last executing test programs: 16.606898205s ago: executing program 2 (id=1945): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) 14.508957475s ago: executing program 3 (id=1949): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 14.101627028s ago: executing program 1 (id=1950): syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x61c0, 0x700) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000100)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES8=0x0, @ANYRES64], 0xb, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x2000) ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000001040)={0x40000000, 0x6, "23a3bc5a72a1f1b8e4c1229f3675141f65d13377b74ef34d1102b6d87bfa71fd", 0xeff, 0x8, 0x4f9, 0x2, 0x17}) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file5\x00', 0x0) syz_emit_ethernet(0x46, &(0x7f0000000a00)=ANY=[@ANYBLOB="aaaaaaaaaaaa00200000074e62ca490000380000000000069078ac1e0001ac14140d8307d7e0000001860600"/54, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x45000, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r2, {0x7}}, './bus\x00'}) 13.503267036s ago: executing program 3 (id=1951): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$l2tp(0x2, 0x2, 0x73) recvmmsg(r3, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}, 0x2a}, {{&(0x7f00000004c0)=@alg, 0x80, &(0x7f0000000540)=[{&(0x7f0000000380)=""/32, 0x20}], 0x1, &(0x7f0000000580)=""/40, 0x28}, 0x83}], 0x2, 0x10020, 0x0) r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000001c0)={0x5fa, 0xfffffeff, 0x2, {0x1, @pix_mp={0xcf6, 0x1c00, 0x47504a4d, 0x5, 0x8, [{0x2a302c, 0x10000}, {0x1, 0xfffffffc}, {0x2, 0xb}, {0x7fff0, 0x10002}, {0x0, 0xfffffffd}, {0x6, 0x5}, {0x9, 0x8}, {0x8, 0x10000}], 0x7e, 0x5, 0x2}}, 0x7f}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000003c0)={0x3, 0x6, 0x2, {0x1, @pix_mp={0x131c, 0x9, 0x20363159, 0x2, 0x0, [{0x2776463d, 0x7}, {0x0, 0x7f}, {0xffffffff, 0xffff}, {0x1, 0x42}, {0x7, 0x310cb2b8}, {0x7fffffff, 0x80}, {0x614, 0xfffffffc}, {0x81, 0x6}], 0xa0, 0x7f, 0x7, 0x1, 0x7}}, 0x4}) sendto$l2tp(r3, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r5, 0xc028aa05, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x220, 0xd0, 0x720d, 0x148, 0x0, 0x148, 0x188, 0x240, 0x240, 0x188, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @rand_addr=0x64010100, 0xff, 0xff000000, 'veth1_to_hsr\x00', 'dvmrp1\x00', {0xff}, {}, 0xff, 0x1, 0x30}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x1, 0x1e01, 0x2, 0x3], 0x0, 0x2}, {0xffffffffffffffff, [0x7, 0xb2cc575b459b5b36, 0x4, 0x4], 0x6, 0x7}}}}, {{@ip={@broadcast, @multicast1, 0xff000000, 0xffffffff, 'sit0\x00', 'vlan1\x00', {0xff}, {0xff}, 0x1, 0x3, 0x40}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) setresuid(0x0, 0xee00, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast2, 0x1}}}, 0x30) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r8, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000}) 11.250369369s ago: executing program 3 (id=1953): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 11.211286472s ago: executing program 1 (id=1954): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd70000420000004ec00000800090002"], 0x34}}, 0x0) 11.068070743s ago: executing program 3 (id=1955): bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000001c0)={0x1, 0x0}, 0x8) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000200)={r0}, 0x4) r2 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080), 0x4) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/msg\x00', 0x0, 0x0) close(r3) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@ifindex, r1, 0x1d, 0x2000, 0x0, @value=r2}, 0x20) syz_open_dev$vim2m(0x0, 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x269, &(0x7f0000000780)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000000400000002", @ANYRES32, @ANYBLOB='\x00'/14, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/24], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) socket$inet6(0x10, 0x3, 0x0) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000040), 0x0, 0x0, 0x0) llistxattr(&(0x7f0000000280)='./file1\x00', 0x0, 0x7) 10.725248232s ago: executing program 2 (id=1956): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91124fc60", 0x14}], 0x1}, 0x0) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, 0x0) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x1c, r5, 0x301, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x3000000}, 0x0) 10.13229685s ago: executing program 1 (id=1958): syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0) request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0) 7.722006865s ago: executing program 2 (id=1959): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 7.222473435s ago: executing program 0 (id=1960): r0 = syz_open_procfs(0x0, &(0x7f0000000280)='attr\x00') fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xf8) getdents64(r1, 0x0, 0x22) 6.941875038s ago: executing program 1 (id=1961): shutdown(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) fcntl$setpipe(r3, 0x407, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, 0x0, 0x0) sendmsg$can_bcm(r4, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000080)="18", 0xfe37}], 0x1}}], 0x1, 0x0) syz_open_dev$video(&(0x7f0000000000), 0xffffffffffffffff, 0xc200) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x4d, 0x0, 0x4) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file1\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x444a, &(0x7f0000004480)="$eJzs3b1PHGcaAPB3BnwGfx32ufBJJ91KZ+k+hcDV3WHpMMbGYHOOnNhFmvUCa5tkYS1YohQuSGcpVaQUUQorkdJRWUhp0jh/QpqUTm0pKdJEimSFaHdnMTPsmg3ZhWD9fsXOzvv5wLMzvGNp/caJyr355dz8cq6wmCvP3lk+l3unXFpZKIZ4jzSd/9DezU97uvE5edmYn3cscpq5fvHy67fOhfDl3NfPNjY2NkJVb2hqeMv7H75/MLv12BBn+lTHbTLUoeYz7MabIYTT2+Kq6gkh9IUQohDChaRsLDn2hxCOJ3W3Hrx/O9ehaB4/LZ7PP59+uD5ydmrt0Xqzn70uCuHj0h//dXfh27/0jHzzj9YjfnG0Q6EBAAAAAAAAAAAAAAAAAHAATNy4fvO1oeHwJAq9a9H27+tOJMcW34/t3eiYP78szL+f6NyPDAAAAAAAAAAAAAAAAAAAAL85L77/n4tONfn+/3hyHG3Rf+N/3Y+R7pn8//XxS0PDyf7v0bb6fydF313oCSeb7Pue3f/9QqZ/8/3ft8+zW434GvMOhCgeTJ3H8eBgCJ8mG7+fiY7EpfJy5Z93yiuLcx0L48BK57++e38qO8mG/m3mPx7LjN9i//8O+sO2T1P1/HbnPmKvtHT+e1q2++y9qK3r/2Km317kn91L57+3Vta/tcFo/QZQzf8HvTvnfzwzfrfyfyKEkIuqseZSd4DqGqZa3mq9Qlo6/4dqZalbZ/KLbHX9/5jJ/6XM+Pt1/1/N/iGiqXT+f1cr60u1OFx7reU/3vn6v5wZfz/yX41/tV640d25D750/uu5Dr2pJrXfZLv3/4nM+C3zf/jXxX0zTuI8EaU+AWtRvbzF/1dHRjr/fdvqXzz/xW2t/65k+u/V819j3sbzX+P2/7eo/vxHc+n897ds1+71P5np1+37/2ht/cdupfN/pFaWXjsP1F7bzf9UZvxu5b/2VNLXyP+L+8lPh+vln1j/tSWd/6P1wnhri9Xaa239F+28/r+aGX8/1n/V+Ffj7s76qkjn/1jLdtX8f9XG3/9rmX7dz38IQ/6tb9fS+T/esl3t+u/bOf/Tm+/qY3U7/3/t5uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8BYchwIUTyYOo/jwcEQLibnZ8KRaKYwl58plWffXg5hPCnPhVPR3VJ5plDKzy+W54r5QqlUng3hUlJ/OvRFy6VyJb9QuH95c6z+6F6xsFSZKRYqIYSJpPxP4XhjrJn5ykLhfgjhymbd7+Py0v17hcX83PzSf4eGhobC5GYMJ6Piu5XiYqU+e702hKnNvgPRluBq1Vc3YzkWvVVeWVoslGrl17b0KZVnC6UtfaaTug/DyaiytLI4W6gU86Xy3cZ8+2k0OY5P3njjxrXhbfW3o/pxbG/DAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAXejLyn49CCL31sziEMNp4EzVr//hp8Xz++fTD9ZGzU2uP1p+1agcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DM7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2KVj1ASCKAzAbyZFki7HSLUkXdoNgZAU2SB4Aj2Gh9GjeAnvYGFhayGC7KKuu7CNVt/XPJifmfdgHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw3yPqvH/23tEiqf9Y8Ryulqf5791nX9233+4w4zczs9f9XX6w3SVf9RHmzIf0912NomO2li09qS9T5d9nnvn6tu3vvmavi+RchERZZ2/ppyLYthbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGAHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BUAAP//hkEdVg==") 6.836738496s ago: executing program 0 (id=1962): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$l2tp(0x2, 0x2, 0x73) recvmmsg(r3, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}, 0x2a}, {{&(0x7f00000004c0)=@alg, 0x80, &(0x7f0000000540)=[{&(0x7f0000000380)=""/32, 0x20}], 0x1, &(0x7f0000000580)=""/40, 0x28}, 0x83}], 0x2, 0x10020, 0x0) r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000001c0)={0x5fa, 0xfffffeff, 0x2, {0x1, @pix_mp={0xcf6, 0x1c00, 0x47504a4d, 0x5, 0x8, [{0x2a302c, 0x10000}, {0x1, 0xfffffffc}, {0x2, 0xb}, {0x7fff0, 0x10002}, {0x0, 0xfffffffd}, {0x6, 0x5}, {0x9, 0x8}, {0x8, 0x10000}], 0x7e, 0x5, 0x2}}, 0x7f}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000003c0)={0x3, 0x6, 0x2, {0x1, @pix_mp={0x131c, 0x9, 0x20363159, 0x2, 0x0, [{0x2776463d, 0x7}, {0x0, 0x7f}, {0xffffffff, 0xffff}, {0x1, 0x42}, {0x7, 0x310cb2b8}, {0x7fffffff, 0x80}, {0x614, 0xfffffffc}, {0x81, 0x6}], 0xa0, 0x7f, 0x7, 0x1, 0x7}}, 0x4}) sendto$l2tp(r3, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r5, 0xc028aa05, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x220, 0xd0, 0x720d, 0x148, 0x0, 0x148, 0x188, 0x240, 0x240, 0x188, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @rand_addr=0x64010100, 0xff, 0xff000000, 'veth1_to_hsr\x00', 'dvmrp1\x00', {0xff}, {}, 0xff, 0x1, 0x30}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x1, 0x1e01, 0x2, 0x3], 0x0, 0x2}, {0xffffffffffffffff, [0x7, 0xb2cc575b459b5b36, 0x4, 0x4], 0x6, 0x7}}}}, {{@ip={@broadcast, @multicast1, 0xff000000, 0xffffffff, 'sit0\x00', 'vlan1\x00', {0xff}, {0xff}, 0x1, 0x3, 0x40}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) setresuid(0x0, 0xee00, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast2, 0x1}}}, 0x30) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r8, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000}) 4.427428072s ago: executing program 2 (id=1963): syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x61c0, 0x700) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000100)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES8=0x0, @ANYRES64], 0xb, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x2000) ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000001040)={0x40000000, 0x6, "23a3bc5a72a1f1b8e4c1229f3675141f65d13377b74ef34d1102b6d87bfa71fd", 0xeff, 0x8, 0x4f9, 0x2, 0x17}) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file5\x00', 0x0) syz_emit_ethernet(0x46, &(0x7f0000000a00)=ANY=[@ANYBLOB="aaaaaaaaaaaa00200000074e62ca490000380000000000069078ac1e0001ac14140d8307d7e0000001860600"/54, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x45000, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r2, {0x7}}, './bus\x00'}) 4.270703834s ago: executing program 0 (id=1964): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x100, @ipv4={'\x00', '\xff\xff', @empty}, 0x3}, 0x1c) listen(r3, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 4.124879136s ago: executing program 3 (id=1965): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000c00)=ANY=[], 0x1, 0x6d3, &(0x7f00000014c0)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSCsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJQi1y+88bDMr67MtldXZo/Vxe0kZbqRNLurFHeT4nEyV5YXfUv61pt8vHjtrc+erH7ezTXrpao/tl27IYbUXa6XTNf9TQ9tOb7bXSzX4eWlJDfq9aCJ3fY1ULEctPP1Gg5dZ1AjneW9NN/LdQscMb2nU9F9bm4ylRxPMln/HpD67tAYXYQHY093OQAAAHhBfXrvsCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF0/9/f9FvTTqdaZT9L7/f6K3rU4fQXO7rvnoQOMAAAAAAAAAgNH4+tM8zcOc6OU7RfU3/3NV5lS+6CRfyvt5kIXcz8U8zHyWspT7uZxkqq+jiYfzS0v3L6+1LA1veWVoyyujOmIAAAAAAAAA+J/0y7TW//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHQZGMdVfVcqpeZyqNZtbLspz8M8nEYce7B8WwjY9GHwcAAAA8l8lnaPPlp3mahznRy3eK6jX/V6rXy5N5P3ezlMUspZ2F3KxfQ5ev+hurK7Pt1ZXZO+VS5gf7/f6/9xTGRN3DWJUbtuczVY1WbmWx2nIxN6pgbqbR3ff55Ewvnr64+nxUxlR8r7bLyJr1sJY7+/1W7yLsi8G3Ihrb1GytB5esjchMHVvZ8mR3BIrqjZpk40jseHaaA7mpqtfxtT1dTmPtnZ9TBzDmx+t1eTy/OdAx36u1kWikGokrvdlXXjPbj0Tyjb/+6e3b7bvv3r714MLROaQdjG2xfeOcmO0biVdf6JFo7rH+TDUSp9fy1/Oj/CQXMp03cz+L+Wnms5SFdOry+Xo+lz+nth+puYHcmztFMlGfl+45201M0/lhlZrPuartiSymyL3czEJer/5dyeV8O1dzNdf6zvDpLeOujq266hsbr/remf7b0ODPf7NOlHe3367f5ea2O+KtZud+6d77y3E92Teu3Vn/ZK3Wyb7rYKZvlF7ujc740M6f5d7Y/GqdKPfxqx2eE6M1VY9EeQH1nhK96F7pjkSzehZtnud/6JTt0r7b6dyef2+L/pc35F+r1+W0WvnaTrV7hp+K/VXOl5czWd9JBmdHWfbK2l2mr6yzPpe7ZYNP3LLd6aqsKHpX6o9zr5oAm6/Uifp3uM09XanKXt1Qdra+h5dlZ/rKBn7fyr20c3ME4wfAs/jH22vJqRyfaP2r9Wnrk9avW7dbb0z+4Nh3jp2dyPjfx7/bnBl7rXG2+Es+yc/XX/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP7sEHH747324v3B+eaGxdNJBoZeOWnXrekCjqL/TZW6ujm5hMMrCl+p6jkYfR2hjGpkTnF8nIx6f3JYLD6/yuTDQ3zahhibmBLX/e3OFHe4yw2N11cYCJRka707EMnwCHeFMCRuLS0p33Lj344MNvLd6Zf2fhnYW741evXpu5dvX12Uu3FtsLM92fhx0lcBDWH/qHHQkAAAAAAAAAAACwW8M+GHDupZ0+NLIp0Uiy8TMe/mchAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsC+uX0jzUYpcnrk4U+ZXV2bb5dJLr9dsJmk0kuJnSfE4mUt3yVRfd0X++DidIfv5ePHaW589Wf18va9mt37SqNdb2740yXK9ZDrJWL1+DgP93Xju/or/9I6hHLAvOp3O3PPFB/vjvwEAAP//5CHw8g==") madvise(&(0x7f000088c000/0x2000)=nil, 0x2000, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000e00)=@mangle={'mangle\x00', 0x44, 0x6, 0x478, 0x0, 0x1c8, 0x98, 0x0, 0x98, 0x3e0, 0x3e0, 0x3e0, 0x3e0, 0x3e0, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x6, 0x0, 0x1}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x20}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x3, 0x1}}}, {{@uncond, 0x0, 0xe8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1, 0x9af, @multicast1, 0x4e20}}}, {{@ip={@broadcast, @multicast2, 0x0, 0xff000000, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@inet=@iprange={{0x68}, {@ipv4=@remote, @ipv6=@mcast2, @ipv6=@dev={0xfe, 0x80, '\x00', 0x32}, @ipv6=@remote, 0x20}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x0, 0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4d8) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000000)={0x30, r4, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0x30}}, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000004b80)) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f00000004c0)={0xfffffffffffffffd, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/243, 0xf3}, 0x2003) unlink(&(0x7f0000000000)='./file1\x00') r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000300", @ANYBLOB="0800a0009e09000008009f000400000008002600800900000800a10005"], 0x3c}}, 0x0) 3.889261485s ago: executing program 1 (id=1966): r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r0, &(0x7f0000000980)={0x2020}, 0x2020) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1802000002000000000002ecff0000008500000020000000950300000000"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xd, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5b", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x536, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00') clock_gettime(0x0, &(0x7f00000000c0)) ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, 0x0) openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x280240, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61123400000000006113500000000000bf200000000000001500000008ffffffbd0301000000000095000000000000006916320000000000bf67000000000000a406000007ff07006706000002000000070600000ee60000bf050000000000002e650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a2aadfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf736f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000b542a536559eed87b58edcfee83a50077ee0e8fb6e787cb3076dfeeb79f55927fef9651e176b40e64740a01944577caea4ceb9e907cec36a8429445c833b9d24d53dc91f15af1f4a1db9fa452fa3f0b812355aab5b58659ffd56034fdbb169f3e86660acdc65dc699d3e6364a80f45e54d6efcb99b41a080494f842706f3c1716d2e252bf89663393356296d89fbf95aa7966fa700b710008311d6f25e05f77d68799e671d90cb04131742790941d83ffdfa857e9e085a59a78e7a17f008ce55866fcc4de388f270a1ba675f43481bd2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) 2.153919975s ago: executing program 0 (id=1967): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c90012000e000500161f"], 0x17) 2.052070624s ago: executing program 2 (id=1968): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0x1}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.900054916s ago: executing program 0 (id=1969): syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0) request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0) 1.391984887s ago: executing program 3 (id=1970): socket$netlink(0x10, 0x3, 0x9) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r1, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"}) r2 = socket$alg(0x26, 0x5, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f0000000140)="c2", 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000000e80)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @private2}, 0x1c, &(0x7f0000000880)=[{&(0x7f00000003c0)}], 0x1}}], 0x1, 0x0) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x7, 0x7, 0xc, 0x9, 0x0, 0xc, 0x4, 0x6, 0x8, 0x2, 0xa1, 0x4, 0x3, 0x80}, 0xe) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) accept4(r2, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r6, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, 0x0, [@default, @null, @null, @default, @bcast, @default]}, 0x40) 778.060547ms ago: executing program 2 (id=1971): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 668.485456ms ago: executing program 1 (id=1972): mmap(&(0x7f0000a18000/0x1000)=nil, 0x1000, 0x0, 0x8031, 0xffffffffffffffff, 0xbce03000) gettid() openat$nullb(0xffffffffffffff9c, 0x0, 0x26280, 0x0) io_uring_setup(0x8, 0x0) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x5) accept$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() getrlimit(0x5, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup.net/syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@cgroup=r3, 0x2f, 0x1, 0x2, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file2\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=") execve(&(0x7f00000003c0)='./file2\x00', 0x0, 0x0) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02e05b89d3c2148a9600a2241eb80dd24388d77e24ea26e6a9e2dd0c014db5a7dcea6f39baa41b556ec0719acf57b4ab10843a629684d83d92ce5b0992f09e4d1828268a395bf97760a4d2597903351345796bf709f2570b8905d2680e6f8965323313eadcc1c7579377a6f3be069b304264149b8d0a9a83bfd8720c8599300f28b455007c286a22e7769e9578701b"], 0x1, 0x185, &(0x7f0000000280)="$eJxckk1LKmEUx//P+PhyL/eKi7u4L1wQirLCHEd7gTZCVERQmz6AomaClqWUheTYLnDTqnYSQqvoI0SrwGgv2KoP0EJqGxPPzJnp0YGZ35zzn/N/zjnMdnmv7AXw0a+lEQAYxP0DL4yBA/gnEgDeFIsXxGdiwwLu6LsVyp8Rq72p25vH9afOanjy+n/70n/Q1Jb/tJtXD4kSiy++/1poKHg1i7v9WppcnCsDQNZdQ9pfDrhgODqHNcI4gEilWIqUj47D+WIql81ldzQtNqvGVXVGi2zlC1nVejLJnpqG4AQAsZlvku6Wjv8+1Krd+gm3KNd5ACRJD40M1omzDMMwIPHL897x8FJOrGATY/ABONSZlA2abhzmWAkwuCiI8qEeFfhMYTq9W8jUwcDssha44xHtwu0EmhzE/Kj21pI6lkI/4f2N0zna3Lxut14nBokJYovYJdo/2AY5cNPhnKKQDnhQTVUq+1GxROvNyWlOTgvo8kJHxUnK4NAdij8DAAD//3cScbo=") 0s ago: executing program 0 (id=1973): pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): (device loop2): force clearing of disk cache [ 379.919873][ T9024] BTRFS info (device loop2): metadata ratio 5 [ 379.933787][ T9024] BTRFS info (device loop2): turning on sync discard [ 379.940710][ T5786] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 379.959650][ T9024] BTRFS info (device loop2): enabling disk space caching [ 379.960887][ T9022] XFS (loop3): Ending clean mount [ 379.978615][ T9024] BTRFS info (device loop2): turning off discard [ 380.005178][ T9024] BTRFS info (device loop2): disk space caching is enabled [ 380.106514][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 380.271842][ T9024] BTRFS info (device loop2): enabling ssd optimizations [ 380.313710][ T9024] BTRFS info (device loop2): rebuilding free space tree [ 380.396988][ T9024] BTRFS info (device loop2): disabling free space tree [ 380.436871][ T9024] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 380.473089][ T9024] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 381.189726][ T9058] loop0: detected capacity change from 0 to 32768 [ 382.619450][ T9058] OCFS2: ERROR (device loop0): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 21 has invalid tree depth 65535 in extent list [ 382.638580][ T9058] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 382.648455][ T9058] OCFS2: File system is now read-only. [ 382.654032][ T9058] (syz.0.721,9058,1):ocfs2_find_leaf:1941 ERROR: status = -30 [ 382.661510][ T9058] (syz.0.721,9058,1):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 382.669935][ T9058] (syz.0.721,9058,1):ocfs2_get_clusters:624 ERROR: status = -30 [ 382.677642][ T9058] (syz.0.721,9058,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -30 [ 382.686118][ T9058] (syz.0.721,9058,1):ocfs2_map_slot_buffers:378 ERROR: status = -30 [ 382.694158][ T9058] (syz.0.721,9058,1):ocfs2_init_slot_info:426 ERROR: status = -30 [ 382.702017][ T9058] (syz.0.721,9058,1):ocfs2_initialize_super:2280 ERROR: status = -30 [ 382.711883][ T9058] (syz.0.721,9058,1):ocfs2_fill_super:1178 ERROR: status = -30 [ 382.942793][ T5788] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 384.322163][ T9075] loop3: detected capacity change from 0 to 2048 [ 384.526991][ T9075] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 385.182701][ T9079] loop0: detected capacity change from 0 to 65536 [ 385.704671][ T9079] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 385.828608][ T9079] XFS (loop0): Ending clean mount [ 387.209836][ T5786] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 387.402009][ T9094] loop1: detected capacity change from 0 to 32768 [ 388.625176][ T12] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 389.189995][ T9117] loop0: detected capacity change from 0 to 1024 [ 390.130518][ T9121] loop3: detected capacity change from 0 to 2048 [ 390.257800][ T9121] EXT4-fs: Ignoring removed bh option [ 390.311523][ T9121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 390.562891][ T9121] EXT4-fs (loop3): shut down requested (2) [ 391.077117][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 392.224463][ T48] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 392.729450][ T9140] loop3: detected capacity change from 0 to 32768 [ 393.986710][ T9157] loop1: detected capacity change from 0 to 4096 [ 394.427399][ T9162] loop3: detected capacity change from 0 to 128 [ 394.470345][ T9162] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 394.513242][ T9162] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 395.422895][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 395.480009][ T9169] loop1: detected capacity change from 0 to 2048 [ 395.523729][ T9169] EXT4-fs: Ignoring removed bh option [ 395.573188][ T9169] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 395.658013][ T9169] EXT4-fs (loop1): shut down requested (2) [ 395.794856][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.609753][ T9183] loop2: detected capacity change from 0 to 32768 [ 396.672811][ T9183] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 396.802968][ T5803] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 396.999969][ T9170] loop0: detected capacity change from 0 to 40427 [ 397.031578][ T9170] F2FS-fs (loop0): build fault injection attr: rate: 87, type: 0x7ffff [ 397.113146][ T9170] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x286ce [ 397.133158][ T9189] loop3: detected capacity change from 0 to 1024 [ 397.170645][ T9170] F2FS-fs (loop0): invalid crc value [ 397.211420][ T9170] F2FS-fs (loop0): Found nat_bits in checkpoint [ 397.257423][ T9170] F2FS-fs (loop0): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x458d/0x6c20 [ 397.305160][ T9170] F2FS-fs (loop0): Failed to initialize F2FS node manager (-12) [ 397.627453][ T9203] loop0: detected capacity change from 0 to 128 [ 397.658220][ T9203] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 397.696762][ T9203] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 397.827178][ T9197] loop2: detected capacity change from 0 to 32768 [ 397.845662][ T9197] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.763 (9197) [ 397.950392][ T9197] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 397.961819][ T9197] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 398.599537][ T9197] BTRFS info (device loop2): using free space tree [ 398.685461][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 398.878869][ T9197] BTRFS info (device loop2): enabling ssd optimizations [ 398.913596][ T9197] BTRFS info (device loop2): auto enabling async discard [ 398.950064][ T9228] loop0: detected capacity change from 0 to 1024 [ 399.052870][ T9228] hfsplus: xattr searching failed [ 400.736098][ T5788] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 401.041157][ T9246] loop1: detected capacity change from 0 to 1024 [ 401.804506][ T9255] loop2: detected capacity change from 0 to 65536 [ 401.844191][ T9255] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 401.988769][ T9255] XFS (loop2): Ending clean mount [ 403.591750][ T28] audit: type=1800 audit(1753852219.287:20): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.777" name="file1" dev="loop2" ino=38 res=0 errno=0 [ 403.890931][ T5788] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 403.967135][ T9267] loop3: detected capacity change from 0 to 32768 [ 404.024049][ T9280] netlink: 16 bytes leftover after parsing attributes in process `syz.1.781'. [ 409.077019][ T9319] loop3: detected capacity change from 0 to 128 [ 409.182399][ T9319] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 409.218341][ T9319] ext4 filesystem being mounted at /220/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 409.561129][ T9325] loop0: detected capacity change from 0 to 32768 [ 409.594002][ T9325] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 409.606887][ T9325] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 409.616418][ T9325] BTRFS info (device loop0): using free space tree [ 409.874012][ T9325] BTRFS info (device loop0): enabling ssd optimizations [ 409.881061][ T9325] BTRFS info (device loop0): auto enabling async discard [ 410.129615][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 410.144102][ T5786] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 413.869188][ T9378] loop2: detected capacity change from 0 to 128 [ 413.977789][ T9378] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 414.347851][ T9378] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 416.980364][ T9403] loop3: detected capacity change from 0 to 1024 [ 417.128930][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 417.186615][ T9403] hfsplus: xattr searching failed [ 418.261932][ T9417] loop0: detected capacity change from 0 to 128 [ 418.306706][ T9417] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 418.336729][ T9417] ext4 filesystem being mounted at /177/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 419.370058][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 420.703721][ T9436] loop2: detected capacity change from 0 to 32768 [ 420.995210][ T9436] OCFS2: ERROR (device loop2): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 21 has invalid tree depth 65535 in extent list [ 421.014392][ T9436] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 421.025613][ T9436] OCFS2: File system is now read-only. [ 421.031125][ T9436] (syz.2.817,9436,1):ocfs2_find_leaf:1941 ERROR: status = -30 [ 421.038907][ T9436] (syz.2.817,9436,1):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 421.047333][ T9436] (syz.2.817,9436,1):ocfs2_get_clusters:624 ERROR: status = -30 [ 421.055100][ T9436] (syz.2.817,9436,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -30 [ 421.063783][ T9436] (syz.2.817,9436,1):ocfs2_map_slot_buffers:378 ERROR: status = -30 [ 421.071812][ T9436] (syz.2.817,9436,1):ocfs2_init_slot_info:426 ERROR: status = -30 [ 421.079917][ T9436] (syz.2.817,9436,1):ocfs2_initialize_super:2280 ERROR: status = -30 [ 421.091569][ T9436] (syz.2.817,9436,1):ocfs2_fill_super:1178 ERROR: status = -30 [ 422.640066][ T9447] loop0: detected capacity change from 0 to 128 [ 422.723084][ T9447] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 422.827168][ T9447] ext4 filesystem being mounted at /181/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 422.850478][ T9451] loop3: detected capacity change from 0 to 1024 [ 423.051658][ T9451] hfsplus: xattr searching failed [ 423.118776][ T48] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 423.853098][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 426.535538][ T9483] loop2: detected capacity change from 0 to 1024 [ 427.330093][ T9487] loop1: detected capacity change from 0 to 2048 [ 427.553697][ T9487] EXT4-fs: Ignoring removed bh option [ 428.027474][ T9487] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 428.116717][ T9487] EXT4-fs (loop1): shut down requested (2) [ 428.246242][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.301275][ T9502] loop3: detected capacity change from 0 to 1024 [ 428.403452][ T9502] hfsplus: xattr searching failed [ 431.619667][ T9532] loop2: detected capacity change from 0 to 128 [ 431.725277][ T9532] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 431.840122][ T9532] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 433.376447][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 433.446074][ T9548] loop0: detected capacity change from 0 to 1024 [ 433.591964][ T9548] hfsplus: xattr searching failed [ 436.067406][ T9550] loop1: detected capacity change from 0 to 32768 [ 436.641388][ T9570] loop2: detected capacity change from 0 to 1024 [ 438.260284][ T9577] loop2: detected capacity change from 0 to 128 [ 438.438540][ T9577] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 438.518314][ T9577] ext4 filesystem being mounted at /222/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 438.543897][ T9586] loop1: detected capacity change from 0 to 1024 [ 439.337060][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 439.361079][ T9586] hfsplus: xattr searching failed [ 440.274477][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.289741][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.113072][ T9607] loop3: detected capacity change from 0 to 128 [ 441.157158][ T9607] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 441.239288][ T9607] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 441.263657][ T9612] loop0: detected capacity change from 0 to 128 [ 441.415538][ T9613] loop1: detected capacity change from 0 to 1024 [ 441.618852][ T9612] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 441.964188][ T9612] ext4 filesystem being mounted at /190/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 442.291406][ T9619] loop3: detected capacity change from 0 to 128 [ 442.540726][ T9619] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 442.638973][ T9619] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 442.884466][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 443.249270][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 444.277335][ T9633] loop0: detected capacity change from 0 to 2048 [ 444.384386][ T9633] EXT4-fs: Ignoring removed bh option [ 444.496247][ T9633] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 444.586884][ T9639] netlink: 16 bytes leftover after parsing attributes in process `syz.1.872'. [ 445.255815][ T9643] loop2: detected capacity change from 0 to 1024 [ 445.334617][ T9643] hfsplus: xattr searching failed [ 445.354926][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 446.484512][ T9653] loop0: detected capacity change from 0 to 1024 [ 447.001983][ T9656] loop1: detected capacity change from 0 to 128 [ 447.112364][ T9656] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 447.252012][ T9656] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 447.752033][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 448.180634][ T9673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.882'. [ 448.862696][ T9661] loop0: detected capacity change from 0 to 32768 [ 449.422310][ T9680] loop0: detected capacity change from 0 to 1024 [ 449.533519][ T9680] hfsplus: xattr searching failed [ 450.864350][ T9692] loop0: detected capacity change from 0 to 1024 [ 451.063073][ T9699] loop3: detected capacity change from 0 to 128 [ 451.139773][ T9699] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 451.210799][ T9699] ext4 filesystem being mounted at /245/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 451.936068][ T9713] netlink: 16 bytes leftover after parsing attributes in process `syz.1.891'. [ 452.531205][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 454.174241][ T9710] loop0: detected capacity change from 0 to 32768 [ 455.858466][ T9736] loop2: detected capacity change from 0 to 128 [ 456.020792][ T9736] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 456.179627][ T9736] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 456.688447][ T9742] loop0: detected capacity change from 0 to 128 [ 456.717515][ T9742] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 456.741875][ T9740] loop3: detected capacity change from 0 to 1024 [ 456.776632][ T9742] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 457.025278][ T9749] loop1: detected capacity change from 0 to 256 [ 457.045488][ T9749] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 457.322908][ T9751] loop1: detected capacity change from 0 to 128 [ 457.346331][ T9751] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 457.366603][ T9751] ext4 filesystem being mounted at /223/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 458.630145][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 458.655276][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 458.711266][ T9763] netlink: 16 bytes leftover after parsing attributes in process `syz.2.903'. [ 461.342208][ T9765] loop3: detected capacity change from 0 to 65536 [ 461.417644][ T9765] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 461.509420][ T9765] XFS (loop3): Ending clean mount [ 461.697502][ T9801] loop2: detected capacity change from 0 to 128 [ 461.841167][ T9801] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 462.091687][ T9801] ext4 filesystem being mounted at /234/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 462.741210][ T9809] loop0: detected capacity change from 0 to 128 [ 462.748773][ T5787] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 462.772814][ T9809] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 462.787343][ T9809] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 462.967687][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 463.768217][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 464.875419][ T9821] loop2: detected capacity change from 0 to 4096 [ 465.023622][ T9821] NILFS (loop2): invalid segment: Checksum error in segment payload [ 465.073305][ T9821] NILFS (loop2): trying rollback from an earlier position [ 465.148701][ T9821] NILFS (loop2): recovery complete [ 465.180699][ T9829] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 465.280848][ T9831] netlink: 16 bytes leftover after parsing attributes in process `syz.0.921'. [ 466.196078][ T9838] loop2: detected capacity change from 0 to 65536 [ 466.217793][ T9838] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 466.407400][ T9838] XFS (loop2): Ending clean mount [ 466.464016][ T9851] loop3: detected capacity change from 0 to 128 [ 466.613948][ T9851] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 466.657243][ T9851] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 467.352308][ T9859] loop1: detected capacity change from 0 to 128 [ 467.361519][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 467.419648][ T9859] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 467.438764][ T9859] ext4 filesystem being mounted at /228/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 468.263321][ T9868] input: syz0 as /devices/virtual/input/input5 [ 468.356334][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 469.123651][ T5788] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 469.498378][ T9870] loop3: detected capacity change from 0 to 32768 [ 470.843130][ T9878] loop1: detected capacity change from 0 to 32768 [ 470.904906][ T9878] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 471.043609][ T9878] XFS (loop1): Ending clean mount [ 471.647832][ T9906] netlink: 16 bytes leftover after parsing attributes in process `syz.0.939'. [ 471.752436][ T9908] loop2: detected capacity change from 0 to 128 [ 471.820429][ T9908] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 472.176238][ T9913] loop3: detected capacity change from 0 to 65536 [ 472.199325][ T9908] ext4 filesystem being mounted at /241/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 472.237468][ T9913] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 472.398710][ T9913] XFS (loop3): Ending clean mount [ 472.945716][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 473.439674][ T9929] loop2: detected capacity change from 0 to 512 [ 473.565605][ T9929] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 473.623744][ T9929] ext4 filesystem being mounted at /243/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 473.870937][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 473.892028][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.485842][ T5787] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 475.457860][ T9944] loop2: detected capacity change from 0 to 1024 [ 475.541181][ T9946] loop1: detected capacity change from 0 to 4096 [ 475.648484][ T9946] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 477.711840][ T9956] loop2: detected capacity change from 0 to 32768 [ 477.787485][ T9956] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 477.832220][ T9964] loop1: detected capacity change from 0 to 65536 [ 477.911669][ T9964] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 477.964744][ T9964] XFS (loop1): Ending clean mount [ 478.170590][ T9956] XFS (loop2): Ending clean mount [ 480.810611][T10000] loop0: detected capacity change from 0 to 1024 [ 480.820012][ T5789] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 482.339269][T10010] loop3: detected capacity change from 0 to 2048 [ 482.386992][T10010] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 482.428234][T10013] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 482.586758][ T5788] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 482.952333][T10013] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 483.019125][T10013] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 483.078134][T10013] Remounting filesystem read-only [ 483.106982][ T48] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 483.121124][ T48] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 483.141299][ T48] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.150251][ T48] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.166591][ T48] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.203646][ T48] NILFS (loop3): discard dirty page: offset=0, ino=2 [ 483.220185][ T48] NILFS (loop3): discard dirty block: blocknr=18, size=1024 [ 483.244027][ T48] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.252921][ T48] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.274441][ T48] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.294734][ T5787] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 483.313816][ T5787] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 483.332079][ T5787] NILFS (loop3): discard dirty block: blocknr=35, size=1024 [ 483.350519][ T5787] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 483.365978][ T5787] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 483.383522][ T5787] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 483.401858][ T5787] NILFS (loop3): discard dirty page: offset=0, ino=5 [ 483.409274][ T5787] NILFS (loop3): discard dirty block: blocknr=41, size=1024 [ 483.416649][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.425681][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.434862][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.444111][ T5787] NILFS (loop3): discard dirty page: offset=0, ino=4 [ 483.450910][ T5787] NILFS (loop3): discard dirty block: blocknr=40, size=1024 [ 483.458331][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.467285][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.476275][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.485863][ T5787] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 483.513578][ T5787] NILFS (loop3): discard dirty block: blocknr=42, size=1024 [ 483.532808][ T5787] NILFS (loop3): discard dirty block: blocknr=43, size=1024 [ 483.550485][ T5787] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 483.568078][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.593672][ T5787] NILFS (loop3): discard dirty page: offset=196608, ino=3 [ 483.600825][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.785775][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 483.939707][ T5787] NILFS (loop3): discard dirty block: blocknr=49, size=1024 [ 484.049875][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 484.870128][T10035] loop1: detected capacity change from 0 to 2048 [ 485.032174][T10035] EXT4-fs: Ignoring removed bh option [ 485.380661][T10035] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 485.486794][T10035] EXT4-fs (loop1): shut down requested (2) [ 485.580071][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.821740][T10048] loop3: detected capacity change from 0 to 256 [ 485.878361][T10048] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 486.205773][T10055] vxcan1: entered allmulticast mode [ 487.470094][T10062] loop1: detected capacity change from 0 to 32768 [ 487.544351][T10062] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 487.695170][T10062] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 489.243056][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 489.625038][T10079] loop1: detected capacity change from 0 to 2048 [ 489.680868][T10079] EXT4-fs: Ignoring removed bh option [ 489.705672][T10081] loop0: detected capacity change from 0 to 32768 [ 489.719720][T10081] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.982 (10081) [ 489.739877][T10081] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 489.750241][T10081] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 489.759053][T10081] BTRFS info (device loop0): setting nodatacow, compression disabled [ 489.767231][T10081] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 489.777879][T10081] BTRFS info (device loop0): trying to use backup root at mount time [ 489.786029][T10081] BTRFS info (device loop0): metadata ratio 3 [ 489.792114][T10081] BTRFS info (device loop0): enabling auto defrag [ 489.798627][T10081] BTRFS info (device loop0): doing ref verification [ 489.805307][T10081] BTRFS info (device loop0): max_inline at 0 [ 489.811308][T10081] BTRFS info (device loop0): using free space tree [ 489.827854][T10079] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 489.939978][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 489.954473][T10079] EXT4-fs (loop1): shut down requested (2) [ 490.025251][T10081] BTRFS error (device loop0): failed to load root extent [ 490.032355][T10081] BTRFS warning (device loop0): try to load backup roots slot 1 [ 490.043004][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 490.078441][T10081] BTRFS warning (device loop0): couldn't read tree root [ 490.085503][T10081] BTRFS warning (device loop0): try to load backup roots slot 2 [ 490.114545][ T11] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 490.139906][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.165670][T10081] BTRFS warning (device loop0): couldn't read tree root [ 490.172663][T10081] BTRFS warning (device loop0): try to load backup roots slot 3 [ 490.199178][T10081] BTRFS info (device loop0): enabling ssd optimizations [ 490.206243][T10081] BTRFS info (device loop0): auto enabling async discard [ 490.215604][T10081] BTRFS info (device loop0): rebuilding free space tree [ 490.234497][T10081] BTRFS info (device loop0): checking UUID tree [ 491.120588][T10117] loop1: detected capacity change from 0 to 128 [ 491.234593][T10117] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 491.312508][T10117] ext4 filesystem being mounted at /244/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 491.553875][T10115] loop3: detected capacity change from 0 to 65536 [ 491.645533][T10115] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 491.971371][T10115] XFS (loop3): Ending clean mount [ 492.268031][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 492.317439][ T5787] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 492.775916][ T5786] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 495.837165][T10157] loop3: detected capacity change from 0 to 128 [ 495.945115][T10157] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 496.023797][T10157] ext4 filesystem being mounted at /273/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 496.120330][T10143] loop2: detected capacity change from 0 to 32768 [ 496.980272][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 498.002036][T10179] loop3: detected capacity change from 0 to 4096 [ 498.109737][T10179] NILFS (loop3): invalid segment: Checksum error in segment payload [ 498.126205][T10179] NILFS (loop3): trying rollback from an earlier position [ 498.737914][T10179] NILFS (loop3): recovery complete [ 498.876959][T10186] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 501.253190][T10205] netlink: 'syz.1.1009': attribute type 39 has an invalid length. [ 501.712271][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.720749][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.760079][T10199] loop2: detected capacity change from 0 to 32768 [ 502.949702][T10215] loop0: detected capacity change from 0 to 4096 [ 503.280981][T10215] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 505.124970][T10241] loop2: detected capacity change from 0 to 8 [ 505.737265][T10227] loop3: detected capacity change from 0 to 32768 [ 506.099688][T10227] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 506.398473][T10253] loop2: detected capacity change from 0 to 1024 [ 506.606630][T10227] XFS (loop3): Ending clean mount [ 506.741553][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 506.950119][T10258] loop0: detected capacity change from 0 to 65536 [ 507.032567][T10258] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 507.329473][T10258] XFS (loop0): Ending clean mount [ 508.209188][ T5786] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 510.783976][T10285] loop2: detected capacity change from 0 to 32768 [ 510.882798][T10285] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 510.933587][T10283] loop0: detected capacity change from 0 to 4096 [ 510.992781][T10283] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 511.001857][T10285] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 511.335346][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 511.841954][T10297] loop1: detected capacity change from 0 to 4096 [ 512.266137][T10297] NILFS (loop1): invalid segment: Checksum error in segment payload [ 512.359519][T10297] NILFS (loop1): trying rollback from an earlier position [ 512.425398][T10297] NILFS (loop1): recovery complete [ 512.562119][T10311] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 513.168035][T10315] loop0: detected capacity change from 0 to 65536 [ 513.639583][T10315] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 513.923306][T10315] XFS (loop0): Ending clean mount [ 514.710191][ T5786] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 516.751465][T10340] loop1: detected capacity change from 0 to 32768 [ 516.824302][T10343] loop3: detected capacity change from 0 to 1024 [ 516.882452][T10340] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 516.923032][T10340] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 517.218806][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 517.359773][T10347] loop3: detected capacity change from 0 to 1024 [ 517.477997][T10347] hfsplus: xattr searching failed [ 517.664372][T10353] loop1: detected capacity change from 0 to 512 [ 517.676619][T10351] vxcan1: entered allmulticast mode [ 517.822698][T10358] loop2: detected capacity change from 0 to 16 [ 517.988039][T10353] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.050958][T10358] erofs: DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 518.161468][T10358] erofs: DAX unsupported by block device. Turning off DAX. [ 518.186990][T10353] ext4 filesystem being mounted at /265/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 518.883118][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 519.233228][T10370] loop3: detected capacity change from 0 to 1024 [ 520.892990][T10384] loop3: detected capacity change from 0 to 1024 [ 520.901106][T10382] loop0: detected capacity change from 0 to 32768 [ 520.933914][T10382] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 520.959312][T10382] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 521.282346][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 522.600619][T10400] loop2: detected capacity change from 0 to 512 [ 522.660532][T10400] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 522.680373][T10400] ext4 filesystem being mounted at /269/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 522.901374][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.701525][T10412] loop2: detected capacity change from 0 to 65536 [ 523.749129][T10412] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 523.819340][T10412] XFS (loop2): Ending clean mount [ 524.323731][ T5788] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 530.883022][T10480] loop3: detected capacity change from 0 to 1024 [ 530.961375][T10480] hfsplus: xattr searching failed [ 533.842754][T10505] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1084'. [ 534.536559][T10511] loop1: detected capacity change from 0 to 128 [ 534.582340][T10511] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 534.605065][T10511] ext4 filesystem being mounted at /273/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 537.250248][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 540.016898][T10548] loop1: detected capacity change from 0 to 1024 [ 540.179536][T10554] loop3: detected capacity change from 0 to 1024 [ 540.542755][T10548] hfsplus: xattr searching failed [ 540.738138][T10553] loop2: detected capacity change from 0 to 4096 [ 540.822299][T10553] NILFS (loop2): invalid segment: Checksum error in segment payload [ 540.902201][T10553] NILFS (loop2): trying rollback from an earlier position [ 541.073527][T10553] NILFS (loop2): recovery complete [ 541.325026][T10561] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 541.418505][T10564] loop1: detected capacity change from 0 to 128 [ 541.486873][T10564] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 541.577977][T10564] ext4 filesystem being mounted at /276/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 541.837421][T10556] loop0: detected capacity change from 0 to 32768 [ 541.865429][T10556] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 542.499636][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 542.596588][T10556] XFS (loop0): Ending clean mount [ 543.622285][ T5786] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 543.793500][T10595] loop3: detected capacity change from 0 to 4096 [ 543.983533][T10595] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 544.364551][T10604] loop3: detected capacity change from 0 to 1024 [ 545.043680][T10604] hfsplus: xattr searching failed [ 546.220921][T10607] loop2: detected capacity change from 0 to 4096 [ 546.316043][T10607] NILFS (loop2): invalid segment: Checksum error in segment payload [ 546.359578][T10607] NILFS (loop2): trying rollback from an earlier position [ 546.436672][T10607] NILFS (loop2): recovery complete [ 546.514963][T10619] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 547.021969][T10628] loop0: detected capacity change from 0 to 512 [ 547.057533][T10628] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 547.071409][T10628] ext4 filesystem being mounted at /250/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 547.190731][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.729646][T10649] loop3: detected capacity change from 0 to 1024 [ 547.824124][T10649] hfsplus: xattr searching failed [ 548.859771][T10663] loop3: detected capacity change from 0 to 512 [ 549.205529][T10663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 549.273000][T10663] ext4 filesystem being mounted at /306/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 549.585699][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 550.647704][T10683] loop2: detected capacity change from 0 to 1024 [ 550.724107][T10679] loop0: detected capacity change from 0 to 65536 [ 550.728739][T10683] hfsplus: xattr searching failed [ 550.976936][T10679] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 551.461252][T10679] XFS (loop0): Ending clean mount [ 552.335190][T10704] loop1: detected capacity change from 0 to 4096 [ 552.478892][ T5786] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 552.623687][T10704] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 553.575921][T10721] loop0: detected capacity change from 0 to 512 [ 553.625013][T10724] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1147'. [ 553.738847][T10721] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 553.836137][T10721] ext4 filesystem being mounted at /257/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 554.026294][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.112324][T10736] loop0: detected capacity change from 0 to 1024 [ 554.156480][T10738] vxcan1: entered allmulticast mode [ 554.295201][T10736] hfsplus: xattr searching failed [ 555.936232][T10746] loop2: detected capacity change from 0 to 65536 [ 556.050809][T10746] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 556.230409][T10746] XFS (loop2): Ending clean mount [ 557.391577][T10771] loop0: detected capacity change from 0 to 512 [ 557.407808][ T5788] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 557.553755][T10771] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 557.606737][T10771] ext4 filesystem being mounted at /261/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 557.790096][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.839761][T10780] loop3: detected capacity change from 0 to 128 [ 557.851334][T10780] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 557.878234][T10780] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 558.880483][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 559.161641][T10790] vxcan1: entered allmulticast mode [ 559.395493][T10793] loop0: detected capacity change from 0 to 1024 [ 561.502211][T10807] loop2: detected capacity change from 0 to 32768 [ 561.569435][T10807] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 561.598717][T10807] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 561.843236][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 561.941148][T10813] loop3: detected capacity change from 0 to 512 [ 562.041490][T10813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 562.093729][T10813] ext4 filesystem being mounted at /315/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 562.374568][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 562.399696][T10823] loop1: detected capacity change from 0 to 128 [ 562.661786][T10823] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 562.736546][T10823] ext4 filesystem being mounted at /292/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 562.978854][T10802] loop0: detected capacity change from 0 to 65536 [ 563.180149][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.200693][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.303795][T10802] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 563.357849][T10802] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop0": -EINTR [ 563.358594][T10802] XFS (loop0): log mount failed [ 564.626859][T10851] loop2: detected capacity change from 0 to 32768 [ 565.140844][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 565.191957][T10851] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 565.292329][T10851] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 565.716891][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 566.655053][T10863] loop2: detected capacity change from 0 to 1024 [ 566.872229][T10863] hfsplus: xattr searching failed [ 566.909390][T10866] bridge0: entered allmulticast mode [ 566.936450][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1183'. [ 566.949362][T10866] bridge_slave_1: left allmulticast mode [ 566.955606][T10866] bridge_slave_1: left promiscuous mode [ 566.963549][T10866] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.992857][T10866] bridge_slave_0: left allmulticast mode [ 567.015579][T10866] bridge_slave_0: left promiscuous mode [ 567.038729][T10866] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.272106][T10866] bridge0 (unregistering): left allmulticast mode [ 567.736408][T10879] loop0: detected capacity change from 0 to 128 [ 567.811905][T10879] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 567.958431][T10879] ext4 filesystem being mounted at /268/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 568.390040][T10883] loop2: detected capacity change from 0 to 65536 [ 568.685662][T10888] loop3: detected capacity change from 0 to 32768 [ 568.899244][T10883] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 568.967207][T10888] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 569.010737][T10888] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 569.330405][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 569.365485][T10883] XFS (loop2): Ending clean mount [ 570.444519][ T5788] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 570.559860][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 571.809305][T10922] loop3: detected capacity change from 0 to 1024 [ 571.882608][T10922] hfsplus: xattr searching failed [ 572.886292][T10931] loop3: detected capacity change from 0 to 512 [ 572.983887][T10931] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 573.056571][T10931] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.1196: casefold flag without casefold feature [ 573.099423][T10931] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1196: couldn't read orphan inode 15 (err -117) [ 573.131109][T10931] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 573.251532][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 573.662492][T10941] loop1: detected capacity change from 0 to 128 [ 573.792322][T10941] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 573.850700][T10941] ext4 filesystem being mounted at /296/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 575.381056][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 576.082124][T10968] loop0: detected capacity change from 0 to 512 [ 576.490772][T10968] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.1206: casefold flag without casefold feature [ 576.523497][T10968] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.1206: couldn't read orphan inode 15 (err -117) [ 577.017328][T10968] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 578.080370][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.180727][T11005] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1214'. [ 582.825074][T11033] loop1: detected capacity change from 0 to 128 [ 583.012660][T11033] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 583.051859][T11033] ext4 filesystem being mounted at /302/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 584.442337][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 586.662289][T11070] loop3: detected capacity change from 0 to 1024 [ 594.003728][T11129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1247'. [ 594.012807][T11129] bridge_slave_1: left allmulticast mode [ 594.028967][T11129] bridge_slave_1: left promiscuous mode [ 594.039279][T11129] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.072101][T11129] bridge_slave_0: left allmulticast mode [ 594.083264][T11129] bridge_slave_0: left promiscuous mode [ 594.091426][T11129] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.229360][T11134] loop3: detected capacity change from 0 to 1024 [ 595.492136][T11138] loop2: detected capacity change from 0 to 32768 [ 595.523714][T11138] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 595.577470][T11138] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 595.861465][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 598.090578][T11161] loop2: detected capacity change from 0 to 1024 [ 598.158179][T11161] hfsplus: xattr searching failed [ 600.571562][T11193] loop1: detected capacity change from 0 to 128 [ 600.655337][T11193] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 600.883696][T11193] ext4 filesystem being mounted at /313/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 601.542558][T11200] loop3: detected capacity change from 0 to 8 [ 601.564371][T11200] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 601.598103][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 601.631841][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 601.764827][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 601.937344][T11191] loop2: detected capacity change from 0 to 40427 [ 601.967599][T11191] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 601.997907][T11191] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 602.056867][T11191] F2FS-fs (loop2): Found nat_bits in checkpoint [ 602.347063][T11191] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 602.363742][T11191] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 602.377021][T11215] loop3: detected capacity change from 0 to 1024 [ 602.467375][T11215] hfsplus: xattr searching failed [ 602.472414][T11191] syz.2.1264: attempt to access beyond end of device [ 602.472414][T11191] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 602.485240][T11191] syz.2.1264: attempt to access beyond end of device [ 602.485240][T11191] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 602.722492][ T5788] syz-executor: attempt to access beyond end of device [ 602.722492][ T5788] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 602.817446][ T5788] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 603.347239][T11226] loop1: detected capacity change from 0 to 4096 [ 603.447235][T11226] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 604.963730][T11245] loop1: detected capacity change from 0 to 128 [ 605.040690][T11247] loop3: detected capacity change from 0 to 2048 [ 605.251298][T11247] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 605.294543][T11245] EXT4-fs (loop1): Test dummy encryption mode enabled [ 605.322804][T11245] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 605.501009][T11245] ext4 filesystem being mounted at /319/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 606.183183][T11245] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 606.206277][T11265] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1285'. [ 606.211805][T11260] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 606.455367][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 607.334254][T11274] loop3: detected capacity change from 0 to 32768 [ 607.373127][T11274] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 607.425706][T11274] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 607.508968][T11276] loop2: detected capacity change from 0 to 4096 [ 607.679825][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 607.718839][T11276] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 608.117170][T11288] bridge0: entered allmulticast mode [ 608.389471][T11280] loop1: detected capacity change from 0 to 32768 [ 608.460202][T11280] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 608.652452][T11280] XFS (loop1): Ending clean mount [ 609.197069][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 609.405224][T11305] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1295'. [ 612.601622][T11332] loop1: detected capacity change from 0 to 32768 [ 612.764475][T11332] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 612.996786][T11332] XFS (loop1): Ending clean mount [ 613.064988][T11350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1306'. [ 613.586477][T11354] loop0: detected capacity change from 0 to 1024 [ 613.719036][T11358] hfsplus: xattr searching failed [ 614.027287][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 615.519447][T11377] loop2: detected capacity change from 0 to 1024 [ 618.885193][T11413] loop1: detected capacity change from 0 to 1024 [ 618.928454][T11413] hfsplus: xattr searching failed [ 620.287638][T11432] loop2: detected capacity change from 0 to 128 [ 620.521878][T11432] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 620.544796][T11432] ext4 filesystem being mounted at /333/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 621.157844][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 622.661427][ T5792] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 622.680058][ T5792] CPU: 0 PID: 5792 Comm: kworker/u5:2 Not tainted 6.6.100-syzkaller #0 [ 622.688348][ T5792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 622.698424][ T5792] Workqueue: hci3 hci_rx_work [ 622.703148][ T5792] Call Trace: [ 622.706443][ T5792] [ 622.709390][ T5792] dump_stack_lvl+0x16c/0x230 [ 622.714092][ T5792] ? show_regs_print_info+0x20/0x20 [ 622.719308][ T5792] ? load_image+0x3b0/0x3b0 [ 622.723845][ T5792] sysfs_create_dir_ns+0x256/0x280 [ 622.728985][ T5792] ? hci_rx_work+0x43a/0xd80 [ 622.733594][ T5792] ? sysfs_warn_dup+0xa0/0xa0 [ 622.738307][ T5792] ? do_raw_spin_unlock+0x121/0x230 [ 622.743535][ T5792] kobject_add_internal+0x6b8/0xc70 [ 622.748773][ T5792] kobject_add+0x156/0x220 [ 622.753220][ T5792] ? __rwlock_init+0x150/0x150 [ 622.758011][ T5792] ? kobject_init+0x1e0/0x1e0 [ 622.762796][ T5792] ? _raw_spin_unlock+0x28/0x40 [ 622.767680][ T5792] ? get_device_parent+0x366/0x390 [ 622.772825][ T5792] device_add+0x408/0xc20 [ 622.777187][ T5792] hci_conn_add_sysfs+0xd5/0x1e0 [ 622.782157][ T5792] le_conn_complete_evt+0xc37/0x1220 [ 622.787468][ T5792] ? hci_event_packet+0x4a7/0x1210 [ 622.792601][ T5792] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 622.798839][ T5792] ? __copy_skb_header+0xa7/0x550 [ 622.803868][ T5792] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 622.809495][ T5792] ? skb_pull_data+0xfb/0x200 [ 622.814170][ T5792] hci_le_conn_complete_evt+0x187/0x440 [ 622.819713][ T5792] ? hci_remote_host_features_evt+0x160/0x160 [ 622.825777][ T5792] hci_event_packet+0x795/0x1210 [ 622.830723][ T5792] ? bis_list+0x290/0x290 [ 622.835052][ T5792] ? lockdep_hardirqs_on+0x98/0x150 [ 622.840248][ T5792] ? hci_send_to_monitor+0xd7/0x4f0 [ 622.845441][ T5792] hci_rx_work+0x43a/0xd80 [ 622.849861][ T5792] ? process_scheduled_works+0x957/0x15b0 [ 622.855583][ T5792] process_scheduled_works+0xa45/0x15b0 [ 622.861144][ T5792] ? assign_work+0x400/0x400 [ 622.865733][ T5792] ? assign_work+0x39e/0x400 [ 622.870319][ T5792] worker_thread+0xa55/0xfc0 [ 622.874917][ T5792] kthread+0x2fa/0x390 [ 622.878971][ T5792] ? pr_cont_work+0x560/0x560 [ 622.883637][ T5792] ? kthread_blkcg+0xd0/0xd0 [ 622.888214][ T5792] ret_from_fork+0x48/0x80 [ 622.892619][ T5792] ? kthread_blkcg+0xd0/0xd0 [ 622.897195][ T5792] ret_from_fork_asm+0x11/0x20 [ 622.901959][ T5792] [ 622.905076][ C0] vkms_vblank_simulate: vblank timer overrun [ 622.928404][ T5792] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 622.944058][ T5792] Bluetooth: hci3: failed to register connection device [ 624.114085][T11470] loop3: detected capacity change from 0 to 128 [ 624.344613][T11470] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 624.361320][T11470] ext4 filesystem being mounted at /362/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 624.707334][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.713877][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.108355][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 625.365108][T11487] loop3: detected capacity change from 0 to 8 [ 625.414367][T11487] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 625.439548][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 625.545366][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 626.859862][T11486] loop1: detected capacity change from 0 to 65536 [ 626.924647][T11486] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 627.086529][T11486] XFS (loop1): Ending clean mount [ 627.158908][T11486] XFS (loop1): Quotacheck needed: Please wait. [ 627.592740][T11486] XFS (loop1): Quotacheck: Done. [ 628.503900][ T5789] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 629.053682][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 629.348626][T11534] loop0: detected capacity change from 0 to 16 [ 629.366881][T11534] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 631.415973][T11559] loop2: detected capacity change from 0 to 128 [ 631.537197][T11559] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 631.588934][T11559] ext4 filesystem being mounted at /343/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 632.593219][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 634.449703][T11586] loop0: detected capacity change from 0 to 256 [ 634.458595][T11586] exfat: Deprecated parameter 'utf8' [ 634.486649][T11586] exfat: Deprecated parameter 'utf8' [ 634.558305][T11586] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 639.487908][T11618] loop0: detected capacity change from 0 to 32768 [ 639.521741][T11618] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 639.552721][T11618] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 639.818767][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 640.005401][T11625] mkiss: ax0: crc mode is auto. [ 640.326692][T11630] loop3: detected capacity change from 0 to 1024 [ 640.885635][T11632] loop2: detected capacity change from 0 to 128 [ 641.032215][T11632] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 641.058060][T11632] ext4 filesystem being mounted at /349/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 642.181076][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 643.054508][T11660] loop0: detected capacity change from 0 to 32768 [ 643.115441][T11660] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 643.262233][T11660] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 643.509517][T11661] mkiss: ax0: crc mode is auto. [ 643.680659][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 643.702896][T11668] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1394'. [ 643.902987][T11674] loop2: detected capacity change from 0 to 128 [ 643.941652][T11676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1396'. [ 643.995198][T11674] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 644.048505][T11674] ext4 filesystem being mounted at /352/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 644.960874][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 645.429680][T11700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1400'. [ 646.001745][T11698] loop1: detected capacity change from 0 to 4096 [ 646.066589][T11698] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 646.091826][T11698] UDF-fs: Scanning with blocksize 512 failed [ 646.162557][T11698] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 647.269941][T11711] loop0: detected capacity change from 0 to 32768 [ 647.364164][T11711] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 647.378246][T11711] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 647.736345][T11714] loop2: detected capacity change from 0 to 32768 [ 647.897220][T11714] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 647.909263][T11714] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 647.947039][T11714] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 647.967734][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 648.377560][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 649.719351][T11732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1409'. [ 649.736570][T11732] bridge_slave_1: left allmulticast mode [ 649.803506][T11732] bridge_slave_1: left promiscuous mode [ 649.810684][T11732] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.845597][T11732] bridge_slave_0: left allmulticast mode [ 649.855834][T11732] bridge_slave_0: left promiscuous mode [ 649.868334][T11732] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.979025][T11732] bridge0 (unregistering): left allmulticast mode [ 649.981867][T11737] loop1: detected capacity change from 0 to 2048 [ 649.997996][T11737] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 650.623308][T11751] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1413'. [ 650.951808][T11747] loop1: detected capacity change from 0 to 4096 [ 650.959242][T11752] loop2: detected capacity change from 0 to 32768 [ 650.992958][T11752] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 651.010501][T11752] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 651.071554][T11747] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 651.119072][T11747] UDF-fs: Scanning with blocksize 512 failed [ 651.166978][T11759] loop0: detected capacity change from 0 to 128 [ 651.195297][T11747] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 651.206196][T11759] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 651.245222][T11759] ext4 filesystem being mounted at /325/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 651.463889][T11765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1419'. [ 651.580035][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 652.062579][T11770] loop1: detected capacity change from 0 to 1024 [ 652.246924][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 652.289370][T11770] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 652.499836][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 654.179208][T11794] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1427'. [ 655.056808][T11780] loop1: detected capacity change from 0 to 32768 [ 655.148648][T11801] loop0: detected capacity change from 0 to 32768 [ 655.195416][T11801] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 655.221363][T11780] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1424 (11780) [ 655.264619][T11801] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 655.518759][T11780] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 655.547037][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 655.549152][T11780] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 655.603410][T11780] BTRFS info (device loop1): turning off barriers [ 655.647077][T11780] BTRFS info (device loop1): setting nodatasum [ 655.677349][T11780] BTRFS info (device loop1): use zlib compression, level 3 [ 655.768189][T11780] BTRFS info (device loop1): using free space tree [ 655.855296][T11810] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1431'. [ 655.939575][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 655.952575][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 656.132325][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 656.161522][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 656.210141][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 656.288414][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 656.349621][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 656.410701][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 656.546782][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 656.612874][T11780] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 657.042929][T11780] BTRFS error (device loop1): open_ctree failed: -12 [ 657.245256][T11840] mkiss: ax0: crc mode is auto. [ 657.346268][ T5803] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (5803) [ 658.673178][T11862] bridge0: entered allmulticast mode [ 658.686653][T11862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1443'. [ 658.700917][T11862] bridge_slave_1: left allmulticast mode [ 658.707280][T11862] bridge_slave_1: left promiscuous mode [ 658.713123][T11862] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.737403][T11862] bridge_slave_0: left allmulticast mode [ 658.743091][T11862] bridge_slave_0: left promiscuous mode [ 658.759300][T11862] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.875577][T11862] bridge0 (unregistering): left allmulticast mode [ 659.402666][T11880] loop2: detected capacity change from 0 to 512 [ 659.428203][T11880] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 659.563792][T11880] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 660.340342][T11895] loop1: detected capacity change from 0 to 32768 [ 660.760675][T11895] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 660.791602][T11895] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 661.042253][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 661.050837][T11911] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1457'. [ 661.140249][T11508] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 661.150482][T11508] CPU: 0 PID: 11508 Comm: kworker/u5:1 Not tainted 6.6.100-syzkaller #0 [ 661.158836][T11508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 661.168906][T11508] Workqueue: hci2 hci_rx_work [ 661.173611][T11508] Call Trace: [ 661.176896][T11508] [ 661.179836][T11508] dump_stack_lvl+0x16c/0x230 [ 661.184537][T11508] ? show_regs_print_info+0x20/0x20 [ 661.189755][T11508] ? load_image+0x3b0/0x3b0 [ 661.194301][T11508] sysfs_create_dir_ns+0x256/0x280 [ 661.199437][T11508] ? hci_rx_work+0x43a/0xd80 [ 661.204045][T11508] ? sysfs_warn_dup+0xa0/0xa0 [ 661.208741][T11508] ? do_raw_spin_unlock+0x121/0x230 [ 661.213960][T11508] kobject_add_internal+0x6b8/0xc70 [ 661.219183][T11508] kobject_add+0x156/0x220 [ 661.223616][T11508] ? __rwlock_init+0x150/0x150 [ 661.228401][T11508] ? kobject_init+0x1e0/0x1e0 [ 661.233092][T11508] ? _raw_spin_unlock+0x28/0x40 [ 661.237965][T11508] ? get_device_parent+0x366/0x390 [ 661.243103][T11508] device_add+0x408/0xc20 [ 661.247457][T11508] hci_conn_add_sysfs+0xd5/0x1e0 [ 661.252423][T11508] le_conn_complete_evt+0xc37/0x1220 [ 661.257730][T11508] ? hci_event_packet+0x4a7/0x1210 [ 661.262877][T11508] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 661.269137][T11508] ? __copy_skb_header+0xa7/0x550 [ 661.274193][T11508] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 661.279853][T11508] ? skb_pull_data+0xfb/0x200 [ 661.284574][T11508] hci_le_conn_complete_evt+0x187/0x440 [ 661.290146][T11508] ? hci_remote_host_features_evt+0x160/0x160 [ 661.296244][T11508] hci_event_packet+0x795/0x1210 [ 661.301221][T11508] ? bis_list+0x290/0x290 [ 661.305580][T11508] ? lockdep_hardirqs_on+0x98/0x150 [ 661.310802][T11508] ? hci_send_to_monitor+0xd7/0x4f0 [ 661.316028][T11508] hci_rx_work+0x43a/0xd80 [ 661.320481][T11508] ? process_scheduled_works+0x957/0x15b0 [ 661.326220][T11508] process_scheduled_works+0xa45/0x15b0 [ 661.331795][T11508] ? assign_work+0x400/0x400 [ 661.336386][T11508] ? assign_work+0x39e/0x400 [ 661.341332][T11508] worker_thread+0xa55/0xfc0 [ 661.345922][T11508] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 661.351821][T11508] ? _raw_spin_unlock+0x40/0x40 [ 661.356677][T11508] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 661.362587][T11508] kthread+0x2fa/0x390 [ 661.366645][T11508] ? pr_cont_work+0x560/0x560 [ 661.371317][T11508] ? kthread_blkcg+0xd0/0xd0 [ 661.375894][T11508] ret_from_fork+0x48/0x80 [ 661.380309][T11508] ? kthread_blkcg+0xd0/0xd0 [ 661.384888][T11508] ret_from_fork_asm+0x11/0x20 [ 661.389654][T11508] [ 661.405743][T11508] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 661.419918][T11508] Bluetooth: hci2: failed to register connection device [ 662.901888][T11914] loop1: detected capacity change from 0 to 32768 [ 663.077971][T11914] JBD2: Ignoring recovery information on journal [ 663.583498][T11937] loop3: detected capacity change from 0 to 32768 [ 663.609978][T11914] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 663.627160][T11937] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 663.637451][T11937] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 663.660801][T11937] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 663.960820][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 663.998372][T11508] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 664.629981][T11955] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1472'. [ 664.680645][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 665.783443][T11973] loop2: detected capacity change from 0 to 32768 [ 665.802107][T11973] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 665.814963][T11973] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 666.319217][T11508] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 666.930114][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 666.956306][T11960] loop0: detected capacity change from 0 to 40427 [ 667.157759][T11960] F2FS-fs (loop0): heap/no_heap options were deprecated [ 667.204538][T11960] F2FS-fs (loop0): build fault injection attr: rate: 19, type: 0x7ffff [ 667.562075][T11996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1483'. [ 669.195668][T12018] loop2: detected capacity change from 0 to 32768 [ 669.403594][T12018] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 670.069190][T12018] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 670.343934][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 671.720361][T12043] loop3: detected capacity change from 0 to 1024 [ 673.766612][T12061] loop3: detected capacity change from 0 to 32768 [ 673.828406][T12061] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 673.869787][T12061] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 674.219273][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 678.715727][T12101] loop1: detected capacity change from 0 to 32768 [ 678.920656][T12101] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 679.024824][T12099] loop2: detected capacity change from 0 to 32768 [ 679.036555][T12101] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 679.047474][T12101] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 679.058332][T12101] BTRFS info (device loop1): force lzo compression, level 0 [ 679.066286][T12101] BTRFS info (device loop1): unrecognized rescue option 'imetacsums' [ 679.076023][T12101] BTRFS error (device loop1): unrecognized rescue value imetacsums [ 679.087516][T12101] BTRFS error (device loop1): open_ctree failed: -22 [ 679.160147][T12099] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 679.185112][ T5803] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (5803) [ 679.588687][T12099] JBD2: journal reset failed [ 679.966006][T12099] (syz.2.1512,12099,0):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 680.084923][T12099] (syz.2.1512,12099,0):ocfs2_check_volume:2434 ERROR: ocfs2 journal load failed! -4 [ 680.431273][T12117] loop3: detected capacity change from 0 to 4096 [ 680.848075][T12117] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 681.047072][T12117] UDF-fs: Scanning with blocksize 512 failed [ 681.196783][T12117] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 682.500669][T12141] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1526'. [ 684.934584][T12160] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 685.350232][T12165] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 686.016882][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.041294][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.545511][T12170] loop2: detected capacity change from 0 to 32768 [ 687.641279][T12170] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 687.683787][T12170] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 687.752619][T12176] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1533'. [ 687.785098][T12180] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1535'. [ 687.848057][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 690.745049][T12198] loop2: detected capacity change from 0 to 32768 [ 690.816003][T12198] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.1541 (12198) [ 690.957651][T12198] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 690.993439][T12198] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 691.005360][T12198] BTRFS info (device loop2): using free space tree [ 691.103452][T12198] BTRFS info (device loop2): enabling ssd optimizations [ 691.130855][T12198] BTRFS info (device loop2): auto enabling async discard [ 691.373061][T12198] BTRFS info (device loop2): balance: start -d -m [ 691.438144][T12198] BTRFS info (device loop2): relocating block group 6881280 flags data|metadata [ 691.703745][ T50] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 691.714912][ T50] CPU: 1 PID: 50 Comm: kworker/u5:0 Not tainted 6.6.100-syzkaller #0 [ 691.723011][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 691.733087][ T50] Workqueue: hci1 hci_rx_work [ 691.737791][ T50] Call Trace: [ 691.741083][ T50] [ 691.744028][ T50] dump_stack_lvl+0x16c/0x230 [ 691.748737][ T50] ? show_regs_print_info+0x20/0x20 [ 691.753959][ T50] ? load_image+0x3b0/0x3b0 [ 691.758498][ T50] sysfs_create_dir_ns+0x256/0x280 [ 691.763645][ T50] ? hci_rx_work+0x43a/0xd80 [ 691.768258][ T50] ? sysfs_warn_dup+0xa0/0xa0 [ 691.772964][ T50] ? do_raw_spin_unlock+0x121/0x230 [ 691.778190][ T50] kobject_add_internal+0x6b8/0xc70 [ 691.783416][ T50] kobject_add+0x156/0x220 [ 691.787848][ T50] ? __rwlock_init+0x150/0x150 [ 691.792627][ T50] ? kobject_init+0x1e0/0x1e0 [ 691.797323][ T50] ? _raw_spin_unlock+0x28/0x40 [ 691.802205][ T50] ? get_device_parent+0x366/0x390 [ 691.807348][ T50] device_add+0x408/0xc20 [ 691.811703][ T50] hci_conn_add_sysfs+0xd5/0x1e0 [ 691.816676][ T50] le_conn_complete_evt+0xc37/0x1220 [ 691.821979][ T50] ? hci_event_packet+0x4a7/0x1210 [ 691.827127][ T50] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 691.833385][ T50] ? __copy_skb_header+0xa7/0x550 [ 691.838436][ T50] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 691.844096][ T50] ? skb_pull_data+0xfb/0x200 [ 691.848798][ T50] hci_le_conn_complete_evt+0x187/0x440 [ 691.854364][ T50] ? hci_remote_host_features_evt+0x160/0x160 [ 691.860453][ T50] hci_event_packet+0x795/0x1210 [ 691.864117][T12198] BTRFS info (device loop2): relocating block group 5242880 flags data|metadata [ 691.865406][ T50] ? bis_list+0x290/0x290 [ 691.878754][ T50] ? lockdep_hardirqs_on+0x98/0x150 [ 691.883980][ T50] ? hci_send_to_monitor+0xd7/0x4f0 [ 691.889208][ T50] hci_rx_work+0x43a/0xd80 [ 691.893661][ T50] ? process_scheduled_works+0x957/0x15b0 [ 691.899406][ T50] process_scheduled_works+0xa45/0x15b0 [ 691.905002][ T50] ? assign_work+0x400/0x400 [ 691.909626][ T50] ? assign_work+0x39e/0x400 [ 691.914245][ T50] worker_thread+0xa55/0xfc0 [ 691.918882][ T50] kthread+0x2fa/0x390 [ 691.922965][ T50] ? pr_cont_work+0x560/0x560 [ 691.927663][ T50] ? kthread_blkcg+0xd0/0xd0 [ 691.932263][ T50] ret_from_fork+0x48/0x80 [ 691.936697][ T50] ? kthread_blkcg+0xd0/0xd0 [ 691.941305][ T50] ret_from_fork_asm+0x11/0x20 [ 691.946108][ T50] [ 691.953114][ T50] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 691.969846][ T50] Bluetooth: hci1: failed to register connection device [ 692.051154][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1547'. [ 692.076278][T12198] BTRFS info (device loop2): balance: canceled [ 692.347181][ T5788] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 692.607790][T12246] loop3: detected capacity change from 0 to 128 [ 692.946565][T12246] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 693.061948][T12246] ext4 filesystem being mounted at /412/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 693.992829][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 694.734030][T12274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1557'. [ 697.317525][T12290] loop0: detected capacity change from 0 to 128 [ 697.420758][T12290] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 697.495930][T12290] ext4 filesystem being mounted at /365/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 698.294130][T12308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1567'. [ 698.596612][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 699.466464][T12316] loop1: detected capacity change from 0 to 32768 [ 699.523708][T12316] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 699.660253][T12316] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 700.337100][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 701.191911][T12342] loop0: detected capacity change from 0 to 128 [ 701.392115][T12342] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 701.662480][T12342] ext4 filesystem being mounted at /368/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 702.855699][T12353] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1581'. [ 703.653434][T12363] loop2: detected capacity change from 0 to 1024 [ 704.805239][T12368] loop3: detected capacity change from 0 to 32768 [ 704.884045][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 704.915491][T12368] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 704.949523][T12368] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 706.363675][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 706.577878][T12389] loop2: detected capacity change from 0 to 128 [ 706.773826][T12389] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 707.044163][T12389] ext4 filesystem being mounted at /404/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 708.660608][T12403] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1593'. [ 708.987120][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 709.068014][T12412] loop1: detected capacity change from 0 to 4096 [ 709.120269][T12412] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 709.147620][T12412] UDF-fs: Scanning with blocksize 512 failed [ 709.174620][T12412] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 709.792944][T12416] loop0: detected capacity change from 0 to 1024 [ 709.975897][T12420] loop2: detected capacity change from 0 to 32768 [ 710.108030][T12420] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 710.268745][T12420] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 710.617696][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 712.596890][T12438] loop3: detected capacity change from 0 to 128 [ 712.639197][T12438] EXT4-fs (loop3): unable to read superblock [ 712.715413][ T5779] udevd[5779]: incorrect ext4 checksum on /dev/loop3 [ 712.735205][T12440] loop2: detected capacity change from 0 to 128 [ 712.836544][T12440] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 712.862923][T12440] ext4 filesystem being mounted at /407/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 712.908384][ T50] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 713.368047][T12448] loop1: detected capacity change from 0 to 4096 [ 713.492157][T12453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1609'. [ 713.761213][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 715.385175][T11508] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 715.395405][T11508] CPU: 1 PID: 11508 Comm: kworker/u5:1 Not tainted 6.6.100-syzkaller #0 [ 715.403770][T11508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 715.413847][T11508] Workqueue: hci0 hci_rx_work [ 715.418562][T11508] Call Trace: [ 715.421849][T11508] [ 715.424789][T11508] dump_stack_lvl+0x16c/0x230 [ 715.429481][T11508] ? show_regs_print_info+0x20/0x20 [ 715.434689][T11508] ? load_image+0x3b0/0x3b0 [ 715.439207][T11508] sysfs_create_dir_ns+0x256/0x280 [ 715.444321][T11508] ? hci_rx_work+0x43a/0xd80 [ 715.448911][T11508] ? sysfs_warn_dup+0xa0/0xa0 [ 715.453598][T11508] ? do_raw_spin_unlock+0x121/0x230 [ 715.458810][T11508] kobject_add_internal+0x6b8/0xc70 [ 715.464022][T11508] kobject_add+0x156/0x220 [ 715.468438][T11508] ? __rwlock_init+0x150/0x150 [ 715.473200][T11508] ? kobject_init+0x1e0/0x1e0 [ 715.477876][T11508] ? _raw_spin_unlock+0x28/0x40 [ 715.482727][T11508] ? get_device_parent+0x366/0x390 [ 715.487843][T11508] device_add+0x408/0xc20 [ 715.492176][T11508] hci_conn_add_sysfs+0xd5/0x1e0 [ 715.497114][T11508] le_conn_complete_evt+0xc37/0x1220 [ 715.502396][T11508] ? hci_event_packet+0x4a7/0x1210 [ 715.507513][T11508] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 715.513746][T11508] ? __copy_skb_header+0xa7/0x550 [ 715.518766][T11508] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 715.524400][T11508] ? skb_pull_data+0xfb/0x200 [ 715.529081][T11508] hci_le_conn_complete_evt+0x187/0x440 [ 715.534625][T11508] ? hci_remote_host_features_evt+0x160/0x160 [ 715.540694][T11508] hci_event_packet+0x795/0x1210 [ 715.545634][T11508] ? bis_list+0x290/0x290 [ 715.549971][T11508] ? lockdep_hardirqs_on+0x98/0x150 [ 715.555169][T11508] ? hci_send_to_monitor+0xd7/0x4f0 [ 715.560365][T11508] hci_rx_work+0x43a/0xd80 [ 715.564783][T11508] ? process_scheduled_works+0x957/0x15b0 [ 715.570500][T11508] process_scheduled_works+0xa45/0x15b0 [ 715.576056][T11508] ? assign_work+0x400/0x400 [ 715.580649][T11508] ? assign_work+0x39e/0x400 [ 715.585236][T11508] worker_thread+0xa55/0xfc0 [ 715.589820][T11508] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 715.595717][T11508] ? _raw_spin_unlock+0x40/0x40 [ 715.600561][T11508] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 715.606469][T11508] kthread+0x2fa/0x390 [ 715.610531][T11508] ? pr_cont_work+0x560/0x560 [ 715.615218][T11508] ? kthread_blkcg+0xd0/0xd0 [ 715.619821][T11508] ret_from_fork+0x48/0x80 [ 715.624240][T11508] ? kthread_blkcg+0xd0/0xd0 [ 715.628829][T11508] ret_from_fork_asm+0x11/0x20 [ 715.633601][T11508] [ 715.639078][T11508] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 715.653154][T11508] Bluetooth: hci0: failed to register connection device [ 715.787565][T12482] loop0: detected capacity change from 0 to 128 [ 715.845733][T12482] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 715.883777][T12487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1619'. [ 715.895743][T12482] ext4 filesystem being mounted at /373/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 716.844549][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 717.324686][T12496] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1621'. [ 718.810156][T12502] loop0: detected capacity change from 0 to 1024 [ 718.997390][T12492] loop1: detected capacity change from 0 to 40427 [ 719.055013][T12492] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 719.123382][T12492] F2FS-fs (loop1): Image doesn't support compression [ 719.130186][T12492] F2FS-fs (loop1): Image doesn't support compression [ 719.193830][T12492] F2FS-fs (loop1): invalid crc value [ 719.221948][T12492] F2FS-fs (loop1): Found nat_bits in checkpoint [ 719.264183][T11508] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 719.400141][T12492] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 721.192698][T12526] loop0: detected capacity change from 0 to 1024 [ 721.815896][T12533] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1631'. [ 722.318556][T12523] loop2: detected capacity change from 0 to 32768 [ 722.418301][T12523] (syz.2.1632,12523,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 722.513466][T12523] (syz.2.1632,12523,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 722.580300][T12523] JBD2: Ignoring recovery information on journal [ 722.690609][T12523] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 722.782250][T12536] loop3: detected capacity change from 0 to 32768 [ 722.848796][T12536] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 722.873602][T12536] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 722.889702][T12536] BTRFS info (device loop3): turning off barriers [ 722.898889][T12536] BTRFS info (device loop3): setting nodatasum [ 722.905802][T12536] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 722.918509][T12536] BTRFS info (device loop3): use zstd compression, level 3 [ 722.964293][T12536] BTRFS info (device loop3): using free space tree [ 723.318658][ T5787] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 723.466601][T12542] loop0: detected capacity change from 0 to 32768 [ 723.497721][ T5803] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop3 scanned by udevd (5803) [ 723.557495][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 723.571865][T12542] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 724.507847][T12542] XFS (loop0): Ending clean mount [ 725.700371][T12583] loop3: detected capacity change from 0 to 1024 [ 726.795639][T12600] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1646'. [ 731.538414][T12626] loop2: detected capacity change from 0 to 1024 [ 732.543036][T12640] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1656'. [ 736.172837][ T50] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 736.236063][ T5786] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 744.510784][T12740] ntfs3: nullb0: Primary boot signature is not NTFS. [ 744.519024][T12740] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 747.456953][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.468463][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.695602][T12792] loop2: detected capacity change from 0 to 32768 [ 751.743043][T12792] (syz.2.1698,12792,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 751.778191][T12792] (syz.2.1698,12792,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 751.814461][T12792] JBD2: Ignoring recovery information on journal [ 751.985640][T12792] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 752.001720][T12807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1702'. [ 752.169068][T12811] loop0: detected capacity change from 0 to 128 [ 752.250919][T12811] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 752.337381][T12811] ext4 filesystem being mounted at /390/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 754.233861][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 754.234672][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 756.725886][T12832] loop2: detected capacity change from 0 to 32768 [ 756.977644][T12832] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 756.993877][T12844] loop1: detected capacity change from 0 to 4096 [ 757.537800][T12832] XFS (loop2): Ending clean mount [ 757.849285][ T5791] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_bnobt block 0x4 [ 757.881658][ T5791] XFS (loop2): Unmount and run xfs_repair [ 757.903490][ T5791] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 757.925450][ T5791] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff AB3B............ [ 757.947059][ T5791] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10 ................ [ 757.978706][T12844] ntfs3: loop1: failed to convert "0000" to iso8859-6 [ 757.990976][ T5791] 00000020: ed 37 bf 6e 74 ea 4e 01 f8 ba 5f ee 27 4b 0f 3a .7.nt.N..._.'K.: [ 758.024233][T12844] ntfs3: loop1: failed to convert "0030" to iso8859-6 [ 758.032758][ T5791] 00000030: 00 00 00 00 f6 3b 25 b5 00 00 00 07 00 00 00 01 .....;%......... [ 758.066872][T12844] ntfs3: loop1: failed to convert name for inode 1e. [ 758.074359][ T5791] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0 ........... .... [ 758.088237][ T5791] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 758.093468][T12844] ntfs3: loop1: failed to convert "0032" to iso8859-6 [ 758.097666][ T5791] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 758.227728][T12844] ntfs3: loop1: failed to convert "0033" to iso8859-6 [ 758.860456][ T5791] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 758.870290][T12832] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x4 len 4 error 74 [ 758.882805][T12832] XFS (loop2): page discard on page ffffea0001583640, inode 0x1806, pos 134219776. [ 758.985298][ T5788] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 760.190301][T11508] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 762.594698][T12896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1724'. [ 763.816679][T12895] loop3: detected capacity change from 0 to 32768 [ 764.077344][T12895] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 764.439206][T12895] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 764.996226][ T50] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 765.098936][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 765.108683][T12917] loop2: detected capacity change from 0 to 1024 [ 766.825838][T12936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1735'. [ 769.713469][T11508] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 769.806384][T12960] loop3: detected capacity change from 0 to 32768 [ 770.149180][T12968] loop0: detected capacity change from 0 to 32768 [ 770.190902][T12968] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 770.215055][T12960] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 770.231882][T12968] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 771.131202][T12960] XFS (loop3): Ending clean mount [ 771.396250][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 771.402778][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 771.455693][T12984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1746'. [ 771.685978][T12987] Driver unsupported XDP return value 0 on prog (id 255) dev N/A, expect packet loss! [ 774.463050][T13004] mkiss: ax0: crc mode is auto. [ 774.784602][T11508] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 775.952562][ T50] Bluetooth: Wrong link type (-71) [ 776.128209][T13027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1758'. [ 776.923955][T13035] loop2: detected capacity change from 0 to 32768 [ 777.039801][T13035] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 777.085628][T13035] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 778.855569][T13037] loop1: detected capacity change from 0 to 32768 [ 778.890545][T13037] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1761 (13037) [ 778.954169][T13037] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 778.973839][T13037] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 778.982536][T13037] BTRFS info (device loop1): using free space tree [ 779.143642][ T50] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 779.622635][T13037] BTRFS info (device loop1): enabling ssd optimizations [ 779.653674][T13037] BTRFS info (device loop1): auto enabling async discard [ 779.834583][ T5789] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 780.041748][T13079] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1767'. [ 780.065009][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 780.415616][T13084] loop1: detected capacity change from 0 to 8 [ 780.427432][T13084] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 780.515194][T13084] cramfs: Error -5 while decompressing! [ 780.521096][T13084] cramfs: ffffffff96fdc308(26)->ffff88805afe9000(4096) [ 780.528291][T13084] cramfs: Error -3 while decompressing! [ 780.533975][T13084] cramfs: ffffffff96fdc322(26)->ffff88804949c000(4096) [ 780.540963][T13084] cramfs: Error -3 while decompressing! [ 780.546857][T13084] cramfs: ffffffff96fdc33c(16)->ffff88804949d000(4096) [ 780.554311][T13084] cramfs: Error -5 while decompressing! [ 780.559912][T13084] cramfs: ffffffff96fdc308(26)->ffff88805afe9000(4096) [ 781.322409][T13072] loop0: detected capacity change from 0 to 32768 [ 781.360534][T13072] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.1765 (13072) [ 781.505007][T13072] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 781.524471][T13072] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 781.691428][T13072] BTRFS info (device loop0): using free space tree [ 782.253458][T13072] BTRFS info (device loop0): enabling ssd optimizations [ 782.337338][T13072] BTRFS info (device loop0): auto enabling async discard [ 782.874571][ T5786] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 783.803740][T13125] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1774'. [ 785.087211][T13130] loop1: detected capacity change from 0 to 32768 [ 785.120985][T13130] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 785.301384][T13130] XFS (loop1): Ending clean mount [ 785.394943][T13130] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 785.426008][T13130] XFS (loop1): Unmount and run xfs_repair [ 785.433954][T13130] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 785.441705][T13130] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 785.450895][T13130] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 785.492652][T13130] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 785.511658][T13130] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 785.560084][T13149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1777'. [ 785.567103][T13130] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 785.602380][T13130] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 785.644385][T13130] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 785.763634][T13130] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 785.800174][T13130] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 785.844712][T13130] XFS (loop1): page discard on page ffffea0001d9b000, inode 0x244a, pos 0. [ 785.876682][ T5840] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 785.905897][ T5840] XFS (loop1): Unmount and run xfs_repair [ 785.933362][ T5840] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 786.022795][ T5840] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 786.182278][ T5840] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 786.337527][ T5840] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 786.491600][ T5840] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 786.768494][ T5840] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 786.778411][ T5840] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 786.787668][ T5840] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 786.797112][ T5840] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 786.806350][T13130] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 786.823918][T13130] XFS (loop1): page discard on page ffffea0001d9b500, inode 0x244a, pos 32768. [ 786.934410][T13130] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 787.064202][T13164] loop0: detected capacity change from 0 to 2048 [ 787.118922][T13130] XFS (loop1): Unmount and run xfs_repair [ 787.206161][T13130] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 787.248563][T13164] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 787.358830][T13130] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 787.455937][T13164] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 787.481746][T13130] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 787.516287][T13164] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 787.538092][T13130] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 787.597935][T13130] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 787.633456][T13130] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 787.653431][T13130] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 787.681064][T13130] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 787.707108][T13130] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 787.722639][T13130] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 787.760800][T13130] XFS (loop1): page discard on page ffffea0001d9b600, inode 0x244a, pos 49152. [ 788.031852][T10072] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 788.368356][T13170] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1783'. [ 788.401098][T10072] XFS (loop1): Unmount and run xfs_repair [ 788.412436][T10072] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 788.799479][T13178] loop3: detected capacity change from 0 to 1024 [ 788.873506][T10072] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 788.882438][T10072] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 788.978029][T10072] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 789.025062][T13180] mkiss: ax0: crc mode is auto. [ 789.105294][T10072] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 789.114907][T10072] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 789.123952][T10072] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 789.132844][T10072] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 789.141986][T10072] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 789.153362][T13130] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 789.173469][T13130] XFS (loop1): page discard on page ffffea00017155c0, inode 0x244a, pos 57344. [ 789.182916][ T5791] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 789.219701][ T5791] XFS (loop1): Unmount and run xfs_repair [ 789.233536][ T5791] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 789.261601][ T5791] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 789.292032][ T5791] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 789.303274][ T5791] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 789.336787][ T5791] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 789.368603][ T5791] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 789.420862][ T5791] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 789.450396][ T5791] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 790.218252][ T5791] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 790.258674][T13130] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 790.288883][T13130] XFS (loop1): page discard on page ffffea0001276a00, inode 0x244a, pos 61440. [ 790.414558][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 792.443405][T13191] loop3: detected capacity change from 0 to 32768 [ 792.548412][T13191] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 793.494860][T13191] XFS (loop3): Ending clean mount [ 793.609489][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 794.135106][T13224] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1793'. [ 794.343149][T13225] loop2: detected capacity change from 0 to 1024 [ 794.362140][T13208] loop0: detected capacity change from 0 to 32768 [ 794.390986][T13208] (syz.0.1792,13208,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 794.412462][T13208] (syz.0.1792,13208,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 794.467965][T13208] JBD2: Ignoring recovery information on journal [ 794.668561][T13208] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 795.860442][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 799.779020][T13261] loop3: detected capacity change from 0 to 32768 [ 799.780359][T13277] loop0: detected capacity change from 0 to 128 [ 801.006436][T13261] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/loop3": -EINTR [ 801.235637][T13277] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 801.399969][T13277] ext4 filesystem being mounted at /418/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 802.276879][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 803.448266][T13303] loop3: detected capacity change from 0 to 32768 [ 804.112622][T13303] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 804.417187][T13303] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 804.704895][T13326] loop0: detected capacity change from 0 to 512 [ 804.737110][T13326] EXT4-fs: Ignoring removed i_version option [ 805.241319][T13326] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 805.483609][T13326] ext4 filesystem being mounted at /422/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 805.982376][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 806.005274][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 806.236721][T13338] loop0: detected capacity change from 0 to 128 [ 806.305359][T13338] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 806.327124][T13338] ext4 filesystem being mounted at /423/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 806.381301][T13336] loop2: detected capacity change from 0 to 32768 [ 807.063426][T13336] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 807.465983][T13336] XFS (loop2): Ending clean mount [ 807.501114][T13358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1825'. [ 807.585564][ T5788] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 807.679278][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 808.847827][T13370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1830'. [ 808.905961][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.914264][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.120937][T13377] loop3: detected capacity change from 0 to 8 [ 809.129683][T13377] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 810.304382][T13377] cramfs: Error -5 while decompressing! [ 810.316668][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 810.355630][T13377] cramfs: ffffffff96fd8308(26)->ffff88805752a000(4096) [ 810.362575][T13377] cramfs: Error -3 while decompressing! [ 810.425818][T13377] cramfs: ffffffff96fd8322(26)->ffff88805752b000(4096) [ 810.432886][T13377] cramfs: Error -3 while decompressing! [ 810.449686][T13377] cramfs: ffffffff96fd833c(16)->ffff888056148000(4096) [ 810.462873][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 810.463034][T13377] cramfs: Error -5 while decompressing! [ 810.513635][T13377] cramfs: ffffffff96fd8308(26)->ffff88805752a000(4096) [ 810.787481][T13390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1837'. [ 811.035617][T13395] loop0: detected capacity change from 0 to 8 [ 811.057960][T13395] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 811.113074][T13395] cramfs: Error -5 while decompressing! [ 811.138314][T13395] cramfs: ffffffff96fdc308(26)->ffff88804952e000(4096) [ 811.196480][T13395] cramfs: Error -3 while decompressing! [ 811.226375][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop0 [ 811.237797][T13395] cramfs: ffffffff96fdc322(26)->ffff88804952f000(4096) [ 811.270275][T13395] cramfs: Error -3 while decompressing! [ 811.330739][T13395] cramfs: ffffffff96fdc33c(16)->ffff8880561f0000(4096) [ 811.368882][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop0 [ 811.376183][T13395] cramfs: Error -5 while decompressing! [ 811.402386][T13395] cramfs: ffffffff96fdc308(26)->ffff88804952e000(4096) [ 811.534186][T13389] loop3: detected capacity change from 0 to 32768 [ 811.638955][T13389] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 811.837214][T13389] XFS (loop3): Ending clean mount [ 813.581666][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 814.445437][T13429] loop3: detected capacity change from 0 to 8 [ 814.452713][T13429] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 814.496142][T13429] cramfs: Error -5 while decompressing! [ 814.499787][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 814.501710][T13429] cramfs: ffffffff96fd8308(26)->ffff88805bbd4000(4096) [ 814.572275][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 814.663398][T13429] cramfs: Error -3 while decompressing! [ 814.669025][T13429] cramfs: ffffffff96fd8322(26)->ffff88805bbd5000(4096) [ 814.709367][T13429] cramfs: Error -3 while decompressing! [ 814.729129][T13429] cramfs: ffffffff96fd833c(16)->ffff88805bbd6000(4096) [ 814.736195][T13429] cramfs: Error -5 while decompressing! [ 814.741755][T13429] cramfs: ffffffff96fd8308(26)->ffff88805bbd4000(4096) [ 815.738849][T13438] loop3: detected capacity change from 0 to 32768 [ 815.759564][T13438] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.1848 (13438) [ 815.822539][T13438] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 815.878780][T13438] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 815.903286][T13438] BTRFS info (device loop3): using free space tree [ 815.977494][T13438] BTRFS info (device loop3): enabling ssd optimizations [ 816.003377][T13438] BTRFS info (device loop3): auto enabling async discard [ 816.134416][ T5787] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 817.824134][T13467] loop3: detected capacity change from 0 to 32768 [ 817.958016][T13467] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 818.184431][T13467] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 819.164039][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 819.282411][T13483] loop2: detected capacity change from 0 to 8 [ 819.308272][T13483] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 819.419972][T13483] cramfs: Error -5 while decompressing! [ 819.435128][ T5779] udevd[5779]: incorrect cramfs checksum on /dev/loop2 [ 819.449311][T13483] cramfs: ffffffff96fdc308(26)->ffff888057769000(4096) [ 819.549698][T13483] cramfs: Error -3 while decompressing! [ 819.623072][T13483] cramfs: ffffffff96fdc322(26)->ffff888058248000(4096) [ 819.800817][T13483] cramfs: Error -3 while decompressing! [ 819.930654][ T5779] udevd[5779]: incorrect cramfs checksum on /dev/loop2 [ 819.966627][T13483] cramfs: ffffffff96fdc33c(16)->ffff888058231000(4096) [ 820.084783][T13487] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1856'. [ 820.104589][T13483] cramfs: Error -5 while decompressing! [ 820.147875][T13483] cramfs: ffffffff96fdc308(26)->ffff888057769000(4096) [ 822.306786][T13494] loop2: detected capacity change from 0 to 32768 [ 822.349686][T13494] (syz.2.1859,13494,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 822.429406][T13494] (syz.2.1859,13494,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 822.572871][T13494] JBD2: Ignoring recovery information on journal [ 822.634144][T13494] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 822.648911][T13517] (null): rxe_set_mtu: Set mtu to 1024 [ 823.058253][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 823.701617][T13526] loop3: detected capacity change from 0 to 8 [ 823.712823][T13526] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 824.994430][T13526] cramfs: Error -5 while decompressing! [ 825.000067][T13526] cramfs: ffffffff96fd8308(26)->ffff88805b6e6000(4096) [ 825.007209][T13526] cramfs: Error -3 while decompressing! [ 825.012805][T13526] cramfs: ffffffff96fd8322(26)->ffff88805b6e7000(4096) [ 825.019840][T13526] cramfs: Error -3 while decompressing! [ 825.025465][T13526] cramfs: ffffffff96fd833c(16)->ffff88805b6e8000(4096) [ 825.032769][T13526] cramfs: Error -5 while decompressing! [ 825.038418][T13526] cramfs: ffffffff96fd8308(26)->ffff88805b6e6000(4096) [ 825.258715][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 825.361167][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop3 [ 825.368861][T13517] infiniband syz1: set active [ 825.543520][T13517] infiniband syz1: added syz_tun [ 826.322057][T13517] RDS/IB: syz1: added [ 826.337831][T13517] smc: adding ib device syz1 with port count 1 [ 826.345615][T13517] smc: ib device syz1 port 1 has pnetid [ 826.972340][T13541] loop2: detected capacity change from 0 to 32768 [ 826.994542][T13541] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1872 (13541) [ 826.995225][T13543] loop3: detected capacity change from 0 to 32768 [ 827.026246][T13543] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.1873 (13543) [ 827.051145][T13541] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 827.065050][T13541] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 827.090660][T13541] BTRFS info (device loop2): using free space tree [ 827.207579][ T5781] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by udevd (5781) [ 827.388611][T13541] BTRFS info (device loop2): enabling ssd optimizations [ 827.408028][T13541] BTRFS info (device loop2): auto enabling async discard [ 827.835239][ T5788] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 829.449266][ T5803] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop2 scanned by udevd (5803) [ 830.119701][T13576] loop2: detected capacity change from 0 to 32768 [ 830.190742][T13576] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 830.348491][T13576] XFS (loop2): Ending clean mount [ 831.128275][ T5788] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 832.511152][T13611] loop1: detected capacity change from 0 to 2048 [ 832.551484][T13611] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 832.599528][T13611] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 832.660980][T13611] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 834.574228][T13623] loop2: detected capacity change from 0 to 32768 [ 835.253608][T13623] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 835.334109][T13623] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 835.607086][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 836.101030][T13639] loop2: detected capacity change from 0 to 1024 [ 837.117298][T13636] loop0: detected capacity change from 0 to 32768 [ 837.180453][T13650] loop2: detected capacity change from 0 to 8 [ 837.190777][T13650] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 837.297616][T13650] cramfs: Error -5 while decompressing! [ 837.303365][T13650] cramfs: ffffffff96fdc308(26)->ffff8880566ac000(4096) [ 837.310397][T13650] cramfs: Error -3 while decompressing! [ 837.316065][T13650] cramfs: ffffffff96fdc322(26)->ffff8880566ad000(4096) [ 837.323041][T13650] cramfs: Error -3 while decompressing! [ 837.328666][T13650] cramfs: ffffffff96fdc33c(16)->ffff8880566ae000(4096) [ 837.335995][T13650] cramfs: Error -5 while decompressing! [ 837.341597][T13650] cramfs: ffffffff96fdc308(26)->ffff8880566ac000(4096) [ 837.521784][T13636] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 837.823092][ T5779] udevd[5779]: incorrect cramfs checksum on /dev/loop2 [ 837.932993][T13636] XFS (loop0): Ending clean mount [ 839.912518][T13674] loop3: detected capacity change from 0 to 8 [ 839.924421][T13674] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 840.207970][T13674] cramfs: Error -5 while decompressing! [ 840.215022][T13674] cramfs: ffffffff96fd8308(26)->ffff88805af3e000(4096) [ 840.221918][T13674] cramfs: Error -3 while decompressing! [ 840.227566][T13674] cramfs: ffffffff96fd8322(26)->ffff88805af3f000(4096) [ 840.234491][T13674] cramfs: Error -3 while decompressing! [ 840.240078][T13674] cramfs: ffffffff96fd833c(16)->ffff8880581b0000(4096) [ 840.248497][T13674] cramfs: Error -5 while decompressing! [ 840.254287][T13674] cramfs: ffffffff96fd8308(26)->ffff88805af3e000(4096) [ 841.708083][ T5786] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 847.667147][T13716] loop0: detected capacity change from 0 to 32768 [ 848.088135][T13716] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 848.225247][T13739] loop2: detected capacity change from 0 to 1024 [ 848.285415][T13739] hfsplus: xattr searching failed [ 848.441399][T13716] XFS (loop0): Ending clean mount [ 848.593332][T13722] loop3: detected capacity change from 0 to 32768 [ 849.282428][T13722] (syz.3.1915,13722,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 849.463566][T13722] (syz.3.1915,13722,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 849.679684][T13722] JBD2: Ignoring recovery information on journal [ 849.775887][T13722] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 850.940716][ T5786] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 852.855902][T13762] loop2: detected capacity change from 0 to 32768 [ 853.002811][T13762] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 853.095727][T13762] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 853.132822][ T5787] ocfs2: Unmounting device (7,3) on (node local) [ 853.412623][ T5788] ocfs2: Unmounting device (7,2) on (node local) [ 853.852840][T13773] loop1: detected capacity change from 0 to 1024 [ 854.497638][T13775] loop2: detected capacity change from 0 to 1024 [ 854.596601][T13775] hfsplus: xattr searching failed [ 856.410074][T13798] loop0: detected capacity change from 0 to 1024 [ 857.885789][T13803] loop2: detected capacity change from 0 to 2048 [ 857.905107][T13803] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 857.918094][T13803] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 857.932169][T13803] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 859.830755][T13818] loop2: detected capacity change from 0 to 2048 [ 859.856335][T13818] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 859.872411][T13818] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 859.890832][T13818] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 862.547068][T13828] loop0: detected capacity change from 0 to 1024 [ 863.512731][T13838] loop2: detected capacity change from 0 to 1024 [ 864.211969][T13838] hfsplus: xattr searching failed [ 864.719163][T13845] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1938'. [ 866.152622][T13852] loop1: detected capacity change from 0 to 32768 [ 866.166388][T13852] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 866.640698][T13867] loop3: detected capacity change from 0 to 1024 [ 867.465391][ T5803] I/O error, dev loop1, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 867.869903][T13869] loop0: detected capacity change from 0 to 2048 [ 867.908016][T13869] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 868.028249][T13869] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 868.095324][T13869] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 868.351629][T13875] loop1: detected capacity change from 0 to 2048 [ 868.379551][T13875] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 868.395061][T13875] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 868.429905][T13875] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 870.844427][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.850860][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.243249][T13888] loop0: detected capacity change from 0 to 1024 [ 871.284498][T13892] loop3: detected capacity change from 0 to 128 [ 871.303651][T13888] hfsplus: xattr searching failed [ 871.321256][T13892] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 871.473626][T13896] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1954'. [ 871.520644][T13892] ext4 filesystem being mounted at /522/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 871.655919][T13898] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1952'. [ 874.599737][T13910] loop0: detected capacity change from 0 to 40427 [ 874.612336][T13910] F2FS-fs (loop0): invalid crc value [ 874.687391][T13910] F2FS-fs (loop0): Found nat_bits in checkpoint [ 874.753284][T13910] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 878.052621][T13929] loop1: detected capacity change from 0 to 32768 [ 878.109426][T13929] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 878.131653][T13929] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 878.143371][T13937] loop2: detected capacity change from 0 to 2048 [ 878.162658][T13937] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 878.188453][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 878.199043][T13937] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 878.403353][T13937] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 878.442142][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 880.120859][T13946] loop3: detected capacity change from 0 to 1024 [ 880.237957][T13946] hfsplus: xattr searching failed [ 880.532305][T13946] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1965'. [ 881.718464][T13963] bpq0: entered promiscuous mode [ 882.113630][T13970] loop1: detected capacity change from 0 to 8 [ 882.120647][T13970] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 882.136582][T13970] cramfs: Error -5 while decompressing! [ 882.142161][T13970] cramfs: ffffffff96fdc308(26)->ffff88806e3ae000(4096) [ 882.149139][T13970] cramfs: Error -3 while decompressing! [ 882.154795][T13970] cramfs: ffffffff96fdc322(26)->ffff88806e3af000(4096) [ 882.161678][T13970] cramfs: Error -3 while decompressing! [ 882.165115][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop1 [ 882.167256][T13970] cramfs: ffffffff96fdc33c(16)->ffff88805afb0000(4096) [ 882.181072][T13970] cramfs: Error -5 while decompressing! [ 882.186785][T13970] cramfs: ffffffff96fdc308(26)->ffff88806e3ae000(4096) [ 882.245175][ T5803] udevd[5803]: incorrect cramfs checksum on /dev/loop1 [ 882.402742][T13966] ================================================================== [ 882.410845][T13966] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5ba/0x740 [ 882.418837][T13966] Read of size 1 at addr ffff88805dd5f832 by task syz.3.1970/13966 [ 882.426733][T13966] [ 882.429055][T13966] CPU: 0 PID: 13966 Comm: syz.3.1970 Not tainted 6.6.100-syzkaller #0 [ 882.437215][T13966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 882.447275][T13966] Call Trace: [ 882.450557][T13966] [ 882.453499][T13966] dump_stack_lvl+0x16c/0x230 [ 882.458185][T13966] ? __lock_acquire+0x7c80/0x7c80 [ 882.463215][T13966] ? show_regs_print_info+0x20/0x20 [ 882.468418][T13966] ? load_image+0x3b0/0x3b0 [ 882.472926][T13966] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 882.478309][T13966] ? __virt_addr_valid+0x18c/0x540 [ 882.483429][T13966] ? __virt_addr_valid+0x469/0x540 [ 882.488545][T13966] print_report+0xac/0x200 [ 882.492974][T13966] ? rose_transmit_link+0x5ba/0x740 [ 882.498174][T13966] kasan_report+0x117/0x150 [ 882.502681][T13966] ? kmem_cache_alloc_node+0x17f/0x330 [ 882.508148][T13966] ? rose_transmit_link+0x5ba/0x740 [ 882.513359][T13966] rose_transmit_link+0x5ba/0x740 [ 882.518386][T13966] ? skb_put+0x11b/0x210 [ 882.522635][T13966] rose_write_internal+0x11d1/0x1ab0 [ 882.527930][T13966] ? rose_validate_nr+0x120/0x120 [ 882.532958][T13966] ? __timer_delete+0x6b/0x290 [ 882.537729][T13966] ? skb_queue_purge_reason+0x6c/0x1c0 [ 882.543201][T13966] rose_release+0x24e/0x510 [ 882.547709][T13966] sock_close+0xbd/0x230 [ 882.551967][T13966] ? sock_mmap+0xa0/0xa0 [ 882.556209][T13966] __fput+0x234/0x970 [ 882.560177][T13966] task_work_run+0x1ce/0x250 [ 882.564753][T13966] ? task_work_cancel+0x240/0x240 [ 882.569756][T13966] get_signal+0x1235/0x1400 [ 882.574242][T13966] ? task_work_add+0x3a3/0x440 [ 882.578985][T13966] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 882.584335][T13966] ? wake_bit_function+0x200/0x200 [ 882.589425][T13966] ? __might_fault+0xaa/0x120 [ 882.594093][T13966] arch_do_signal_or_restart+0x96/0x780 [ 882.599651][T13966] ? __sys_connect+0x240/0x420 [ 882.604420][T13966] ? get_sigframe_size+0x20/0x20 [ 882.609342][T13966] ? exit_to_user_mode_loop+0x3b/0x110 [ 882.614786][T13966] exit_to_user_mode_loop+0x70/0x110 [ 882.620048][T13966] exit_to_user_mode_prepare+0xb1/0x140 [ 882.625572][T13966] syscall_exit_to_user_mode+0x1a/0x50 [ 882.631013][T13966] do_syscall_64+0x61/0xb0 [ 882.635407][T13966] ? clear_bhb_loop+0x40/0x90 [ 882.640065][T13966] ? clear_bhb_loop+0x40/0x90 [ 882.644731][T13966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 882.650624][T13966] RIP: 0033:0x7f3e5258e9a9 [ 882.655031][T13966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 882.674623][T13966] RSP: 002b:00007f3e53394038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 882.683014][T13966] RAX: fffffffffffffe00 RBX: 00007f3e527b6080 RCX: 00007f3e5258e9a9 [ 882.690966][T13966] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 000000000000000e [ 882.698928][T13966] RBP: 00007f3e52610d69 R08: 0000000000000000 R09: 0000000000000000 [ 882.706895][T13966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 882.714845][T13966] R13: 0000000000000000 R14: 00007f3e527b6080 R15: 00007ffcb3570c08 [ 882.722807][T13966] [ 882.725816][T13966] [ 882.728115][T13966] Allocated by task 12766: [ 882.732510][T13966] kasan_set_track+0x4e/0x70 [ 882.737080][T13966] __kasan_kmalloc+0x8f/0xa0 [ 882.741653][T13966] rose_add_node+0x23a/0xdd0 [ 882.746235][T13966] rose_rt_ioctl+0xa42/0xfb0 [ 882.750817][T13966] rose_ioctl+0x3cf/0x8b0 [ 882.755123][T13966] sock_do_ioctl+0xd7/0x2f0 [ 882.759623][T13966] sock_ioctl+0x623/0x7a0 [ 882.763932][T13966] __se_sys_ioctl+0xfd/0x170 [ 882.768497][T13966] do_syscall_64+0x55/0xb0 [ 882.772886][T13966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 882.778761][T13966] [ 882.781060][T13966] Freed by task 13963: [ 882.785098][T13966] kasan_set_track+0x4e/0x70 [ 882.789663][T13966] kasan_save_free_info+0x2e/0x50 [ 882.794675][T13966] ____kasan_slab_free+0x126/0x1e0 [ 882.799778][T13966] slab_free_freelist_hook+0x130/0x1b0 [ 882.805211][T13966] __kmem_cache_free+0xba/0x1f0 [ 882.810039][T13966] rose_rt_device_down+0x43d/0x490 [ 882.815136][T13966] rose_device_event+0x604/0x690 [ 882.820050][T13966] notifier_call_chain+0x197/0x390 [ 882.825140][T13966] __dev_notify_flags+0x18e/0x2e0 [ 882.830140][T13966] dev_change_flags+0xe8/0x1a0 [ 882.834881][T13966] dev_ifsioc+0x6a7/0xe20 [ 882.839186][T13966] dev_ioctl+0x7e2/0x1170 [ 882.843499][T13966] sock_do_ioctl+0x226/0x2f0 [ 882.848099][T13966] sock_ioctl+0x623/0x7a0 [ 882.852423][T13966] __se_sys_ioctl+0xfd/0x170 [ 882.856991][T13966] do_syscall_64+0x55/0xb0 [ 882.861387][T13966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 882.867268][T13966] [ 882.869569][T13966] Last potentially related work creation: [ 882.875255][T13966] kasan_save_stack+0x3e/0x60 [ 882.879907][T13966] __kasan_record_aux_stack+0xaf/0xc0 [ 882.885253][T13966] kvfree_call_rcu+0xee/0x780 [ 882.889911][T13966] ipv6_mc_destroy_dev+0x3c1/0x590 [ 882.895010][T13966] addrconf_ifdown+0x139f/0x1880 [ 882.899941][T13966] addrconf_notify+0x6c6/0x1010 [ 882.904769][T13966] notifier_call_chain+0x197/0x390 [ 882.909856][T13966] unregister_netdevice_many_notify+0xf36/0x1810 [ 882.916160][T13966] unregister_netdevice_queue+0x324/0x360 [ 882.921856][T13966] ppp_release+0xf0/0x1f0 [ 882.926163][T13966] __fput+0x234/0x970 [ 882.930123][T13966] task_work_run+0x1ce/0x250 [ 882.934693][T13966] exit_to_user_mode_loop+0xe6/0x110 [ 882.939959][T13966] exit_to_user_mode_prepare+0xb1/0x140 [ 882.945494][T13966] syscall_exit_to_user_mode+0x1a/0x50 [ 882.950958][T13966] do_syscall_64+0x61/0xb0 [ 882.955354][T13966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 882.961229][T13966] [ 882.963533][T13966] Second to last potentially related work creation: [ 882.970091][T13966] kasan_save_stack+0x3e/0x60 [ 882.974747][T13966] __kasan_record_aux_stack+0xaf/0xc0 [ 882.980097][T13966] insert_work+0x3d/0x310 [ 882.984403][T13966] __queue_work+0xd2c/0x1020 [ 882.988963][T13966] call_timer_fn+0x16e/0x530 [ 882.993540][T13966] __run_timers+0x558/0x7d0 [ 882.998040][T13966] run_timer_softirq+0x67/0xf0 [ 883.002796][T13966] handle_softirqs+0x280/0x820 [ 883.007538][T13966] __irq_exit_rcu+0xc7/0x190 [ 883.012102][T13966] irq_exit_rcu+0x9/0x20 [ 883.016318][T13966] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 883.021934][T13966] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 883.027893][T13966] [ 883.030192][T13966] The buggy address belongs to the object at ffff88805dd5f800 [ 883.030192][T13966] which belongs to the cache kmalloc-512 of size 512 [ 883.044227][T13966] The buggy address is located 50 bytes inside of [ 883.044227][T13966] freed 512-byte region [ffff88805dd5f800, ffff88805dd5fa00) [ 883.057929][T13966] [ 883.060229][T13966] The buggy address belongs to the physical page: [ 883.066622][T13966] page:ffffea0001775700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5dd5c [ 883.076748][T13966] head:ffffea0001775700 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 883.085653][T13966] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 883.093621][T13966] page_type: 0xffffffff() [ 883.097938][T13966] raw: 00fff00000000840 ffff888017841c80 ffffea0000acc300 dead000000000002 [ 883.106496][T13966] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 883.115051][T13966] page dumped because: kasan: bad access detected [ 883.121441][T13966] page_owner tracks the page as allocated [ 883.127131][T13966] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 42, tgid 42 (kworker/u4:2), ts 71092518847, free_ts 16702372776 [ 883.148122][T13966] post_alloc_hook+0x1cd/0x210 [ 883.152891][T13966] get_page_from_freelist+0x195c/0x19f0 [ 883.158423][T13966] __alloc_pages+0x1e3/0x460 [ 883.162995][T13966] alloc_slab_page+0x5d/0x170 [ 883.167651][T13966] new_slab+0x87/0x2e0 [ 883.171694][T13966] ___slab_alloc+0xc6d/0x12f0 [ 883.176346][T13966] __kmem_cache_alloc_node+0x1a2/0x260 [ 883.181784][T13966] __kmalloc+0xa4/0x240 [ 883.185920][T13966] fib6_info_alloc+0x32/0xe0 [ 883.190485][T13966] ip6_route_info_create+0x44f/0x1200 [ 883.195854][T13966] addrconf_f6i_alloc+0x1c6/0x400 [ 883.200875][T13966] ipv6_add_addr+0x576/0x1090 [ 883.205528][T13966] addrconf_add_linklocal+0x289/0x6b0 [ 883.210874][T13966] addrconf_addr_gen+0x4ac/0x5a0 [ 883.215787][T13966] addrconf_init_auto_addrs+0x70e/0xaa0 [ 883.221308][T13966] addrconf_notify+0xb62/0x1010 [ 883.226134][T13966] page last free stack trace: [ 883.230779][T13966] free_unref_page_prepare+0x7ce/0x8e0 [ 883.236215][T13966] free_unref_page+0x32/0x2e0 [ 883.240866][T13966] free_contig_range+0xa1/0x160 [ 883.245700][T13966] destroy_args+0x87/0x770 [ 883.250110][T13966] debug_vm_pgtable+0x3cc/0x410 [ 883.254942][T13966] do_one_initcall+0x1fd/0x750 [ 883.259685][T13966] do_initcall_level+0x137/0x1f0 [ 883.264604][T13966] do_initcalls+0x69/0xd0 [ 883.268910][T13966] kernel_init_freeable+0x3d2/0x570 [ 883.274086][T13966] kernel_init+0x1d/0x1c0 [ 883.278396][T13966] ret_from_fork+0x48/0x80 [ 883.282787][T13966] ret_from_fork_asm+0x11/0x20 [ 883.287530][T13966] [ 883.289830][T13966] Memory state around the buggy address: [ 883.295447][T13966] ffff88805dd5f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 883.303501][T13966] ffff88805dd5f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 883.311535][T13966] >ffff88805dd5f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 883.319569][T13966] ^ [ 883.325175][T13966] ffff88805dd5f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 883.333212][T13966] ffff88805dd5f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 883.341245][T13966] ================================================================== [ 883.542937][T13966] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 883.550185][T13966] CPU: 1 PID: 13966 Comm: syz.3.1970 Not tainted 6.6.100-syzkaller #0 [ 883.558336][T13966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 883.568387][T13966] Call Trace: [ 883.571664][T13966] [ 883.574593][T13966] dump_stack_lvl+0x16c/0x230 [ 883.579287][T13966] ? show_regs_print_info+0x20/0x20 [ 883.584499][T13966] ? load_image+0x3b0/0x3b0 [ 883.589027][T13966] panic+0x2c0/0x710 [ 883.592938][T13966] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 883.599115][T13966] ? bpf_jit_dump+0xd0/0xd0 [ 883.603631][T13966] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 883.609518][T13966] ? _raw_spin_unlock+0x40/0x40 [ 883.614358][T13966] ? rose_transmit_link+0x5ba/0x740 [ 883.619544][T13966] check_panic_on_warn+0x84/0xa0 [ 883.624472][T13966] ? rose_transmit_link+0x5ba/0x740 [ 883.629657][T13966] end_report+0x6f/0x140 [ 883.633886][T13966] kasan_report+0x128/0x150 [ 883.638374][T13966] ? kmem_cache_alloc_node+0x17f/0x330 [ 883.643823][T13966] ? rose_transmit_link+0x5ba/0x740 [ 883.649102][T13966] rose_transmit_link+0x5ba/0x740 [ 883.654111][T13966] ? skb_put+0x11b/0x210 [ 883.658341][T13966] rose_write_internal+0x11d1/0x1ab0 [ 883.663633][T13966] ? rose_validate_nr+0x120/0x120 [ 883.668659][T13966] ? __timer_delete+0x6b/0x290 [ 883.673421][T13966] ? skb_queue_purge_reason+0x6c/0x1c0 [ 883.678879][T13966] rose_release+0x24e/0x510 [ 883.683377][T13966] sock_close+0xbd/0x230 [ 883.687612][T13966] ? sock_mmap+0xa0/0xa0 [ 883.691841][T13966] __fput+0x234/0x970 [ 883.695815][T13966] task_work_run+0x1ce/0x250 [ 883.700394][T13966] ? task_work_cancel+0x240/0x240 [ 883.705406][T13966] get_signal+0x1235/0x1400 [ 883.709914][T13966] ? task_work_add+0x3a3/0x440 [ 883.714678][T13966] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 883.720048][T13966] ? wake_bit_function+0x200/0x200 [ 883.725152][T13966] ? __might_fault+0xaa/0x120 [ 883.729834][T13966] arch_do_signal_or_restart+0x96/0x780 [ 883.735389][T13966] ? __sys_connect+0x240/0x420 [ 883.740154][T13966] ? get_sigframe_size+0x20/0x20 [ 883.745098][T13966] ? exit_to_user_mode_loop+0x3b/0x110 [ 883.750551][T13966] exit_to_user_mode_loop+0x70/0x110 [ 883.755827][T13966] exit_to_user_mode_prepare+0xb1/0x140 [ 883.761364][T13966] syscall_exit_to_user_mode+0x1a/0x50 [ 883.766815][T13966] do_syscall_64+0x61/0xb0 [ 883.771221][T13966] ? clear_bhb_loop+0x40/0x90 [ 883.775885][T13966] ? clear_bhb_loop+0x40/0x90 [ 883.780550][T13966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 883.786432][T13966] RIP: 0033:0x7f3e5258e9a9 [ 883.790835][T13966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 883.810427][T13966] RSP: 002b:00007f3e53394038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 883.818828][T13966] RAX: fffffffffffffe00 RBX: 00007f3e527b6080 RCX: 00007f3e5258e9a9 [ 883.826785][T13966] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 000000000000000e [ 883.834750][T13966] RBP: 00007f3e52610d69 R08: 0000000000000000 R09: 0000000000000000 [ 883.842711][T13966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.850667][T13966] R13: 0000000000000000 R14: 00007f3e527b6080 R15: 00007ffcb3570c08 [ 883.858632][T13966] [ 883.861857][T13966] Kernel Offset: disabled [ 883.866165][T13966] Rebooting in 86400 seconds..