last executing test programs:

1m6.561071168s ago: executing program 3 (id=34):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000004640)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_IOCTL(r2, &(0x7f0000000380)={0x20, 0x0, r4, {0x400, 0x0, 0x7}}, 0x20)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4014, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0x1}}, 0x20000)

1m6.530491514s ago: executing program 3 (id=35):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@multicast1, @in=@private=0xf0, 0x1ffe, 0xff, 0xfffc, 0x41, 0x2}, {0x6, 0x3, 0xfffffffffffffffe, 0x10000000, 0x4, 0x0, 0x80000000000000}, {0x402, 0x3, 0x0, 0x800}, 0x4000008, 0x0, 0x1, 0x0, 0x2, 0x2}, {{@in=@dev={0xac, 0x14, 0x14, 0xe}, 0x4d6, 0x32}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffffffff, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe}}, 0xe8)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000008100)='/sys/power/pm_freeze_timeout', 0x68800, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0xc82, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0xeffffffa, 0xb, 0xfffffff8, 0xfffffffc, 0x7f, "db5909003a7f000700"})
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e)
request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='].\x00', 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0xa)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x1004, 0x9}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r3}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r4, &(0x7f0000000900)}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x28031, 0xffffffffffffffff, 0x8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x10e)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000100)={0xc631, 0x8, 0x2007, 0xb, 0x18, "e303201bb6000180000000000000ffe74400"})

1m5.62121913s ago: executing program 3 (id=48):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5, 0x0, 0x800}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)

1m5.607903778s ago: executing program 3 (id=49):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000014000/0x4000)=nil)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)

1m5.532810334s ago: executing program 3 (id=51):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0x104, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xd8, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x809, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x243, 0x7ffd, 0x6}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x100008, 0x42}, {0x6, 0x4, 0x12c5, 0x8}, {0x317, 0x0, 0x0, 0x8001}, {0x2, 0x1800004, 0xa525}]}}, @TCA_U32_POLICE={0x40, 0x6, [@TCA_POLICE_TBF={0x3c, 0x1, {0x28bf, 0x20000001, 0xebb, 0x1, 0x2, {0x3, 0x2, 0x3, 0x2, 0x6}, {0xf3, 0x1, 0xfffb, 0x6f4, 0x6, 0x6}, 0x6, 0x0, 0xfafd}}]}]}}]}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0xc040)
close_range(r0, 0xffffffffffffffff, 0x0)

1m5.117520854s ago: executing program 3 (id=57):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1})
io_setup(0xff, &(0x7f0000000180)=<r1=>0x0)
eventfd2(0x10000, 0x0)
io_submit(r1, 0x0, 0x0)

1m5.067250325s ago: executing program 32 (id=57):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1})
io_setup(0xff, &(0x7f0000000180)=<r1=>0x0)
eventfd2(0x10000, 0x0)
io_submit(r1, 0x0, 0x0)

4.830631251s ago: executing program 0 (id=618):
r0 = socket$kcm(0xa, 0x3, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, &(0x7f0000001080)=[{0x0}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838029f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2}, 0x9fc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x832, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2cc8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e046e513b3177e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc"], 0x0}, 0x90)
r4 = socket$rds(0x15, 0x5, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r4, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x2020, 0x1})
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)
memfd_secret(0x80000)

4.56927742s ago: executing program 0 (id=621):
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x2}}, 0xfffffffffffffea2)
mprotect(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
syz_emit_ethernet(0x52, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd608a27f2000f2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa000201"], 0x0)

4.355612819s ago: executing program 0 (id=624):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@multicast1, @in=@private=0xf0, 0x1ffe, 0xff, 0xfffc, 0x41, 0x2}, {0x6, 0x3, 0xfffffffffffffffe, 0x10000000, 0x4, 0x0, 0x80000000000000}, {0x402, 0x3, 0x0, 0x800}, 0x4000008, 0x0, 0x1, 0x0, 0x2, 0x2}, {{@in=@dev={0xac, 0x14, 0x14, 0xe}, 0x4d6, 0x32}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffffffff, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe}}, 0xe8)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000008100)='/sys/power/pm_freeze_timeout', 0x68800, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0xc82, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0xeffffffa, 0xb, 0xfffffff8, 0xfffffffc, 0x7f, "db5909003a7f000700"})
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e)
request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='].\x00', 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0xa)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x1004, 0x9}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r3}, 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r4, &(0x7f0000000900)}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x10e)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000100)={0xc631, 0x8, 0x2007, 0xb, 0x18, "e303201bb6000180000000000000ffe74400"})

3.502326271s ago: executing program 0 (id=634):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000280)=0x630a, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
recvmmsg(r0, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000300)=""/122, 0x7a}, {0x0}], 0x2}, 0xe4}], 0x1, 0x40012020, 0x0)

3.432060187s ago: executing program 0 (id=635):
r0 = syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000fc0)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001540)={0x34, &(0x7f00000008c0)={0x40, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000003880)={0x34, &(0x7f0000003640)={0x20, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000180)={0x60, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f00000006c0)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000b00)={0x34, &(0x7f0000000000)=ANY=[], &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x9}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000004300)={0x34, &(0x7f0000000100)=ANY=[@ANYBLOB="400c08000000f25afa9b1d"], 0x0, 0x0, 0x0, 0x0, 0x0})

3.43182643s ago: executing program 1 (id=636):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00'})
sendmsg$nl_route(r0, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})

3.409355289s ago: executing program 1 (id=637):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=@newsa={0x184, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0x2}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @tmpl={0x44, 0x5, [{{@in6=@mcast2, 0x4d6, 0x3c}, 0x2, @in6=@remote, 0x3500, 0x4, 0x3, 0x80, 0x2, 0x5, 0x1}]}, @XFRMA_IF_ID={0x8, 0x1f, 0x3}]}, 0x184}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r6, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800d1}, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000000)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffff, 0x3}}, {{@in=@loopback, 0x0, 0x6c}, 0xa, @in=@loopback}}, 0xe8)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0)

2.503063694s ago: executing program 1 (id=645):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
syz_open_dev$vim2m(&(0x7f0000000b00), 0x57, 0x2)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000000)={0x0, 0x0, {0x401, 0x4, 0x300a, 0x1, 0x5, 0x8, 0x0, 0x2}})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000ac0))
r3 = dup(0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r3})
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r1})
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYRES16], 0x0)

1.973263067s ago: executing program 2 (id=649):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b00)={{r2}, &(0x7f0000000a80), &(0x7f0000000ac0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.938614128s ago: executing program 2 (id=652):
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e00000003030000bb060000a99700d781bd24fd", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32], 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069840b000000000000000800010002"], 0x20}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="d4010000400000001800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xa5}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0xfc}}, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340), 0x40201, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x4881}, 0x8000)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.852096537s ago: executing program 2 (id=654):
r0 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r0, 0x81044804, &(0x7f0000000400)={0x7ffffffe})

1.851920419s ago: executing program 1 (id=655):
semop(0x0, &(0x7f00000000c0)=[{0x4, 0xb}, {0x2}], 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4b23})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)

1.851699717s ago: executing program 2 (id=656):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@multicast1, @in=@private=0xf0, 0x1ffe, 0xff, 0xfffc, 0x41, 0x2}, {0x6, 0x3, 0xfffffffffffffffe, 0x10000000, 0x4, 0x0, 0x80000000000000}, {0x402, 0x3, 0x0, 0x800}, 0x4000008, 0x0, 0x1, 0x0, 0x2, 0x2}, {{@in=@dev={0xac, 0x14, 0x14, 0xe}, 0x4d6, 0x32}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffffffff, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe}}, 0xe8)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000008100)='/sys/power/pm_freeze_timeout', 0x68800, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0xc82, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0xeffffffa, 0xb, 0xfffffff8, 0xfffffffc, 0x7f, "db5909003a7f000700"})
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e)
request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='].\x00', 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0xa)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x1004, 0x9}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r3}, 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r4, &(0x7f0000000900)}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x10e)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000100)={0xc631, 0x8, 0x2007, 0xb, 0x18, "e303201bb6000180000000000000ffe74400"})

1.799907971s ago: executing program 4 (id=657):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

1.599938491s ago: executing program 4 (id=659):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x3432564e}})

1.582750659s ago: executing program 4 (id=660):
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x18, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb8}}, 0x0)

1.208086233s ago: executing program 5 (id=662):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x3)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x4e21, 0x0, @mcast2, 0x8}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xf, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ_RESET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, 0x15, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4080046}, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e21, 0x0, @loopback, 0xfffffc01}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347103e55eb4285bf274bca67efbff2fdf98328de9434031348589bf28046d14810000000e3bfffff00"}, 0xd8)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, 0xffffffffffffffff, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r7, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='setgroups\x00')

1.207808378s ago: executing program 5 (id=663):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b00)={{r2}, &(0x7f0000000a80), &(0x7f0000000ac0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.193747456s ago: executing program 5 (id=664):
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="04222c10"], 0x13)

1.171913568s ago: executing program 5 (id=665):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x40094}, 0x40000)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r4 = syz_open_pts(r3, 0x141601)
fcntl$setstatus(r4, 0x4, 0x102800)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
r5 = getpid()
capset(&(0x7f0000000180)={0x20071026, r5}, &(0x7f0000000200)={0x0, 0xfffffffa, 0x2, 0xffff, 0x45, 0xffffffff})
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0xe)
close_range(r2, 0xffffffffffffffff, 0x0)

988.005686ms ago: executing program 4 (id=666):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000140)=ANY=[], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f00000005c0)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

942.309045ms ago: executing program 2 (id=667):
fsopen(0x0, 0x0)
madvise(&(0x7f0000d9d000/0x1000)=nil, 0x1000, 0x12)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00')
read$char_usb(r1, &(0x7f0000000040)=""/4109, 0x100d)

673.416488ms ago: executing program 0 (id=668):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c40)=ANY=[@ANYBLOB="bf16000000000000b7070000ff030000487000000000000050000000000000009500000000000000e83d24a394a293b3bd23212fb56fa54f0b71d0e6adfefc41d86b60717142fa9ea4318123741c0a0f168c1886bf0fccf8d56ccb659427cf8593dbe3a2a3ad358061011fbc5ba1f07318988e6e01a41cc0990d0dc840a23f72eca0b2d89fc474c2a10000000077beee1cebf45fab73962fa8f6296b32a8343881dcc7b1b85f3c3da4cd36414e90a61965c3de4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d0054ce21fa41181a9580cfca031e5388ee5c9a7ddd04201f5200001fcadf95e5a4725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f588cb211624f40401691721715f46e0500000000000000a663739a190a4e825c908c0abc85d457ec5a57cb706eef32a3ed12d63c9c4c508530e173650a8a8f2a9c81bcffe437bccbe158024d8d4939e6fd9adc43f0f4b049218db92bf466e934330ed79bc9f626d68b0000600057d14854eef851bc8c30f5d0df6b94ea0b852d495085ff4eabaac9606f0497958c2c357a7124a69f6770ea6702bc53896a15fad5e55c64efd217450a975221b20d78e445e3da74a3c1e59bae44546bde4ac6de55a480f3ad5dc0f2d1818b696492285f60d914283f8d687b0bdb46261277671bba2c550bfef679bddf38ab35eaaf0268c4efa45b56a188a9195044a222ec06bb49784d5608d87c4832e4305bf8889e5db2a70f6a83d4b3cdc12546d2e9f6720dec489b6276856de6d895704ba3e8ee12c8121ffc4f5d2ae03f0227dcc4f38699d3db16f69ed45e918b07ce58bf576e253364fe0000000084f897400d4f5503a6e9ea4a480e3221f3c247ee8c55e487eaa25a7689689c9c305da4b0181f0f653fec399fcc0cc800e82bde039cc29c19b538c76e65642875bddbef61e5985751d9ebd37d2f32375357b5d2b4dc24baa6a7010038380f7029a292f1ad05000000e4e801a819aef69d081e2cacaa8ad1b4ca6df5dc37962ebc5337379e00645b6d2bec249c0612510000000000a7060d8d9b9ad109b62d1dab0eec6beabc76d765b9caf70900000399772ddfe89be4338e70d0ecfed537780a31fcaf4acaf9bd3711a4359d68ec71b0693ede07e7d18e797697901fbae4a9d9966b68eadae75ef1b8931b0818a57e5136fb8c61d73b17d8fd55c2b8d321a6cba8743114fcff01e5c10200c512000800009a021d377e477ea807cc00919ee8bfbd090034f67609cfde8877b5bb072572b421d6b1fdae83e5e250190628d02d01f978323fe36685e652ceb218a9cc9e125a4880faccaf5ac2345f20b1ee403885790500d0bc75c7e95d23904dc446e0201aafea0d3f4cc0cf285ccd000000000100005aee4199a34686905441c1fa62ed20328a10690432f59a4d3e05bd00997ea2b6f5213cb883d05b620f31869f6cce80f1ae09009ed7e3c5f3aa61bfd240cb9726bc512ba0eb1f68579c76144feb0100809f12bcf79c4d57f66703c2aee08e52de3eff160623e1af555dc7481128ed0bab22dcb6e5b6ac5e4010eaf2510fa440aabfdc80c77108c769ed2d666c555c6c38b30899a688d96a6c6dc0dd4309f6548765d3f53261b4890aa004e7f667a230b22bc6e248bf56b219d9a547b6e1c5077c9ba463329323b53910e7358b4d0c6882c590cf25e4d044a6afb10a070f285e3c94ed405aa8dc41718dd3f4bf474868538aad9a23f85a707e325c10a9f22e37c4213d0ca2910726de8e62d2e3ae7f64e40c7af3dc00bab70cf607869c5a11a03bce8aa43fa010348bc2fb420ba5e344fcdcb302548e571157d323f5fd535800284d32ffff000088ccd685f07309101a3196b705479897f4c9d97c4c7b77db7b15bfb4305d5e954a34385418e665af882a7d505323070929b228bc94b70300000066dab8c4e63debff174621a0ac7dd85b14cb7616ca23f044bd0ccd1c79292c3aa8f6e4a1c27315ef8d55781edbe368f72aeb2f48256131aaab707451c14747dfa3bb5f8725a98f6d3c797573f18810bf378e38107ece5cb7cf3b98975e9254248af60de2f04e2429d9b6eba525fd1b1b665f77710fa494e2b619c975acd535fc78696fc980573c35e9916f0000000000002c8ee5ec55faffffffffffffffcd59cc0600000053d0a1f4ea4477022c9f376b3191efeb46be3c174fb24009379bbc949fd2923715540556450f12d1645177ce3eca0d65d17deff51a024f0180000000006100499e829bda469048c70e5968375feb39e6918e591a384851ba3079ad9c376bdaf0650e212eb4185cbbb6c0dc0e699afc34ca3b9a307cd2519cd9b192d678492ea2228ff0817d68f97b18402d271036067c141b911c4e0207e2c9d37ac203f440e1a065a2d227c6ec860c0104000000000000fe7144ec680c0dac7b5906a6197c8173080c9ab3ecb72820f04a42e4a43ee3f325f93edb3a204b9c9dc8953375e37c83876f248d91f166676b54781c6855c5e067ab2c2c6d22b20a703d68d77312333deff80883cb5a25c738f4e7cbb075e10f5c36396156abb221adebb9303342bfa2b745a5e045d5db847e4810270ed1c5bbb1548ec3184ff9b8ed1687333d0e0412d452ba6b390199bd684ff458d6c8114833efde87215e5f9569d92d24579f3ef473bce24e61eb21336ad441eea93cbcb69d2156b9b6e3000000000000000000fc411d2eadcadc7c0a2c12410e4b9d634807f2a6f1c3a13508e274ecef5cfccb707a1640973973fd2d1d60138d9b7a778827fd07fbd093a0ba779dcd32556613e1fac161825da91acde7fa964c689b1f0ea96047a98260270c3a3ccb2142b074db79aa88614663ff33f9966502a2361e49aabe58eb086c5827dd9d92fa4ff0c0e8b949d585f2cbc111de478905cb37f3cbfb019c6daace508b926718506a577234468f9279a52360d1a80b88b4eb1cda949ca77b6ec43bdf5f5a400989705746b86b400947891b33d591ec5ea9ae45983273f62027998d72f83625021a72e27e0449fa154ade55071546d4000000000000000000000000000000002f907c5db9c967a1f86c57bb5062fed7c37ec16a7e62b6e370c3c5a32adee9032367814394a7a7fd12c44b81fb5ac2ad92220a72aa3355e894cbefe344a6b5eb4c25128d5427a640faae401eccf3aca4294410461e946010c50f9ee556b38eae0b252ef288397672bbbd17e5306589f93dc130b6be5b19dfb2462348355ef24762509cf29becacf8515abe299b8a7dfd585f5dbf7578bfdbfa37deeb872c3291b59349238add315cd18e6f4196b404e48955657d680511c7ba7f5e0f9d97d649583190c78015aaf4db05aa2a6cc9d00084ce958406e09fe508a0ee5feb2d34f48d87000000000000001108780004ec696f618c20771a7ae436d733f603f20c9189567b63d47fae002e616969d888a418d139a25b11c0da7aecb8c14f1a879f7b985ab634b0f5cdb2090ad2c336e9a28289247ef4f3cfcafa393927d27711ed0543a5e8ec6c1c62082549791f75fccd54582f990234496954e6e54bcbb90f2756912ab7e511a55a9e0512e5c1c10bcd76ee4799af611179a39bd0c0323cae1aaaaaa8dafb55bca104ada3252c5d9de5b9cdb6217c35ca3d28b1d8b9d2fa79376c13167a9ef1b1f4b7509debbeacc153ca8bea4a0a65ee1d1d20a9106499f0bf7f416b051e835d790ac978b90143d9125224f74b6167f7a967c7e33eb5f43570b9f3c91371968a30e528968b233d0396db424e5fd73d380318e9676d074dd5ce552a222e250f9f6d0bdd9e46e7f22d9abfd4573b57e3b52d407b464b0146ea15560a2ce034b1623fecc84842928223d17ce4ab31ef4c2a9f9caebf65341fa3da1bbae7972097e24603b9db8edc25a152bd39af179eab23ed555040c2bbb89ea22c08b97264b3616a41abfad0ab12a79574c60cf1841ea45f10e9438e55e1e0eb645200993b08833bb14517b0d0e5ba72bdacd92d57b6029129c95ab0a93857c7205e8450b27aee5e684ece77f53112873f40247a998cc896ab4d55573c7a7ef2936a29425cab46cd4fdd1452ea8429c63c74d5673f5e4d47d1b001d0d3a9e1d5c840ab37a69cb30d17ff7591f01549e552dc43b672e0feff94408171d682565dc2d84476297c6901040000cb9f7f2eb690d7a032c09f0a3d48663fe5ece30f592d71755dd6cbfac96016a2ecd4e499ce9adce6e59db0494fa25117a2bc13275c9a94a3532c1b8417e9ed5e6cd5f51f8ccc878ba73305ad19b0cf05625439cdf688d33c8fd6cf52c5c5685444b65eb918884727d3a780bdac17d447745e4accd85d3aca4d63127bb3a58095cffa08a6cecae329dd5f47552c40b560b05e962363e99300d61931ddd97444c2bae02edb26383cb96ee7d2742d24dc7e9b6dac831674ae09b7d180ebb30b9221480ad78706dadf7ca3540eb6c6c43dc7e31b2c8d188f28d6ab10d3c0c97b9f6b5feb9abeb6a801975c0bbab0b1fed7485f2fca1730906a6dc1914386118646dab2618582c4ce0a8ce7a1a3ca7d56f6ca8c7d43cad0116c70751a0db051d9adc4ab34dafbca31fecd9191d38fa011a4c1fc19df0b9aac3a0de17dc01b413c4d4eccf9eb1cd90569508fc6479111544807f11dad193a170ac290f28d3e7f702c5bced7ed90c3251897446fdbb1195136d9092168e2deedb3e0afdf0f543363fbf8759df07270981c0bd7260998963e45a2c84e8b82ddfa98dab68a23cfb2ffa4fcc4ebcd38f273e9bdb240f77eb51e259bb88dc383b19107af39ffcc708a1278b3e53c2130a9c7150593794f8f22ae9b2ff0d46c8d175bf9ff227870f1dcecd5b564d20230ac32a10982cf1bbe5ca15ed6d85b2c447f3fb0872ea6170352fd4c76c75941d1c3684a466c81a5892e9f56c0b512be586381c2390aaf93347d318aa5de4322b11088435730c69bc1cfd96d869803a3113b2a33dbf7973434ba9e4ec15c0423bb384975498ff56bf8b51237"], &(0x7f0000000140)='GPL\x00'}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = dup(r2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0xf, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r5, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r4, 0x0, r2, 0x0, 0x20000000000002, 0x7)

551.071146ms ago: executing program 2 (id=669):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000005c0)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='@\t\f'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000040)={0x40, 0x13, 0x28, "162039a1db8728ccc32171e8cb00603fb7181b0369a729822bcf599dea680baff2ae1a551f6f7000"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f00000002c0)={0x0, 0x13, 0xc, "f42732933b1890fe16787e72"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

460.047307ms ago: executing program 1 (id=670):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000ec0)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x6, 0x4, 0x1, 0x2b, 0x45, 0x68, 0x0, 0x60, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, {[@noop]}}, "11f3305280f125e6e11a9314b296b53b5d25867c0a8c27b6478984da4eb57d56be4ee0efb45c215a64d718cb6f"}}, 0x53)

391.393229ms ago: executing program 1 (id=671):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100), 0x8)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000340)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRES8, @ANYRES8], &(0x7f0000000280)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000500)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r4)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r7}, 0x18)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={0x14, 0x15, 0x301, 0x0, 0x25dfdbfc, {0x5}}, 0x14}}, 0x0)
sendmsg$NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)={0x2c, r6, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x7}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x5}]}, 0x2c}}, 0x64000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f00000000c0)='./file0\x00')
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x62881, 0x19d)
write$P9_RREADLINK(r9, &(0x7f0000000180)={0x10, 0x17, 0xfffd, {0x7, './file0'}}, 0x10)
open(&(0x7f0000000140)='./file0\x00', 0x33f, 0x0)

308.185965ms ago: executing program 5 (id=672):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000004640)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_ENTRY(r2, &(0x7f0000000580)={0x90, 0x0, r4, {0x6, 0x300000000, 0x6, 0x5, 0xf59, 0x7, {0x3, 0xe221, 0x3, 0x7fff, 0x8cc, 0x0, 0x9, 0xfffffff9, 0x8, 0x8000, 0x2, 0x0, 0x0, 0x1, 0x7}}}, 0x90)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4014, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0x1}}, 0xf000)

285.119449ms ago: executing program 5 (id=673):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
syz_mount_image$fuse(0x0, 0x0, 0x400, 0xffffffffffffffff, 0x1, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_access\x00', &(0x7f0000001440)=ANY=[@ANYBLOB="0200000001000000000000000400050000000000100000000000000020"], 0x24, 0x3)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)

1.20332ms ago: executing program 4 (id=674):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x2, 0xfff8, '@\x00V', 0x1, 0xf})

0s ago: executing program 4 (id=675):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
connect$pppoe(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x16, 0x5, 0x8, 0x8, 0xd056}, 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x6}, 0x1c)
listen(r1, 0x3)
r2 = socket(0x10, 0x803, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={<r3=>0x0, @in={{0x2, 0x4e22, @local}}, 0x7, 0x2, 0xf9, 0x7, 0x41, 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000005c0)={0xfff9, 0x8006, 0x7, 0x0, r3}, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8)
write$rfkill(r4, &(0x7f0000000000)={0x0, 0x2, 0xff, 0x0, 0x1}, 0x8)
syz_emit_ethernet(0x68, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x4}]}}, {"83c28bcb1ad8b8d36292345e51d7592f06063c3723788e3752d56c88a684d46b5445f44c1e54"}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.235' (ED25519) to the list of known hosts.
[   24.556657][ T6517] cgroup: Unknown subsys name 'net'
[   24.642573][ T6517] cgroup: Unknown subsys name 'cpuset'
[   24.644551][ T6517] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   24.789282][ T6517] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SS
[   25.919778][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   25.924144][ T6530] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   25.925606][ T6530] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   25.927677][ T6530] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   25.929122][ T6530] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   25.930465][ T6530] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   25.930709][ T6530] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   25.931152][ T6530] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   25.931465][ T6530] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   25.931657][ T6530] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   25.940264][ T6530] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   25.944749][ T6530] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   25.945046][   T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   25.946528][ T6541] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   25.947546][ T6541] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   25.947779][ T6541] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   25.948093][ T6541] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   25.948238][ T6541] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   25.948542][ T6541] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   25.948765][   T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   25.951432][ T6130] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   25.953598][ T6130] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   25.958308][ T6534] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   25.963050][ T6534] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   25.968160][ T6130] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   26.087666][ T6531] chnl_net:caif_netlink_parms(): no params data found
[   26.138549][ T6527] chnl_net:caif_netlink_parms(): no params data found
[   26.148134][ T6532] chnl_net:caif_netlink_parms(): no params data found
[   26.173316][ T6531] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.174765][ T6531] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.176083][ T6531] bridge_slave_0: entered allmulticast mode
[   26.177552][ T6531] bridge_slave_0: entered promiscuous mode
[   26.179545][ T6531] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.180748][ T6531] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.181876][ T6531] bridge_slave_1: entered allmulticast mode
[   26.183350][ T6531] bridge_slave_1: entered promiscuous mode
[   26.189020][ T6528] chnl_net:caif_netlink_parms(): no params data found
[   26.212814][ T6531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.228268][ T6531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.244708][ T6537] chnl_net:caif_netlink_parms(): no params data found
[   26.261196][ T6531] team0: Port device team_slave_0 added
[   26.262041][ T6531] team0: Port device team_slave_1 added
[   26.287849][ T6532] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.287957][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.288005][ T6532] bridge_slave_0: entered allmulticast mode
[   26.288430][ T6532] bridge_slave_0: entered promiscuous mode
[   26.292910][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.294074][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.295226][ T6527] bridge_slave_0: entered allmulticast mode
[   26.296667][ T6527] bridge_slave_0: entered promiscuous mode
[   26.303529][ T6531] batman_adv: batadv0: Adding interface: batadv_slave_0
[   26.304746][ T6531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.308807][ T6531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   26.310871][ T6532] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.312071][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.313336][ T6532] bridge_slave_1: entered allmulticast mode
[   26.314640][ T6532] bridge_slave_1: entered promiscuous mode
[   26.319182][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.320355][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.320473][ T6527] bridge_slave_1: entered allmulticast mode
[   26.320909][ T6527] bridge_slave_1: entered promiscuous mode
[   26.327674][ T6531] batman_adv: batadv0: Adding interface: batadv_slave_1
[   26.328898][ T6531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.329554][ T6531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   26.348723][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.350411][ T6528] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.351637][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.352859][ T6528] bridge_slave_0: entered allmulticast mode
[   26.354253][ T6528] bridge_slave_0: entered promiscuous mode
[   26.356052][ T6528] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.357274][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.358525][ T6528] bridge_slave_1: entered allmulticast mode
[   26.359940][ T6528] bridge_slave_1: entered promiscuous mode
[   26.362764][ T6532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.363689][ T6532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.367401][ T6537] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.368591][ T6537] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.369826][ T6537] bridge_slave_0: entered allmulticast mode
[   26.371739][ T6537] bridge_slave_0: entered promiscuous mode
[   26.374161][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.388593][ T6532] team0: Port device team_slave_0 added
[   26.389711][ T6537] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.391105][ T6537] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.392399][ T6537] bridge_slave_1: entered allmulticast mode
[   26.393815][ T6537] bridge_slave_1: entered promiscuous mode
[   26.402151][ T6527] team0: Port device team_slave_0 added
[   26.409247][ T6532] team0: Port device team_slave_1 added
[   26.416690][ T6527] team0: Port device team_slave_1 added
[   26.421574][ T6528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.422890][ T6528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.424342][ T6531] hsr_slave_0: entered promiscuous mode
[   26.424653][ T6531] hsr_slave_1: entered promiscuous mode
[   26.432884][ T6537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.434730][ T6537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.438464][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0
[   26.438487][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.438498][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   26.439023][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1
[   26.439029][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.439041][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   26.456809][ T6532] batman_adv: batadv0: Adding interface: batadv_slave_0
[   26.456831][ T6532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.456846][ T6532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   26.466401][ T6527] hsr_slave_0: entered promiscuous mode
[   26.466697][ T6527] hsr_slave_1: entered promiscuous mode
[   26.466893][ T6527] debugfs: 'hsr0' already exists in 'hsr'
[   26.466924][ T6527] Cannot create hsr debugfs directory
[   26.467233][ T6532] batman_adv: batadv0: Adding interface: batadv_slave_1
[   26.467239][ T6532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.467251][ T6532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   26.469802][ T6528] team0: Port device team_slave_0 added
[   26.473936][ T6528] team0: Port device team_slave_1 added
[   26.488930][ T6537] team0: Port device team_slave_0 added
[   26.489776][ T6537] team0: Port device team_slave_1 added
[   26.496182][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_0
[   26.497334][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.500374][ T6528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   26.519023][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_1
[   26.519042][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.519065][ T6528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   26.528030][ T6532] hsr_slave_0: entered promiscuous mode
[   26.529382][ T6532] hsr_slave_1: entered promiscuous mode
[   26.531313][ T6532] debugfs: 'hsr0' already exists in 'hsr'
[   26.532299][ T6532] Cannot create hsr debugfs directory
[   26.533531][ T6537] batman_adv: batadv0: Adding interface: batadv_slave_0
[   26.533556][ T6537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.533575][ T6537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   26.534109][ T6537] batman_adv: batadv0: Adding interface: batadv_slave_1
[   26.534116][ T6537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   26.534128][ T6537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   26.560654][ T6537] hsr_slave_0: entered promiscuous mode
[   26.561919][ T6537] hsr_slave_1: entered promiscuous mode
[   26.563094][ T6537] debugfs: 'hsr0' already exists in 'hsr'
[   26.564104][ T6537] Cannot create hsr debugfs directory
[   26.573865][ T6528] hsr_slave_0: entered promiscuous mode
[   26.574157][ T6528] hsr_slave_1: entered promiscuous mode
[   26.574323][ T6528] debugfs: 'hsr0' already exists in 'hsr'
[   26.574332][ T6528] Cannot create hsr debugfs directory
[   26.694933][ T6531] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   26.701768][ T6531] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   26.707210][ T6531] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   26.709412][ T6531] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   26.724132][ T6531] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.724221][ T6531] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.724380][ T6531] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.724440][ T6531] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.729613][ T6532] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   26.732153][ T6532] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   26.736109][ T6532] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   26.738544][ T6532] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   26.764543][ T6531] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.771497][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.773593][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.784921][ T6531] 8021q: adding VLAN 0 to HW filter on device team0
[   26.786153][ T6527] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   26.788267][ T6527] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   26.794583][  T955] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.794628][  T955] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.796934][ T6527] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   26.799690][ T6527] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   26.808629][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.808662][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.849638][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.852626][ T6537] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   26.859246][ T6537] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   26.863593][ T6537] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   26.865580][ T6537] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   26.896021][ T6528] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   26.904768][ T6532] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.909981][ T6532] 8021q: adding VLAN 0 to HW filter on device team0
[   26.913269][ T6528] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   26.917425][ T6527] 8021q: adding VLAN 0 to HW filter on device team0
[   26.923175][ T6531] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.925611][ T6528] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   26.927715][ T6528] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   26.937963][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.937997][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.938357][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.938372][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.942602][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.942621][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.961487][  T955] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.961523][  T955] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.968495][ T6531] veth0_vlan: entered promiscuous mode
[   26.984518][ T6531] veth1_vlan: entered promiscuous mode
[   27.004837][ T6537] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.009057][ T6528] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.025658][ T6531] veth0_macvtap: entered promiscuous mode
[   27.034610][ T6537] 8021q: adding VLAN 0 to HW filter on device team0
[   27.038665][ T6528] 8021q: adding VLAN 0 to HW filter on device team0
[   27.046502][ T6531] veth1_macvtap: entered promiscuous mode
[   27.054336][  T955] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.054373][  T955] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.054922][  T955] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.054998][  T955] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.065750][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.073431][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.075662][  T955] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.075703][  T955] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.076672][  T955] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.076693][  T955] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.093029][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.107734][ T6532] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.114154][ T1261] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.114355][ T1261] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.114384][ T1261] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.114401][ T1261] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.115683][ T6527] veth0_vlan: entered promiscuous mode
[   27.117214][ T6527] veth1_vlan: entered promiscuous mode
[   27.135197][ T6537] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   27.135227][ T6537] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   27.148275][ T6527] veth0_macvtap: entered promiscuous mode
[   27.169475][ T6532] veth0_vlan: entered promiscuous mode
[   27.172612][ T6527] veth1_macvtap: entered promiscuous mode
[   27.187387][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.188882][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.191420][   T14] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.191902][   T14] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.192352][   T14] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.192789][   T14] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.205870][ T6532] veth1_vlan: entered promiscuous mode
[   27.211408][ T6528] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.243253][ T6532] veth0_macvtap: entered promiscuous mode
[   27.245585][ T6532] veth1_macvtap: entered promiscuous mode
[   27.251916][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.251942][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.257406][  T955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.257438][  T955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.269469][ T6537] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.275567][  T955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.275593][  T955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.277467][  T955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.277479][  T955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.296321][ T6528] veth0_vlan: entered promiscuous mode
[   27.298255][ T6532] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.306944][ T6532] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.314322][ T6528] veth1_vlan: entered promiscuous mode
[   27.321723][  T658] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.321771][  T658] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.321807][  T658] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.321832][  T658] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.336788][ T6531] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   27.355240][ T6528] veth0_macvtap: entered promiscuous mode
[   27.379768][ T6528] veth1_macvtap: entered promiscuous mode
[   27.411844][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.411870][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.443583][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.446691][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.453094][ T6537] veth0_vlan: entered promiscuous mode
[   27.492830][ T6537] veth1_vlan: entered promiscuous mode
[   27.497620][ T6537] veth0_macvtap: entered promiscuous mode
[   27.498946][  T658] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.498985][  T658] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.499017][  T658] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.499038][  T658] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.514677][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.514698][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.517612][ T6537] veth1_macvtap: entered promiscuous mode
[   28.012290][ T6536] Bluetooth: hci4: command tx timeout
[   28.012300][   T52] Bluetooth: hci1: command tx timeout
[   28.014578][ T6130] Bluetooth: hci0: command tx timeout
[   28.020435][ T6130] Bluetooth: hci3: command tx timeout
[   28.020574][ T6536] Bluetooth: hci2: command tx timeout
[   28.029149][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   28.031026][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   28.036215][ T6537] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.043462][ T6537] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.051401][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.051461][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.051603][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.051630][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   28.064672][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   28.064698][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   28.112873][   T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   28.112901][   T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   28.124229][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   28.124258][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   28.393956][ T6655] loop9: detected capacity change from 0 to 7
[   28.394388][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394529][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394566][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394599][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394640][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394678][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394709][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394732][ T6655] ldm_validate_partition_table(): Disk read failed.
[   28.394749][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394781][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394823][ T6655] Buffer I/O error on dev loop9, logical block 0, async page read
[   28.394873][ T6655] Dev loop9: unable to read RDB block 0
[   28.394952][ T6655]  loop9: unable to read partition table
[   28.395013][ T6655] loop9: partition table beyond EOD, truncated
[   28.395027][ T6655] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   28.395027][ T6655] 
) failed (rc=-5)
[   28.417976][ T6658] loop4: detected capacity change from 0 to 256
[   28.419603][ T6658] =======================================================
[   28.419603][ T6658] WARNING: The mand mount option has been deprecated and
[   28.419603][ T6658]          and is ignored by this kernel. Remove the mand
[   28.419603][ T6658]          option from the mount to silence this warning.
[   28.419603][ T6658] =======================================================
[   28.419637][ T6658] exfat: Deprecated parameter 'utf8'
[   28.419654][ T6658] exfat: Deprecated parameter 'namecase'
[   28.419666][ T6658] exfat: Deprecated parameter 'utf8'
[   28.458206][ T6658] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d)
[   28.463050][ T6662] loop3: detected capacity change from 0 to 512
[   28.467071][ T6661] loop2: detected capacity change from 0 to 1024
[   29.299023][ T6670] loop1: detected capacity change from 0 to 2048
[   29.555387][ T6670] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   29.568051][   T12] hfsplus: b-tree write err: -5, ino 4
[   29.583640][ T6673] loop0: detected capacity change from 0 to 32768
[   29.622965][ T6684] loop4: detected capacity change from 0 to 128
[   29.663492][ T6686] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   29.844135][ T6696] fuse: Bad value for 'fd'
[   30.090419][ T6130] Bluetooth: hci3: command tx timeout
[   30.090440][ T6536] Bluetooth: hci0: command tx timeout
[   30.090458][   T52] Bluetooth: hci2: command tx timeout
[   30.090469][ T6536] Bluetooth: hci1: command tx timeout
[   30.090482][   T52] Bluetooth: hci4: command tx timeout
[   30.337280][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   30.531656][   T24] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[   30.533641][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   30.535986][   T24] usb 1-1: Product: syz
[   30.540018][   T24] usb 1-1: Manufacturer: syz
[   30.542923][   T24] usb 1-1: SerialNumber: syz
[   30.829350][   T24] usb 1-1: config 0 descriptor??
[   30.865031][ T6697] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   30.867103][   T24] gspca_main: sunplus-2.14.0 probing 04fc:504a
[   30.868610][ T6697] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   30.992414][ T6697] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   30.994076][ T6697] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   31.151707][ T6697] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   31.151734][ T6697] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   31.439903][   T24] gspca_sunplus: reg_r err -110
[   31.571168][ T6697] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   31.572900][ T6697] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[   31.594059][ T6749] loop1: detected capacity change from 0 to 32768
[   31.673609][ T6749] bcachefs (loop1): starting version 1.13: inode_has_child_snapshots opts=compression=zstd
[   31.673637][ T6749]   features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   31.673664][ T6749] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   31.673855][ T6749] bcachefs (loop1): recovering from clean shutdown, journal seq 8
[   31.673889][ T6749] bcachefs (loop1): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[   31.673889][ T6749]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[   31.693319][ T6697] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   31.695616][ T6697] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[   31.704535][ T6749] bcachefs (loop1): error reading btree root btree=accounting level=0: btree_node_read_error, fixing
[   31.704700][ T6749] bcachefs (loop1): check_topology... done
[   31.706953][ T6749] bcachefs (loop1): accounting_read... done
[   31.722207][ T6749] bcachefs (loop1): alloc_read... done
[   31.724491][ T6749] bcachefs (loop1): snapshots_read... done
[   31.726671][ T6749] bcachefs (loop1): check_allocations...
[   31.729114][ T6749] bcachefs (loop1): bucket 0:78 gen 0 has wrong data_type: got btree, should be need_discard, fixing
[   31.729173][ T6749] bcachefs (loop1): bucket 0:78 gen 0 data type need_discard has wrong dirty_sectors: got 64, should be 0, fixing
[   31.736201][ T6749]  done
[   31.739258][ T6749] bcachefs (loop1): going read-write
[   31.745435][ T6749] bcachefs (loop1): journal_replay... done
[   31.756855][ T6749] bcachefs (loop1): check_lrus... done
[   31.757184][ T6749] bcachefs (loop1): check_backpointers_to_extents... done
[   31.760407][ T6749] bcachefs (loop1): check_extents_to_backpointers... done
[   31.764885][ T6749] bcachefs (loop1): check_inodes... done
[   31.765684][ T6749] bcachefs (loop1): resume_logged_ops... done
[   31.766300][ T6749] bcachefs (loop1): delete_dead_inodes... done
[   31.769513][ T6749] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean
[   31.769535][ T6749] bcachefs (loop1): check_extents_to_backpointers...
[   31.769988][ T6749] bcachefs (loop1): scanning for missing backpointers in 1/512 buckets
[   31.772605][ T6749]  done
[   31.778423][ T6749] bcachefs (loop1): check_inodes... done
[   31.780860][ T6749] bcachefs (loop1): resume_logged_ops... done
[   31.782292][ T6749] bcachefs (loop1): delete_dead_inodes... done
[   31.784076][ T6749] bcachefs (loop1): done starting filesystem
[   31.868179][ T6528] bcachefs (loop1): shutting down
[   31.868225][ T6528] bcachefs (loop1): going read-only
[   31.868290][ T6528] bcachefs (loop1): finished waiting for writes to stop
[   31.887800][ T6528] bcachefs (loop1): flushing journal and stopping allocators, journal seq 18
[   31.897337][ T6528] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 19
[   31.899191][ T6528] bcachefs (loop1): clean shutdown complete, journal seq 20
[   31.899911][ T6528] bcachefs (loop1): marking filesystem clean
[   31.913559][ T6528] bcachefs (loop1): shutdown complete
[   31.975891][ T6791] loop3: detected capacity change from 0 to 32768
[   31.998122][ T6791] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   32.031505][ T6791] XFS (loop3): Ending clean mount
[   32.036024][ T6791] XFS (loop3): Quotacheck needed: Please wait.
[   32.051272][ T6791] XFS (loop3): Quotacheck: Done.
[   32.084537][ T6531] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   32.263894][ T6828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.32'.
[   32.263944][ T6828] sch_tbf: burst 274 is lower than device lo mtu (65550) !
[   32.278837][ T6830] fuse: Unknown parameter 'group_i00000000000000000000'
[   32.537705][ T6841] loop4: detected capacity change from 0 to 1024
[   32.539291][ T6841] EXT4-fs: Ignoring removed mblk_io_submit option
[   32.542161][ T6841] EXT4-fs: Ignoring removed bh option
[   32.556271][ T6841] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.575720][ T6537] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.884638][ T2322] usb 1-1: USB disconnect, device number 2
[   32.904715][ T6852] netlink: 'syz.0.41': attribute type 3 has an invalid length.
[   32.988769][ T6860] fuse: Unknown parameter 'group_id00000000000000000000'
[   33.248619][ T6872] loop3: detected capacity change from 0 to 128
[   33.258128][ T6872] syz.3.49: attempt to access beyond end of device
[   33.258128][ T6872] loop3: rw=2049, sector=145, nr_sectors = 8 limit=128
[   33.262757][ T6872] syz.3.49: attempt to access beyond end of device
[   33.262757][ T6872] loop3: rw=2049, sector=161, nr_sectors = 8 limit=128
[   33.262857][ T6872] syz.3.49: attempt to access beyond end of device
[   33.262857][ T6872] loop3: rw=2049, sector=177, nr_sectors = 24 limit=128
[   33.263156][ T6872] syz.3.49: attempt to access beyond end of device
[   33.263156][ T6872] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128
[   33.263214][ T6872] syz.3.49: attempt to access beyond end of device
[   33.263214][ T6872] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128
[   33.263251][ T6872] syz.3.49: attempt to access beyond end of device
[   33.263251][ T6872] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128
[   33.263290][ T6872] syz.3.49: attempt to access beyond end of device
[   33.263290][ T6872] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128
[   33.263340][ T6872] syz.3.49: attempt to access beyond end of device
[   33.263340][ T6872] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128
[   33.263410][ T6872] syz.3.49: attempt to access beyond end of device
[   33.263410][ T6872] loop3: rw=2049, sector=289, nr_sectors = 8 limit=128
[   33.327620][ T6877] loop2: detected capacity change from 0 to 128
[   33.329150][ T6877] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[   33.344093][  T658] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[   33.697084][ T6885] fuse: Unknown parameter 'group_id00000000000000000000'
[   33.860978][ T6130] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   33.861502][ T6130] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   33.862317][ T6130] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   33.863322][ T6130] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   33.864049][ T6130] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   33.871847][ T6536] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   33.873967][ T6536] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   33.874833][ T6536] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   33.876005][ T6536] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   33.876646][ T6536] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   33.998969][ T6893] chnl_net:caif_netlink_parms(): no params data found
[   34.026885][ T6893] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.028282][ T6893] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.029694][ T6893] bridge_slave_0: entered allmulticast mode
[   34.032337][ T6893] bridge_slave_0: entered promiscuous mode
[   34.035307][ T6893] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.036815][ T6893] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.038214][ T6893] bridge_slave_1: entered allmulticast mode
[   34.039783][ T6893] bridge_slave_1: entered promiscuous mode
[   34.053441][ T6893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   34.056782][ T6893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   34.067041][ T6893] team0: Port device team_slave_0 added
[   34.069391][ T6893] team0: Port device team_slave_1 added
[   34.080103][ T6893] batman_adv: batadv0: Adding interface: batadv_slave_0
[   34.082192][ T6893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   34.086882][ T6893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   34.089355][ T6893] batman_adv: batadv0: Adding interface: batadv_slave_1
[   34.091759][ T6893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   34.096134][ T6893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   34.115532][ T6893] hsr_slave_0: entered promiscuous mode
[   34.117089][ T6893] hsr_slave_1: entered promiscuous mode
[   34.118423][ T6893] debugfs: 'hsr0' already exists in 'hsr'
[   34.119575][ T6893] Cannot create hsr debugfs directory
[   34.194305][ T6893] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   34.288441][ T6893] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   34.296956][ T6893] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   34.315004][ T6893] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   34.411495][ T6913] loop2: detected capacity change from 0 to 4096
[   34.561998][ T6913] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   34.576011][ T6913] ntfs3(loop2): ino=b, mi_enum_attr
[   34.576056][ T6913] ntfs3(loop2): Failed to load $Extend (-22).
[   34.576064][ T6913] ntfs3(loop2): Failed to initialize $Extend.
[   34.587520][ T6893] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.587569][ T6893] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.611407][ T6893] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.615932][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.660956][ T6893] 8021q: adding VLAN 0 to HW filter on device team0
[   34.677904][  T658] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.677960][  T658] bridge0: port 1(bridge_slave_0) entered forwarding state
[   34.689865][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.689902][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.711889][ T6927] fuse: Unknown parameter 'group_id00000000000000000000'
[   34.747748][ T6936] loop4: detected capacity change from 0 to 64
[   34.814668][ T6893] 8021q: adding VLAN 0 to HW filter on device batadv0
[   34.815393][ T6940] loop4: detected capacity change from 0 to 1024
[   34.968638][ T6893] veth0_vlan: entered promiscuous mode
[   34.970160][ T6893] veth1_vlan: entered promiscuous mode
[   34.980070][ T6893] veth0_macvtap: entered promiscuous mode
[   34.982484][ T6893] veth1_macvtap: entered promiscuous mode
[   35.196173][ T6893] batman_adv: batadv0: Interface activated: batadv_slave_0
[   35.200050][ T6893] batman_adv: batadv0: Interface activated: batadv_slave_1
[   35.203593][   T41] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   35.204885][   T41] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   35.204921][   T41] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   35.204945][   T41] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   35.238814][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   35.238840][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   35.253391][ T6792] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   35.254772][ T6792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   35.707027][ T6966] loop2: detected capacity change from 0 to 512
[   35.708618][ T6966] EXT4-fs: Ignoring removed nomblk_io_submit option
[   35.761828][ T6966] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   35.761861][ T6966] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[   35.761980][ T6966] EXT4-fs (loop2): orphan cleanup on readonly fs
[   35.762066][ T6966] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0
[   35.762105][ T6966] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   35.762119][ T6966] EXT4-fs (loop2): Cannot turn on quotas: error -22
[   35.763388][ T6972] fuse: Bad value for 'user_id'
[   35.763397][ T6972] fuse: Bad value for 'user_id'
[   35.765833][ T6966] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.73: bg 0: block 40: padding at end of block bitmap is not set
[   35.782583][ T6966] EXT4-fs (loop2): Remounting filesystem read-only
[   35.784552][ T6966] EXT4-fs (loop2): 1 truncate cleaned up
[   35.792671][ T6966] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   35.851813][ T6966] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[   35.859369][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.930729][ T6536] Bluetooth: hci1: command tx timeout
[   36.166859][ T6983] 8021q: VLANs not supported on ip6gre0
[   36.414514][ T6993] vxcan1: tx address claim with dest, not broadcast
[   36.739893][ T7007] fuse: Bad value for 'user_id'
[   36.741053][ T7007] fuse: Bad value for 'user_id'
[   37.127040][ T7019] netlink: 'syz.0.91': attribute type 1 has an invalid length.
[   37.127072][ T7019] netlink: 224 bytes leftover after parsing attributes in process `syz.0.91'.
[   37.635326][ T7029] loop2: detected capacity change from 0 to 256
[   37.643240][ T7031] loop4: detected capacity change from 0 to 256
[   38.011862][ T6536] Bluetooth: hci1: command tx timeout
[   38.037419][ T7040] fuse: Bad value for 'user_id'
[   38.038369][ T7040] fuse: Bad value for 'user_id'
[   38.066179][ T7044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   38.066669][ T7044] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   38.084109][ T7046] loop4: detected capacity change from 0 to 1764
[   38.796705][ T7058] loop5: detected capacity change from 0 to 128
[   38.798784][ T7058] EXT4-fs warning (device loop5): ext4_init_metadata_csum:4627: metadata_csum and uninit_bg are redundant flags; please run fsck.
[   38.798831][ T7058] EXT4-fs (loop5): Encoding requested by superblock is unknown
[   39.737793][ T7078] fuse: Bad value for 'fd'
[   39.847739][ T7077] loop2: detected capacity change from 0 to 32768
[   40.095431][ T7077] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   40.100289][ T6536] Bluetooth: hci1: command tx timeout
[   40.208190][ T6527] ocfs2: Unmounting device (7,2) on (node local)
[   40.253764][ T7094] loop4: detected capacity change from 0 to 8192
[   40.309327][ T7089] loop5: detected capacity change from 0 to 40427
[   40.327462][ T7089] F2FS-fs (loop5): Image doesn't support compression
[   40.329761][ T7089] F2FS-fs (loop5): invalid crc value
[   40.373296][ T7089] F2FS-fs (loop5): Mismatch valid blocks 0 vs. 1
[   40.378862][ T7089] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-117)
[   40.392846][ T7105] loop1: detected capacity change from 0 to 4096
[   40.689282][ T7109] fuse: Bad value for 'fd'
[   40.847436][ T7106] loop4: detected capacity change from 0 to 40427
[   40.852147][ T7106] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   40.852173][ T7106] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   40.857574][ T7106] F2FS-fs (loop4): invalid crc value
[   40.880109][ T7106] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   40.885756][ T7106] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   40.885846][ T7106] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   40.936811][ T7115] loop5: detected capacity change from 0 to 32768
[   40.993126][ T7115] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.126 (7115)
[   41.027095][ T7115] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   41.027295][ T7115] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[   41.344427][ T7115] BTRFS info (device loop5): enabling ssd optimizations
[   41.344462][ T7115] BTRFS info (device loop5): enabling free space tree
[   41.346540][ T7115] BTRFS info (device loop5): use zstd compression, level 3
[   41.361800][ T7154] fuse: Bad value for 'fd'
[   41.443219][ T7158] Cache volume key already in use (9p,(null),)
[   41.754932][ T7163] loop2: detected capacity change from 0 to 4096
[   41.807507][ T6893] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   42.170353][ T6536] Bluetooth: hci1: command tx timeout
[   43.135553][ T7186] loop5: detected capacity change from 0 to 256
[   43.138839][ T7186] exfat: Deprecated parameter 'namecase'
[   43.158063][ T7175] loop4: detected capacity change from 0 to 32768
[   43.165247][ T7186] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[   43.173681][ T7175] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   43.435495][ T7193] binder: 7183:7193 ioctl c0046209 9999999999999999 returned -22
[   43.456065][ T7175] XFS (loop4): Ending clean mount
[   43.483843][ T7197] fuse: Bad value for 'group_id'
[   43.483871][ T7197] fuse: Bad value for 'group_id'
[   43.511660][ T7199] Cache volume key already in use (9p,(null),)
[   43.586973][ T6537] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   45.262001][ T7232] fuse: Bad value for 'group_id'
[   45.262028][ T7232] fuse: Bad value for 'group_id'
[   45.359912][ T7234] fuse: Bad value for 'fd'
[   45.417168][ T7229] loop2: detected capacity change from 0 to 40427
[   45.440336][ T7229] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[   45.440373][ T7229] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   45.482113][ T7229] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   45.498203][ T7229] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   45.498246][ T7229] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   45.998466][ T7250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.998667][ T7250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   46.055361][ T7242] loop5: detected capacity change from 0 to 32768
[   46.069838][ T7242] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   46.076106][ T6527] syz-executor: attempt to access beyond end of device
[   46.076106][ T6527] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   46.079152][ T6527] CPU: 1 UID: 0 PID: 6527 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
[   46.079169][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   46.079176][ T6527] Call trace:
[   46.079180][ T6527]  show_stack+0x2c/0x3c (C)
[   46.079196][ T6527]  __dump_stack+0x30/0x40
[   46.079204][ T6527]  dump_stack_lvl+0xd8/0x12c
[   46.079209][ T6527]  dump_stack+0x1c/0x28
[   46.079214][ T6527]  f2fs_handle_critical_error+0x34c/0x4b8
[   46.079222][ T6527]  f2fs_stop_checkpoint+0x5c/0x70
[   46.079228][ T6527]  f2fs_write_end_io+0x768/0xa70
[   46.079235][ T6527]  bio_endio+0x858/0x894
[   46.079242][ T6527]  submit_bio_noacct+0x158/0x177c
[   46.079248][ T6527]  submit_bio+0x3b4/0x550
[   46.079253][ T6527]  f2fs_submit_write_bio+0x13c/0x324
[   46.079259][ T6527]  __submit_merged_bio+0x254/0x704
[   46.079265][ T6527]  __submit_merged_write_cond+0x23c/0x4ac
[   46.079271][ T6527]  f2fs_write_data_pages+0x1d28/0x2634
[   46.079277][ T6527]  do_writepages+0x270/0x468
[   46.079285][ T6527]  filemap_fdatawrite+0x14c/0x1f4
[   46.079292][ T6527]  f2fs_sync_dirty_inodes+0x2b8/0x788
[   46.079297][ T6527]  f2fs_write_checkpoint+0x690/0x16a0
[   46.079303][ T6527]  kill_f2fs_super+0x21c/0x584
[   46.079309][ T6527]  deactivate_locked_super+0xc4/0x12c
[   46.079314][ T6527]  deactivate_super+0xe0/0x100
[   46.079319][ T6527]  cleanup_mnt+0x31c/0x3ac
[   46.079325][ T6527]  __cleanup_mnt+0x20/0x30
[   46.079329][ T6527]  task_work_run+0x1dc/0x260
[   46.079336][ T6527]  exit_to_user_mode_loop+0xfc/0x168
[   46.079342][ T6527]  el0_svc+0x170/0x254
[   46.079351][ T6527]  el0t_64_sync_handler+0x84/0x12c
[   46.079357][ T6527]  el0t_64_sync+0x198/0x19c
[   46.099382][ T6527] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   46.134600][ T7242] XFS (loop5): Ending clean mount
[   46.146211][ T6893] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   46.673692][ T7269] fuse: Bad value for 'group_id'
[   46.673722][ T7269] fuse: Bad value for 'group_id'
[   46.768671][ T7275] fuse: Bad value for 'fd'
[   47.361774][ T7290] IPv6: Can't replace route, no match found
[   47.415309][ T7294] fuse: Invalid rootmode
[   47.472491][ T7297] netlink: 28 bytes leftover after parsing attributes in process `syz.5.177'.
[   47.488768][ T7297] netlink: 28 bytes leftover after parsing attributes in process `syz.5.177'.
[   48.336406][ T7318] loop2: detected capacity change from 0 to 512
[   48.396650][ T7318] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.452294][ T7313] loop0: detected capacity change from 0 to 32768
[   48.518170][ T7313] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   48.574250][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.579315][ T7313] XFS (loop0): Ending clean mount
[   48.587895][ T7313] XFS (loop0): Quotacheck needed: Please wait.
[   48.606082][ T7313] XFS (loop0): Quotacheck: Done.
[   48.638948][ T6532] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   48.786370][ T7341] fuse: Invalid rootmode
[   48.879045][ T7346] loop1: detected capacity change from 0 to 256
[   49.196555][ T7359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   49.196734][ T7359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   49.250254][ T7361] loop2: detected capacity change from 0 to 512
[   49.284358][ T7361] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.297629][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.685593][ T7372] loop0: detected capacity change from 0 to 2048
[   49.692018][ T7372] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   49.950922][ T7375] fuse: Bad value for 'rootmode'
[   50.049545][ T7382] loop1: detected capacity change from 0 to 16
[   50.053250][ T7382] MTD: Attempt to mount non-MTD device "/dev/loop1"
[   50.390578][ T7394] loop5: detected capacity change from 0 to 32768
[   50.807526][ T7410] ERROR: (device loop5): dbAlloc: the hint is outside the map
[   50.807526][ T7410] 
[   50.812223][ T7410] ERROR: (device loop5): remounting filesystem as read-only
[   50.813581][ T7410] ialloc: diAlloc returned -5!
[   50.962826][ T7416] loop0: detected capacity change from 0 to 64
[   51.390970][ T7412] loop2: detected capacity change from 0 to 40427
[   51.392824][ T7412] F2FS-fs: heap/no_heap options were deprecated
[   51.395193][ T7412] F2FS-fs (loop2): build fault injection rate: 19
[   51.395221][ T7412] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   51.397482][ T7412] F2FS-fs (loop2): invalid crc value
[   51.407726][ T7412] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x4e8/0x7ac
[   51.431863][ T7412] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x1b0/0x3b0
[   51.443588][ T7412] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   51.444510][ T7412] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   51.457737][ T7412] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x19c/0x868
[   51.482180][ T6527] syz-executor: attempt to access beyond end of device
[   51.482180][ T6527] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   51.485175][ T6527] CPU: 1 UID: 0 PID: 6527 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
[   51.485198][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   51.485204][ T6527] Call trace:
[   51.485207][ T6527]  show_stack+0x2c/0x3c (C)
[   51.485222][ T6527]  __dump_stack+0x30/0x40
[   51.485232][ T6527]  dump_stack_lvl+0xd8/0x12c
[   51.485240][ T6527]  dump_stack+0x1c/0x28
[   51.485247][ T6527]  f2fs_handle_critical_error+0x34c/0x4b8
[   51.485255][ T6527]  f2fs_stop_checkpoint+0x5c/0x70
[   51.485261][ T6527]  f2fs_write_end_io+0x768/0xa70
[   51.485268][ T6527]  bio_endio+0x858/0x894
[   51.485276][ T6527]  submit_bio_noacct+0x158/0x177c
[   51.485281][ T6527]  submit_bio+0x3b4/0x550
[   51.485286][ T6527]  f2fs_submit_write_bio+0x13c/0x324
[   51.485293][ T6527]  __submit_merged_bio+0x254/0x704
[   51.485298][ T6527]  __submit_merged_write_cond+0x23c/0x4ac
[   51.485304][ T6527]  f2fs_write_data_pages+0x1d28/0x2634
[   51.485311][ T6527]  do_writepages+0x270/0x468
[   51.485319][ T6527]  filemap_fdatawrite+0x14c/0x1f4
[   51.485326][ T6527]  f2fs_sync_dirty_inodes+0x2b8/0x788
[   51.485331][ T6527]  f2fs_write_checkpoint+0x690/0x16a0
[   51.485337][ T6527]  kill_f2fs_super+0x21c/0x584
[   51.485343][ T6527]  deactivate_locked_super+0xc4/0x12c
[   51.485349][ T6527]  deactivate_super+0xe0/0x100
[   51.485353][ T6527]  cleanup_mnt+0x31c/0x3ac
[   51.485359][ T6527]  __cleanup_mnt+0x20/0x30
[   51.485364][ T6527]  task_work_run+0x1dc/0x260
[   51.485370][ T6527]  exit_to_user_mode_loop+0xfc/0x168
[   51.485376][ T6527]  el0_svc+0x170/0x254
[   51.485384][ T6527]  el0t_64_sync_handler+0x84/0x12c
[   51.485391][ T6527]  el0t_64_sync+0x198/0x19c
[   51.500799][ T6527] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   51.930159][ T7445] loop0: detected capacity change from 0 to 128
[   51.939647][ T7445] syz.0.225: attempt to access beyond end of device
[   51.939647][ T7445] loop0: rw=2049, sector=154, nr_sectors = 6 limit=128
[   51.940958][ T7445] syz.0.225: attempt to access beyond end of device
[   51.940958][ T7445] loop0: rw=2049, sector=158, nr_sectors = 2 limit=128
[   51.940971][ T7445] buffer_io_error: 9 callbacks suppressed
[   51.940976][ T7445] Buffer I/O error on dev loop0, logical block 79, lost async page write
[   51.941008][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941008][ T7445] loop0: rw=2049, sector=160, nr_sectors = 2 limit=128
[   51.941016][ T7445] Buffer I/O error on dev loop0, logical block 80, lost async page write
[   51.941159][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941159][ T7445] loop0: rw=2049, sector=162, nr_sectors = 6 limit=128
[   51.941397][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941397][ T7445] loop0: rw=2049, sector=166, nr_sectors = 2 limit=128
[   51.941406][ T7445] Buffer I/O error on dev loop0, logical block 83, lost async page write
[   51.941427][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941427][ T7445] loop0: rw=2049, sector=168, nr_sectors = 2 limit=128
[   51.941435][ T7445] Buffer I/O error on dev loop0, logical block 84, lost async page write
[   51.941552][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941552][ T7445] loop0: rw=2049, sector=186, nr_sectors = 6 limit=128
[   51.941723][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941723][ T7445] loop0: rw=2049, sector=190, nr_sectors = 2 limit=128
[   51.941731][ T7445] Buffer I/O error on dev loop0, logical block 95, lost async page write
[   51.941752][ T7445] syz.0.225: attempt to access beyond end of device
[   51.941752][ T7445] loop0: rw=2049, sector=192, nr_sectors = 2 limit=128
[   51.941760][ T7445] Buffer I/O error on dev loop0, logical block 96, lost async page write
[   51.942107][ T7445] Buffer I/O error on dev loop0, logical block 99, lost async page write
[   51.942129][ T7445] Buffer I/O error on dev loop0, logical block 100, lost async page write
[   51.942408][ T7445] Buffer I/O error on dev loop0, logical block 111, lost async page write
[   51.942431][ T7445] Buffer I/O error on dev loop0, logical block 112, lost async page write
[   51.996935][ T7451] loop2: detected capacity change from 0 to 1024
[   52.084180][ T7454] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   52.326414][  T955] hfsplus: b-tree write err: -5, ino 3
[   52.665948][ T7474] loop0: detected capacity change from 0 to 1024
[   52.667231][ T7474] EXT4-fs: Ignoring removed orlov option
[   52.667243][ T7474] EXT4-fs: Ignoring removed i_version option
[   52.693211][ T7474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.709057][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.881300][   T31] audit: type=1326 audit(52.850:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7483 comm="syz.1.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   52.888061][   T31] audit: type=1326 audit(52.860:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7483 comm="syz.1.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   52.898686][   T31] audit: type=1326 audit(52.870:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7483 comm="syz.1.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=141 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   52.902870][   T31] audit: type=1326 audit(52.880:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7483 comm="syz.1.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   52.909729][   T31] audit: type=1326 audit(52.880:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7483 comm="syz.1.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   52.960837][ T7488] loop0: detected capacity change from 0 to 512
[   52.969663][ T7488] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   53.076370][ T7488] EXT4-fs (loop0): 1 orphan inode deleted
[   53.077972][ T7488] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.098866][ T7491] loop1: detected capacity change from 0 to 32768
[   53.109068][ T7491] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[   53.123077][ T7491] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   53.162376][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.179579][ T6528] ocfs2: Unmounting device (7,1) on (node local)
[   53.520621][ T7508] loop0: detected capacity change from 0 to 40427
[   53.526828][ T7508] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[   53.528321][ T7508] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   53.530327][ T7508] F2FS-fs (loop0): invalid crc value
[   53.774612][ T7508] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   53.789918][ T7508] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   53.792329][ T7508] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   53.816330][ T6532] CPU: 0 UID: 0 PID: 6532 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
[   53.816348][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   53.816354][ T6532] Call trace:
[   53.816358][ T6532]  show_stack+0x2c/0x3c (C)
[   53.816375][ T6532]  __dump_stack+0x30/0x40
[   53.816385][ T6532]  dump_stack_lvl+0xd8/0x12c
[   53.816391][ T6532]  dump_stack+0x1c/0x28
[   53.816396][ T6532]  f2fs_handle_critical_error+0x34c/0x4b8
[   53.816405][ T6532]  f2fs_stop_checkpoint+0x5c/0x70
[   53.816411][ T6532]  f2fs_write_end_io+0x768/0xa70
[   53.816418][ T6532]  bio_endio+0x858/0x894
[   53.816425][ T6532]  submit_bio_noacct+0x158/0x177c
[   53.816431][ T6532]  submit_bio+0x3b4/0x550
[   53.816436][ T6532]  f2fs_submit_write_bio+0x13c/0x324
[   53.816442][ T6532]  __submit_merged_bio+0x254/0x704
[   53.816448][ T6532]  __submit_merged_write_cond+0x23c/0x4ac
[   53.816454][ T6532]  f2fs_write_data_pages+0x1d28/0x2634
[   53.816461][ T6532]  do_writepages+0x270/0x468
[   53.816469][ T6532]  filemap_fdatawrite+0x14c/0x1f4
[   53.816476][ T6532]  f2fs_sync_dirty_inodes+0x2b8/0x788
[   53.816481][ T6532]  f2fs_write_checkpoint+0x690/0x16a0
[   53.816487][ T6532]  kill_f2fs_super+0x21c/0x584
[   53.816493][ T6532]  deactivate_locked_super+0xc4/0x12c
[   53.816499][ T6532]  deactivate_super+0xe0/0x100
[   53.816504][ T6532]  cleanup_mnt+0x31c/0x3ac
[   53.816509][ T6532]  __cleanup_mnt+0x20/0x30
[   53.816514][ T6532]  task_work_run+0x1dc/0x260
[   53.816521][ T6532]  exit_to_user_mode_loop+0xfc/0x168
[   53.816528][ T6532]  el0_svc+0x170/0x254
[   53.816535][ T6532]  el0t_64_sync_handler+0x84/0x12c
[   53.816542][ T6532]  el0t_64_sync+0x198/0x19c
[   53.817407][ T6532] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   54.089880][ T7529] loop5: detected capacity change from 0 to 4096
[   55.523141][ T7547] loop4: detected capacity change from 0 to 2048
[   55.607445][ T7552] loop1: detected capacity change from 0 to 512
[   55.610624][ T7552] EXT4-fs: Ignoring removed nomblk_io_submit option
[   55.691542][ T7547] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   55.756180][ T7552] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   55.756201][ T7552] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[   55.756310][ T7552] EXT4-fs (loop1): orphan cleanup on readonly fs
[   55.756346][ T7552] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0
[   55.756384][ T7552] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   55.756401][ T7552] EXT4-fs (loop1): Cannot turn on quotas: error -22
[   55.767052][ T7552] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.261: bg 0: block 40: padding at end of block bitmap is not set
[   55.769679][ T7552] EXT4-fs (loop1): Remounting filesystem read-only
[   55.769811][ T7552] EXT4-fs (loop1): 1 truncate cleaned up
[   55.772413][ T7552] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   56.019246][ T6528] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.055005][ T7561] loop1: detected capacity change from 0 to 512
[   56.057570][ T7561] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   56.067463][ T7561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.241068][ T6528] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.476661][ T7575] Zero length message leads to an empty skb
[   57.295827][ T7578] loop4: detected capacity change from 0 to 512
[   57.381358][ T7583] fuse: Unknown parameter 'grou00000000000000000000'
[   57.454385][ T7578] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.505075][ T6537] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.517604][ T7593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.519631][ T7593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.552410][ T7600] loop1: detected capacity change from 0 to 128
[   57.566381][ T7596] loop4: detected capacity change from 0 to 2048
[   57.568858][ T7596] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[   57.580042][ T7602] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   57.589236][ T7596] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12
[   57.591508][ T7596] Remounting filesystem read-only
[   57.637454][ T7606] loop4: detected capacity change from 0 to 256
[   57.650361][ T7606] FAT-fs (loop4): Directory bread(block 64) failed
[   57.652023][ T7606] FAT-fs (loop4): Directory bread(block 65) failed
[   57.652084][ T7606] FAT-fs (loop4): Directory bread(block 66) failed
[   57.652105][ T7606] FAT-fs (loop4): Directory bread(block 67) failed
[   57.652131][ T7606] FAT-fs (loop4): Directory bread(block 68) failed
[   57.652144][ T7606] FAT-fs (loop4): Directory bread(block 69) failed
[   57.652166][ T7606] FAT-fs (loop4): Directory bread(block 70) failed
[   57.652177][ T7606] FAT-fs (loop4): Directory bread(block 71) failed
[   57.652217][ T7606] FAT-fs (loop4): Directory bread(block 72) failed
[   57.652227][ T7606] FAT-fs (loop4): Directory bread(block 73) failed
[   58.376642][ T7616] fuse: Unknown parameter 'group_i00000000000000000000'
[   58.415861][ T7618] loop0: detected capacity change from 0 to 16
[   58.424197][ T7618] erofs (device loop0): mounted with root inode @ nid 36.
[   58.835749][ T7628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   58.835955][ T7628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   58.866998][ T7635] loop0: detected capacity change from 0 to 128
[   58.882997][ T7636] loop4: detected capacity change from 0 to 128
[   58.945601][ T7621] loop1: detected capacity change from 0 to 32768
[   58.947887][ T7621] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.287 (7621)
[   58.953258][ T7621] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   58.953319][ T7621] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[   59.015536][ T7621] BTRFS info (device loop1): turning off barriers
[   59.015566][ T7621] BTRFS info (device loop1): enabling free space tree
[   59.017906][ T7621] BTRFS info (device loop1): use zstd compression, level 3
[   59.065337][ T6528] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   59.145305][ T7662] fuse: Unknown parameter 'group_i00000000000000000000'
[   59.150001][ T7641] loop0: detected capacity change from 0 to 32768
[   59.152601][ T7641] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.293 (7641)
[   59.157091][ T7641] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   59.157143][ T7641] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   59.157216][ T7641] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   59.213111][ T7641] BTRFS info (device loop0): rebuilding free space tree
[   59.227981][ T7641] BTRFS info (device loop0): disabling free space tree
[   59.228023][ T7641] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   59.228035][ T7641] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   59.234227][ T7641] BTRFS info (device loop0): allowing degraded mounts
[   59.234249][ T7641] BTRFS info (device loop0): enabling ssd optimizations
[   59.235172][ T7641] BTRFS info (device loop0): enabling disk space caching
[   59.235191][ T7641] BTRFS info (device loop0): force clearing of disk cache
[   59.235199][ T7641] BTRFS info (device loop0): use zlib compression, level 3
[   59.243397][ T7680] netlink: 32 bytes leftover after parsing attributes in process `syz.1.296'.
[   59.265923][ T6532] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   59.298470][ T7683] loop1: detected capacity change from 0 to 64
[   59.354205][ T7683] Trying to free block not in datazone
[   59.377344][ T7687] loop2: detected capacity change from 0 to 256
[   59.388447][ T7687] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[   59.576477][ T7701] loop9: detected capacity change from 0 to 7
[   59.579953][ T7701] buffer_io_error: 18 callbacks suppressed
[   59.579995][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.580306][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.580711][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.581087][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.581678][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.582015][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.582824][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.582971][ T7701] ldm_validate_partition_table(): Disk read failed.
[   59.583478][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.583862][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.584365][ T7701] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.584750][ T7701] Dev loop9: unable to read RDB block 0
[   59.585932][ T7701]  loop9: unable to read partition table
[   59.586550][ T7701] loop9: partition table beyond EOD, truncated
[   59.586665][ T7701] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   59.586665][ T7701] 
) failed (rc=-5)
[   60.175604][ T7704] process 'syz.5.304' launched './file1' with NULL argv: empty string added
[   60.200140][ T7706] fuse: Unknown parameter 'user_i00000000000000000000'
[   60.204716][ T7704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.208928][ T7704] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.247638][ T7709] fuse: Unknown parameter 'group_i00000000000000000000'
[   60.364077][ T7717] loop2: detected capacity change from 0 to 512
[   60.368308][ T7717] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   60.381895][ T7717] EXT4-fs (loop2): 1 truncate cleaned up
[   60.382372][ T7717] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.394162][ T7717] EXT4-fs error (device loop2): ext4_read_inline_dir:1476: inode #12: block 7: comm syz.2.311: path /58/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0
[   60.405033][ T7723] loop0: detected capacity change from 0 to 256
[   60.406502][ T7723] exfat: Deprecated parameter 'utf8'
[   60.408192][ T7717] EXT4-fs (loop2): Remounting filesystem read-only
[   60.409342][ T7723] exfat: Deprecated parameter 'utf8'
[   60.410750][ T7723] exfat: Deprecated parameter 'namecase'
[   60.411555][ T7721] loop4: detected capacity change from 0 to 1024
[   60.411936][ T7721] EXT4-fs: Ignoring removed orlov option
[   60.411946][ T7721] EXT4-fs: Ignoring removed nomblk_io_submit option
[   60.428198][ T7723] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[   60.437430][ T7721] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.439536][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.487955][ T6537] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.590840][ T7716] loop1: detected capacity change from 0 to 32768
[   60.897802][ T7716] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[   60.903921][ T7716]   allowing incompatible features above 0.0: (unknown version)
[   60.905894][ T7716]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   60.908486][ T7716] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   60.910773][ T7716] bcachefs (loop1): initializing new filesystem
[   60.915011][ T7716] bcachefs (loop1): going read-write
[   60.941330][ T7716] bcachefs (loop1): marking superblocks
[   60.956132][ T7716] bcachefs (loop1): initializing freespace
[   60.959934][ T7716] bcachefs (loop1): done initializing freespace
[   60.968508][ T7716] bcachefs (loop1): reading snapshots table
[   60.968570][ T7716] bcachefs (loop1): reading snapshots done
[   60.986821][ T7716] bcachefs (loop1): done starting filesystem
[   61.371464][ T7752] fuse: Unknown parameter 'user_id00000000000000000000'
[   61.373030][ T6528] bcachefs (loop1): shutting down
[   61.373050][ T6528] bcachefs (loop1): going read-only
[   61.373077][ T6528] bcachefs (loop1): finished waiting for writes to stop
[   61.402655][ T6528] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[   61.463547][ T6528] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[   61.466478][ T6528] bcachefs (loop1): clean shutdown complete, journal seq 4
[   61.466950][ T6528] bcachefs (loop1): marking filesystem clean
[   61.483249][ T6528] bcachefs (loop1): shutdown complete
[   61.851398][ T6534] Bluetooth: hci1: command 0x0405 tx timeout
[   62.990106][ T7783] loop4: detected capacity change from 0 to 1024
[   63.044584][ T7781] loop2: detected capacity change from 0 to 32768
[   63.055776][ T1261] hfsplus: b-tree write err: -5, ino 4
[   63.089527][ T7781] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   63.135559][ T7781] XFS (loop2): Ending clean mount
[   63.138102][ T7781] XFS (loop2): Quotacheck needed: Please wait.
[   63.155963][ T7795] fuse: Unknown parameter 'group_id00000000000000000000'
[   63.163906][ T7781] XFS (loop2): Quotacheck: Done.
[   63.185400][ T7799] loop0: detected capacity change from 0 to 1024
[   63.185796][ T7799] EXT4-fs: Ignoring removed i_version option
[   63.185823][ T7799] EXT4-fs: Ignoring removed nobh option
[   63.237546][ T6527] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   63.257717][ T7799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   63.524403][ T7807] loop5: detected capacity change from 0 to 1024
[   63.595574][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.611918][   T41] hfsplus: b-tree write err: -5, ino 4
[   63.925308][ T7813] loop0: detected capacity change from 0 to 512
[   63.928662][ T7813] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   63.973294][ T7813] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.337: bad orphan inode 16
[   63.976437][ T7813] ext4_test_bit(bit=15, block=4) = 0
[   63.976478][ T7813] EXT4-fs (loop0): 1 orphan inode deleted
[   63.976995][ T7813] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   64.035506][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.270888][ T7810] loop2: detected capacity change from 0 to 32768
[   64.475122][ T7833] fuse: Unknown parameter 'group_id00000000000000000000'
[   64.491726][ T7822] loop4: detected capacity change from 0 to 40427
[   64.493735][ T2414] ieee802154 phy1 wpan1: encryption failed: -22
[   64.502663][ T7822] F2FS-fs (loop4): build fault injection rate: 14
[   64.502703][ T7822] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[   64.508532][ T1786] cfg80211: failed to load regulatory.db
[   64.510539][ T7822] F2FS-fs (loop4): invalid crc value
[   64.513298][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of bio_endio+0x858/0x894
[   64.514798][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of bio_endio+0x858/0x894
[   64.611540][ T7836] lo speed is unknown, defaulting to 1000
[   64.611956][ T7836] lo speed is unknown, defaulting to 1000
[   64.612906][ T7836] lo speed is unknown, defaulting to 1000
[   64.614201][ T7836] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   64.615704][ T7836] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   64.664637][ T7836] lo speed is unknown, defaulting to 1000
[   64.675823][ T7836] lo speed is unknown, defaulting to 1000
[   64.685221][ T7836] lo speed is unknown, defaulting to 1000
[   64.695187][ T7836] lo speed is unknown, defaulting to 1000
[   64.704774][ T7836] lo speed is unknown, defaulting to 1000
[   64.710358][ T7836] lo speed is unknown, defaulting to 1000
[   64.933766][ T7822] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   64.936297][ T7836] loop1: detected capacity change from 0 to 128
[   64.936608][ T7836] msdos: Unknown parameter 'dos1xflopp'
[   64.942625][ T7822] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x148/0x4a8
[   64.952903][ T7822] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   64.957769][ T7822] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x19c/0x868
[   64.963496][ T7822] F2FS-fs (loop4): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0xa60/0x1088
[   64.966227][ T7822] CPU: 1 UID: 0 PID: 7822 Comm: syz.4.339 Not tainted syzkaller #0 PREEMPT 
[   64.966242][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   64.966248][ T7822] Call trace:
[   64.966251][ T7822]  show_stack+0x2c/0x3c (C)
[   64.966263][ T7822]  __dump_stack+0x30/0x40
[   64.966269][ T7822]  dump_stack_lvl+0xd8/0x12c
[   64.966275][ T7822]  dump_stack+0x1c/0x28
[   64.966281][ T7822]  f2fs_handle_critical_error+0x34c/0x4b8
[   64.966290][ T7822]  f2fs_stop_checkpoint+0x5c/0x70
[   64.966296][ T7822]  f2fs_balance_fs+0x278/0x6ec
[   64.966303][ T7822]  f2fs_write_single_data_page+0xa60/0x1088
[   64.966312][ T7822]  f2fs_write_data_pages+0x134c/0x2634
[   64.966321][ T7822]  do_writepages+0x270/0x468
[   64.966332][ T7822]  file_write_and_wait_range+0x1d0/0x2c4
[   64.966342][ T7822]  f2fs_do_sync_file+0x4d0/0x14ec
[   64.966352][ T7822]  f2fs_sync_file+0x110/0x15c
[   64.966361][ T7822]  vfs_fsync_range+0x160/0x19c
[   64.966367][ T7822]  f2fs_file_write_iter+0x5c0/0x1cf4
[   64.966377][ T7822]  vfs_write+0x540/0xa3c
[   64.966386][ T7822]  __arm64_sys_pwrite64+0x170/0x208
[   64.966396][ T7822]  invoke_syscall+0x98/0x254
[   64.966402][ T7822]  el0_svc_common+0x130/0x23c
[   64.966409][ T7822]  do_el0_svc+0x48/0x58
[   64.966414][ T7822]  el0_svc+0x5c/0x254
[   64.966425][ T7822]  el0t_64_sync_handler+0x84/0x12c
[   64.966435][ T7822]  el0t_64_sync+0x198/0x19c
[   64.995167][ T7822] F2FS-fs (loop4): Stopped filesystem due to reason: 1
[   65.891685][ T7851] loop1: detected capacity change from 0 to 32768
[   65.900772][ T7851] (syz.1.349,7851,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   65.903923][ T7851] (syz.1.349,7851,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   65.922869][ T7851] JBD2: Ignoring recovery information on journal
[   65.988860][ T7851] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   66.315263][ T7865] loop5: detected capacity change from 0 to 8
[   66.758019][ T7867] loop4: detected capacity change from 0 to 2048
[   66.789036][ T7867] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   66.884815][ T7873] netlink: 'syz.2.356': attribute type 10 has an invalid length.
[   66.922391][ T7876] Injecting memory failure for pfn 0x122fa7 at process virtual address 0x20000000
[   66.952773][ T6528] ocfs2: Unmounting device (7,1) on (node local)
[   66.977288][ T7876] Memory failure: 0x122fa7: Sending SIGBUS to syz.0.353:7876 due to hardware memory corruption
[   66.984774][ T7876] Memory failure: 0x122fa7: recovery action for dirty LRU page: Recovered
[   66.992275][ T7876] Injecting memory failure for pfn 0x20aa90 at process virtual address 0x20001000
[   67.007127][ T7873] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[   67.008882][ T7876] Memory failure: 0x20aa90: recovery action for reserved kernel page: Ignored
[   67.018122][ T7873] team0: Failed to send options change via netlink (err -105)
[   67.018154][ T7873] team0: Port device netdevsim0 added
[   67.025455][ T7881] fuse: Unknown parameter 'group_id00000000000000000000'
[   67.109626][ T7891] loop0: detected capacity change from 0 to 128
[   67.731621][ T7898] loop5: detected capacity change from 0 to 32768
[   67.789045][ T7898] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   67.807894][ T7898] XFS (loop5): Ending clean mount
[   67.813864][ T7898] XFS (loop5): Quotacheck needed: Please wait.
[   67.829328][ T7917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.837316][ T7917] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   67.843268][ T7898] XFS (loop5): Quotacheck: Done.
[   67.907318][ T6893] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   68.057492][ T7921] loop1: detected capacity change from 0 to 512
[   68.059049][ T7921] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.069113][ T7921] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   68.069146][ T7921] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[   68.069249][ T7921] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[   68.069258][ T7921] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[   68.073807][ T7921] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   68.084295][ T7921] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.138899][ T7921] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[   68.166055][ T6528] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.492839][ T7928] loop1: detected capacity change from 0 to 2048
[   68.507876][ T7931] loop4: detected capacity change from 0 to 256
[   68.513379][ T7932] fuse: Bad value for 'user_id'
[   68.513401][ T7932] fuse: Bad value for 'user_id'
[   68.526946][ T7931] FAT-fs (loop4): Directory bread(block 64) failed
[   68.526977][ T7931] FAT-fs (loop4): Directory bread(block 65) failed
[   68.529576][ T7931] FAT-fs (loop4): Directory bread(block 66) failed
[   68.530700][ T7928] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   68.530914][ T7931] FAT-fs (loop4): Directory bread(block 67) failed
[   68.530955][ T7931] FAT-fs (loop4): Directory bread(block 68) failed
[   68.530968][ T7931] FAT-fs (loop4): Directory bread(block 69) failed
[   68.530990][ T7931] FAT-fs (loop4): Directory bread(block 70) failed
[   68.531000][ T7931] FAT-fs (loop4): Directory bread(block 71) failed
[   68.531021][ T7931] FAT-fs (loop4): Directory bread(block 72) failed
[   68.531031][ T7931] FAT-fs (loop4): Directory bread(block 73) failed
[   68.590932][ T7937] loop0: detected capacity change from 0 to 4096
[   68.592564][ T7937] ntfs3: Unknown parameter 'preallox'
[   68.615676][ T7942] loop2: detected capacity change from 0 to 1024
[   68.616010][ T7942] EXT4-fs: Ignoring removed mblk_io_submit option
[   68.616030][ T7942] EXT4-fs: inline encryption not supported
[   68.621675][ T7937] loop0: detected capacity change from 0 to 4096
[   68.626783][ T7942] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   68.638317][ T7944] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   68.643640][ T7942] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.372: bad orphan inode 11
[   68.643892][ T7942] EXT4-fs (loop2): Remounting filesystem read-only
[   68.643898][ T7942] ext4_test_bit(bit=10, block=4) = 1
[   68.643904][ T7942] is_bad_inode(inode)=0
[   68.643908][ T7942] NEXT_ORPHAN(inode)=3254779904
[   68.643911][ T7942] max_ino=32
[   68.643915][ T7942] i_nlink=0
[   68.652364][ T7942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.661787][ T7938] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   68.672424][ T7938] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 932 with error 28
[   68.672453][ T7938] EXT4-fs (loop1): This should not happen!! Data will be lost
[   68.672453][ T7938] 
[   68.672473][ T7938] EXT4-fs (loop1): Total free blocks count 0
[   68.672486][ T7938] EXT4-fs (loop1): Free/Dirty block details
[   68.672504][ T7938] EXT4-fs (loop1): free_blocks=2415919104
[   68.672520][ T7938] EXT4-fs (loop1): dirty_blocks=944
[   68.672530][ T7938] EXT4-fs (loop1): Block reservation details
[   68.672539][ T7938] EXT4-fs (loop1): i_reserved_data_blocks=59
[   68.690097][ T7942] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[   68.718672][ T7947] loop4: detected capacity change from 0 to 2048
[   68.719971][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.752834][ T7947] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   68.771030][   T12] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   68.796862][ T7954] loop2: detected capacity change from 0 to 4096
[   68.825776][ T7954] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   68.825807][ T7954] EXT4-fs (loop2): Test dummy encryption mode enabled
[   68.840849][ T7954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.849245][ T7959] loop1: detected capacity change from 0 to 4096
[   68.858449][ T7954] fscrypt: AES-256-XTS using implementation "xts-aes-ce"
[   68.872484][ T7959] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   68.877865][ T7959] ntfs3(loop1): Failed to load $Extend (-22).
[   68.879346][ T7959] ntfs3(loop1): Failed to initialize $Extend.
[   68.898810][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.012212][ T7971] loop0: detected capacity change from 0 to 2048
[   69.014123][ T7971] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   69.024335][ T7973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.024500][ T7973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.025704][ T7974] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   69.054611][ T7976] loop5: detected capacity change from 0 to 1024
[   69.056101][ T7976] EXT4-fs: Ignoring removed orlov option
[   69.057796][ T7976] EXT4-fs: Ignoring removed nomblk_io_submit option
[   69.078809][ T7976] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.163898][ T6893] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.217063][ T7988] loop1: detected capacity change from 0 to 4096
[   69.882478][ T7996] netlink: 8 bytes leftover after parsing attributes in process `syz.4.392'.
[   69.882520][ T7996] netlink: 8 bytes leftover after parsing attributes in process `syz.4.392'.
[   69.988313][ T8001] loop0: detected capacity change from 0 to 4096
[   70.010191][ T8003] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   70.480114][ T8005] loop4: detected capacity change from 0 to 32768
[   70.481994][ T8005] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.396 (8005)
[   70.492968][ T8005] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   70.495960][ T8005] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[   70.557173][ T8005] BTRFS info (device loop4): rebuilding free space tree
[   70.572368][ T8005] BTRFS info (device loop4): disabling free space tree
[   70.572403][ T8005] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   70.572428][ T8005] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   70.593191][ T8005] BTRFS info (device loop4): enabling ssd optimizations
[   70.593219][ T8005] BTRFS info (device loop4): turning on sync discard
[   70.593228][ T8005] BTRFS info (device loop4): force clearing of disk cache
[   70.593238][ T8005] BTRFS info (device loop4): max_inline set to 0
[   70.616183][ T8012] loop2: detected capacity change from 0 to 32768
[   70.638649][ T8012] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   70.701878][ T6537] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   70.726797][ T8012] XFS (loop2): Ending clean mount
[   70.746512][ T8012] XFS (loop2): Quotacheck needed: Please wait.
[   70.756519][ T8012] XFS (loop2): Quotacheck: Done.
[   70.817986][ T6527] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   70.997708][ T8049] loop0: detected capacity change from 0 to 8192
[   71.052790][ T8049] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[   71.054977][ T8049] FAT-fs (loop0): Filesystem has been set read-only
[   72.127301][ T8076] loop0: detected capacity change from 0 to 32768
[   72.253454][ T8091] can0: slcan on ttyS3.
[   72.336941][ T8076] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   72.360009][ T8092] capability: warning: `syz.2.415' uses 32-bit capabilities (legacy support in use)
[   72.470841][ T8091] can0 (unregistered): slcan off ttyS3.
[   72.476536][   T31] audit: type=1326 audit(72.450:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.476584][   T31] audit: type=1326 audit(72.450:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.476603][   T31] audit: type=1326 audit(72.450:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa1759794 code=0x7ffc0000
[   72.478392][   T31] audit: type=1326 audit(72.450:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.478798][   T31] audit: type=1326 audit(72.450:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=274 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.478903][   T31] audit: type=1326 audit(72.450:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.479205][   T31] audit: type=1326 audit(72.450:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.479346][   T31] audit: type=1326 audit(72.450:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.479787][   T31] audit: type=1326 audit(72.450:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.479934][   T31] audit: type=1326 audit(72.450:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.1.416" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffa175b3a8 code=0x7ffc0000
[   72.821980][ T8102] lo speed is unknown, defaulting to 1000
[   72.822266][ T8102] lo speed is unknown, defaulting to 1000
[   72.826427][ T8102] lo speed is unknown, defaulting to 1000
[   72.840064][ T8102] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   72.861001][ T8102] lo speed is unknown, defaulting to 1000
[   72.864037][ T8102] lo speed is unknown, defaulting to 1000
[   72.866972][ T8102] lo speed is unknown, defaulting to 1000
[   72.869873][ T8102] lo speed is unknown, defaulting to 1000
[   72.872869][ T8102] lo speed is unknown, defaulting to 1000
[   72.875634][ T8102] lo speed is unknown, defaulting to 1000
[   72.986784][ T6532] ocfs2: Unmounting device (7,0) on (node local)
[   73.037283][ T8107] loop2: detected capacity change from 0 to 64
[   73.255900][ T8114] serio: Serial port ptm0
[   73.505198][ T8122] loop4: detected capacity change from 0 to 64
[   73.846394][ T8127] loop5: detected capacity change from 0 to 256
[   73.847897][ T8127] exFAT-fs (loop5): invalid fs_name
[   73.850318][ T8127] exFAT-fs (loop5): failed to read boot sector
[   73.851965][ T8127] exFAT-fs (loop5): failed to recognize exfat type
[   73.909463][ T8131] loop5: detected capacity change from 0 to 16
[   73.914380][ T8131] MTD: Attempt to mount non-MTD device "/dev/loop5"
[   74.002396][ T8135] loop0: detected capacity change from 0 to 32768
[   74.008570][ T8135] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.430 (8135)
[   74.012683][ T8135] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   74.014528][ T8135] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[   74.118486][ T8135] BTRFS info (device loop0): enabling ssd optimizations
[   74.119832][ T8135] BTRFS info (device loop0): enabling free space tree
[   74.121145][ T8135] BTRFS info (device loop0): use zstd compression, level 3
[   74.447920][ T8165] loop4: detected capacity change from 0 to 256
[   74.452693][ T8165] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   74.815204][ T8173] loop2: detected capacity change from 0 to 2048
[   74.853759][ T8173] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.874844][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.087091][ T6532] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   75.222038][ T8184] loop5: detected capacity change from 0 to 131072
[   75.230427][ T8184] F2FS-fs (loop5): invalid crc value
[   75.246451][ T8184] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   75.248236][ T8184] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[   75.346571][ T8195] loop0: detected capacity change from 0 to 136
[   75.349445][ T8195] Attempt to read inode for relocated directory
[   75.424419][ T8203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.426197][ T8203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.533809][ T8210] loop4: detected capacity change from 0 to 4096
[   75.543227][ T8210] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[   75.606947][ T8213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.607139][ T8213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.710912][ T8210] ntfs3(loop4): Failed to initialize $Extend/$Reparse.
[   75.983470][ T8217] loop4: detected capacity change from 0 to 16
[   75.987525][ T8217] erofs (device loop4): mounted with root inode @ nid 36.
[   76.075922][ T8225] loop4: detected capacity change from 0 to 1024
[   76.246185][ T8225] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.260830][ T8225] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   76.306288][ T6537] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.377799][ T8240] loop4: detected capacity change from 0 to 512
[   76.409776][ T8242] Bluetooth: MGMT ver 1.23
[   76.413636][ T8242] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[   76.471909][ T8243] ubi31: attaching mtd0
[   76.479698][ T8243] ubi31: scanning is finished
[   76.479736][ T8243] ubi31: empty MTD device detected
[   76.550385][ T6577] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   76.682392][ T8243] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[   76.682428][ T8243] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   76.682442][ T8243] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[   76.682451][ T8243] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[   76.682458][ T8243] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   76.682464][ T8243] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[   76.682471][ T8243] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2265504647
[   76.682477][ T8243] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   76.694069][ T8246] ubi31: background thread "ubi_bgt31d" started, PID 8246
[   76.700639][ T6577] usb 1-1: Using ep0 maxpacket: 32
[   76.704536][ T6577] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[   76.706112][ T6577] usb 1-1: config 0 has no interface number 0
[   76.707211][ T6577] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   76.709136][ T6577] usb 1-1: config 0 interface 85 has no altsetting 0
[   76.713961][ T6577] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[   76.713984][ T6577] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.713998][ T6577] usb 1-1: Product: syz
[   76.714010][ T6577] usb 1-1: Manufacturer: syz
[   76.714021][ T6577] usb 1-1: SerialNumber: syz
[   76.724908][ T6577] usb 1-1: config 0 descriptor??
[   77.292844][ T8256] 9pnet: Unknown protocol version 9p200
[   77.423991][ T6577] appletouch 1-1:0.85: Geyser mode initialized.
[   77.426817][ T6577] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input2
[   77.616186][ T8258] loop1: detected capacity change from 0 to 32768
[   77.617854][ T8258] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.469 (8258)
[   77.627480][ T8258] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   77.627536][ T8258] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[   77.628057][ T8258] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   77.654534][ T6577] usb 1-1: USB disconnect, device number 3
[   77.669711][ T8258] BTRFS info (device loop1): rebuilding free space tree
[   77.674840][ T8258] BTRFS info (device loop1): disabling free space tree
[   77.675266][ T8258] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   77.675277][ T8258] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   77.677282][ T8258] BTRFS info (device loop1): enabling ssd optimizations
[   77.677292][ T8258] BTRFS info (device loop1): turning on sync discard
[   77.677299][ T8258] BTRFS info (device loop1): enabling disk space caching
[   77.677305][ T8258] BTRFS info (device loop1): force clearing of disk cache
[   77.677310][ T8258] BTRFS info (device loop1): enabling auto defrag
[   77.677316][ T8258] BTRFS info (device loop1): max_inline set to 0
[   77.829827][ T6528] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   77.853677][ T6577] appletouch 1-1:0.85: input: appletouch disconnected
[   78.047934][ T8282] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[   78.047951][ T8282] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   78.054226][ T8282] vhci_hcd vhci_hcd.0: Device attached
[   78.164174][ T8288] loop2: detected capacity change from 0 to 256
[   78.219860][ T8283] vhci_hcd: connection closed
[   78.223167][   T12] vhci_hcd: stop threads
[   78.223528][   T12] vhci_hcd: release socket
[   78.225160][   T12] vhci_hcd: disconnect device
[   78.255410][ T8290] loop2: detected capacity change from 0 to 4096
[   78.256233][ T8290] ntfs3: Unknown parameter '\2.W���5�qøi�2nw���'
[   78.287597][ T8292] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[   78.867186][ T8302] loop5: detected capacity change from 0 to 512
[   78.902151][ T8302] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.916252][ T6893] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.938125][ T8309] loop5: detected capacity change from 0 to 8
[   80.075437][ T8333] loop4: detected capacity change from 0 to 32768
[   80.085896][ T8333] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[   80.193205][ T6537] ocfs2: Unmounting device (7,4) on (node local)
[   80.358217][ T8343] loop4: detected capacity change from 0 to 4096
[   80.361290][ T8343] ntfs3: Unknown parameter '\2.W���5�qøi�2nw���'
[   80.422564][ T8343] overlayfs: missing 'lowerdir'
[   80.530078][ T8347] tc_dump_action: action bad kind
[   80.653209][ T8343] loop4: detected capacity change from 0 to 40427
[   80.667913][ T8343] F2FS-fs (loop4): invalid crc value
[   80.912110][ T8343] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   80.914027][ T8343] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   81.473841][ T8371] loop2: detected capacity change from 0 to 2048
[   81.500857][ T8373] loop0: detected capacity change from 0 to 64
[   81.520380][ T6681]  loop2: p1 < > p4
[   81.524133][ T6681] loop2: p4 size 8388608 extends beyond EOD, truncated
[   81.538988][ T8371]  loop2: p1 < > p4
[   81.549457][ T8371] loop2: p4 size 8388608 extends beyond EOD, truncated
[   81.681839][ T6679] udevd[6679]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   81.694872][ T6681] udevd[6681]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   81.718941][ T6679] udevd[6679]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   81.723144][ T6681] udevd[6681]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   82.121739][ T8385] loop2: detected capacity change from 0 to 32768
[   82.132007][ T8385] JBD2: Ignoring recovery information on journal
[   82.145690][ T8385] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   82.172114][ T6527] ocfs2: Unmounting device (7,2) on (node local)
[   82.382014][ T8401] loop1: detected capacity change from 0 to 8
[   82.990309][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   83.134134][ T8413] loop2: detected capacity change from 0 to 16
[   83.134237][ T8407] loop5: detected capacity change from 0 to 40427
[   83.139616][ T8413] erofs (device loop2): mounted with root inode @ nid 36.
[   83.141194][   T10] usb 1-1: Using ep0 maxpacket: 16
[   83.142914][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.142938][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.142948][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   83.142965][   T10] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   83.142974][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.144124][   T10] usb 1-1: config 0 descriptor??
[   83.164916][ T8413] erofs (device loop2): readahead error at folio 3600 @ nid 36
[   83.164954][ T8413] erofs (device loop2): readahead error at folio 3599 @ nid 36
[   83.173856][ T8407] F2FS-fs (loop5): invalid crc value
[   83.199464][ T8407] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   83.219329][ T8407] F2FS-fs (loop5): Start checkpoint disabled!
[   83.226383][ T8407] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[   83.283000][   T41] bio_check_eod: 34 callbacks suppressed
[   83.283698][   T41] kworker/u8:2: attempt to access beyond end of device
[   83.283698][   T41] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   83.285801][   T41] CPU: 0 UID: 0 PID: 41 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT 
[   83.285822][   T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   83.285828][   T41] Workqueue: writeback wb_workfn (flush-7:5)
[   83.285847][   T41] Call trace:
[   83.285850][   T41]  show_stack+0x2c/0x3c (C)
[   83.285860][   T41]  __dump_stack+0x30/0x40
[   83.285867][   T41]  dump_stack_lvl+0xd8/0x12c
[   83.285872][   T41]  dump_stack+0x1c/0x28
[   83.285877][   T41]  f2fs_handle_critical_error+0x34c/0x4b8
[   83.285885][   T41]  f2fs_stop_checkpoint+0x5c/0x70
[   83.285891][   T41]  f2fs_write_end_io+0x768/0xa70
[   83.285899][   T41]  bio_endio+0x858/0x894
[   83.285906][   T41]  submit_bio_noacct+0x158/0x177c
[   83.285912][   T41]  submit_bio+0x3b4/0x550
[   83.285918][   T41]  f2fs_submit_write_bio+0x13c/0x324
[   83.285924][   T41]  __submit_merged_bio+0x254/0x704
[   83.285930][   T41]  __submit_merged_write_cond+0x23c/0x4ac
[   83.285936][   T41]  f2fs_write_data_pages+0x1d28/0x2634
[   83.285942][   T41]  do_writepages+0x270/0x468
[   83.285950][   T41]  __writeback_single_inode+0x15c/0x13e8
[   83.285956][   T41]  writeback_sb_inodes+0x55c/0xe40
[   83.285963][   T41]  wb_writeback+0x3cc/0xd70
[   83.285969][   T41]  wb_workfn+0x338/0xdc0
[   83.285975][   T41]  process_one_work+0x7e8/0x155c
[   83.285981][   T41]  worker_thread+0x958/0xed8
[   83.285986][   T41]  kthread+0x5fc/0x75c
[   83.285992][   T41]  ret_from_fork+0x10/0x20
[   83.286009][   T41] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[   83.392918][ T8426] loop5: detected capacity change from 0 to 16
[   83.397853][ T8426] erofs (device loop5): mounted with root inode @ nid 36.
[   83.551921][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.551965][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.551975][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.551984][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.551992][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.552000][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.552007][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.552015][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.552022][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.552030][   T10] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   83.564095][   T10] microsoft 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   83.564130][   T10] microsoft 0003:045E:07DA.0001: no inputs found
[   83.564162][   T10] microsoft 0003:045E:07DA.0001: could not initialize ff, continuing anyway
[   83.759960][   T10] usb 1-1: USB disconnect, device number 4
[   84.384139][ T8442] netlink: 168 bytes leftover after parsing attributes in process `syz.2.525'.
[   84.912100][ T8445] netlink: 32 bytes leftover after parsing attributes in process `syz.0.526'.
[   85.098722][ T8457] loop2: detected capacity change from 0 to 256
[   85.121589][ T8457] exfat: Deprecated parameter 'namecase'
[   85.125698][ T8458] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   85.141752][ T8457] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2b52634e, utbl_chksum : 0xe619d30d)
[   85.652415][ T8484] team0: No ports can be present during mode change
[   85.654019][ T8484] netlink: 'syz.1.534': attribute type 10 has an invalid length.
[   85.748923][ T8486] netlink: 40 bytes leftover after parsing attributes in process `syz.1.534'.
[   85.750231][ T8484] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.752670][ T8484] team0: Port device bond0 added
[   86.028839][ T8486] team0 (unregistering): Port device team_slave_0 removed
[   86.034048][ T8486] team0 (unregistering): Port device team_slave_1 removed
[   86.041137][ T8486] team0 (unregistering): Port device bond0 removed
[   86.051886][ T8493] loop5: detected capacity change from 0 to 32768
[   86.455415][ T8551] loop2: detected capacity change from 0 to 8
[   86.715545][ T8569] syzkaller0: entered promiscuous mode
[   86.716790][ T8569] syzkaller0: entered allmulticast mode
[   86.850989][ T8582] loop1: detected capacity change from 0 to 512
[   86.859155][ T8582] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   86.863263][ T8582] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.546: invalid indirect mapped block 2683928664 (level 1)
[   86.866799][ T8582] EXT4-fs (loop1): 1 truncate cleaned up
[   86.873771][ T8582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.143504][ T8582] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.1.546: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[   87.186200][ T6528] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.212854][ T8595] loop1: detected capacity change from 0 to 64
[   87.417000][ T8591] loop5: detected capacity change from 0 to 32768
[   87.443276][ T8591] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[   87.636888][ T6893] ocfs2: Unmounting device (7,5) on (node local)
[   87.684550][ T8614] siw: device registration error -23
[   87.691769][ T8614] lo speed is unknown, defaulting to 1000
[   87.738150][ T8618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   87.738326][ T8618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.941264][ T8624] loop2: detected capacity change from 0 to 8
[   88.141837][ T8629] loop0: detected capacity change from 0 to 128
[   88.148257][ T8629] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   88.159699][ T6532] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   88.501945][ T8637] loop0: detected capacity change from 0 to 256
[   88.759205][ T8643] netlink: 16 bytes leftover after parsing attributes in process `syz.5.568'.
[   88.774553][ T8646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.774724][ T8646] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   89.521766][ T8642] loop2: detected capacity change from 0 to 32768
[   89.534869][ T8642] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   89.554895][ T8642] XFS (loop2): Ending clean mount
[   89.598164][ T6527] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   89.648651][ T8669] loop2: detected capacity change from 0 to 2048
[   89.724446][ T8669] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.742646][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.859215][ T8681] vhci_hcd: invalid port number 96
[   89.859243][ T8681] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[   89.899855][ T8684] loop1: detected capacity change from 0 to 512
[   89.902927][   T31] kauditd_printk_skb: 19 callbacks suppressed
[   89.902948][   T31] audit: type=1326 audit(89.880:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8685 comm="syz.4.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd5b3a8 code=0x7ffc0000
[   89.904099][   T31] audit: type=1326 audit(89.880:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8685 comm="syz.4.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=60 compat=0 ip=0xffff9fd5b3a8 code=0x7ffc0000
[   89.904132][   T31] audit: type=1326 audit(89.880:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8685 comm="syz.4.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd5b3a8 code=0x7ffc0000
[   89.904148][   T31] audit: type=1326 audit(89.880:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8685 comm="syz.4.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd5b3a8 code=0x7ffc0000
[   89.948473][ T8684] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.948708][ T8684] EXT4-fs (loop1): Test dummy encryption mode enabled
[   89.964412][ T8688] loop2: detected capacity change from 0 to 8
[   90.193660][ T8684] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c018, mo2=0002]
[   90.193708][ T8684] System zones: 2-12, 7-7
[   90.194115][ T8684] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 17. Delete some EAs or run e2fsck.
[   90.194145][ T8684] EXT4-fs (loop1): 1 truncate cleaned up
[   90.194524][ T8684] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.214895][ T6528] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.738682][ T8703] loop2: detected capacity change from 0 to 512
[   90.747235][ T8703] EXT4-fs: Ignoring removed i_version option
[   90.757965][ T8703] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   90.762846][ T8703] EXT4-fs (loop2): 1 truncate cleaned up
[   90.764379][ T8703] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.768555][ T8698] loop0: detected capacity change from 0 to 32768
[   90.789215][ T6527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.810097][ T8698] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   91.172932][ T6532] (syz-executor,6532,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[   91.178927][ T6532] ocfs2: Unmounting device (7,0) on (node local)
[   91.436634][ T8717] loop1: detected capacity change from 0 to 32768
[   91.463047][ T8717] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[   91.486577][ T6528] ocfs2: Unmounting device (7,1) on (node local)
[   91.673849][ T8721] loop0: detected capacity change from 0 to 32768
[   91.675646][ T8721] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.587 (8721)
[   91.751214][ T8721] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   91.751278][ T8721] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[   91.751696][ T8732] fuse: Bad value for 'fd'
[   92.494490][ T8721] BTRFS info (device loop0): enabling ssd optimizations
[   92.494519][ T8721] BTRFS info (device loop0): enabling free space tree
[   92.494530][ T8721] BTRFS info (device loop0): use zstd compression, level 3
[   92.534434][ T8761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.536265][ T8761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.570525][ T6532] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   92.988394][ T8781] fuse: Bad value for 'fd'
[   93.095119][ T8784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.601'.
[   93.169544][ T8784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.601'.
[   93.502823][ T8798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   93.512236][ T8798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.631283][ T8804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   93.631455][ T8804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.647000][ T8806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   93.647166][ T8806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.973433][ T8812] fuse: Bad value for 'fd'
[   94.172647][ T8826] netlink: 'syz.4.617': attribute type 21 has an invalid length.
[   94.172707][ T8826] netlink: 156 bytes leftover after parsing attributes in process `syz.4.617'.
[   94.173041][ T8826] netlink: 'syz.4.617': attribute type 21 has an invalid length.
[   94.173060][ T8826] netlink: 156 bytes leftover after parsing attributes in process `syz.4.617'.
[   94.469075][ T8832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.469256][ T8832] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.620706][ T8841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.620907][ T8841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.956158][ T8845] fuse: Bad value for 'fd'
[   95.027092][ T8855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.028935][ T8855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.032821][ T8855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.038237][ T8855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.119530][   T31] audit: type=1326 audit(95.090:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.119760][   T31] audit: type=1326 audit(95.090:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=274 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.119849][   T31] audit: type=1326 audit(95.090:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.119992][   T31] audit: type=1326 audit(95.090:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.120102][   T31] audit: type=1326 audit(95.090:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.120158][   T31] audit: type=1326 audit(95.090:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.121771][   T31] audit: type=1326 audit(95.100:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=217 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.121950][   T31] audit: type=1326 audit(95.100:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.122091][   T31] audit: type=1326 audit(95.100:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=59 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.122314][   T31] audit: type=1326 audit(95.100:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8852 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba55b3a8 code=0x7ffc0000
[   95.640398][ T6615] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   95.794256][ T6615] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[   95.794291][ T6615] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.794321][ T6615] usb 1-1: Product: syz
[   95.794335][ T6615] usb 1-1: Manufacturer: syz
[   95.794348][ T6615] usb 1-1: SerialNumber: syz
[   95.901992][ T8878] fuse: Bad value for 'fd'
[   96.404103][ T8895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.404294][ T8895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.072345][ T8926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.072537][ T8926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.588222][ T6536] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[   97.639210][ T6615] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO
[   97.639454][ T6615] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[   97.639683][ T6615] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[   97.639705][ T6615] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[   97.640064][ T6615] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[   97.660530][ T6536] Bluetooth: hci1: Malformed HCI Event: 0x22
[   97.662347][ T6615] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[   97.666037][ T6615] usb 1-1: USB disconnect, device number 5
[   97.848413][ T8946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.848644][ T8946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.863760][ T8947] capability: warning: `syz.5.665' uses deprecated v2 capabilities in a way that may be insecure
[   98.304977][ T8955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.305169][ T8955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.358397][ T8957] syzkaller1: entered promiscuous mode
[   98.359443][ T8957] syzkaller1: entered allmulticast mode
[   98.789692][ T8964] 9pnet_virtio: no channels available for device syz
[   98.962383][ T8970] loop5: detected capacity change from 0 to 32768
[   98.974431][ T8970] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[   98.985719][ T8970] 
[   98.986101][ T8970] ======================================================
[   98.987174][ T8970] WARNING: possible circular locking dependency detected
[   98.988287][ T8970] syzkaller #0 Not tainted
[   98.988967][ T8970] ------------------------------------------------------
[   98.990046][ T8970] syz.5.673/8970 is trying to acquire lock:
[   98.990920][ T8970] ffff0000f5cd42c0 (&ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_xattr_set+0x8a8/0xe9c
[   98.992733][ T8970] 
[   98.992733][ T8970] but task is already holding lock:
[   98.993931][ T8970] ffff0000f7766ab8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c
[   98.995448][ T8970] 
[   98.995448][ T8970] which lock already depends on the new lock.
[   98.995448][ T8970] 
[   98.996898][ T8970] 
[   98.996898][ T8970] the existing dependency chain (in reverse order) is:
[   98.998220][ T8970] 
[   98.998220][ T8970] -> #2 (&oi->ip_xattr_sem){++++}-{4:4}:
[   98.999355][ T8970]        down_read+0x58/0x2f8
[   99.000082][ T8970]        ocfs2_init_acl+0x258/0x5f0
[   99.000949][ T8970]        ocfs2_mknod+0x1028/0x1cf0
[   99.001771][ T8970]        ocfs2_mkdir+0x190/0x474
[   99.002534][ T8970]        vfs_mkdir+0x284/0x424
[   99.003352][ T8970]        do_mkdirat+0x1f8/0x4c8
[   99.004107][ T8970]        __arm64_sys_mkdirat+0x8c/0xa4
[   99.005036][ T8970]        invoke_syscall+0x98/0x254
[   99.005849][ T8970]        el0_svc_common+0x130/0x23c
[   99.006688][ T8970]        do_el0_svc+0x48/0x58
[   99.007344][ T8970]        el0_svc+0x5c/0x254
[   99.008124][ T8970]        el0t_64_sync_handler+0x84/0x12c
[   99.009009][ T8970]        el0t_64_sync+0x198/0x19c
[   99.009802][ T8970] 
[   99.009802][ T8970] -> #1 (jbd2_handle){++++}-{0:0}:
[   99.010834][ T8970]        jbd2_journal_lock_updates+0xb0/0x2fc
[   99.011765][ T8970]        __ocfs2_flush_truncate_log+0x280/0xf6c
[   99.012783][ T8970]        ocfs2_flush_truncate_log+0x4c/0x6c
[   99.013763][ T8970]        ocfs2_sync_fs+0xf8/0x2a4
[   99.014573][ T8970]        sync_filesystem+0x1a0/0x218
[   99.015440][ T8970]        generic_shutdown_super+0x70/0x2b8
[   99.016304][ T8970]        kill_block_super+0x44/0x90
[   99.017113][ T8970]        deactivate_locked_super+0xc4/0x12c
[   99.018018][ T8970]        deactivate_super+0xe0/0x100
[   99.018875][ T8970]        cleanup_mnt+0x31c/0x3ac
[   99.019624][ T8970]        __cleanup_mnt+0x20/0x30
[   99.020316][ T8970]        task_work_run+0x1dc/0x260
[   99.021048][ T8970]        exit_to_user_mode_loop+0xfc/0x168
[   99.021895][ T8970]        el0_svc+0x170/0x254
[   99.022575][ T8970]        el0t_64_sync_handler+0x84/0x12c
[   99.023407][ T8970]        el0t_64_sync+0x198/0x19c
[   99.024162][ T8970] 
[   99.024162][ T8970] -> #0 (&ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE]){+.+.}-{4:4}:
[   99.025877][ T8970]        __lock_acquire+0x1774/0x30a4
[   99.026725][ T8970]        lock_acquire+0x14c/0x2e0
[   99.027446][ T8970]        down_write+0x50/0xc0
[   99.028178][ T8970]        ocfs2_xattr_set+0x8a8/0xe9c
[   99.029085][ T8970]        ocfs2_set_acl+0x574/0x628
[   99.029943][ T8970]        ocfs2_iop_set_acl+0x190/0x25c
[   99.030765][ T8970]        vfs_set_acl+0x70c/0x974
[   99.031541][ T8970]        do_set_acl+0xe0/0x1a8
[   99.032223][ T8970]        filename_setxattr+0x268/0x4f8
[   99.033038][ T8970]        path_setxattrat+0x2e8/0x320
[   99.033806][ T8970]        __arm64_sys_setxattr+0xc0/0xdc
[   99.034616][ T8970]        invoke_syscall+0x98/0x254
[   99.035358][ T8970]        el0_svc_common+0x130/0x23c
[   99.036123][ T8970]        do_el0_svc+0x48/0x58
[   99.036849][ T8970]        el0_svc+0x5c/0x254
[   99.037484][ T8970]        el0t_64_sync_handler+0x84/0x12c
[   99.038319][ T8970]        el0t_64_sync+0x198/0x19c
[   99.039046][ T8970] 
[   99.039046][ T8970] other info that might help us debug this:
[   99.039046][ T8970] 
[   99.040662][ T8970] Chain exists of:
[   99.040662][ T8970]   &ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem
[   99.040662][ T8970] 
[   99.043100][ T8970]  Possible unsafe locking scenario:
[   99.043100][ T8970] 
[   99.044152][ T8970]        CPU0                    CPU1
[   99.044943][ T8970]        ----                    ----
[   99.045702][ T8970]   lock(&oi->ip_xattr_sem);
[   99.046458][ T8970]                                lock(jbd2_handle);
[   99.047574][ T8970]                                lock(&oi->ip_xattr_sem);
[   99.048737][ T8970]   lock(&ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE]);
[   99.049973][ T8970] 
[   99.049973][ T8970]  *** DEADLOCK ***
[   99.049973][ T8970] 
[   99.051229][ T8970] 3 locks held by syz.5.673/8970:
[   99.051991][ T8970]  #0: ffff0000d0c42428 (sb_writers#19){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c
[   99.053414][ T8970]  #1: ffff0000f7766d80 (&type->i_mutex_dir_key#22){+.+.}-{4:4}, at: vfs_set_acl+0x338/0x974
[   99.055121][ T8970]  #2: ffff0000f7766ab8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c
[   99.056757][ T8970] 
[   99.056757][ T8970] stack backtrace:
[   99.057655][ T8970] CPU: 1 UID: 0 PID: 8970 Comm: syz.5.673 Not tainted syzkaller #0 PREEMPT 
[   99.058986][ T8970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   99.060521][ T8970] Call trace:
[   99.061035][ T8970]  show_stack+0x2c/0x3c (C)
[   99.061736][ T8970]  __dump_stack+0x30/0x40
[   99.062434][ T8970]  dump_stack_lvl+0xd8/0x12c
[   99.063164][ T8970]  dump_stack+0x1c/0x28
[   99.063826][ T8970]  print_circular_bug+0x324/0x32c
[   99.064629][ T8970]  check_noncircular+0x154/0x174
[   99.065339][ T8970]  __lock_acquire+0x1774/0x30a4
[   99.066076][ T8970]  lock_acquire+0x14c/0x2e0
[   99.066795][ T8970]  down_write+0x50/0xc0
[   99.067397][ T8970]  ocfs2_xattr_set+0x8a8/0xe9c
[   99.068203][ T8970]  ocfs2_set_acl+0x574/0x628
[   99.068912][ T8970]  ocfs2_iop_set_acl+0x190/0x25c
[   99.069614][ T8970]  vfs_set_acl+0x70c/0x974
[   99.070271][ T8970]  do_set_acl+0xe0/0x1a8
[   99.070901][ T8970]  filename_setxattr+0x268/0x4f8
[   99.071617][ T8970]  path_setxattrat+0x2e8/0x320
[   99.072336][ T8970]  __arm64_sys_setxattr+0xc0/0xdc
[   99.073089][ T8970]  invoke_syscall+0x98/0x254
[   99.073758][ T8970]  el0_svc_common+0x130/0x23c
[   99.074404][ T8970]  do_el0_svc+0x48/0x58
[   99.074939][ T8970]  el0_svc+0x5c/0x254
[   99.075496][ T8970]  el0t_64_sync_handler+0x84/0x12c
[   99.076244][ T8970]  el0t_64_sync+0x198/0x19c
[   99.105626][ T6893] ocfs2: Unmounting device (7,5) on (node local)