][T10533]  kill_f2fs_super+0x2c3/0x6c0
[  199.385857][T10533]  ? __pfx_kill_f2fs_super+0x10/0x10
[  199.385867][T10533]  ? radix_tree_delete_item+0x2b6/0x400
[  199.385885][T10533]  ? shrinker_free+0x2ce/0x3e0
[  199.385899][T10533]  deactivate_locked_super+0xbc/0x130
[  199.385913][T10533]  cleanup_mnt+0x425/0x4c0
[  199.385928][T10533]  task_work_run+0x1d4/0x260
[  199.385944][T10533]  ? __pfx_task_work_run+0x10/0x10
[  199.385958][T10533]  ? __x64_sys_umount+0x122/0x160
[  199.385973][T10533]  ? __pfx___x64_sys_umount+0x10/0x10
[  199.385988][T10533]  ? rcu_is_watching+0x15/0xb0
[  199.386002][T10533]  exit_to_user_mode_loop+0xec/0x110
[  199.386019][T10533]  do_syscall_64+0x2bd/0x3b0
[  199.386038][T10533]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.386049][T10533]  ? exc_page_fault+0x9f/0xf0
[  199.386065][T10533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.386076][T10533] RIP: 0033:0x7f644398ff17
[  199.386087][T10533] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  199.386099][T10533] RSP: 002b:00007ffc6e19ae18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  199.386114][T10533] RAX: 0000000000000000 RBX: 00007f6443a11c05 RCX: 00007f644398ff17
[  199.386123][T10533] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e19aed0
[  199.386130][T10533] RBP: 00007ffc6e19aed0 R08: 0000000000000000 R09: 0000000000000000
[  199.386138][T10533] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc6e19bf60
[  199.386146][T10533] R13: 00007f6443a11c05 R14: 0000000000030a56 R15: 00007ffc6e19bfa0
[  199.386160][T10533]  </TASK>
[  199.386164][T10533] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  199.564998][T10533] F2FS-fs (loop5): f2fs_evict_inode: inconsistent node id, ino:17
[  199.703907][T11199] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  199.748267][T11202] loop2: detected capacity change from 0 to 4096
[  199.752799][T11202] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  199.820526][T11210] loop5: detected capacity change from 0 to 256
[  200.303340][T11224] netlink: 'syz.3.1871': attribute type 3 has an invalid length.
[  200.306197][T11224] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1871'.
[  200.872844][T11251] loop2: detected capacity change from 0 to 16
[  200.880891][T11251] erofs (device loop2): mounted with root inode @ nid 36.
[  201.324095][T11259] loop5: detected capacity change from 0 to 16
[  201.326871][T11259] erofs (device loop5): mounted with root inode @ nid 36.
[  201.359337][   T33] audit: type=1326 audit(1755849744.056:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11260 comm="syz.5.1887" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f644398ebe9 code=0x0
[  201.625724][T11266] netlink: 'syz.3.1888': attribute type 33 has an invalid length.
[  201.629121][T11266] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1888'.
[  202.449646][T10664] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  202.619640][T10664] usb 6-1: Using ep0 maxpacket: 8
[  202.623871][T10664] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.628277][T10664] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  202.632819][T10664] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  202.640760][T10664] usb 6-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01
[  202.644649][T10664] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.647969][T10664] usb 6-1: Product: syz
[  202.649631][T10664] usb 6-1: Manufacturer: syz
[  202.651498][T10664] usb 6-1: SerialNumber: syz
[  202.654391][T10664] usb 6-1: config 0 descriptor??
[  202.659785][T10664] radioshark 6-1:0.0: Invalid radioSHARK device
[  202.662074][T10664] radioshark 6-1:0.0: probe with driver radioshark failed with error -22
[  202.665656][T10664] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  202.867339][T10664] usb 6-1: USB disconnect, device number 6
[  202.888542][T11291] loop2: detected capacity change from 0 to 1764
[  202.964977][T11293] loop2: detected capacity change from 0 to 1024
[  203.000250][   T52] hfsplus: b-tree write err: -5, ino 8
[  203.129041][T11301] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1906'.
[  203.514140][T11320] loop5: detected capacity change from 0 to 64
[  203.528456][T11320] syz.5.1914: attempt to access beyond end of device
[  203.528456][T11320] loop5: rw=0, sector=1024, nr_sectors = 2 limit=64
[  203.533340][T11320] buffer_io_error: 8 callbacks suppressed
[  203.533392][T11320] Buffer I/O error on dev loop5, logical block 512, async page read
[  203.538683][T11320] syz.5.1914: attempt to access beyond end of device
[  203.538683][T11320] loop5: rw=0, sector=113152, nr_sectors = 2 limit=64
[  203.544153][T11320] Buffer I/O error on dev loop5, logical block 56576, async page read
[  203.627875][T11322] netlink: 'syz.5.1915': attribute type 2 has an invalid length.
[  203.631068][T11322] netlink: 116 bytes leftover after parsing attributes in process `syz.5.1915'.
[  203.889169][T11328] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1918'.
[  204.071226][T11336] loop5: detected capacity change from 0 to 512
[  204.076950][T11336] EXT4-fs (loop5): Test dummy encryption mode enabled
[  204.087354][T11336] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  204.095251][T11336] EXT4-fs (loop5): SIPHASH is not a valid default hash value
[  204.435828][T11345] loop5: detected capacity change from 0 to 512
[  204.441020][T11345] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  204.446610][T11345] EXT4-fs (loop5): 1 truncate cleaned up
[  204.449889][T11345] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.461809][   T33] audit: type=1800 audit(1755849747.166:80): pid=11345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1926" name="file1" dev="loop5" ino=15 res=0 errno=0
[  204.540948][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.561993][   T33] audit: type=1326 audit(1755849747.266:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11348 comm="syz.5.1927" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  204.588691][   T33] audit: type=1326 audit(1755849747.266:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11348 comm="syz.5.1927" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  204.598469][   T33] audit: type=1326 audit(1755849747.266:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11348 comm="syz.5.1927" exe="/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  204.599584][ T5848] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  204.611124][   T33] audit: type=1326 audit(1755849747.266:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11348 comm="syz.5.1927" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  204.728964][T11351] loop5: detected capacity change from 0 to 32768
[  204.743740][T11351] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  204.769653][T11351] XFS (loop5): Ending clean mount
[  204.773364][ T5848] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  204.773851][T11351] XFS (loop5): Quotacheck needed: Please wait.
[  204.778066][ T5848] usb 3-1: config 0 interface 0 has no altsetting 0
[  204.783952][ T5848] usb 3-1: New USB device found, idVendor=1b96, idProduct=0004, bcdDevice= 0.00
[  204.786990][T11351] XFS (loop5): Quotacheck: Done.
[  204.787981][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.805669][ T5848] usb 3-1: config 0 descriptor??
[  204.866145][T10533] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  205.127629][T11369] loop5: detected capacity change from 0 to 32768
[  205.146091][T11369] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  205.152882][   T33] audit: type=1800 audit(1755849747.856:85): pid=11369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1930" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  205.223473][ T5848] ntrig 0003:1B96:0004.000B: hidraw0: USB HID v0.06 Device [HID 1b96:0004] on usb-dummy_hcd.2-1/input0
[  205.431128][ T5848] usb 3-1: USB disconnect, device number 41
[  205.608985][T11369] (syz.5.1930,11369,1):ocfs2_dio_end_io:2401 ERROR: Direct IO failed, bytes = -28
[  205.628041][T10533] ocfs2: Unmounting device (7,5) on (node local)
[  206.089298][T11383] loop2: detected capacity change from 0 to 512
[  206.094326][T11383] EXT4-fs: Ignoring removed mblk_io_submit option
[  206.098608][T11383] EXT4-fs (loop2): Test dummy encryption mode enabled
[  206.105918][T11383] EXT4-fs (loop2): orphan cleanup on readonly fs
[  206.108944][T11383] EXT4-fs error (device loop2): ext4_orphan_get:1392: comm syz.2.1938: inode #13: comm syz.2.1938: iget: illegal inode #
[  206.116613][T11383] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1938: couldn't read orphan inode 13 (err -117)
[  206.124003][T11383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  206.135300][T11383] EXT4-fs: Ignoring removed mblk_io_submit option
[  206.138618][T11383] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  206.144499][T11383] EXT4-fs error (device loop2): __ext4_remount:6740: comm syz.2.1938: Abort forced by user
[  206.148062][T11383] EXT4-fs (loop2): Remounting filesystem read-only
[  206.151445][T11383] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  206.175346][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.214078][T11386] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  206.257837][T11388] loop2: detected capacity change from 0 to 512
[  206.264427][T11388] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  206.305368][T11388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.319239][T11388] ext4 filesystem being mounted at /502/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.343477][T11388] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  206.381429][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.639231][T11392] loop2: detected capacity change from 0 to 4096
[  206.695146][T11392] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  206.730758][T11392] ntfs3(loop2): Failed to load $Extend (-22).
[  206.734884][T11392] ntfs3(loop2): Failed to initialize $Extend.
[  206.999032][T11414] loop5: detected capacity change from 0 to 4096
[  207.006735][T11414] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  207.014852][T11414] ntfs3(loop5): Looks like $AttrDef is corrupted (size=0).
[  207.101694][T11402] loop2: detected capacity change from 0 to 32768
[  207.147575][T11402] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  207.173408][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  207.246577][T11432] loop5: detected capacity change from 0 to 4096
[  207.265408][T11432] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  207.295987][T11432] ntfs3(loop5): Failed to load $Extend (-22).
[  207.304638][T11432] ntfs3(loop5): Failed to initialize $Extend.
[  207.351358][T11444] loop2: detected capacity change from 0 to 512
[  207.398889][T11451] Invalid source name
[  207.400745][T11451] UBIFS error (pid: 11451): cannot open "/dev/sg0", error -22
[  207.425604][T11444] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.434591][T11444] ext4 filesystem being mounted at /509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  207.449090][T11444] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.1966: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1
[  207.457334][T11444] EXT4-fs (loop2): Remounting filesystem read-only
[  207.471158][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.266014][T11472] tipc: Enabling <eth:lo> not permitted
[  208.268572][T11472] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  208.626938][T11478] loop2: detected capacity change from 0 to 3
[  208.631426][T11478] syz.2.1979: attempt to access beyond end of device
[  208.631426][T11478] loop2: rw=2048, sector=0, nr_sectors = 8 limit=3
[  208.636248][T11478] SQUASHFS error: Failed to read block 0x0: -5
[  208.638955][T11478] unable to read squashfs_super_block
[  209.409606][   T10] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  209.511279][T11512] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2
[  209.562439][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  209.573754][   T10] usb 6-1: not running at top speed; connect to a high speed hub
[  209.583830][   T10] usb 6-1: config 1 has an invalid interface number: 130 but max is 0
[  209.591984][   T10] usb 6-1: config 1 has no interface number 0
[  209.597224][   T10] usb 6-1: config 1 interface 130 altsetting 3 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  209.602304][   T10] usb 6-1: config 1 interface 130 has no altsetting 0
[  209.615560][   T10] usb 6-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice=84.ac
[  209.619222][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.629688][   T10] usb 6-1: Product: syz
[  209.634141][   T10] usb 6-1: Manufacturer: syz
[  209.635945][   T10] usb 6-1: SerialNumber: syz
[  209.644960][T11492] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  209.652127][T11525] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1999'.
[  209.656235][T11525] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1999'.
[  209.668988][T11525] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1999'.
[  209.736577][T11527] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  209.922261][   T10] dvb-usb: found a 'Gigabyte U7000' in cold state, will try to load a firmware
[  209.930060][   T10] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  209.933971][   T10] dib0700: firmware download failed at 7 with -71
[  209.938381][   T10] usb 6-1: USB disconnect, device number 7
[  210.280687][T11547] loop2: detected capacity change from 0 to 128
[  210.283863][T11547] vfat: Unexpected value for 'dos1xfloppy'
[  210.639239][T11563] loop5: detected capacity change from 0 to 32768
[  210.645404][T11563] (syz.5.2016,11563,0):ocfs2_initialize_super:2019 ERROR: Invalid number of node slots (0)
[  210.656056][T11563] (syz.5.2016,11563,0):ocfs2_fill_super:1177 ERROR: status = -22
[  211.179649][   T51] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  211.359570][   T51] usb 6-1: Using ep0 maxpacket: 16
[  211.367247][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  211.379085][   T51] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  211.385701][   T51] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.391808][   T51] usb 6-1: Product: syz
[  211.394643][   T51] usb 6-1: Manufacturer: syz
[  211.398012][   T51] usb 6-1: SerialNumber: syz
[  211.406013][   T51] usb 6-1: config 0 descriptor??
[  211.411834][   T51] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  211.414833][   T51] em28xx 6-1:0.0: DVB interface 0 found: bulk
[  212.082853][   T51] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  212.086860][T11592] loop2: detected capacity change from 0 to 2048
[  212.091667][T11592] UDF-fs: warning (device loop2): udf_verify_domain_identifier: Not OSTA UDF compliant logical volume descriptor.
[  212.096771][T11592] UDF-fs: warning (device loop2): udf_fill_super: No fileset found
[  212.154136][T11594] loop2: detected capacity change from 0 to 2048
[  212.160299][T11594] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  212.166425][ T5958] udevd[5958]: incorrect nilfs2 checksum on /dev/loop2
[  212.171974][T11595] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  212.176399][ T5958] udevd[5958]: incorrect nilfs2 checksum on /dev/loop2
[  212.176561][T11594] syz.2.2029: attempt to access beyond end of device
[  212.176561][T11594] loop2: rw=524288, sector=65534, nr_sectors = 2 limit=2048
[  212.229002][T11597] loop2: detected capacity change from 0 to 2048
[  212.243246][T11597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.263963][   T33] audit: type=1800 audit(1755849754.966:86): pid=11597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2030" name="bus" dev="loop2" ino=18 res=0 errno=0
[  212.286436][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.347125][T11604] loop2: detected capacity change from 0 to 2048
[  212.352621][T11604] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  212.356536][T11604] NILFS (loop2): mounting unchecked fs
[  212.358903][T11604] NILFS (loop2): recovery required for readonly filesystem
[  212.362531][T11604] NILFS (loop2): write access will be enabled during recovery
[  212.364162][ T5958] udevd[5958]: incorrect nilfs2 checksum on /dev/loop2
[  212.366884][T11604] NILFS (loop2): norecovery option specified, skipping roll-forward recovery
[  212.378768][ T5958] udevd[5958]: incorrect nilfs2 checksum on /dev/loop2
[  212.392021][T11604] NILFS (loop2): couldn't remount because the filesystem is in an incomplete recovery state
[  212.420830][T11606] loop2: detected capacity change from 0 to 512
[  212.423723][T11606] EXT4-fs: Ignoring removed nomblk_io_submit option
[  212.427284][T11606] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  212.431938][T11606] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  212.437965][T11606] EXT4-fs (loop2): Remounting filesystem read-only
[  212.441057][T11606] EXT4-fs (loop2): 1 truncate cleaned up
[  212.444301][T11606] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  212.468287][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.503550][T11611] program syz.2.2034 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  212.692835][   T51] em28xx 6-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  212.697343][   T51] em28xx 6-1:0.0: board has no eeprom
[  212.752563][T11619] loop2: detected capacity change from 0 to 32768
[  212.759677][   T51] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  212.760353][T11619] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2039 (11619)
[  212.762907][   T51] em28xx 6-1:0.0: dvb set to bulk mode.
[  212.771494][ T5916] em28xx 6-1:0.0: Binding DVB extension
[  212.781368][   T51] usb 6-1: USB disconnect, device number 8
[  212.781861][T11619] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  212.784193][   T51] em28xx 6-1:0.0: Disconnecting em28xx
[  212.799615][T11619] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  212.803193][T11619] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  212.812985][ T5916] em28xx 6-1:0.0: Registering input extension
[  212.817750][   T51] em28xx 6-1:0.0: Closing input extension
[  212.830308][   T51] em28xx 6-1:0.0: Freeing device
[  212.856006][T11619] BTRFS info (device loop2): rebuilding free space tree
[  212.870141][T11619] BTRFS info (device loop2): disabling free space tree
[  212.872585][T11619] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  212.880249][T11619] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  212.886101][T11619] BTRFS info (device loop2): setting nodatasum
[  212.888578][T11619] BTRFS info (device loop2): setting nodatacow
[  212.891729][T11619] BTRFS info (device loop2): enabling ssd optimizations
[  212.894820][T11619] BTRFS info (device loop2): turning off barriers
[  212.897532][T11619] BTRFS info (device loop2): turning on flush-on-commit
[  212.900479][T11619] BTRFS info (device loop2): enabling disk space caching
[  212.903195][T11619] BTRFS info (device loop2): force clearing of disk cache
[  212.906073][T11619] BTRFS info (device loop2): doing ref verification
[  212.908530][T11619] BTRFS info (device loop2): max_inline set to 4096
[  213.054118][ T5852] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  213.155698][   T33] audit: type=1326 audit(1755849755.856:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.169546][   T33] audit: type=1326 audit(1755849755.856:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.191032][   T33] audit: type=1326 audit(1755849755.856:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.200407][   T33] audit: type=1326 audit(1755849755.856:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.209178][   T33] audit: type=1326 audit(1755849755.856:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.218151][   T33] audit: type=1326 audit(1755849755.856:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.226945][   T33] audit: type=1326 audit(1755849755.856:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.235801][   T33] audit: type=1326 audit(1755849755.856:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.256760][   T33] audit: type=1326 audit(1755849755.856:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.3.2042" exe="/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f4cac38ebe9 code=0x7ffc0000
[  213.274671][T11652] loop2: detected capacity change from 0 to 256
[  213.284619][T11652] FAT-fs (loop2): Directory bread(block 64) failed
[  213.286777][T11652] FAT-fs (loop2): Directory bread(block 65) failed
[  213.288969][T11652] FAT-fs (loop2): Directory bread(block 66) failed
[  213.293050][T11652] FAT-fs (loop2): Directory bread(block 67) failed
[  213.295330][T11652] FAT-fs (loop2): Directory bread(block 68) failed
[  213.297422][T11652] FAT-fs (loop2): Directory bread(block 69) failed
[  213.302130][T11652] FAT-fs (loop2): Directory bread(block 70) failed
[  213.307892][T11652] FAT-fs (loop2): Directory bread(block 71) failed
[  213.314330][T11652] FAT-fs (loop2): Directory bread(block 72) failed
[  213.316650][T11652] FAT-fs (loop2): Directory bread(block 73) failed
[  213.474685][T11666] loop2: detected capacity change from 0 to 512
[  213.546670][T11668] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2048'.
[  213.663464][T11666] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.692345][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.725160][T11671] loop2: detected capacity change from 0 to 128
[  213.729046][T11671] adfs: Bad value for 'ftsuffix'
[  214.039583][T10664] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  214.163292][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2057'.
[  214.189595][T10664] usb 3-1: Using ep0 maxpacket: 8
[  214.193219][T10664] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  214.200881][T10664] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  214.204399][T10664] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  214.207577][T10664] usb 3-1: Product: syz
[  214.209288][T10664] usb 3-1: Manufacturer: syz
[  214.212626][T10664] usb 3-1: SerialNumber: syz
[  214.245595][T11683] loop5: detected capacity change from 0 to 4096
[  214.259262][T11683] ntfs3(loop5): ino=3, ntfs_set_state failed, -22.
[  214.262245][T11683] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  214.270239][T11683] ntfs3(loop5): ino=1c, mi_enum_attr
[  214.272317][T11683] ntfs3(loop5): ino=1b, "file0" ntfs_readdir
[  214.287270][ T1089] ntfs3(loop5): ino=3, ntfs3_write_inode failed, -22.
[  214.289896][T10533] ntfs3(loop5): ino=3, ntfs_set_state failed, -22.
[  214.295023][T10533] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  214.299658][T10533] ntfs3(loop5): ino=3, ntfs_set_state failed, -22.
[  214.302700][ T1089] ntfs3(loop5): ino=3, ntfs3_write_inode failed, -22.
[  214.364902][T11691] 9pnet_fd: p9_fd_create_tcp (11691): problem connecting socket to 127.0.0.1
[  214.421892][T10664] usb 3-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  214.429175][T10664] usb 3-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  214.439309][T10664] usb 3-1: Handspring Visor / Palm OS: Number of ports: 2
[  214.621305][T10664] usb 3-1: palm_os_3_probe - error -71 getting bytes available request
[  214.624428][T10664] visor 3-1:1.0: Handspring Visor / Palm OS converter detected
[  214.653763][T10664] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  214.658123][T10664] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  214.683074][T10664] usb 3-1: USB disconnect, device number 42
[  214.714109][T10664] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  214.740862][T10664] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  214.744158][T10664] visor 3-1:1.0: device disconnected
[  214.750946][T11707] loop9: detected capacity change from 0 to 3
[  214.756090][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.758739][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.769850][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.772475][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.775154][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.779066][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.782907][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.785534][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.788299][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  214.791906][ T5958] Buffer I/O error on dev loop9, logical block 0, async page read
[  215.109819][T11712] loop5: detected capacity change from 0 to 32768
[  215.114664][T11712] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2071 (11712)
[  215.123318][T11712] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  215.127482][T11712] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  215.137825][T11712] BTRFS info (device loop5): enabling ssd optimizations
[  215.141254][T11712] BTRFS info (device loop5): enabling free space tree
[  215.156114][T10533] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  215.174709][T11732] binder: 11731:11732 ioctl c0306201 2000000001c0 returned -22
[  215.218404][T11736] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  215.297673][T11742] loop5: detected capacity change from 0 to 256
[  215.318195][T11742] FAT-fs (loop5): Directory bread(block 64) failed
[  215.325738][T11742] FAT-fs (loop5): Directory bread(block 65) failed
[  215.328550][T11742] FAT-fs (loop5): Directory bread(block 66) failed
[  215.331229][T11742] FAT-fs (loop5): Directory bread(block 67) failed
[  215.333895][T11742] FAT-fs (loop5): Directory bread(block 68) failed
[  215.336571][T11742] FAT-fs (loop5): Directory bread(block 69) failed
[  215.339081][T11742] FAT-fs (loop5): Directory bread(block 70) failed
[  215.342770][T11742] FAT-fs (loop5): Directory bread(block 71) failed
[  215.345439][T11742] FAT-fs (loop5): Directory bread(block 72) failed
[  215.347951][T11742] FAT-fs (loop5): Directory bread(block 73) failed
[  215.391788][T10664] kernel write not supported for file /261/net/fib_triestat (pid: 10664 comm: kworker/1:6)
[  215.414586][T11738] loop2: detected capacity change from 0 to 32768
[  215.425706][T11738] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  215.446377][T11738] XFS (loop2): Ending clean mount
[  215.451118][T11738] XFS (loop2): Quotacheck needed: Please wait.
[  215.461031][T11738] XFS (loop2): Quotacheck: Done.
[  215.490665][ T5852] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  215.701674][T11769] loop2: detected capacity change from 0 to 8192
[  215.943480][T11778] loop2: detected capacity change from 0 to 32768
[  215.963369][T11778] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  215.981408][T11778] XFS (loop2): Ending clean mount
[  215.984943][T11778] XFS (loop2): Quotacheck needed: Please wait.
[  215.993170][T11778] XFS (loop2): Quotacheck: Done.
[  216.019979][ T5852] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  216.268565][T11795] loop2: detected capacity change from 0 to 32768
[  216.299336][T11795] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  216.351537][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  216.362749][T11809] loop5: detected capacity change from 0 to 2048
[  216.365148][T11809] journal_path: Non-blockdev passed as './file0'
[  216.367189][T11809] EXT4-fs: error: could not find journal device path
[  216.417727][T11813] loop2: detected capacity change from 0 to 8
[  216.422762][T11813] SQUASHFS error: Failed to read block 0x2d7: -5
[  216.428399][T11813] SQUASHFS error: Unable to read metadata cache entry [2d5]
[  216.440622][T11813] SQUASHFS error: Failed to read block 0x8f: -5
[  217.000417][   T51] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  217.159636][   T51] usb 3-1: Using ep0 maxpacket: 32
[  217.163192][   T51] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  217.166705][   T51] usb 3-1: config 0 has no interface number 0
[  217.171303][   T51] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  217.175121][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.178450][   T51] usb 3-1: Product: syz
[  217.180411][   T51] usb 3-1: Manufacturer: syz
[  217.182355][   T51] usb 3-1: SerialNumber: syz
[  217.199320][   T51] usb 3-1: config 0 descriptor??
[  217.210784][   T51] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  217.286189][T11845] loop5: detected capacity change from 0 to 16
[  217.290450][T11845] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  217.707924][   T51] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  217.711052][T11852] lo speed is unknown, defaulting to 1000
[  217.713876][   T51] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  217.918634][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  217.919144][  T972] usb 3-1: USB disconnect, device number 43
[  217.926126][  T972] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  217.932127][  T972] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  217.936383][  T972] quatech2 3-1:0.51: device disconnected
[  218.266641][T11869] loop5: detected capacity change from 0 to 32768
[  218.271058][T11869] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2125 (11869)
[  218.278888][T11869] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  218.287909][T11869] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  218.298576][T11869] BTRFS info (device loop5): enabling ssd optimizations
[  218.301880][T11869] BTRFS info (device loop5): enabling free space tree
[  218.327255][T10533] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  218.455872][T11901] loop5: detected capacity change from 0 to 512
[  218.492762][T11901] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.504226][   T33] kauditd_printk_skb: 8 callbacks suppressed
[  218.504238][   T33] audit: type=1800 audit(218.383:104): pid=11901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2129" name="file1" dev="loop5" ino=15 res=0 errno=0
[  218.521964][   T33] audit: type=1800 audit(218.403:105): pid=11901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2129" name="file2" dev="loop5" ino=16 res=0 errno=0
[  218.546080][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.841634][T11918] netlink: 'syz.3.2136': attribute type 1 has an invalid length.
[  218.870585][T11921] loop5: detected capacity change from 0 to 128
[  218.876864][T11921] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  218.900276][T10533] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  219.120396][ T5853] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  219.500832][T11943] loop5: detected capacity change from 0 to 32768
[  219.553025][T11943] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  219.553038][T11943]   allowing incompatible features above 0.0: (unknown version)
[  219.553042][T11943]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  219.569069][T11943] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  219.572194][T11943] bcachefs (loop5): recovering from clean shutdown, journal seq 10
[  219.576948][T11943] bcachefs (loop5): Version upgrade required:
[  219.576948][T11943] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  219.576948][T11943] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  219.576948][T11943]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  219.610417][T11943] bcachefs (loop5): dropping and reconstructing all alloc info
[  219.622696][T11943] bcachefs (loop5): accounting_read... done
[  219.625497][T11943] bcachefs (loop5): alloc_read... done
[  219.627949][T11943] bcachefs (loop5): snapshots_read... done
[  219.630857][T11943] bcachefs (loop5): check_allocations... done
[  219.638901][T11943] bcachefs (loop5): going read-write
[  219.643297][T11943] bcachefs (loop5): done starting filesystem
[  219.682435][T10533] bcachefs (loop5): shutting down
[  219.685429][T10533] bcachefs (loop5): going read-only
[  219.687613][T10533] bcachefs (loop5): finished waiting for writes to stop
[  219.689000][T11963] loop2: detected capacity change from 0 to 32768
[  219.694017][T10533] bcachefs (loop5): flushing journal and stopping allocators, journal seq 11
[  219.698052][T10533] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 11
[  219.702645][T10533] bcachefs (loop5): unclean shutdown complete, journal seq 12
[  219.706077][T10533] bcachefs (loop5): done going read-only, filesystem not clean
[  219.714221][T10533] bcachefs (loop5): shutdown complete
[  219.872626][T11978] MTD: Couldn't look up '/dev/nullb0': -15
[  219.875070][T11978] /dev/nullb0: Can't lookup blockdev
[  219.881613][T11963] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  219.881630][T11963]   allowing incompatible features above 0.0: (unknown version)
[  219.881637][T11963]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  219.901070][T11963] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  219.904662][T11963] bcachefs (loop2): initializing new filesystem
[  219.912392][T11963] bcachefs (loop2): going read-write
[  219.918707][T11963] bcachefs (loop2): marking superblocks
[  219.941426][T11963] bcachefs (loop2): initializing freespace
[  219.947793][T11963] bcachefs (loop2): done initializing freespace
[  219.955791][T11963] bcachefs (loop2): reading snapshots table
[  219.958225][T11963] bcachefs (loop2): reading snapshots done
[  219.965431][T11963] bcachefs (loop2): done starting filesystem
[  220.009117][T11963] syz.2.2152 (11963) used greatest stack depth: 14760 bytes left
[  220.013874][ T5852] bcachefs (loop2): shutting down
[  220.015856][ T5852] bcachefs (loop2): going read-only
[  220.017985][ T5852] bcachefs (loop2): finished waiting for writes to stop
[  220.024285][ T5852] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4
[  220.027934][ T5852] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4
[  220.033013][ T5852] bcachefs (loop2): clean shutdown complete, journal seq 5
[  220.036073][ T5852] bcachefs (loop2): marking filesystem clean
[  220.061681][ T5852] bcachefs (loop2): shutdown complete
[  220.122435][T11999] netlink: 240 bytes leftover after parsing attributes in process `syz.5.2163'.
[  220.126170][T11999] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2163'.
[  220.362010][T12009] loop5: detected capacity change from 0 to 32768
[  220.366061][T12009] XFS (loop5): invalid log iosize: 1 [not 12-30]
[  220.388338][   T33] audit: type=1326 audit(220.263:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12010 comm="syz.5.2169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  220.409153][   T33] audit: type=1326 audit(220.283:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12010 comm="syz.5.2169" exe="/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  220.420821][   T33] audit: type=1326 audit(220.283:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12010 comm="syz.5.2169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  220.428811][   T33] audit: type=1326 audit(220.283:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12010 comm="syz.5.2169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  220.433336][T12013] loop5: detected capacity change from 0 to 1024
[  220.465137][T12013] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.478208][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.535769][T12023] (syz.5.2174,12023,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  220.539010][T12023] (syz.5.2174,12023,0):ocfs2_fill_super:1177 ERROR: status = -22
[  220.749245][T12036] loop5: detected capacity change from 0 to 32768
[  220.752423][T12036] (syz.5.2180,12036,1):ocfs2_verify_volume:2293 ERROR: found superblock with incorrect block size: found 4096, should be 512
[  220.757020][T12036] (syz.5.2180,12036,1):ocfs2_verify_volume:2331 ERROR: status = -22
[  220.760361][T12036] (syz.5.2180,12036,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  220.763498][T12036] (syz.5.2180,12036,1):ocfs2_fill_super:1177 ERROR: status = -22
[  220.806959][T12045] loop5: detected capacity change from 0 to 16
[  220.812649][T12045] erofs (device loop5): mounted with root inode @ nid 36.
[  221.048715][T12052] loop5: detected capacity change from 0 to 32768
[  221.056105][T12052] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2188 (12052)
[  221.062800][T12052] BTRFS info (device loop5 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.066497][T12052] BTRFS info (device loop5 state S): using crc32c (crc32c-lib) checksum algorithm
[  221.130700][   T28] BTRFS warning (device loop5 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x3a96e814 level 0, ignored
[  221.140363][T12052] BTRFS error (device loop5 state S): devid 1 uuid ffe9ff7f-0000-0000-0000-9003f3eadbc4 is missing
[  221.144902][T12052] BTRFS error (device loop5 state S): failed to read chunk tree: -2
[  221.162254][T12052] BTRFS error (device loop5 state S): open_ctree failed: -2
[  221.248120][T12065] loop2: detected capacity change from 0 to 32768
[  221.264157][T12065] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  221.296667][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  221.400252][T12086] loop2: detected capacity change from 0 to 2048
[  221.409427][T12086] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  221.450934][   T51] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  221.487282][T12095] loop2: detected capacity change from 0 to 2048
[  221.496310][T12098] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  221.514837][T12095] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=2097152)
[  221.519229][T12095] Remounting filesystem read-only
[  221.534900][ T5852] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  221.594957][T12106] loop2: detected capacity change from 0 to 128
[  221.611171][   T51] usb 6-1: Using ep0 maxpacket: 8
[  221.615015][   T51] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  221.618393][   T51] usb 6-1: config 179 has no interface number 0
[  221.623796][   T51] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  221.628280][   T51] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  221.642418][T12106] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  221.647660][T12106] hpfs: filesystem error: improperly stopped
[  221.649601][   T51] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  221.651390][T12106] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  221.656017][   T51] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  221.656840][T12106] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  221.665558][T12106] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  221.670371][   T51] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  221.682337][   T51] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  221.701072][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.710559][T12072] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  221.777293][T12114] netlink: 'syz.2.2207': attribute type 1 has an invalid length.
[  221.781488][T12114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2207'.
[  221.812608][T12116] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2208'.
[  221.816881][T12116] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.820100][T12116] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.935535][ T5853] Bluetooth: hci0: connection err: -111
[  221.936332][   T51] usb 6-1: USB disconnect, device number 9
[  221.936411][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  221.943564][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  222.099544][ T5916] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  222.249600][ T5916] usb 3-1: Using ep0 maxpacket: 16
[  222.253711][ T5916] usb 3-1: unable to get BOS descriptor or descriptor too short
[  222.258019][ T5916] usb 3-1: config 15 has an invalid interface number: 174 but max is 2
[  222.261804][ T5916] usb 3-1: config 15 has an invalid interface number: 99 but max is 2
[  222.265291][ T5916] usb 3-1: config 15 has an invalid interface number: 5 but max is 2
[  222.268739][ T5916] usb 3-1: config 15 has an invalid interface descriptor of length 2, skipping
[  222.272742][ T5916] usb 3-1: config 15 has no interface number 0
[  222.275374][ T5916] usb 3-1: config 15 has no interface number 1
[  222.278005][ T5916] usb 3-1: config 15 has no interface number 2
[  222.281049][ T5916] usb 3-1: config 15 interface 174 altsetting 1 bulk endpoint 0x8 has invalid maxpacket 32
[  222.284800][ T5916] usb 3-1: config 15 interface 174 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  222.288398][ T5916] usb 3-1: config 15 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping
[  222.292680][ T5916] usb 3-1: config 15 interface 174 altsetting 1 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  222.296370][ T5916] usb 3-1: config 15 interface 174 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  222.300516][ T5916] usb 3-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  222.304108][ T5916] usb 3-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  222.307534][ T5916] usb 3-1: config 15 interface 5 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  222.311061][ T5916] usb 3-1: config 15 interface 5 altsetting 128 has 3 endpoint descriptors, different from the interface descriptor's value: 5
[  222.315207][ T5916] usb 3-1: config 15 interface 174 has no altsetting 0
[  222.317415][ T5916] usb 3-1: config 15 interface 99 has no altsetting 0
[  222.319714][ T5916] usb 3-1: config 15 interface 5 has no altsetting 0
[  222.322236][ T5916] usb 3-1: language id specifier not provided by device, defaulting to English
[  222.326872][ T5916] usb 3-1: New USB device found, idVendor=1199, idProduct=6859, bcdDevice=fd.7d
[  222.330583][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.333255][ T5916] usb 3-1: Product: syz
[  222.334796][ T5916] usb 3-1: Manufacturer: syz
[  222.336431][ T5916] usb 3-1: SerialNumber: syz
[  222.341067][T12118] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  222.484719][T12126] loop5: detected capacity change from 0 to 128
[  222.499987][T12126] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  222.506261][T12126] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  222.552947][ T8758] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  222.564595][ T5916] sierra 3-1:15.174: Sierra USB modem converter detected
[  222.583988][ T5916] usb 3-1: Sierra USB modem converter now attached to ttyUSB0
[  222.591597][ T5916] usb 3-1: Sierra USB modem converter now attached to ttyUSB1
[  222.598870][T12135] loop5: detected capacity change from 0 to 256
[  222.604862][ T5916] sierra 3-1:15.99: Sierra USB modem converter detected
[  222.615599][ T5916] usb 3-1: Sierra USB modem converter now attached to ttyUSB2
[  222.627270][ T5916] sierra 3-1:15.5: Sierra USB modem converter detected
[  222.639001][T12135] syz.5.2216: attempt to access beyond end of device
[  222.639001][T12135] loop5: rw=2049, sector=256, nr_sectors = 100 limit=256
[  222.644782][ T5916] usb 3-1: Sierra USB modem converter now attached to ttyUSB3
[  222.652392][ T5916] usb 3-1: USB disconnect, device number 44
[  222.667036][ T5916] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  222.677315][ T5916] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  222.689980][ T5916] sierra 3-1:15.174: device disconnected
[  222.707700][ T5916] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2
[  222.713074][ T5916] sierra 3-1:15.99: device disconnected
[  222.719863][ T5916] sierra ttyUSB3: Sierra USB modem converter now disconnected from ttyUSB3
[  222.724367][ T5916] sierra 3-1:15.5: device disconnected
[  222.809331][T12151] loop5: detected capacity change from 0 to 256
[  222.863091][T12153] loop5: detected capacity change from 0 to 16
[  222.866299][T12153] erofs (device loop5): mounted with root inode @ nid 36.
[  222.870524][T12153] syz.5.2226: attempt to access beyond end of device
[  222.870524][T12153] loop5: rw=524288, sector=7864328, nr_sectors = 8 limit=16
[  222.875039][T12153] syz.5.2226: attempt to access beyond end of device
[  222.875039][T12153] loop5: rw=0, sector=7864328, nr_sectors = 8 limit=16
[  222.885063][T12153] erofs (device loop5): read error -5 @ 0 of nid 89
[  222.891879][   T33] audit: type=1800 audit(222.763:110): pid=12153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2226" name="file3" dev="loop5" ino=89 res=0 errno=0
[  223.329583][   T51] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  223.479538][   T51] usb 3-1: Using ep0 maxpacket: 8
[  223.483554][   T51] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  223.483568][   T51] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  223.483579][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11
[  223.483590][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024
[  223.483600][   T51] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  223.505587][   T51] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  223.505600][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.505608][   T51] usb 3-1: Product: syz
[  223.505614][   T51] usb 3-1: Manufacturer: syz
[  223.505620][   T51] usb 3-1: SerialNumber: syz
[  223.506483][   T51] usb 3-1: config 0 descriptor??
[  223.549572][   T51] rc_core: IR keymap rc-imon-rsc not found
[  223.549585][   T51] Registered IR keymap rc-empty
[  223.550049][   T51] rc rc0: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  223.550804][   T51] input: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input22
[  223.716935][   T10] usb 3-1: USB disconnect, device number 45
[  224.170124][T12185] loop5: detected capacity change from 0 to 8
[  224.183071][T12185] SQUASHFS error: xz decompression failed, data probably corrupt
[  224.185966][T12185] SQUASHFS error: Failed to read block 0x108: -5
[  224.188123][T12185] SQUASHFS error: Unable to read metadata cache entry [106]
[  224.190698][T12185] SQUASHFS error: Unable to read inode 0x11f
[  224.491630][T12196] overlayfs: failed to clone lowerpath
[  224.525989][T12196] overlayfs: failed to clone upperpath
[  224.843482][T12203] loop2: detected capacity change from 0 to 32768
[  224.856593][T12203] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  224.881666][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  224.991076][T12212] loop2: detected capacity change from 0 to 4096
[  224.999914][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  225.004246][T12212] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  225.010220][T12212] ntfs3(loop2): Failed to load $Extend (-22).
[  225.012314][T12212] ntfs3(loop2): Failed to initialize $Extend.
[  225.051917][T12214] loop2: detected capacity change from 0 to 64
[  225.131315][T12222] netlink: 'syz.2.2255': attribute type 4 has an invalid length.
[  225.137316][   T51] lo speed is unknown, defaulting to 1000
[  225.140309][   T51] 3yz0: Port: 1 Link DOWN
[  225.142352][T12222] netlink: 'syz.2.2255': attribute type 4 has an invalid length.
[  225.147492][   T51] lo speed is unknown, defaulting to 1000
[  225.150122][   T51] 3yz0: Port: 1 Link ACTIVE
[  225.197209][   T10] usb 6-1: Using ep0 maxpacket: 16
[  225.202998][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.207193][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.212253][T12224] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2256'.
[  225.217023][T12224] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2256'.
[  225.222255][   T10] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  225.222638][T12226] tipc: Started in network mode
[  225.226181][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.230072][   T10] usb 6-1: config 0 descriptor??
[  225.235769][T12226] tipc: Node identity ac14140f, cluster identity 4711
[  225.239287][T12226] tipc: New replicast peer: 255.255.255.255
[  225.241747][T12226] tipc: Enabled bearer <udp:s>, priority 10
[  225.844097][   T10] usb 6-1: string descriptor 0 read error: -71
[  225.871323][   T10] usb 6-1: Max retries (5) exceeded reading string descriptor 200
[  225.874299][   T10] letsketch 0003:6161:4D15.000C: probe with driver letsketch failed with error -32
[  225.880519][   T10] usb 6-1: USB disconnect, device number 10
[  226.070937][T12254] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2270'.
[  226.244753][T12259] loop2: detected capacity change from 0 to 2048
[  226.249209][T12259] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  226.553767][   T51] tipc: Node number set to 2886997007
[  226.659776][ T5853] Bluetooth: hci0: command 0x0000 tx timeout
[  226.859676][   T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  227.010325][   T10] usb 6-1: Using ep0 maxpacket: 32
[  227.013778][   T10] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  227.017063][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.025795][   T10] usb 6-1: config 0 descriptor??
[  227.032723][   T10] gspca_main: sunplus-2.14.0 probing 041e:400b
[  227.572743][T12303] fuse: Unknown parameter 'smackfsdef'
[  227.862536][   T10] gspca_sunplus: reg_w_riv err -71
[  227.865699][   T10] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  227.870209][   T10] usb 6-1: USB disconnect, device number 11
[  229.046905][T12375] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  229.297778][T12379] loop2: detected capacity change from 0 to 512
[  229.305169][T12379] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  229.308131][T12379] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  229.312157][T12379] EXT4-fs (loop2): 1 truncate cleaned up
[  229.314353][T12379] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.345686][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.374700][T12383] loop2: detected capacity change from 0 to 512
[  229.379902][T12360] comedi comedi2: reset error (fatal)
[  229.387060][T12383] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.2321: casefold flag without casefold feature
[  229.394450][T12383] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.2321: couldn't read orphan inode 15 (err -117)
[  229.406260][T12383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.428354][T12388] loop5: detected capacity change from 0 to 512
[  229.433814][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.454413][T12388] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.475788][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.517628][T12398] loop5: detected capacity change from 0 to 1024
[  229.541024][ T1089] hfsplus: b-tree write err: -5, ino 8
[  229.580052][T12402] sp0: Synchronizing with TNC
[  229.583386][T12390] loop2: detected capacity change from 0 to 32768
[  229.607570][T12390] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 255,nocow
[  229.607582][T12390]   allowing incompatible features above 0.0: (unknown version)
[  229.607586][T12390]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  229.626909][T12390] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  229.633054][T12390] bcachefs (loop2): initializing new filesystem
[  229.639262][T12390] bcachefs (loop2): going read-write
[  229.642833][T12390] bcachefs (loop2): marking superblocks
[  229.652505][T12390] bcachefs (loop2): initializing freespace
[  229.656361][T12390] bcachefs (loop2): done initializing freespace
[  229.662159][T12390] bcachefs (loop2): reading snapshots table
[  229.665463][T12390] bcachefs (loop2): reading snapshots done
[  229.675185][T12390] bcachefs (loop2):  loop2: Superblock write was silently dropped! (seq 0 expected 42)
[  229.678679][T12390] bcachefs (loop2): done starting filesystem
[  229.710292][   T33] audit: type=1800 audit(229.592:111): pid=12390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2324" name="file1" dev="loop2" ino=4098 res=0 errno=0
[  229.727032][ T5852] bcachefs (loop2): shutting down
[  229.729258][ T5852] bcachefs (loop2): going read-only
[  229.732126][ T5852] bcachefs (loop2): finished waiting for writes to stop
[  229.735896][ T5852] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  229.748515][ T5852] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  229.753350][ T5852] bcachefs (loop2): clean shutdown complete, journal seq 4
[  229.756828][ T5852] bcachefs (loop2): marking filesystem clean
[  229.777629][ T5852] bcachefs (loop2): shutdown complete
[  230.554741][T12427] netlink: 'syz.2.2336': attribute type 2 has an invalid length.
[  230.557855][T12427] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2336'.
[  230.562734][T12427] nbd: must specify at least one socket
[  230.676515][T12439] binder: BINDER_SET_CONTEXT_MGR already set
[  230.678445][T12439] binder: 12437:12439 ioctl 4018620d 2000000002c0 returned -16
[  230.708719][T12444] loop2: detected capacity change from 0 to 512
[  230.709289][T12445] loop5: detected capacity change from 0 to 512
[  230.718158][T12445] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  230.727525][T12444] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.733720][T12445] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2344: bad orphan inode 15
[  230.740068][T12445] ext4_test_bit(bit=14, block=18) = 1
[  230.744199][T12444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.2345: corrupted inode contents
[  230.748147][T12445] is_bad_inode(inode)=0
[  230.749799][T12445] NEXT_ORPHAN(inode)=1023
[  230.751354][T12444] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.2345: mark_inode_dirty error
[  230.755162][T12445] max_ino=32
[  230.756357][T12445] i_nlink=0
[  230.757687][T12444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.2345: corrupted inode contents
[  230.762388][T12445] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  230.767371][T12444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.2345: corrupted inode contents
[  230.772715][T12444] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.2345: mark_inode_dirty error
[  230.777729][T12444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.2345: corrupted inode contents
[  230.784384][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  230.796986][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.056173][T12467] loop2: detected capacity change from 0 to 32768
[  231.061370][T12467] (syz.2.2353,12467,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  231.067808][T12467] (syz.2.2353,12467,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  231.075009][T12467] JBD2: Ignoring recovery information on journal
[  231.091857][T12467] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  231.098011][T12467] ocfs2: Unmounting device (7,2) on (node local)
[  231.419560][ T5887] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  231.580923][ T5887] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  231.584095][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.587764][ T5887] usb 3-1: config 0 descriptor??
[  231.593683][ T5887] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  231.742918][   T33] audit: type=1326 audit(231.622:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12476 comm="syz.5.2357" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  231.752642][   T33] audit: type=1326 audit(231.622:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12476 comm="syz.5.2357" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  231.760453][   T33] audit: type=1326 audit(231.622:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12476 comm="syz.5.2357" exe="/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  231.775588][   T33] audit: type=1326 audit(231.622:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12476 comm="syz.5.2357" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  231.786566][   T33] audit: type=1326 audit(231.622:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12476 comm="syz.5.2357" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644398ebe9 code=0x7ffc0000
[  231.905399][T12489] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2363'.
[  231.946622][T12493] loop5: detected capacity change from 0 to 256
[  232.001057][ T5887] gspca_stv06xx: I2C: Read error writing address: -71
[  232.005191][ T5887] usb 3-1: USB disconnect, device number 46
[  232.079159][T12499] loop5: detected capacity change from 0 to 16
[  232.083028][T12499] erofs (device loop5): mounted with root inode @ nid 36.
[  232.520488][T12506] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  232.769378][T12514] loop2: detected capacity change from 0 to 4096
[  233.014733][T12516] loop5: detected capacity change from 0 to 128
[  233.018981][T12516] EXT4-fs: Ignoring removed nobh option
[  233.030250][T12516] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  233.181067][T10533] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  233.203251][T12527] loop5: detected capacity change from 0 to 256
[  233.221716][T12527] exfat: Deprecated parameter 'utf8'
[  233.225613][T12527] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xd9b3646f, utbl_chksum : 0xe619d30d)
[  233.463383][T12525] loop2: detected capacity change from 0 to 131072
[  233.487366][T12525] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  233.491122][T12525] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  233.520742][ T5887] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  233.581677][T12544] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2388'.
[  233.585527][T12544] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2388'.
[  233.589214][T12544] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2388'.
[  233.610433][T12544] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2388'.
[  233.681230][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.685309][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.689331][ T5887] usb 6-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01
[  233.693736][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.700266][ T5887] usb 6-1: config 0 descriptor??
[  234.131017][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.132006][   T10] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  234.134250][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.140282][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.143606][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.146592][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.149829][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.152842][ T5887] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[  234.156974][ T5887] arvo 0003:1E7D:30D4.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.5-1/input0
[  234.289528][   T10] usb 3-1: Using ep0 maxpacket: 32
[  234.292903][   T10] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  234.295745][   T10] usb 3-1: config 0 has no interface number 0
[  234.298053][   T10] usb 3-1: config 0 interface 12 has no altsetting 0
[  234.302656][   T10] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=70.40
[  234.305916][   T10] usb 3-1: New USB device strings: Mfr=231, Product=2, SerialNumber=3
[  234.309740][   T10] usb 3-1: Product: syz
[  234.311606][   T10] usb 3-1: Manufacturer: syz
[  234.313452][   T10] usb 3-1: SerialNumber: syz
[  234.316369][   T10] usb 3-1: config 0 descriptor??
[  234.332462][ T5887] arvo 0003:1E7D:30D4.000D: couldn't init struct arvo_device
[  234.335698][ T5887] arvo 0003:1E7D:30D4.000D: couldn't install keyboard
[  234.338901][ T5887] arvo 0003:1E7D:30D4.000D: probe with driver arvo failed with error -71
[  234.343221][ T5887] usb 6-1: USB disconnect, device number 12
[  234.990894][T12580] loop5: detected capacity change from 0 to 40427
[  234.996245][T12580] F2FS-fs (loop5): build fault injection rate: 771
[  235.001274][T12580] F2FS-fs (loop5): invalid crc value
[  235.017221][T12580] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  235.020976][T12580] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  235.028593][T12580] F2FS-fs (loop5): Unexpected flush for atomic writes: ino=10, npages=1
[  235.032230][T12580] syz.5.2404: attempt to access beyond end of device
[  235.032230][T12580] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.046670][T10533] syz-executor: attempt to access beyond end of device
[  235.046670][T10533] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  235.051761][T10533] CPU: 1 UID: 0 PID: 10533 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  235.051772][T10533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  235.051777][T10533] Call Trace:
[  235.051780][T10533]  <TASK>
[  235.051783][T10533]  dump_stack_lvl+0x189/0x250
[  235.051796][T10533]  ? __pfx_dump_stack_lvl+0x10/0x10
[  235.051804][T10533]  ? __pfx_queue_work_on+0x10/0x10
[  235.051812][T10533]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  235.051823][T10533]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  235.051833][T10533]  f2fs_handle_critical_error+0x37c/0x540
[  235.051845][T10533]  f2fs_write_end_io+0x886/0xb60
[  235.051855][T10533]  __submit_merged_bio+0x27a/0x6a0
[  235.051865][T10533]  __submit_merged_write_cond+0x255/0x530
[  235.051875][T10533]  f2fs_write_data_pages+0x261d/0x3000
[  235.051890][T10533]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.051902][T10533]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  235.051915][T10533]  ? ktime_get+0x3e/0x1f0
[  235.051923][T10533]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  235.051931][T10533]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  235.051938][T10533]  ? css_rstat_updated+0x23a/0x4f0
[  235.051946][T10533]  ? css_rstat_updated+0x23a/0x4f0
[  235.051953][T10533]  ? ktime_get+0x1cb/0x1f0
[  235.051961][T10533]  ? __pfx___calc_delta+0x10/0x10
[  235.051972][T10533]  ? filemap_get_folios_tag+0xed/0x630
[  235.051980][T10533]  ? rcu_is_watching+0x15/0xb0
[  235.051988][T10533]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.051998][T10533]  do_writepages+0x32e/0x550
[  235.052008][T10533]  ? rcu_is_watching+0x15/0xb0
[  235.052015][T10533]  ? do_raw_spin_unlock+0x4d/0x240
[  235.052025][T10533]  filemap_fdatawrite+0x199/0x240
[  235.052034][T10533]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  235.052049][T10533]  ? rcu_is_watching+0x15/0xb0
[  235.052056][T10533]  ? do_raw_spin_unlock+0x4d/0x240
[  235.052065][T10533]  f2fs_sync_dirty_inodes+0x31f/0x830
[  235.052074][T10533]  f2fs_write_checkpoint+0x95a/0x1df0
[  235.052084][T10533]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  235.052097][T10533]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  235.052104][T10533]  ? kfree+0x18e/0x440
[  235.052112][T10533]  ? kill_f2fs_super+0x298/0x6c0
[  235.052120][T10533]  kill_f2fs_super+0x2c3/0x6c0
[  235.052127][T10533]  ? __pfx_kill_f2fs_super+0x10/0x10
[  235.052133][T10533]  ? radix_tree_delete_item+0x2b6/0x400
[  235.052143][T10533]  ? shrinker_free+0x2ce/0x3e0
[  235.052151][T10533]  deactivate_locked_super+0xbc/0x130
[  235.052160][T10533]  cleanup_mnt+0x425/0x4c0
[  235.052168][T10533]  task_work_run+0x1d4/0x260
[  235.052177][T10533]  ? __pfx_task_work_run+0x10/0x10
[  235.052186][T10533]  ? __x64_sys_umount+0x122/0x160
[  235.052194][T10533]  ? __pfx___x64_sys_umount+0x10/0x10
[  235.052204][T10533]  ? rcu_is_watching+0x15/0xb0
[  235.052211][T10533]  exit_to_user_mode_loop+0xec/0x110
[  235.052220][T10533]  do_syscall_64+0x2bd/0x3b0
[  235.052231][T10533]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.052238][T10533]  ? exc_page_fault+0x9f/0xf0
[  235.052247][T10533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.052253][T10533] RIP: 0033:0x7f644398ff17
[  235.052260][T10533] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  235.052267][T10533] RSP: 002b:00007ffc6e19ae18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  235.052275][T10533] RAX: 0000000000000000 RBX: 00007f6443a11c05 RCX: 00007f644398ff17
[  235.052280][T10533] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e19aed0
[  235.052285][T10533] RBP: 00007ffc6e19aed0 R08: 0000000000000000 R09: 0000000000000000
[  235.052289][T10533] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc6e19bf60
[  235.052294][T10533] R13: 00007f6443a11c05 R14: 00000000000395ad R15: 00007ffc6e19bfa0
[  235.052301][T10533]  </TASK>
[  235.052305][T10533] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  235.307804][T12585] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2405'.
[  235.312534][T12585] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2405'.
[  235.337430][T12589] loop5: detected capacity change from 0 to 256
[  235.341577][T12589] exfat: Deprecated parameter 'utf8'
[  235.344036][T12589] exfat: Deprecated parameter 'utf8'
[  235.349770][T12589] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  235.358089][   T33] audit: type=1800 audit(235.232:117): pid=12589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2407" name="bus" dev="loop5" ino=1048688 res=0 errno=0
[  235.477044][T12599] loop5: detected capacity change from 0 to 2048
[  235.485062][T12599] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  235.493616][T12599] UDF-fs: error (device loop5): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376)
[  235.542194][T12601] loop6: detected capacity change from 0 to 7
[  235.545500][T12601] Dev loop6: unable to read RDB block 7
[  235.547424][T12601]  loop6: unable to read partition table
[  235.549296][T12601] loop6: partition table beyond EOD, truncated
[  235.552381][T12601] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5)
[  236.137565][   T10] f81534 3-1:0.12: f81534_set_register: reg: 1003 data: 68 failed: -71
[  236.142342][   T10] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  236.144856][   T10] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  236.147548][   T10] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  236.155107][   T10] usb 3-1: USB disconnect, device number 47
[  236.510294][T12623] loop5: detected capacity change from 0 to 512
[  236.517505][T12623] EXT4-fs (loop5): Test dummy encryption mode enabled
[  236.520359][T12623] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  236.525151][T12623] EXT4-fs (loop5): 1 truncate cleaned up
[  236.527382][T12623] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.543366][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.585356][T12629] loop5: detected capacity change from 0 to 256
[  236.592042][T12629] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  236.597786][T12629] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  236.604721][T12629] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  236.614547][T12629] exFAT-fs (loop5): error, broken FAT chain.
[  236.616710][T12629] exFAT-fs (loop5): Filesystem has been set read-only
[  236.619050][T12629] exFAT-fs (loop5): error, failed to bmap (inode : ffff88802cfcc1b8 iblock : 0, err : -5)
[  236.623532][T12629] exFAT-fs (loop5): write: fail to zero from 0 to 3707(-5)
[  237.579239][T12653] loop5: detected capacity change from 0 to 32768
[  237.582983][T12653] (syz.5.2433,12653,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  237.588006][T12653] (syz.5.2433,12653,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  237.595431][T12653] JBD2: Ignoring recovery information on journal
[  237.608719][T12653] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  237.628655][T12659] loop2: detected capacity change from 0 to 256
[  237.659147][T12659] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  237.671198][T10533] ocfs2: Unmounting device (7,5) on (node local)
[  237.718509][T12665] loop2: detected capacity change from 0 to 256
[  237.722128][T12665] exfat: Deprecated parameter 'utf8'
[  237.737888][T12665] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  237.773992][T12669] loop5: detected capacity change from 0 to 1024
[  237.776894][T12669] EXT4-fs: Ignoring removed oldalloc option
[  237.778993][T12669] EXT4-fs: Ignoring removed bh option
[  237.798122][T12669] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.832037][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.851855][T12678] loop5: detected capacity change from 0 to 512
[  237.854722][T12678] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  237.944281][T12689] netlink: 'syz.2.2448': attribute type 2 has an invalid length.
[  238.003432][T12697] 9pnet_fd: Insufficient options for proto=fd
[  238.046141][T12705] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2456'.
[  238.442256][T12714] loop2: detected capacity change from 0 to 32768
[  238.446724][T12714] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2459 (12714)
[  238.459054][T12714] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  238.463562][T12714] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  238.490912][T12714] BTRFS info (device loop2): enabling ssd optimizations
[  238.493233][T12714] BTRFS info (device loop2): enabling free space tree
[  238.495516][T12714] BTRFS info (device loop2): force zlib compression, level 3
[  238.512120][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  238.779590][ T5916] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  238.944829][ T5916] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  238.949230][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.953706][T12744] CUSE: unknown device info "!"
[  238.954525][ T5916] usb 3-1: Product: syz
[  238.955611][T12744] CUSE: zero length info key specified
[  238.957404][ T5916] usb 3-1: Manufacturer: syz
[  238.963338][ T5916] usb 3-1: SerialNumber: syz
[  238.991933][T12750] misc userio: Invalid payload size
[  239.046820][T12758] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2473'.
[  239.333204][T12769] loop5: detected capacity change from 0 to 128
[  239.336967][T12769] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  239.344741][T12769] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  239.386076][T12771] loop5: detected capacity change from 0 to 512
[  239.391250][T12771] EXT4-fs (loop5): filesystem is read-only
[  239.395470][T12771] EXT4-fs (loop5): filesystem is read-only
[  239.398130][T12771] EXT4-fs (loop5): orphan cleanup on readonly fs
[  239.402410][T12771] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2478: bad orphan inode 16
[  239.406851][T12771] ext4_test_bit(bit=15, block=3) = 0
[  239.412577][T12771] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  239.434144][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.897571][ T5916] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  239.903299][ T5916] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  239.907654][ T5916] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  239.913403][ T5916] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  239.921673][ T5916] usb 3-1: USB disconnect, device number 48
[  240.465553][T12790] loop2: detected capacity change from 0 to 1024
[  240.489633][  T187] hfsplus: b-tree write err: -5, ino 4
[  240.611287][T12788] loop5: detected capacity change from 0 to 32768
[  240.617306][T12788] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2485 (12788)
[  240.641267][T12788] BTRFS info (device loop5): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  240.650788][T12788] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  240.760201][T12788] BTRFS info (device loop5): turning off barriers
[  240.762937][T12788] BTRFS info (device loop5): enabling free space tree
[  240.797842][T12788] BTRFS warning (device loop5): can't clear the compat:0,compat:1 feature bits while mounted
[  240.839698][T12804] loop2: detected capacity change from 0 to 32768
[  240.846607][T10533] BTRFS info (device loop5): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  240.941798][T12804] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  240.941820][T12804]   allowing incompatible features above 0.0: (unknown version)
[  240.941898][T12804]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  240.964679][T12804] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  240.968803][T12804] bcachefs (loop2): initializing new filesystem
[  240.994032][T12804] bcachefs (loop2): going read-write
[  241.000434][T12804] bcachefs (loop2): marking superblocks
[  241.038282][T12804] bcachefs (loop2): initializing freespace
[  241.051324][T12804] bcachefs (loop2): done initializing freespace
[  241.063316][T12804] bcachefs (loop2): reading snapshots table
[  241.065886][T12804] bcachefs (loop2): reading snapshots done
[  241.082042][T12804] bcachefs (loop2): done starting filesystem
[  241.131418][ T5852] bcachefs (loop2): shutting down
[  241.133852][ T5852] bcachefs (loop2): going read-only
[  241.136359][ T5852] bcachefs (loop2): finished waiting for writes to stop
[  241.140990][ T5852] bcachefs (loop2): flushing journal and stopping allocators, journal seq 6
[  241.163590][ T5852] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 8
[  241.167660][ T5852] bcachefs (loop2): clean shutdown complete, journal seq 9
[  241.174020][ T5852] bcachefs (loop2): marking filesystem clean
[  241.191616][ T5852] bcachefs (loop2): shutdown complete
[  242.439541][   T51] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  242.475940][T12876] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  242.591085][   T51] usb 3-1: Using ep0 maxpacket: 16
[  242.594835][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.602733][   T51] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  242.608230][   T51] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  242.612432][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.618410][   T51] usb 3-1: config 0 descriptor??
[  242.963253][T12888] program syz.5.2517 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  243.032544][   T51] HID 045e:07da: Invalid code 65791 type 1
[  243.050806][   T51] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000E/input/input23
[  243.066854][   T51] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  243.434291][T12897] loop5: detected capacity change from 0 to 40427
[  243.446779][T12897] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  243.450349][T12897] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  243.476427][T12897] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  243.484327][T12897] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  243.487280][T12897] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  243.793735][   T33] audit: type=1800 audit(243.672:118): pid=12918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2525" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  244.028514][T12920] loop5: detected capacity change from 0 to 32768
[  244.815736][T12947] bridge0: entered allmulticast mode
[  244.818557][T12947] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2540'.
[  244.822996][T12947] bridge_slave_1: left allmulticast mode
[  244.825440][T12947] bridge_slave_1: left promiscuous mode
[  244.828062][T12947] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.835631][T12947] bridge_slave_0: left allmulticast mode
[  244.838307][T12947] bridge_slave_0: left promiscuous mode
[  244.841867][T12947] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.850015][T12947] bridge0 (unregistering): left allmulticast mode
[  245.224958][ T5916] usb 3-1: USB disconnect, device number 49
[  245.454549][T12960] loop5: detected capacity change from 0 to 512
[  245.581868][T12960] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2546: iget: bad extended attribute block 1
[  245.609685][T12960] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2546: couldn't read orphan inode 15 (err -117)
[  245.621521][T12960] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.647443][T10533] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.695416][T12967] loop5: detected capacity change from 0 to 8192
[  245.793912][T12967] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  245.796608][T12967] FAT-fs (loop5): Filesystem has been set read-only
[  246.876186][T12999] loop5: detected capacity change from 0 to 32768
[  246.885188][T12999] ERROR: (device loop5): diAllocBit: iag inconsistent
[  246.885188][T12999] 
[  246.889095][T12999] ERROR: (device loop5): remounting filesystem as read-only
[  246.892254][T12999] ialloc: diAlloc returned -5!
[  247.166754][T13008] loop2: detected capacity change from 0 to 7
[  247.170526][ T5852]  loop2:
[  247.171866][ T5852] loop2: partition table partially beyond EOD, truncated
[  247.177480][T13008]  loop2:
[  247.178505][T13008] loop2: partition table partially beyond EOD, truncated
[  247.316225][T13014] loop5: detected capacity change from 0 to 32768
[  247.321719][T13014] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2568 (13014)
[  247.330584][T13014] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  247.334432][T13014] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  247.346420][T13014] BTRFS info (device loop5): rebuilding free space tree
[  247.351222][T13014] BTRFS info (device loop5): enabling ssd optimizations
[  247.353674][T13014] BTRFS info (device loop5): using spread ssd allocation scheme
[  247.356312][T13014] BTRFS info (device loop5): enabling free space tree
[  247.358786][T13014] BTRFS info (device loop5): force clearing of disk cache
[  247.419562][ T5916] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  247.594126][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  247.616176][ T5916] usb 3-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  247.634130][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.680327][ T5916] usb 3-1: config 0 descriptor??
[  248.104026][ T5916] logitech-djreceiver 0003:046D:C71F.000F: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.2-1/input0
[  248.304047][ T5848] usb 3-1: USB disconnect, device number 50
[  249.098218][T13079] netlink: 'syz.5.2587': attribute type 4 has an invalid length.
[  249.210477][T13084] trusted_key: encrypted_key: key user:syz not found
[  249.869539][    C0] vkms_vblank_simulate: vblank timer overrun
[  250.406216][T13108] usb usb1: check_ctrlrecip: process 13108 (syz.5.2597) requesting ep 01 but needs 81
[  250.712377][T13136] loop2: detected capacity change from 0 to 2048
[  250.783554][T13138] tipc: Started in network mode
[  250.785632][T13138] tipc: Node identity ac141413, cluster identity 4711
[  250.788928][T13138] tipc: New replicast peer: 10.1.1.2
[  250.791797][T13138] tipc: Enabled bearer <udp:syz2>, priority 10
[  250.815938][T13136] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  250.823229][T13136] UDF-fs: Scanning with blocksize 512 failed
[  250.852084][T13136] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  356.069459][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  356.071813][    C1] rcu: 	0-...!: (0 ticks this GP) idle=b7cc/1/0x4000000000000000 softirq=62345/62351 fqs=1
[  356.076655][    C1] rcu: 	(detected by 1, t=10505 jiffies, g=42681, q=534 ncpus=2)
[  356.079794][    C1] Sending NMI from CPU 1 to CPUs 0:
[  356.079853][    C0] NMI backtrace for cpu 0
[  356.079863][    C0] CPU: 0 UID: 0 PID: 5293 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
[  356.079872][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  356.079876][    C0] RIP: 0010:its_return_thunk+0x0/0x10
[  356.079889][    C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e9 6b 13 b7 f5 cc
[  356.079895][    C0] RSP: 0018:ffffc90000007390 EFLAGS: 00000006
[  356.079902][    C0] RAX: ffffffff81ade57e RBX: ffff88810666d340 RCX: ffff888024ce8000
[  356.079907][    C0] RDX: 0000000000010100 RSI: 0000000000000000 RDI: ffff88810666d340
[  356.079911][    C0] RBP: ffffc90000007508 R08: ffff88810666d357 R09: 0000000000000000
[  356.079916][    C0] R10: ffff88810666d340 R11: ffffed1020ccda6b R12: ffff88810666d340
[  356.079920][    C0] R13: dffffc0000000000 R14: 1877385750000000 R15: ffff88804b027c80
[  356.079925][    C0] FS:  00007f93110eac80(0000) GS:ffff8880b861b000(0000) knlGS:0000000000000000
[  356.079930][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  356.079935][    C0] CR2: 00007f64447ecd58 CR3: 0000000020b7a000 CR4: 00000000000006f0
[  356.079962][    C0] Call Trace:
[  356.079967][    C0]  <IRQ>
[  356.079970][    C0]  debug_deactivate+0xe/0x200
[  356.079980][    C0]  __hrtimer_run_queues+0x2b0/0xc60
[  356.079989][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  356.079995][    C0]  ? ktime_get_update_offsets_now+0x3ab/0x3d0
[  356.080004][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  356.080014][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  356.080023][    C0]  sysvec_apic_timer_interrupt+0x52/0xc0
[  356.080032][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  356.080039][    C0] RIP: 0010:unwind_next_frame+0x11a/0x2390
[  356.080047][    C0] Code: 01 48 c7 c7 e0 3e 88 8b be 4b 03 00 00 48 c7 c2 20 3f 88 8b e8 a7 c3 2a 00 4c 89 6c 24 70 48 89 5c 24 68 4d 8d 6e 50 4c 89 e8 <48> c1 e8 03 48 89 44 24 38 80 3c 28 00 74 08 4c 89 ef e8 5f 52 b0
[  356.080053][    C0] RSP: 0018:ffffc90000007738 EFLAGS: 00000246
[  356.080058][    C0] RAX: ffffc90000007858 RBX: ffffffff8232f524 RCX: 405cb39908869e00
[  356.080063][    C0] RDX: 0000000000000000 RSI: ffffffff8be33660 RDI: ffffffff8be33620
[  356.080068][    C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
[  356.080072][    C0] R10: ffffc90000007858 R11: ffffffff81ac3810 R12: 1ffff92000000f01
[  356.080076][    C0] R13: ffffc90000007858 R14: ffffc90000007808 R15: ffffffff8172c195
[  356.080081][    C0]  ? unwind_next_frame+0xa5/0x2390
[  356.080088][    C0]  ? do_dentry_open+0x384/0x13f0
[  356.080094][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  356.080104][    C0]  ? unwind_next_frame+0xcb/0x2390
[  356.080111][    C0]  ? unwind_next_frame+0xa5/0x2390
[  356.080118][    C0]  ? do_dentry_open+0x384/0x13f0
[  356.080124][    C0]  ? rcu_core+0xc37/0x1770
[  356.080132][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  356.080140][    C0]  arch_stack_walk+0x11c/0x150
[  356.080148][    C0]  ? do_dentry_open+0x384/0x13f0
[  356.080155][    C0]  stack_trace_save+0x9c/0xe0
[  356.080162][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  356.080169][    C0]  ? kasan_save_track+0x4f/0x80
[  356.080177][    C0]  ? kasan_save_track+0x3e/0x80
[  356.080184][    C0]  ? kasan_save_free_info+0x46/0x50
[  356.080190][    C0]  ? __kasan_slab_free+0x5b/0x80
[  356.080198][    C0]  ? kfree+0x18e/0x440
[  356.080205][    C0]  ? slab_free_after_rcu_debug+0x60/0x2a0
[  356.080212][    C0]  kasan_save_track+0x3e/0x80
[  356.080219][    C0]  ? kasan_save_track+0x3e/0x80
[  356.080226][    C0]  ? kasan_save_free_info+0x46/0x50
[  356.080232][    C0]  ? __kasan_slab_free+0x5b/0x80
[  356.080239][    C0]  ? slab_free_after_rcu_debug+0x129/0x2a0
[  356.080245][    C0]  ? rcu_core+0xcab/0x1770
[  356.080253][    C0]  ? handle_softirqs+0x286/0x870
[  356.080259][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  356.080265][    C0]  ? irq_exit_rcu+0x9/0x30
[  356.080270][    C0]  ? sysvec_apic_timer_interrupt+0xa6/0xc0
[  356.080277][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  356.080283][    C0]  ? __kmalloc_noprof+0x6a/0x4f0
[  356.080291][    C0]  ? tomoyo_encode+0x28b/0x550
[  356.080298][    C0]  ? tomoyo_realpath_from_path+0x58d/0x5d0
[  356.080304][    C0]  ? tomoyo_check_open_permission+0x1c1/0x3b0
[  356.080312][    C0]  ? security_file_open+0xb1/0x270
[  356.080320][    C0]  ? do_dentry_open+0x384/0x13f0
[  356.080331][    C0]  kasan_save_free_info+0x46/0x50
[  356.080337][    C0]  __kasan_slab_free+0x5b/0x80
[  356.080345][    C0]  slab_free_after_rcu_debug+0x129/0x2a0
[  356.080352][    C0]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[  356.080358][    C0]  ? rcu_core+0xc37/0x1770
[  356.080367][    C0]  rcu_core+0xcab/0x1770
[  356.080378][    C0]  ? __pfx_rcu_core+0x10/0x10
[  356.080388][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  356.080395][    C0]  ? sched_clock_cpu+0x74/0x430
[  356.080405][    C0]  ? ktime_get+0x3e/0x1f0
[  356.080411][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  356.080418][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  356.080427][    C0]  ? __local_bh_disable_ip+0xf1/0x190
[  356.080433][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  356.080441][    C0]  handle_softirqs+0x286/0x870
[  356.080447][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  356.080454][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  356.080461][    C0]  __irq_exit_rcu+0xca/0x1f0
[  356.080467][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  356.080473][    C0]  irq_exit_rcu+0x9/0x30
[  356.080479][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  356.080487][    C0]  </IRQ>
[  356.080489][    C0]  <TASK>
[  356.080492][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  356.080498][    C0] RIP: 0010:__kmalloc_noprof+0x6a/0x4f0
[  356.080506][    C0] Code: 67 03 00 00 f7 c5 11 00 40 00 0f 85 65 03 00 00 45 31 f6 41 8d 4f ff 49 81 ff c0 00 00 00 77 0c c1 e9 03 0f b6 81 10 f8 bd 8d <eb> 0a b8 ff ff ff ff 0f bd c1 ff c0 89 c3 83 f8 0e 0f 83 5a 03 00
[  356.080511][    C0] RSP: 0018:ffffc9000273f4f0 EFLAGS: 00000206
[  356.080516][    C0] RAX: 0000000000000006 RBX: ffff88801fd4afd6 RCX: 0000000000000006
[  356.080520][    C0] RDX: ffff888024ce8000 RSI: 0000000000000d40 RDI: 0000000000000032
[  356.080524][    C0] RBP: 0000000000000d40 R08: ffff88801fd4afd6 R09: 0000000000000fd6
[  356.080528][    C0] R10: ffff88801fd4afd6 R11: 0000000000000fd6 R12: ffff88801fd4affc
[  356.080533][    C0] R13: 0000000000000027 R14: 0000000000000000 R15: 0000000000000032
[  356.080539][    C0]  ? tomoyo_encode+0x28b/0x550
[  356.080546][    C0]  tomoyo_encode+0x28b/0x550
[  356.080553][    C0]  tomoyo_realpath_from_path+0x58d/0x5d0
[  356.080561][    C0]  tomoyo_check_open_permission+0x1c1/0x3b0
[  356.080569][    C0]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  356.080577][    C0]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  356.080590][    C0]  ? rcu_is_watching+0x15/0xb0
[  356.080596][    C0]  ? tomoyo_file_open+0x165/0x220
[  356.080603][    C0]  security_file_open+0xb1/0x270
[  356.080612][    C0]  do_dentry_open+0x384/0x13f0
[  356.080619][    C0]  ? vfs_open+0x31/0x340
[  356.080625][    C0]  vfs_open+0x3b/0x340
[  356.080630][    C0]  ? path_openat+0x2ecd/0x3830
[  356.080638][    C0]  path_openat+0x2ee5/0x3830
[  356.080645][    C0]  ? arch_stack_walk+0xfc/0x150
[  356.080654][    C0]  ? stack_depot_save_flags+0x40/0x860
[  356.080665][    C0]  ? __pfx_path_openat+0x10/0x10
[  356.080671][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.080680][    C0]  do_filp_open+0x1fa/0x410
[  356.080687][    C0]  ? __pfx_do_filp_open+0x10/0x10
[  356.080697][    C0]  ? _raw_spin_unlock+0x28/0x50
[  356.080705][    C0]  ? alloc_fd+0x64c/0x6c0
[  356.080715][    C0]  do_sys_openat2+0x121/0x1c0
[  356.080722][    C0]  ? __pfx_do_sys_openat2+0x10/0x10
[  356.080730][    C0]  __x64_sys_openat+0x138/0x170
[  356.080737][    C0]  do_syscall_64+0xfa/0x3b0
[  356.080746][    C0]  ? rcu_is_watching+0x15/0xb0
[  356.080752][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.080758][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.080764][    C0] RIP: 0033:0x7f9310d169a4
[  356.080771][    C0] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[  356.080776][    C0] RSP: 002b:00007ffd052b4c70 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  356.080782][    C0] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f9310d169a4
[  356.080787][    C0] RDX: 0000000000080000 RSI: 00007ffd052b4da8 RDI: 00000000ffffff9c
[  356.080791][    C0] RBP: 00007ffd052b4da8 R08: 0000000000000008 R09: 0000000000000001
[  356.080807][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000
[  356.080810][    C0] R13: 000055d8f8d97b42 R14: 0000000000000001 R15: 0000000000000000
[  356.080817][    C0]  </TASK>
[  356.080823][    C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g42681 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  356.377224][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  356.380958][    C1] rcu: RCU grace-period kthread stack dump:
[  356.383262][    C1] task:rcu_preempt     state:R  running task     stack:27496 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  356.388811][    C1] Call Trace:
[  356.390263][    C1]  <TASK>
[  356.391453][    C1]  __schedule+0x1798/0x4cc0
[  356.393062][    C1]  ? rcu_is_watching+0x15/0xb0
[  356.394650][    C1]  ? __pfx___schedule+0x10/0x10
[  356.396253][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  356.398223][    C1]  ? schedule+0x91/0x360
[  356.399670][    C1]  ? rcu_is_watching+0x15/0xb0
[  356.401330][    C1]  ? lock_release+0x4b/0x3e0
[  356.402881][    C1]  schedule+0x165/0x360
[  356.404268][    C1]  schedule_timeout+0x12b/0x270
[  356.405898][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  356.407652][    C1]  ? rcu_is_watching+0x15/0xb0
[  356.409263][    C1]  ? __pfx_process_timeout+0x10/0x10
[  356.411086][    C1]  ? prepare_to_swait_event+0x341/0x380
[  356.412954][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  356.414632][    C1]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[  356.416650][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  356.418431][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  356.420206][    C1]  ? finish_swait+0xcd/0x1f0
[  356.422049][    C1]  rcu_gp_kthread+0x99/0x390
[  356.423962][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  356.425696][    C1]  ? __kthread_parkme+0x7b/0x200
[  356.427376][    C1]  ? __kthread_parkme+0x1a1/0x200
[  356.429082][    C1]  kthread+0x711/0x8a0
[  356.430469][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  356.432239][    C1]  ? __pfx_kthread+0x10/0x10
[  356.433795][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  356.435552][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.437283][    C1]  ? __pfx_kthread+0x10/0x10
[  356.438850][    C1]  ret_from_fork+0x3fc/0x770
[  356.440390][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  356.442126][    C1]  ? __switch_to_asm+0x39/0x70
[  356.443925][    C1]  ? __switch_to_asm+0x33/0x70
[  356.445673][    C1]  ? __pfx_kthread+0x10/0x10
[  356.447244][    C1]  ret_from_fork_asm+0x1a/0x30
[  356.449111][    C1]  </TASK>
[  356.450350][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  356.452735][    C1] CPU: 1 UID: 0 PID: 6202 Comm: kworker/u10:4 Not tainted syzkaller #0 PREEMPT(full) 
[  356.456127][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  356.459602][    C1] Workqueue: events_unbound toggle_allocation_gate
[  356.462222][    C1] RIP: 0010:smp_call_function_many_cond+0xd33/0x12d0
[  356.464932][    C1] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 b6 62 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 61 5e 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 45 5e
[  356.472635][    C1] RSP: 0018:ffffc90004f67660 EFLAGS: 00000293
[  356.475135][    C1] RAX: ffffffff81b44ceb RBX: 1ffff11009608341 RCX: ffff888105dd3980
[  356.478142][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  356.481171][    C1] RBP: ffffc90004f677e0 R08: ffffffff8fa38337 R09: 1ffffffff1f47066
[  356.484304][    C1] R10: dffffc0000000000 R11: fffffbfff1f47067 R12: ffff88804b041a08
[  356.486945][    C1] R13: dffffc0000000000 R14: ffff88813663b1c0 R15: 0000000000000000
[  356.489572][    C1] FS:  0000000000000000(0000) GS:ffff8881a3c1b000(0000) knlGS:0000000000000000
[  356.492526][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  356.494715][    C1] CR2: 000000110c31585e CR3: 000000000df36000 CR4: 00000000000006f0
[  356.497457][    C1] Call Trace:
[  356.498595][    C1]  <TASK>
[  356.499629][    C1]  ? kmem_cache_alloc_bulk_noprof+0x148/0x790
[  356.501627][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  356.503333][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  356.505429][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  356.507226][    C1]  ? kmem_cache_alloc_bulk_noprof+0x148/0x790
[  356.509254][    C1]  ? __pfx___text_poke+0x10/0x10
[  356.510912][    C1]  ? rcu_is_watching+0x15/0xb0
[  356.512512][    C1]  ? trace_contention_end+0x39/0x120
[  356.514739][    C1]  ? __mutex_lock+0x335/0x1350
[  356.516728][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  356.518820][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[  356.521025][    C1]  smp_text_poke_batch_finish+0x5f9/0x1130
[  356.523405][    C1]  ? arch_jump_label_transform_apply+0x17/0x30
[  356.525876][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  356.527744][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  356.529821][    C1]  ? arch_jump_label_transform_queue+0x97/0x110
[  356.531916][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  356.534319][    C1]  static_key_enable_cpuslocked+0x128/0x250
[  356.536735][    C1]  static_key_enable+0x1a/0x20
[  356.538745][    C1]  toggle_allocation_gate+0xad/0x240
[  356.540957][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  356.543388][    C1]  ? rcu_is_watching+0x15/0xb0
[  356.545374][    C1]  ? lock_acquire+0x5f/0x360
[  356.547293][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  356.549615][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  356.551941][    C1]  process_scheduled_works+0xae1/0x17b0
[  356.554134][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  356.556580][    C1]  worker_thread+0x8a0/0xda0
[  356.558397][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  356.560998][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  356.563142][    C1]  ? __kthread_parkme+0x7b/0x200
[  356.565156][    C1]  kthread+0x711/0x8a0
[  356.566844][    C1]  ? __pfx_worker_thread+0x10/0x10
[  356.568969][    C1]  ? __pfx_kthread+0x10/0x10
[  356.570871][    C1]  ? rcu_is_watching+0x15/0xb0
[  356.572815][    C1]  ? __pfx_kthread+0x10/0x10
[  356.574699][    C1]  ret_from_fork+0x3fc/0x770
[  356.576636][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  356.578744][    C1]  ? __switch_to_asm+0x39/0x70
[  356.580719][    C1]  ? __switch_to_asm+0x33/0x70
[  356.582373][    C1]  ? __pfx_kthread+0x10/0x10
[  356.583923][    C1]  ret_from_fork_asm+0x1a/0x30
[  356.585502][    C1]  </TASK>

VM DIAGNOSIS:
08:00:42  Registers:
info registers vcpu 0

CPU#0
RAX=405cb39908869e00 RBX=ffffffff99d2f4a0 RCX=405cb39908869e00 RDX=0000000000000000
RSI=ffffffff8be33660 RDI=ffffffff99d2f4a0 RBP=ffffc900000072f8 RSP=ffffc90000007258
R8 =0000000000000001 R9 =0000000000000000 R10=ffffc90000007320 R11=fffff52000000e66
R12=dffffc0000000000 R13=dffffc0000000000 R14=0000000000000802 R15=1ffff92000000e4c
RIP=ffffffff819dfec0 RFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f93110eac80 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f64447ecd58 CR3=0000000020b7a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000000000000041 000055d91300302e
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffffff00 ffff000000ff0000 XMM09=0000000000000041 000055d91300302e
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001e02b0
R8 =ffff888021618237 R9 =1ffff110042c3046 R10=dffffc0000000000 R11=ffffffff854f1c80
R12=dffffc0000000000 R13=ffffffff99afa90b R14=ffffffff99def3e0 R15=0000000000000000
RIP=ffffffff854f1cfc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c31585e CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4cac412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
