last executing test programs:

5m50.178594703s ago: executing program 4 (id=499):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x80c8d0, &(0x7f0000000140)=ANY=[], 0x1, 0x34f, &(0x7f00000004c0)="$eJzs3M1vG0UYx/FfjO04qZr1AYE4oD4SF7isknDigrBQKyEiUYUa8SIhts0GrCx25LWCjBBpT1w4IP4IDlWPvVWC/gO5cOOAuHDLBYkDPSAWed+8bpzEdes2L9+PVO00M8/ubGazemalmf0Pf/hyazN0N72eSjXTnCQ9kOoqKTOXHktxuaq6hm7qtQt///by+x99/G5jbe3yutmVxrXXV81s6dLPX32zkDa7N6+9+qf7f63+uffC3kv7/137ohVaK7R2p2eeXe/80fOuB75ttMIt1+xq4Huhb6126HeT+mhXCnzbDDrb233z2gsXF7e7fhia1+7blt+3Xsd63b55n3uttrmuaxcXdbz5CdqcZc3b6+teI/3PG889WvCNWfQIjyca80h3uw1vMLYLB2qat59OrwAAwEmS5v95tl8apPTH5P9Fef5fTvL/3yUV8v879fu9Cx/cXUrz/3vVQf4vFfL/z/JT1WQbpTz/r0ka5v+dZH6Q5/8bTyb/P5gRnW7fjw6OoigvVse1H8n/cUYN8v/F9O83duuTO8txgfwfAAAAAAAAAAAAAAAAAAAAAIDT4EEUOVEUOckxWwEeOfPxghwpSusPCX/EJeM4aUbHf/hvwvHHKTfcuKO8JAXf7TR3mskxbXBfUiBfy3L0b/w8pAbl6k0rrqL7JdhN43d3msmrobGpVhy/Ikf1h+Oj6Mo7a5dXzLJdCwrxFS0W41fl6Hlpfkz8qiXy61cGx6pefaUQ78rRrzfUUaCNdGVcFv/titnb763ZaP8X4nYAAAAAAJwFruXq2fy3uIWg6x6sT+bHSX0yvy5r/PeBZH69/PD8PI4vq1R+VncNAAAAAMD5Eva/3vKCwO/OqHBL0lFtyprN1YffMCaNyjbIPaTNnOaefFdrkuJCdvHpzjPo2xRXr4ytqkz0GytN1dVL1ckHpXpoVfbZ6LBwXZ1mLCInHYvHGNMXf/zpn6PbJF/GpElO+Obd2jF3esQjUT6qTfW4O62MvCRKs30HAQAAAHg6hkl/9pO3pMqz7RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfNrPf/K+4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJx3/wcAAP//QOD4ig==")
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0xffffffffffffffff}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x7, 0x6}, 0x10)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r6, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000080)={0x8d0c, <r9=>0xffffffffffffffff, 'id1\x00'})
getsockopt$inet_udp_int(r9, 0x11, 0x65, &(0x7f0000000000), &(0x7f0000000100)=0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)

5m48.201261794s ago: executing program 4 (id=504):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

5m46.156533147s ago: executing program 4 (id=517):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@ipv6_getroute={0x30, 0x1a, 0x101, 0x0, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x5, 0x800}, [@RTA_GATEWAY={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x37}}]}, 0x30}}, 0x0)

5m45.898845478s ago: executing program 4 (id=519):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@delneigh={0x28, 0x1d, 0x1, 0x8a, 0x0, {0x7, 0x0, 0x0, r1, 0x8, 0x12}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x28}}, 0x10)

5m45.245946494s ago: executing program 4 (id=520):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1018e58, &(0x7f00000005c0)={[{@nodioread_nolock}, {@noblock_validity}, {@data_err_ignore}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@nodiscard}, {@stripe={'stripe', 0x3d, 0x4}}, {@noauto_da_alloc}]}, 0x6, 0x61f, &(0x7f0000000b00)="$eJzs3c9rXNUeAPDvncmkSZv30j4ej9fyHi/wFi1I00wtVt3Y1oVdFCzYhYiLhiapodMfNCmYWGgKLhQURNyKdOM/4F66dyeCunMtVJGKikpH7syddDKZSdIkM9Pmfj5wM/ece2fO+c6dM/fce3PmBpBbY+mfQsT+iAfnk4jRpmUjUV84lq13/6ebF9IpiWr1lR+TSLK8xvpJ9rgnSwxFxJenIv5RXF3u3MLipclKte5WxJH5y9eOzC0sHp69PHlx+uL0lfLRZ48dn3iufKy8LXHuyR5Pn3n5P++//cYzM19VDidxIs6V3pqKlji2y1iMxYMsxOb8gYg4ns60eV+eNDsghFwrZp/HUkT8K0ajWEvVjcbse32tHNBV1WJEFcipRPuHnGr0AxrH9hs7Dj7X5V5J79w7WT8AWh3/QP3cSAzVjo1230+ajowGauc29m5D+WkZf9488HE6xYrzEL8ub52BbSink6XbEfHvdvEntbrtrUWaxl9YUY8kIiYiYjCr34tbqEPSNN+N8zBr2Wz8hYg4kT2m+ac2Wf5YS7rX8QOQT3dPZjvypTT1cP+X9j0a/Z9Y1f+pXxtq3XdtRr/3f537f439/VDtHHmhpR+W9lnOtn/JUmvGd++e/rBT+c39v3RKy2/0BXvh3u2IAy3xv5MGm/V/0viTNts/XeX8iY2V8dLXP5zutKzf8VfvRBxse/zzsFeazrVenxzOlpWPlY/MzFamJ+p/25bx+Revf9qp/H7Hn27/3R3ib9r+hdbnpe/JtQ2W8dnZO5c7LRtZN/7C94NJ/XhzMMt5c3J+/no5YjA5k61Sv5BVyz+6dl0a6zReI43/0P/bt/8Vn//bK19nuPGVuQHXXr10v9OyzWz/povJD6obrEMnafxT62//Ve0/zftgOXVrzTJ+ee3GfzstWyv+4S3GBgAAAAAAAHlTqF2DTQrjy/OFwvh4fbzsP2N3oXJ1bv6pmas3rkxFHKr9P2Sp0LjSPVpPJ2m6nP0/bCN9tCX9dETsi4iPisO19PiFq5WpfgcPAAAAAAAAAAAAAAAAAAAAj4k92fj/xn2qfy7Wx/8DOdHNG8wBjzftH/Kr1v5X3eIJyAP7f8gv7R/yS/uH/NL+Ib+0f8gv7R/yS/uH/NL+AQAAAGBH2ve/u98mEbH0/HBtSg1my4wIgp2t1O8KAH1T7HcFgL5ZvvSvsw+5s6H+/+/ZjwN2vzpAHyTtMmudg+rajf9u22cCAAAAAAAAAAAAAF1wcH/78f+JscGw4xn2B/m1hfH/fjoAnnB++h/yyzE+sN4o/qFOC4z/BwAAAAAAAAAAAICeGalNSWE8Gws8EoXC+HjE3yJib5SSmdnK9ERE/D0ivimWdqXpcr8rDQAAAAAAAAAAAAAAAAAAADvM3MLipclKZfp688wfq3J29kzjLqg9KOuFeMRnRdL7t2U4IpZzShGPWufuzezKPrZbeZ2BuYXF5LdqTRKxFI9PgFuKa5tn1v3qGOzqFxMAAAAAAAAAAAAAAAAAAORQ09jj9g580uMaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvPbz/f/dm+h0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBk+isAAP//GjM9YA==")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)

5m44.918324661s ago: executing program 4 (id=525):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f0000000000)={[{@numtail}, {@shortname_lower}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@shortname_win95}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@uni_xlateno}, {@shortname_mixed}, {@shortname_win95}, {@shortname_lower}, {@utf8no}]}, 0x25, 0x35b, &(0x7f0000000200)="$eJzs3T1sW1UUAODjPMd2IpVkQKpgMmxIqGqCGGAhUVWkigxQZPG3YKkpP7FBioWlZIibBcQIYkGCia0DjJ0RA0JsDKwUCRUQC90qteIh+z3/JH5pmiEpP983RDfnnuN73/VT7ETJyesrsXFpNi7fvHkjarVSlFfOrcStUizGTCSRuRIAwH/JrTSNP9PMIPDM3bI/no/ZbFQ5kd0BAMdh8Pr/xqlxoHo/dwMAnISp7/+LPV8YfffYtgUAHKOp1/9H90zv+zF/efQ7AQDAv9eLr7z63OpaxMV6vRbR/qDb6Dbi6fH86uV4K1qxHmdjIe5EZG8UsncL/Y/PXlg7f7be9+tiNPoV3UZEu9dtZO8UVpNBfTWWYiEW8/p0VJ/065cG9fWIuNIbrB/tUrcxG/P5+j/Nx3osx0I8OFUfcWHt/HI9f4BGe1jfi9iN2vAi+vs/Ewvxw8zgk0vRr80eqx/ZWarXz6Vre+q7V6uDPAAAAAAAAAAAAAAAAAAAAAAAOA5n5iLvnlNfHPW/Sdu97vsX84T69Pygv082nfcH2s36A6XVYXeeD5P9/YH29ufpNsoxc1+vHAAAAAAAAAAAAAAAAAAAAP45OluVaLZa65udre2N8aDS6k1E3vnuy2/mYn/O28k4EuXs4fbk5LGYqEpiVJ6OytNkT04+SCLy5FI0r14b7Xgypzq6iqny/qA6NVXK99RstU498stnRVV/jSNJjKZqhUuU8vUnptoPZKGi/dx9UOpsLR+Scz1N04PKdz6dropaRHnqiTt4MOzIcHjytzfefOiJzuknO6XyRvPrvOnDY48vvHT9ky9+32i2Ij+aVquy2bmTHv00Rk/B+N4o5edcKrgTige748juZmermfz4x8sPf/T9vuSk+P5JJyPvHbzWV/sjlWzQ3+a9XOlswc1fPHjt9vDurcTweO/5ME9/vtK8tvPzb8PDPKxq4ouERh0AAAAAAAAAAAAAAAAAAHAiJv5W/AieeuH4dgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ2/8//+3tmfy2PbuMLJxlMHtXkxPVdc3OwcuPndilwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/c3wEAAP//6Y9pRQ==")
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x183341, 0x0)

5m29.653645436s ago: executing program 32 (id=525):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f0000000000)={[{@numtail}, {@shortname_lower}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@shortname_win95}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@uni_xlateno}, {@shortname_mixed}, {@shortname_win95}, {@shortname_lower}, {@utf8no}]}, 0x25, 0x35b, &(0x7f0000000200)="$eJzs3T1sW1UUAODjPMd2IpVkQKpgMmxIqGqCGGAhUVWkigxQZPG3YKkpP7FBioWlZIibBcQIYkGCia0DjJ0RA0JsDKwUCRUQC90qteIh+z3/JH5pmiEpP983RDfnnuN73/VT7ETJyesrsXFpNi7fvHkjarVSlFfOrcStUizGTCSRuRIAwH/JrTSNP9PMIPDM3bI/no/ZbFQ5kd0BAMdh8Pr/xqlxoHo/dwMAnISp7/+LPV8YfffYtgUAHKOp1/9H90zv+zF/efQ7AQDAv9eLr7z63OpaxMV6vRbR/qDb6Dbi6fH86uV4K1qxHmdjIe5EZG8UsncL/Y/PXlg7f7be9+tiNPoV3UZEu9dtZO8UVpNBfTWWYiEW8/p0VJ/065cG9fWIuNIbrB/tUrcxG/P5+j/Nx3osx0I8OFUfcWHt/HI9f4BGe1jfi9iN2vAi+vs/Ewvxw8zgk0vRr80eqx/ZWarXz6Vre+q7V6uDPAAAAAAAAAAAAAAAAAAAAAAAOA5n5iLvnlNfHPW/Sdu97vsX84T69Pygv082nfcH2s36A6XVYXeeD5P9/YH29ufpNsoxc1+vHAAAAAAAAAAAAAAAAAAAAP45OluVaLZa65udre2N8aDS6k1E3vnuy2/mYn/O28k4EuXs4fbk5LGYqEpiVJ6OytNkT04+SCLy5FI0r14b7Xgypzq6iqny/qA6NVXK99RstU498stnRVV/jSNJjKZqhUuU8vUnptoPZKGi/dx9UOpsLR+Scz1N04PKdz6dropaRHnqiTt4MOzIcHjytzfefOiJzuknO6XyRvPrvOnDY48vvHT9ky9+32i2Ij+aVquy2bmTHv00Rk/B+N4o5edcKrgTige748juZmermfz4x8sPf/T9vuSk+P5JJyPvHbzWV/sjlWzQ3+a9XOlswc1fPHjt9vDurcTweO/5ME9/vtK8tvPzb8PDPKxq4ouERh0AAAAAAAAAAAAAAAAAAHAiJv5W/AieeuH4dgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ2/8//+3tmfy2PbuMLJxlMHtXkxPVdc3OwcuPndilwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/c3wEAAP//6Y9pRQ==")
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x183341, 0x0)

3m43.020999335s ago: executing program 2 (id=1063):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}], 0x4)

3m41.03023216s ago: executing program 2 (id=1072):
socket(0xa, 0x3, 0xff)
r0 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0x4}]}, 0x10)
syz_emit_ethernet(0x82, &(0x7f0000002240)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @val={@val={0x88a8, 0x0, 0x0, 0x3}, {0x8100, 0x5, 0x1, 0x2}}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "090001", 0x44, 0x2f, 0xff, @dev={0xfe, 0x80, '\x00', 0x21}, @mcast1, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {}, {}, {0x8, 0x22eb, 0x4, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12}, 0x2, {0x0, 0x1}}}}}}}}}, 0x0)

3m40.796063296s ago: executing program 2 (id=1074):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000340)={0x1, 0x0, [{0x285, 0x0, 0x200000000007}]})

3m39.88406205s ago: executing program 2 (id=1078):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@nodioread_nolock}, {@noload}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4c}}, {@errors_remount}, {@delalloc}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x48c, &(0x7f00000002c0)="$eJzs3MtrXNUfAPDvvXm0/fWR/Gp9tFaNFiH4SJq0ahduFAUXFQVd1GVMpiV02kgTxZZiU5G6EaSga3Ep+Be4EEQQdSW41Y0rKRTtptVV5N65N52ZzrSNnWRi5vOByZwz99yc873Pc8+ZJICeNZL9SCK2RcQvETFUyzYWGKm9XbtydvqvK2enk1haeu2PJC939crZ6bJoud7WIjOaRqQfJEUlmxvqnT995vhUtVo5VeTHF068NT5/+syT75yYOlY5Vjk5eejQwQMTzzw9+VRH4sziurrnvbm9u1964+LL00cuvvnDl1l7txXL6+PolJEs8D+Xcs3LHu10ZV22vS6d9HexIaxIX0Rku2sgP/+Hoi+u77yhePH9rjYOWFXZvWlT+8WLS8AGlkS3WwB0R3mjz55/81fS+efg9ezyc7UHoCz2a8WrtqQ/0qLMQNPzbSeNRMSRxb8/y16xSuMQAAD1Ppr+9HA8Udf/W+5/pHFP/v5b/nNHMYcyHBH/j4idEXFXROyKiLsj8rL3RsR9K6x/pCl/Y/8nvfSvg7sNWf/v2WJuq7H/V/b+YrivyG3P4x9Ijs5WK/uLbTIaA5uy/MRN6vjmhZ8/bresvv+XvbL6y75g0Y5L/U0DdDNTC1N5p7QDLp+P2NPfKv5keSYgiYjdEbGnxfpft//VO8rE7GNf7G1X6Nbx30QH5pmWPs/CW8ziX4ym+EtJ/fzk7A3zk+Obo1rZP14eFTf68acLr7ar/47i74DLldp73f5vLjKc1M/Xzq+8jgu/ftj2meZ6/FvaH/9J4zozUwvpYPJ6Ps88WHz27tTCwqmJiMHkcJ5v+Hzy+rplviyfHf+j+1qf/zuLdbLq74+I7CB+ICIejIiHirY/HBGPRMS+m8T//fPtl5XxR9ql/X8+Yqbl9W95ozft/5Un+o5/91W7+m/v+ncwT40Wn+TXv1to1ZzsctHcwDvZdgAAAPBfkebfgU/SseV0mo6N1b7Dvyv+l1bn5hcePzr39smZ2nflh2MgLUe6horx0OpstTKRLBa/sTY+OlmMFZfjpQeKceNP+rbk+bHpuepMl2OHXre1zfmf+b2v260DVtmWlp9ODq55Q4AuaJ5HTxuz514JFwPYqPy9NvSuW5z/6Vq1A1h77v/Qu1qd/+ea8uYCYGNy/4fe5fyHHpV+2+0WAF3k/g896U7+rn8VE5vXRzMa/lPA4lptsfW6U/JERJlI10V7JFYp0e0rEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGf8EwAA///cRegb")
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x2b85006, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)

3m39.176559678s ago: executing program 2 (id=1083):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, &(0x7f00000005c0)='H', 0x1, 0x0, &(0x7f00000000c0)={0x2, 0x4e24, @private=0xa010102}, 0x10)

3m37.1555874s ago: executing program 2 (id=1091):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x4})

3m36.241930145s ago: executing program 33 (id=1091):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x4})

2m56.435279507s ago: executing program 5 (id=1274):
mount$tmpfs(0x0, 0x0, 0x0, 0x2e40ab, &(0x7f0000000100)={[{@nr_inodes}]})
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES16], 0x1, 0x2c2, &(0x7f00000006c0)="$eJzs3T+LI2UYAPBndpNJ7iySwkoEB7SwOm6vtckiOThMpaRQC128O5AkCHew4CkGK1sbSz+BINj5JWwEP4DgB7DzioNXJpkh2btJsoHLrX9+vyL77Lzv877POzPZPyzz7sevziZ3i7j/9Ze/R7ebxdEgBvE4i34cRS2llGJl8G0AAP9mj1OKP9PSJVMG5UsWEd3DlgYAHMje3/9/OnhJAMCBvff+B++cjkbDd4uiG7dn35yPy9/sy4/L9tP78WlM417cjF48Wf4toP5poXy9nVKat4pSP96Yzc/HZebso1+q8U/riU6iF/1FdDH/zmh4Uiyt5c/LOq5X8w/K+W9FL15umP/OaHirIT/Gebz5+lr9N6IXv34Sn8U07i6KWOV/dVIUb6fv/vriw7K8Mj+bn487i34r6fjFXRUAAAAAAAAAAAAAAAAAAAAAAP7rblR753RisX9Peajaf+f4SflJO4pa/+L+PMv8rB7oqf2B5im+T6nTihgNbxZFkaqOq/xWvNKK1tWsGgAAAAAAAAAAAAAAAAAAAP5ZHn7+aHI2nd570BD8dj1iQ9OGoN4NoH6sf0fW8aamwdqR1+LR5KyzecC1pqMq3DJpHNd9soity4lWux65v9dJ2D+4tqnmH37cd8Du7j7tbefn+QT13TU5y6KxTyfqI936mv683iePS86Vb2pKu2+/tSBvbOrtvfb8pUUw39Insm2FvfXH8sxVR7KnV5EvzmpjenttN47me6P5Wmx6pzwjW7yt8+f3xQcAAAAAAAAAAAAAAAAAALhg9dDvM03XdqQepc7BygIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2r1///3COZV8iU65/Hg4RUvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwMAAP//QSRWPA==")
lgetxattr(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trusted.'], 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)

2m55.372445517s ago: executing program 5 (id=1276):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540a, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000800)=0x82)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0x100, 0x0, 0x81, 0x7a7, 0x4f, "0d418107009188b791e15b1b6f6ff88c6b00", 0x4, 0x100022})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000002440)=0xd)

2m55.109820512s ago: executing program 5 (id=1279):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x0)
acct(0x0)
r4 = syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000200)=<r5=>0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8fffffeb703000008080000b7040000000000008500000033"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r7, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000804}], 0x1, 0x2ede8ec33678cf20)
syz_io_uring_submit(r5, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r9, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r4, 0x623, 0x4c1, 0x4, 0x0, 0x0)

2m53.772064447s ago: executing program 5 (id=1283):
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x0, &(0x7f0000000080)={[{@mb_optimize_scan}, {@min_batch_time={'min_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}]}, 0x3, 0x45c, &(0x7f0000000580)="$eJzs282PU1UbAPDndlq+eWdegh98qKNoJH7MMAMiCzcaTVxoYqILdDfODAQpjGHGRAjR0RhcGhIX7ojuTPwLXOnGKCsTt7o3JMSwAVnV3PbeoS1tKbW0YH+/pPSc3nNznod7T++590wDGFmT6T9JxJaI+D0ixmvVxgaTtbdrV87O/33l7HwSlcqbfyXVdlevnJ3Pm+b7bc4rxYjCZ0nsatHv8ukzx+fK5cVTWX165cT708unzzx77MTc0cWjiydnDx06sH/m+YOzz/UlzzSvqzs/Wtq949W3z78+f/j8u798l+T5N+XRJ5OdNj5RqfS5u+HaWldOivHNV0OMhe6N1YZplKrjfzzGqrWa8Xjl06EGB9xRlUqlcn/7zasV4D8siWFHAAxHfqFP73/z14CmHneFyy/WboDSvK9lr9qWYhSyNqWm+9t+moyIw6vXL6SvuDPPIQAAGvyQzn+eaTX/K0T9c6H/ZWsoExHx/4jYFhEHI2J7RNwXUW37QEQ8eJv9Ny+S3Dz/KVzqKbEupfO/F7K1rcb5Xz77i4mxrLa1mn8pOXKsvLgv+z/ZG6X1aX2mQx8/vvzbF+22Ved/payyev1C2n8+F8ziuFRc37jPwtzKXK/5Nrv8ScTOYqv8k7WVgCQidkTEzh77OPbUt7vbbauf/x5umX8HxR4DqlP5OuLJ2vFfjab8c0nn9cnpDVFe3DednxU3u/jruTfa9f+v8u+D9Phvann+r5lI6tdrl2+/j3N/fN72nubW+bc+/9clb1XL+VH6cG5l5dRMxLrktVrQ9Z/P3tg3r+ft0/z37mk9/rdl+6R97IqI9CR+KCIejohHstgfjYjHImJPh/x/funx93rPv8GGDt30JM1/oeXxXzv/m47/jcK6aP6kdWHs+E/fN3Q6cTv5p8f/QLW0N/ukm++/buLq7WwGAACAe08hIrZEUphaKxcKU1O1v+HfHpsK5aXllaePLH1wcqH2G4GJKBXyJ13jdc9DZ7Lb+rw+21Tfnz03/nJsY7U+Nb9UXhh28jDiNrcZ/6k/x4YdHXDH9WEdDbhHGf8wuox/GF3GP4yuFuN/Y/Z+cdCxAIPV6vr/8RDiAAavafxb9oMR4v4fRlc34/+dAcQBDJ7rP4yk5Y1x6x/JKyjcVIhCN42T7Npyd8Ss0H1h2N9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/fFPAAAA//8eWuDl")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x42880, 0x85)
lseek(r0, 0x100, 0x1)

2m52.964087741s ago: executing program 5 (id=1286):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x14, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}]}]}, 0x30}}, 0x20000000)

2m52.078379404s ago: executing program 5 (id=1290):
gettid()
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./file0\x00', 0xa00004, &(0x7f0000001d00)=ANY=[@ANYBLOB="6164696e6963622c696f636861727365743d63703433372c646d6f64653d30303030303030303030303030303030303030343434312c6769643d69676e6f72652c6e6f7672732c696f636861727365743d69736f383835392d322c6d6f64653d30303030303030303030303030303030303030303030342c766f6c756d653d30303030303030303030303030303030303030372c6164696e6963622c6769643d666f726765742c6c617374626c6f636b3d30303030303030303030303030303030303030372c6769643d666f726765742c616e63686f723d30303030303030303030b03030303030323331312c0058818aa0e100be5e2bf695e9ffb7b1b56cb4704088ddea28f7d474faa699e75516b34a5fc23ccb06c6b0c26704d916e25e06b506a1899c18c0f554ea7472abd14151a7016bcda47479fcba80944e5ca34b2696818db1fcc6ee60a594920b4b8eac6a775575ff5c1c14cd173323dcd505f1a4b0d80680c839a647cf9968b62a1b518bec20bd7fa67bfa70bcf2cf32fa534c07c010"], 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

2m51.538301592s ago: executing program 34 (id=1290):
gettid()
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./file0\x00', 0xa00004, &(0x7f0000001d00)=ANY=[@ANYBLOB="6164696e6963622c696f636861727365743d63703433372c646d6f64653d30303030303030303030303030303030303030343434312c6769643d69676e6f72652c6e6f7672732c696f636861727365743d69736f383835392d322c6d6f64653d30303030303030303030303030303030303030303030342c766f6c756d653d30303030303030303030303030303030303030372c6164696e6963622c6769643d666f726765742c6c617374626c6f636b3d30303030303030303030303030303030303030372c6769643d666f726765742c616e63686f723d30303030303030303030b03030303030323331312c0058818aa0e100be5e2bf695e9ffb7b1b56cb4704088ddea28f7d474faa699e75516b34a5fc23ccb06c6b0c26704d916e25e06b506a1899c18c0f554ea7472abd14151a7016bcda47479fcba80944e5ca34b2696818db1fcc6ee60a594920b4b8eac6a775575ff5c1c14cd173323dcd505f1a4b0d80680c839a647cf9968b62a1b518bec20bd7fa67bfa70bcf2cf32fa534c07c010"], 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

2m34.060454898s ago: executing program 3 (id=1360):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b000000ff0000003249", @ANYRES32=0x1, @ANYBLOB='\x00'/14, @ANYRES32=0x0, @ANYBLOB="01"], 0x50)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)

2m33.81478396s ago: executing program 3 (id=1362):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

2m33.322632021s ago: executing program 3 (id=1368):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x100000, 0x20200000000000, {}, 0x0, 0x2}, {"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067854e874420115c0000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900"}})

2m32.445847051s ago: executing program 3 (id=1369):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
mknod$loop(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m31.562443311s ago: executing program 3 (id=1378):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000780)={@val={0x0, 0x86dd}, @val={0x2, 0x3, 0x5, 0x9, 0xa, 0x40}, @mpls={[], @ipv6=@generic={0x8, 0x6, "3739ed", 0x0, 0x89, 0xff, @local, @mcast2}}}, 0x36)

2m30.388173915s ago: executing program 3 (id=1382):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x48b, 0x0, 0x3}]})

2m29.859510051s ago: executing program 35 (id=1382):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x48b, 0x0, 0x3}]})

20.689013067s ago: executing program 8 (id=2086):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xe)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000)=0xf, 0x4)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)

20.357482259s ago: executing program 8 (id=2088):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x0)
acct(0x0)
r4 = syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000200)=<r5=>0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8fffffeb703000008080000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r7, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x800)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000002c0), 0x106, 0x6}}, 0x20)
sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000804}], 0x1, 0x2ede8ec33678cf20)
syz_io_uring_submit(r5, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r9, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r4, 0x623, 0x4c1, 0x4, 0x0, 0x0)

19.59657672s ago: executing program 8 (id=2091):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000680)='illinois', 0x5f)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

18.60823428s ago: executing program 8 (id=2099):
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file0\x00', 0x130800b, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0)
open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)

18.485122249s ago: executing program 8 (id=2100):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f0000000040)='timerslack_ns\x00')
read$FUSE(r2, &(0x7f0000000600)={0x2020}, 0x2020)

18.201389814s ago: executing program 8 (id=2104):
r0 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000001400a59500000000000000000a6800c8", @ANYRES32=r2, @ANYBLOB="14000200ff02000000000000000000000000000114000100fe"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

17.635898297s ago: executing program 36 (id=2104):
r0 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000001400a59500000000000000000a6800c8", @ANYRES32=r2, @ANYBLOB="14000200ff02000000000000000000000000000114000100fe"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

8.634227353s ago: executing program 0 (id=2155):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x68}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.23896299s ago: executing program 7 (id=2161):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000280)='|', 0x1, 0xc010, 0x0, 0x0)
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000), &(0x7f00000000c0)=0x4)

6.620925571s ago: executing program 0 (id=2162):
r0 = socket(0x2b, 0x1, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x5, 0x0, 0x0, 0xa, 0x20, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xac, 0xfff, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x2, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x4d2, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0x49}]}]}, 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x4e20, 0x3ffe, @loopback, 0x8}, 0x1c)

5.82048218s ago: executing program 7 (id=2166):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000700)='6t', 0x2}], 0x1)

5.688975304s ago: executing program 7 (id=2167):
mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX, @ANYRESHEX])
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
ppoll(&(0x7f00000000c0)=[{r1, 0x109}], 0x1, 0x0, 0x0, 0x0)

5.454689816s ago: executing program 0 (id=2168):
syz_clone3(&(0x7f0000000400)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ppoll(&(0x7f0000000340), 0x0, 0x0, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x40000000, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pimreg\x00', 0x5005})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

4.144205136s ago: executing program 0 (id=2170):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)

3.900880089s ago: executing program 9 (id=2105):
syz_mount_image$minix(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0032006c00ae1ecebf96fccb8a69f4a8ea113bda4a1e87a726a9dcf01d4bf4543b835eb2b9e6066dc6b060d90b6ca4385a4244aa53e0a0acaebd0c1dd5d380385e85b29008b29f2fb4a93ebe5ace1c105e684d1fd61659e8decea319f675e039904905a8130e2f3c8d5c7a22b4487a331c727612ff1ddd6aabd0e4ab29212632a15e835fac77a7c827"], 0x1, 0x174, &(0x7f0000000240)="$eJzs281uElEYgOFvAH/iysSdcWfV+lMGCpou9VKadmwap2qsmzYu9Aq8Bq/M3oALb0BMR8BEGCaRyAnyPKsvvEzmsDjM2UwAm6vzPLLIYutyvnP95udbWeoVASsySnz/HyMgnfZF6hUAaXx7EXEREV+/fziI9tbM8/myf5z01r3Z/inidmfcs/vx4I8++hLVZ7/69tzrb0z7w7l9++7k/o/icTyJnehGHr3oj/vh9PrhkqcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZVFt2mvvALrXh5XBa92n6l6v3afrXquw19UNuvVb178KY8XLRMYI7Wkvu/3bD/Ow37H0jn9Oz81X5ZFu8MBoNhOqT+ZwL+tfz9ydv89Ox85/hk/6g4Kl4P+8Nne4PB3tNeXp3s88Xne2B9/X7op14JAAAAAAAAAPC3dqP+3RoAAOD/sorXiVL/RgAAAAAAAAAAAAAAWHc/AwAA//8c7qwa")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
write$binfmt_script(r0, &(0x7f0000000200), 0xfea7)

3.707384329s ago: executing program 0 (id=2175):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, 0x0, 0x11)
read$char_usb(r1, &(0x7f0000000100)=""/178, 0xb2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f00000000c0)="ad")

3.257953558s ago: executing program 6 (id=2177):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x80c8d0, &(0x7f0000000140)=ANY=[], 0x1, 0x34f, &(0x7f00000004c0)="$eJzs3M1vG0UYx/FfjO04qZr1AYE4oD4SF7isknDigrBQKyEiUYUa8SIhts0GrCx25LWCjBBpT1w4IP4IDlWPvVWC/gO5cOOAuHDLBYkDPSAWed+8bpzEdes2L9+PVO00M8/ubGazemalmf0Pf/hyazN0N72eSjXTnCQ9kOoqKTOXHktxuaq6hm7qtQt///by+x99/G5jbe3yutmVxrXXV81s6dLPX32zkDa7N6+9+qf7f63+uffC3kv7/137ohVaK7R2p2eeXe/80fOuB75ttMIt1+xq4Huhb6126HeT+mhXCnzbDDrb233z2gsXF7e7fhia1+7blt+3Xsd63b55n3uttrmuaxcXdbz5CdqcZc3b6+teI/3PG889WvCNWfQIjyca80h3uw1vMLYLB2qat59OrwAAwEmS5v95tl8apPTH5P9Fef5fTvL/3yUV8v879fu9Cx/cXUrz/3vVQf4vFfL/z/JT1WQbpTz/r0ka5v+dZH6Q5/8bTyb/P5gRnW7fjw6OoigvVse1H8n/cUYN8v/F9O83duuTO8txgfwfAAAAAAAAAAAAAAAAAAAAAIDT4EEUOVEUOckxWwEeOfPxghwpSusPCX/EJeM4aUbHf/hvwvHHKTfcuKO8JAXf7TR3mskxbXBfUiBfy3L0b/w8pAbl6k0rrqL7JdhN43d3msmrobGpVhy/Ikf1h+Oj6Mo7a5dXzLJdCwrxFS0W41fl6Hlpfkz8qiXy61cGx6pefaUQ78rRrzfUUaCNdGVcFv/titnb763ZaP8X4nYAAAAAAJwFruXq2fy3uIWg6x6sT+bHSX0yvy5r/PeBZH69/PD8PI4vq1R+VncNAAAAAMD5Eva/3vKCwO/OqHBL0lFtyprN1YffMCaNyjbIPaTNnOaefFdrkuJCdvHpzjPo2xRXr4ytqkz0GytN1dVL1ckHpXpoVfbZ6LBwXZ1mLCInHYvHGNMXf/zpn6PbJF/GpElO+Obd2jF3esQjUT6qTfW4O62MvCRKs30HAQAAAHg6hkl/9pO3pMqz7RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfNrPf/K+4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJx3/wcAAP//QOD4ig==")
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0xffffffffffffffff}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x7, 0x6}, 0x10)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r6, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
close_range(r3, 0xffffffffffffffff, 0x0)
syz_clone(0xc001200, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000080)={0x8d0c, <r9=>0xffffffffffffffff, 'id1\x00'})
getsockopt$inet_udp_int(r9, 0x11, 0x65, &(0x7f0000000000), &(0x7f0000000100)=0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)

3.205516934s ago: executing program 1 (id=2178):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x200)
syz_fuse_handle_req(r0, &(0x7f0000006280)="6de34e6633892efe41e10bb5fa5257dd2f3ae7a52a847fa581ca56b0cb33a02de1bb5c7dbe304ec873be3ea2935f39a509bbd63bb70d1f8f449257abfb5eff7a8aac8caca3d7005d2c71bb1c62a712eeed9aa92f4830dc14949c49df5363e0c1cf5fd9611ea6ff6cfd1749907300c6e3f5a9c96c9bf8368e0ef01c64cde15159cc7c97e8a946663b77aa9edad6be3b0b192627222b6a642141c4b79fd2735e107114bebded8af3903397bf93168f9a99bd6245afaddaa0f71f98282f3b8516ce0bd00b552fa3ecbab1b9b1f3faf8a7ee26ea2a882f1dc94397d1dfc72885de91a331d91bd66be054338e1746d1aef021e0719b1a87f1bd70321aa09ddcc670448f2d74f9045ced506d97fead39c75c934b88121e3ca0472e818bf75d2030d889e128a42af475dbe28b9870b6f89e453f612bd1e1a7f4cfa702fa1eadec7d5bc27765119a489830bad6e476aa9ccad3b498715f82534d02fbfa27c0d863a93543ac0064de9e208e2509c86cde4e92149af656647d3f1dc40ad45050486a6e0cd6b5fb92961ea8931598c1aea32f15fd1d102129624e88afcc05f8fb06d69b5118160c7019bb3c140b667e3ac911c61341dc3f256fb8cb498da175e0c7d583b9ef5d2d1b24412967b5e7bc3b928ab365a99a90c3f9fe13c3519f048ed883e23c2c8b3efca34b37ffeb55c31ce2b1d1d8c8defe48372db59ab6d380166fbc0d30467627debc7acb1b211f71ab34d6caf0f343554cd8d371ae0312100a34b602ba006c60fcce34bce7bf4b8ed14cb72340d9046654704513f7f467ca81a9631eb11b71a3089664fab9cb8ee80c4d02372f64d2014a36924d66f1e2d6a8a97a170c4097e6d7930c814b43dc05dcba2aba87647d93a68f631dc510ef60783811eec0f65652d322ad8ee538c813f2e3a7a31315918b374aa33e37d8a7f06daa012f8f88ca9ccdcc3a4fe6dc3dc0155eaee98a3fb3c03bb84a9850a9a7af5d8d2df187e3a1b5a04416b73747a4ea0654c89b66ae98279ab61c78b875a504200873db0c322631796c40644e3afb3edf6497bfee5652b261280daf5840b00d63ee560fe149dd9dbb36c22045ce4e93142dff56a6eea9bbd78c971bc33bb948a0e6b9ed98fbc44eab7c7cbf2c60bcc404042c5df1e1ea96e92becfeff7f912b56f9d296b5e40bdd822bdb25672a837f115258543f928c0cbe9087226bebe62f86e813737bbf9146fb4e927f9ed388e083e171d6ab58c8aa04143453b0cccfd362fcea0343688c22be9b043f0051a85f1671d6572e212127337b177d35e733e7c1df6103658a7aa3257fe2d4f90ebc1e9b0974d5e427fa291f20193c4ae003fd997808e32c3740179ed9d9d9bd5a71138eac1f418c7e390533e061dac20c98f43370c2d4711baa2bbdb85eaf8d503754a8501e71f91d534f93c7f4f0315333f745b600e9d70462c3cc1c6522babfbfead775b46951bd89030c74010cade7432e5be9b0b946041cc4e019b6fed0aaf7f5da2a991f96328c8748aa904011cb644a9c87e7698a7c1fe7393462ebea5443ad0d07cbaa5f93e25315afe076dc3baa99efcd60899bb5ba6bc9395ba3448a5d91635cb20366be14de1fcec04082b1e3931439e42bd717b9c57939d01c12fc5ba0201a202add47cfe19204aefb34681c29097a9088729fc529be9875d049c4d03f34c3169167388cc5d9b7cd49c6dbe465c8152180157b0ed1bd2ba2657f26e5e0b7c4328f47aacbe6a602f69ee9adbaea4ca09bdf37e2d00d28e16e46128b1f8bd8db13d6ea02a7e17561f796873540a5feaa80adf9c3ba211ccd16dbcd6e144955f3a08b288ac49d7c17b4b6cc616f1c7804673c4df2732947232b385352d14a8224851667de2bb67afc916e7476af17fe4e06a552bc6405f4880fdf7b0d0944af3347d5c0dd2f800f47e3bb2c9a62a69b6417adf43d319e8ad7d026452acfbec6ee240677447191f760551fdefdd3fd771d494bfe2b0dc05a9c8eeca03e75e7974197d60dc1ada2f16538cf9ba427b19af3b0d50ee825510c6e291626b7e72d7c61cfcf1affab83b946bbe0bc2ff4562747369250f97f88136b366c1c4ebc684739eccdd9de2612e5f17e52324ff947dda2c876f7d4cd8a81aa41f6ef910dd15c22f7c901590a03893f5ea42e4672e06b3adf796165a6cd615836f0a44454dcae727f64d5f3ecd942360a60bbd06caec15dd6ccc368a1637755f072103e75fdc99746f3ba86f8a709a8fded44ec4704ba45f8f632120ae96fd9ac1fbfaccb57681cbfffc3a60cf8cde9794033af044ffab01c1eda22a0fb9d756a9e7aeb84391b50ce696b7d403e128be37e0d89582aa876a76b0b930951aaad5f26c9d5f3ae28113de07e8bb3556aeadd9fb80589126f7eab21522ca8e7d753512224df5135b9669d0f69f13c3b01ede40552d150d6faddea6a85d56a74bc15e9ff6b19c058b3da4a9d5165d79f56d4acb91d00e1d1a22c65c3e493a39f4cb60d914e8ef01a61fdcca5bec6b55f8e30a6755e0bbb164becab6968c683c89bfe10a869fe85a6a382cb46b2ee2a7f842ea1fccb89aa1cf1d0f394e0e3c5a904e49c8a87a0b12472f4ed1e778e4e47666df4d920cb28c19d64777ed68b94218878ef107963771fe0ce1ce3f9daf47f4b666f33550051c901e8cab9c27dc728c6e3c446af48f85a429a3c45a99fc01c12522b3700e908fc3e828d1b5bdea787613ec337d0ded3db4e2d8d0f4a364a834e3c1cd49c78edf1fd2fb78f9ce290a7de79c959acc24a3946b6536bfe82adb82fba0f7ebc8685ed99d113924c9b90c612d1132a30219016c51fe462aef76762d51134c7fc3f173876fd2549c85e25323ce4c04df892e7791239027285923694058485a935763f8a0d12d3db8ee418c2ceb746cd2c463938781abcc66814493d0f56dfcdd75d55adeed9141b4031763eeabb9bbd4b87f1f256de9dcd7206f6ab9b8336ced980e88ec63a6be4f24418d0f2a764e46b2d9c85e4942d79d7e08e1d60e71c1d56eb43e259bf487d48a0a755d781561478a9dc003b804c9fadaf56095fd0447f171bf6bab81967ffad4a02377103c53b7575e6d194847648a15486b0305f2c082417e38e214724c0215420ba5dfa5cdb8167d0550ebd2e7a35a9da5d9158b9fd08b01144ea63d52d8e9e7e4a2d9a58896a41c0a13e673a7e108ddaa252f64f21b3894c388d6c8beff6b74812103537fe9df0ed4049b3dda3d57cb4901d1984795381a557f7be5b559f2d7a0de856a6aa8887acf9f1ab223dcdcb1f19b0b3bd989e7d1d34156384419bd3890652f8554ae698b608873977668018d0cc129774b8bd2c58941ebba1826016a54261a915855cc99b4a8c93e029aba8a4a600991cc3f02744e87190fe963f5ba92a1c718f851cdc92e7652406fa6b731f2c84787d229e23c6cdd12f152c8272595bedfb5acb20c83f69aea537df8dfc9268a565dde5079e3784350c034cd336750e281f70a56c9b36c35c3d2b1e9a15d36b20cc2eb1dbd231d13dd876f1f7fdd2a041559e6845010b53df26a87ecc4ebb919c58d15872723dfe24cb82965db7143be1152e200086649a661b7cd526413b964e2c09d4778ae2ea6f00437a8665239309e773303b9dbbeb0e4b2a59d74ce6a9c7f7d563310e7445cb043d6fd85d9131ebc4ddedba2e93e253fac6333802355f1887c05289fed12c06ad833fc5a64a0cb1d3e46c4ba5a66bcd202e261596aaabc6e7534bfb9c54a85c5f6e6e0dc36b725e4766490a2960bd032e5667ab8998b880fb3e67e3728980c1793f462be1b10ae71f36c8aa90151cab6efc8733791df4df24ca334c095605a3198a2a23a6cc851009494813a4231c196385db2c6153d6f5453dc790af7e9082a5ba74be416babec77e1a65bb8d36d518a7823a04e06317085d5b5843bbbc36d462555c9cf852c94619446ce5944d2839a1424eae368449b0d1e5237e31485e28adb9d2946fb9891ab088a3c47e0f0a89e7b782360c2b5ebc3e47be14de1a54ee478b8f85596144420813fa4f2afb2ad05834efcb200e3283ae590770667214fdee9bceb8114459450865d42773e1adfe35158bc79366826354c37eef0fd9d2a2876cd548fa392026d91dbd2a89645547f9d3c392cdc1c251be005c6275d76208870f13a358feab1d6462500997b10b938dfc05efcaec4a15cd8f4f5022433d84df15c9dd9bb7f9ef4a927fde753e399844335d3c84ccd1f2dcd3a70588c95ac17fac436d68c6f4784ca5aa32297e3b5889f26e7dd6df02369997fca2285a49c67b7fb96f9aaf42dcb51f67ec3a46969a425b3515b382a9271469ce406dd7ade86e6e75b5ff291640bb28aee6ea771c20da975b3fdb11c65bf5de45d6e181ec91e8f7275f501040b892c297deca0c1ccf6624506b4e7326c1579f3b2e2f1d47e309be00511eee1f9565be516dba1cd3ccbb40ffe261863729e25fde82562ae1b225ed7bddf0d3f4f996687d5aadb0ce954824e193a396b8ad7d0c2ea46ee614a92ee7699cb5ec8e003099a345a09b070e7bba9f47094a8727129d024d1c581be3c78a466a909609786c923999b6ef154067407f248848266f13fa5c45190b04308f251f83e3baa148676d763d0158fc3027fa64ece8e0c6b86ecadcc2ca2585df5cfcb0899e855105a32440fdf3f311398eeea74b4ed8918f7fe9effd4c94883f3cf49591ee14834dcba5a400722f7de64611349af35e7d6a2d2423a6cfe2a167d8167b61ea89e934666b89c30db6aa941422fc17c27728ae03fb06538b00d07f24c2b158ce07b94015b484df6b4746e925586c46d5589ee18a892c92b6183581768dd55f9bfaa0e7a296144c9150a4d969b81388095f903331547d4b6502af0610d7ba4b04e7d8b0b1674b59af99b66cde0eb289aaf8602c59380a09b7b588f59a4a62a09b528f8f8cf6b4762eca5650f94341e9c112f95e3bdb8149738981acbd4c99696db86eff8cd124d5a97e430e0442c7dd55b61c6f58b3cfec046361733f4b9dbdeb93fe3b1acec47473d5c903db52ec8b75d8ab1e84e27463313177f04f58cc42f338b7dc11efb8653b863cdc628a212a6eb007501162ab2cd9dcf0ed82998e9d51e7d6ca1fc7665d150b4b3b6a46945240fcc082dc630db21d477d2603dd9296b70543ddbd7bd740aa219b22da59d874db673edda9d3f4e2b7193fb547ab1e5b6feba95a1a29601719c2491018d1cda071624696b5e86cf5de7df29dc0911773a84a083305d923475781c2052a7132f8be3bb9205ffc956a66e77cc02aee5fc177ca9dd5daaaa5c4169b8244368a2cd436d28c71df6b890aa1107c8c3e652142cdc61c9fb6b9262f0a321ed9c19ee03d001655dc0bbb7593bbce1761e56def7dc9d3b64cf8fbf970871b71dd3dde9296f862bb10c81d0bd0cc8fb9809e21cd8d117f5107a0ce7c2b525681df30be8d548b29a7cbd67e24d1604fb6bbf1821e14d500086ecd979fbc75c60d18d7e776678e28904584fc8a2082aaea98382ac022e791f263a71d50f1a53e810c04bb18d16f4894b3c7ad6923e52250d8176ffbc6896ea50a734de4771224ff75d68c3601b9ed55c67e4dd03009bb3a21369433b83a5aa6bcf24fab7abc890216c0cca8e9fac0f80c2e1c2cae4837f0f6c7ebd9f100677bdee4d4dc00b1adc0a2288725352a16ac185f073d5bdc5c1d08c21be9c8ced7ba2f07f3a81a6b45e9e63451fd2a925e094de434049b21a9383fa18bd9e524e8d717435705152d723af560a7f78a663a000f850305b12610110c17a08f3df987e248178c933aab12d0a2d3d01b8e901add9ce32207efb4e4033f2bca27eb0cfa2924acfb43de4fb34dbafeb95f63caf17f51229d73a42fd7494c6475a551fb7c53bb1459610df64bbeb5eb14a6360b82a077461b8092331d2ec054d0fe1c1a2724b6a37002a4aa21fec362489a5a7690cec67d2e6abe440312821f551997e990a7658dd49af54b44f69467caf684a4fadd73100001c8b229af15e453635fff3e9ea588055cc6dfe36acb50a050a5684f3515b2d9c78319f163184d36e29520c360c641cf1e472e256c35da9fcc5b2b157e700764e986985de3ba775bd595749a810f27177b6c1cf3be62b0e4748810ee192713d8c16c0caa4255d3c0696f45040feaba2ac71c4cb85447963484b60075f9b1a39097345b179f1f17f512d954bcba945609510221d3bdc4ce0c0737f162c624d0129f0f9c57152318de372947713e685d2c0e0abf91a4871af71c9db4b69d1bc8203a2d9dbfdc4cd7a891c7b56c8a5135c236e2f8b4fc6f8ed2358935c1f30b24d85162e450ddf045705d6f6a8f0f9c5e1cdae084512bea7985cc97b089e63c5218052d9025dd2ebf37fdde16975e849070f1a6f73335b3c0fd34d2a883f26652e12941f930bb723b4c66ea141d49b8639750d9a81967499473389c727699df04220f1802584692da1e47f6b5c1c260cfb2dfa61f9a64a4871035c0566ca6bf1b43c5b3a41dea864e8ae574ff8cccfe0befe98309cd4c6aed09059375f11c6ee1e776a37869b126637ffd539dcaa4f1a55bbaf28a44fdd361151fb5376e0aaec86aa482bb5a136f50a7e13c20d88a198bd537bc71c74c85db1068ad534780b37b52dd241ac09dcc279a250625970eb4a85b5ad5407e52a02cf33731d282f96d833db1fbc6fbe42839b6cd42735ee6900678a69116221bccb9a4e42860d9d02229d1b0fab7ddad90601ee7b8141434fa95b3160b695eebb843657e0960c70e9490211324c426038a94cf095ef9cd3aa5d65595d363f8041dcac5a6ed7ae2e3b6d6de4594dcba9b869ebe0b223d29ec17b3af174a6d08fcbe6dc092ece19344d270c17b91cfcea058f7ea70250ef5122eb4781a95a70ee93b36af304dc434a27fd7c362f3747ce58991cfae2666d6b76e2e003ea4d8d4af8bb62fdb18690c3abc669ee243506dff652f36aa845fc86d21b633d6c17669bcc443c520022a3a0f9df24d313466b42d2056448fbda163223aee327f29ec6f182400bc50358c1f58a2553f9fb5ecef8d7a954fdc9bee9d174f76d44fd3cf84c0b22440feceb54983c6b2958832f83b5534aae0de2b999f423d4e27dc709c6c54b8877cbcac7eb1300d1acfe0b3bb45abc360e52d2365eb184456d7140be9c095926cca484f10fcc86f7e27c87a3441e8599e1835016c7a7f31c3b1bec9e608a5151c5b55cbbc13664e3fc8ccb7703a37bbf65baea9844017e553727872d5057271562cbd18a9015b651fedca03c6528124879d89546b0ded0617289d1b1cebb68a0cda6c20acf0b5cb802d28410d2f777999fe2690ea3b7d0a6f4634f1edc502868564f700f1067788657bf77aef60f00b5f294a2f8ee7380b8ddbd04b01a32f0a395bd7f5aecdc2142264e5e7939d957ba3fe0ffdf03110fe0e003219faeac2ee8fb4f503f9e93befaa2b670b3de2e4115a157d1f973f530f9bea51fa0a44c12045038e31631a52bd802b5bf7312a388c52bc82d2437d65d86875a531221de5c8b6a8270fb65f58ab8208d2db07cde8cf593a1cbb9e079ccee814c8ee9c400ea20e724095eb4cac990374bc76a783990523f41369dff10e0c0155c436065bf28b1164550f6082d4b80666973ca8e88017406f8bb6d5e3a731baa5c13e0bda704bfa2e8b04374eb4b3e45ccd79d5a862554817fc995a8918796aa777855a09dde54a3ceb08242f0dedcbead804b09e2e0a710589f60603253c0070119e89d8ac26aa9f770e5421671fcef0df44b7e73cc0d9d7723edc662bf0246109becc33194bab7f1668fa3aed879ce0539277fa5fe2153a4954cc670ae22370fcdd74eab727e68a17a74996dd555cdd1eb8be27651764c4c12f94955540f00f453866595e3938b2f21ef19c2fbb07f83b9210af888b088334159cddaedf8fd1ec925fd8801d0047f8c1f521ce4f546057b129e174b982dc9dea353d79eac0efe548d2fc4c2081d090921b0ffe28dbe2098f7bb21f53604e97cafa88d73b9f1a72810d3e8afce188ae9cb3ae5315698320057fe4240e643f3fe78ea67088759326b3828abd7eb09dd3a8acc0d74842276ee7bf81b5d430e8d66f484c046150446dbd0a331f74373e1e330761684529ca83e7f10afd23c433e3d21c31377e486c1bec207e71399b35f82f2f9231bc2d5ca216de43acb349c200009477355ccdc1d231578a80e5471c3b3a5b43ff706e2afbdc4e64f6064130a9969e81925b212d28206bed21ae733cca7fed66b977a5d5e6e8c5fbd4f23738a0e240129a2dcb4a02267cd39e18400d873dfed8bd58fae6dd1a8533f9ea228d579ff158316a39a66a51f5eb11c9cd111e010497eb0a061cd726731b88aeed04b2e40f80e856ae71232b9d617ad60b874e4e1a5324594461f57a4ef60dd426fe444ca4406d3b3a2261bc458e962270b4c52b342b4f840d2219de471b9fe172c3f7b3a9baccd89e065d7533b21cd73895f846f22d041ac7f77106959a4a5fd3b2e4f426ae9322fafb088fb27156e7524f481b10d0f52bdb05e5e19482c3b95197cf42a8381b9c6394d20c10bc28f6f034da342fa2650137a5d692df7594f1ead112314d708ffff08fb975a4fa8ba0a5b84f0dc80591614c0071d01798adfb75f57b96e61956ddd8af84b31bef4770714da1ab2d3d9a370e1edc8a10dcc5b342895253a509cad0c9f7c442053c6be0643a34a126dead8e47586f18896b02768e8e40b29659d8eb095b453d8fc144b151df13a4702f3bf04eda0333db25fc83594f9ceb1bb932b43b21045552cf031e1c2fb0396e729fc19b91e38badca38290f1e9f0a58be160073f26afcca833c11c2035612c397d398caa795c92753157d15d050f2dfd968a3353a788e4510972bd8725fa89279c40cb61af07873d67fcb169236d6c191596abf01b9687c41f1744725407c038f805dc3c27c919dd68069efc6a422803403b545a552d0c5eee9cc2ff9141992a5c5b9ca8467ba80a22e5fe4899a5b3f0f83d9dd57ec925e88d249317e14ab3917d5742a8ac662f6c8a29142815e4612628a57f8e050341491b21ccf7dc3ada7948a28fbc5c412a6fb42ad111dc0c322c929debb6f78cb05ab0985b358fe3e195fc18eb0f0341b3954c37bfa02b163c71a5cf73a50f08017693e3c80e07d9bb3d9022d9b084b89894cb9259b63bfb1919fecc977f5f3d976cf94053a1d1f93a233b82c2d5b28de084332192674f76593abfe7219edd3233a92291104641e7b560422ad053ab4c77442f4ce1a1cbef3e90fa50e3f17d745f70a08f08febbd7b021125668cd8dff0741c3364484ee8ea26d0582e641137b043aabdc90fe81d964f944edbbcc6abf87b003ebd7f14fd3ab835d8b0a4c3041a3be789709f2ca4ab3c342b5eefb3497115224223d100c0cce344a439190c86d71f1fbf92c62cc57de87763c1fddf732fb9a993acfde1bf012e37948ab8b54b790d32abe865601b98c8c43a75df2d4f8053a3a68f7b3effd447702d9a3e45a3500a70d544c99badee9151415b1606db116ced1c70b5e34422a57eb9dc256f4a40b5e52d1d5fd014d6803f2e2411d71e7d34894622838acfb5ed8b1ec1877288a8af4d0493f83a296794dfac4d5c2d21ae5927158250a14f3a3488b86dde09801796775100edda562d7688c1409012a375103f33080f1ef6062918219958f7c5aa83b02df577ae61bc720a7922c5f9ea6f135927c39950eaed6fb83784063554f119023c173fdebd8fb48c428ecba54b87f0abb2a012d603764c859eea60991bc5c316969959117cd44c639277fb95ae14bd9f799f696a4f55b1fc3cb96750a0491ea365c3a601fb41b6e3e15f0f107fcc1b2b828061ffbb5a985cae07ddbbcf9e0925ecd7fd8fda28fc1cf45824f4a8aa18bd1217c617d1c0411bb94a4b764affb32ef9ebfe8980ebb73fa7b5a1e971f14c08924e3b109347afba0de9838a9214284e0ef97b81b8d905bf09dfb1bb8dc1fd72b8fe96b99de081e1d6d69e4cad49178753a672de4cf31346b65366299309544f9cfc749d9be7cd5342493693fc2a44a4346d152ea2a849e1444ee471d5cdfdb5d9447a6f040558708c8300992d14f14c7a2c37b7dc30f192654cbecb0cc9340dc05633fed2a69f698a71a692eb3291f9ac329bc041058761ec2bb340998fd1f68aeed8320ba3a4948206893355f1cf6b58797787009ee9f0c7f98013491b595d60e4d8933cb3878fa49622132aabb3a4ac21bd06aae78eb3ab8dbb273cd4b04b49cdd8be4cbd7d90560d64abcbc7c9c85fd8448b95ca37a4ddb719bea5f49946cbe7cdad8abf234bba507aed627f33e7e0f7ae56b96c0bda3fed16d30ae5c7cecd7a386b66004923593815650b9842c2b7729a44982f41c33ceced796e1a2634081989b6f0f271cd12dbb2b06a58fe816ceccc89742c26fb876410551130a38ac6c7e7d4d4902368a2cbb17d1a850af249c18e93d698d4f4bdd8a03237763c16cecadd76e200c9a9f043463ed29340951eae208a1c492f60aa2a945a17fb71c4f1bb5191d66a1da90b452378eb2d4ffffc028d49ee8dae1db747f07392695ae72ef1da527470472184de2ed504522d856490b39612f14fca1e603b6dab2b576654bef7b08ce77d2dae1c26c6ecfffb56d492ef459289111018419302c089673367b94283d147b6746e4507ca07b497ff0a61f9c8ff31a304aac960eaa97d9ab66842f769b141b8b9d20da8d661141bb4a6bafa0294521d4d8b7e2cce0f244554ea7d9a6c04d94afb1d786328691139101006931aa2a8221972b4c524b1a65190dfa80d6fc123d634d51afeb279397ea2843259a0bdda4f2d3864774f4f17f7c3f0e07b2c84687abbdb4c155d7b5f0d8fcd31991a79f5477ffd666ce94836e2dd91834bbc61d9ac71a9e0be80745c9fb63216d9f43a104b61f7ffc6f936e8d319446671814f46fe2a90c7e12d8893b5c50366a9b6936612ac6e43a92bae486feddb988f863cb25aca4bc50326a03d1503a8f08f48b604596959515cc056bef68635bcd4eaf9372da3169184f9048fe4cfbcef305312cb488e6dee5840d55101f8e3e2f5368c86c147aaccdc9b966d2236e825599251300564378d24d5bb216f65727f7946c001f2634af029f895c8fc953d2f0920364c8e18a22737091cf267f507edb42dd9c5f3dc69ed9227a3e59e32887dfec6dbdcfe1611fbedf9a831083c1cbcadbfa1070d98655dd982e781daaf468b25134bc62bb7a8b8b58367918315a956f88a1cebc26a5bb026c73246c84fca6e1cbfe898d523d5ca35dfb117d7668e29fbbe946d78fe2da96cd17e41db2cead30a582a244babf340fa18a3c4aa749fe0dd8bc75d0012efb4728bceeeed7e8c0c12abdf6c12f4f4d01f2b12120206befa8255a2d3bd54be7cda47ed96bee288c2f6c3689754e4eb171517525f6713b19741a4c359eccd6c9cc36ca302d6669997791827cc40efb7d62a87b6fdc376f5efd5d679de6da3806e5411d5b688440851c50bcfe1120ab4edf2fa71fd0c545e7fb2ea67ecb0ec6db9e13ebdb4f17266f1b6a36f7cda9ea5dad84ba53eac06857fe7a008948", 0x2000, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)={0x90, 0x0, 0x9, {0x5, 0x2, 0x81, 0x8000, 0x1ff, 0x3, {0x3, 0x80000001, 0x5, 0x1000, 0xc27, 0xfea4f6d, 0x5, 0x8000, 0x2, 0xc000, 0xb3, r2, r3, 0x1000, 0x6}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x20140318, 0x627f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50)

3.00058352s ago: executing program 9 (id=2179):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r2, 0x60b, 0x0)

2.52543778s ago: executing program 7 (id=2180):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x0)
acct(0x0)
r4 = syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000200)=<r5=>0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8fffffeb703000008080000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r7, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x800)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000002c0), 0x106, 0x6}}, 0x20)
sendmmsg$alg(r9, 0x0, 0x0, 0x2ede8ec33678cf20)
syz_io_uring_submit(r5, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r9, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r4, 0x623, 0x4c1, 0x4, 0x0, 0x0)

2.307185826s ago: executing program 6 (id=2181):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000340)=0x8)

2.107265161s ago: executing program 1 (id=2182):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]})
close_range(r0, 0xffffffffffffffff, 0x0)

1.964199003s ago: executing program 9 (id=2183):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
sendmmsg$inet(r1, &(0x7f0000006bc0)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f00000000c0)='c', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000037c0)=[{&(0x7f0000001340)="0e", 0x1}], 0x1}}], 0x2, 0x44083)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b7080000000000000301090292"], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.109350575s ago: executing program 37 (id=2183):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
sendmmsg$inet(r1, &(0x7f0000006bc0)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f00000000c0)='c', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000037c0)=[{&(0x7f0000001340)="0e", 0x1}], 0x1}}], 0x2, 0x44083)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b7080000000000000301090292"], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.100755974s ago: executing program 1 (id=2185):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x9, 0x0, 0x1, 0x400}, 0x36, [0xfffffffe, 0xb, 0x0, 0x0, 0x1, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x9f1, 0x7, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffd, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffff8, 0x0, 0x0, 0x1, 0x3f8, 0x10, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x2, 0x0, 0x0, 0xffffbffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55], [0x0, 0x0, 0x6, 0x5d71, 0x0, 0xbd8f, 0x0, 0x4, 0x0, 0xfffffffd, 0xff, 0x5, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10001, 0x810, 0x6, 0x0, 0x7, 0x800000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffff, 0xffffffff, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x6, 0x0, 0x1, 0x1d, 0x0, 0x0, 0x4, 0x2000000], [0x4, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80000000, 0x4, 0xffff, 0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1000, 0x0, 0x5, 0x4000, 0x2001, 0xfffffffd, 0x80, 0xfffffffc, 0xffffffff, 0x0, 0x0, 0x0, 0x8f4, 0x400000, 0x0, 0x0, 0x10200000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x4]}, 0x45c)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c602b0304000e0580a7b6070d63e286a5cefe", 0x5ac)

1.099941279s ago: executing program 7 (id=2186):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@fowner_eq}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@fsname={'fsname', 0x3d, '.'}}, {@subj_type={'subj_type', 0x3d, '/)/-:$//('}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ")
chdir(&(0x7f0000000040)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x112)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

1.063103932s ago: executing program 6 (id=2187):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x48980, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x20000000009)

993.687772ms ago: executing program 6 (id=2188):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000440)={0x0, 0xfffffffc, 0xffdffff8, 0xa, 0x8, "ff000000000000000000000000000200"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0))
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000200)={0xfffe, 0x81, 0x8, 0xb3, 0xb, "01000000000600"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x1)

892.846778ms ago: executing program 1 (id=2189):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r3, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r4, 0x3000003, 0x2011, r3, 0x0)

892.323704ms ago: executing program 6 (id=2190):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="500000001000370400000000ffdbdf2500000000", @ANYRES32=r3, @ANYBLOB="01f5050000000000300012800b00010067656e6576650000200002800500040001000000140007"], 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x40800, &(0x7f0000000080)={0x11, 0x8100, r3, 0x1, 0x5, 0x6, @link_local}, 0x14)

641.335749ms ago: executing program 7 (id=2191):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x80c8d0, &(0x7f0000000140)=ANY=[], 0x1, 0x34f, &(0x7f00000004c0)="$eJzs3M1vG0UYx/FfjO04qZr1AYE4oD4SF7isknDigrBQKyEiUYUa8SIhts0GrCx25LWCjBBpT1w4IP4IDlWPvVWC/gO5cOOAuHDLBYkDPSAWed+8bpzEdes2L9+PVO00M8/ubGazemalmf0Pf/hyazN0N72eSjXTnCQ9kOoqKTOXHktxuaq6hm7qtQt///by+x99/G5jbe3yutmVxrXXV81s6dLPX32zkDa7N6+9+qf7f63+uffC3kv7/137ohVaK7R2p2eeXe/80fOuB75ttMIt1+xq4Huhb6126HeT+mhXCnzbDDrb233z2gsXF7e7fhia1+7blt+3Xsd63b55n3uttrmuaxcXdbz5CdqcZc3b6+teI/3PG889WvCNWfQIjyca80h3uw1vMLYLB2qat59OrwAAwEmS5v95tl8apPTH5P9Fef5fTvL/3yUV8v879fu9Cx/cXUrz/3vVQf4vFfL/z/JT1WQbpTz/r0ka5v+dZH6Q5/8bTyb/P5gRnW7fjw6OoigvVse1H8n/cUYN8v/F9O83duuTO8txgfwfAAAAAAAAAAAAAAAAAAAAAIDT4EEUOVEUOckxWwEeOfPxghwpSusPCX/EJeM4aUbHf/hvwvHHKTfcuKO8JAXf7TR3mskxbXBfUiBfy3L0b/w8pAbl6k0rrqL7JdhN43d3msmrobGpVhy/Ikf1h+Oj6Mo7a5dXzLJdCwrxFS0W41fl6Hlpfkz8qiXy61cGx6pefaUQ78rRrzfUUaCNdGVcFv/titnb763ZaP8X4nYAAAAAAJwFruXq2fy3uIWg6x6sT+bHSX0yvy5r/PeBZH69/PD8PI4vq1R+VncNAAAAAMD5Eva/3vKCwO/OqHBL0lFtyprN1YffMCaNyjbIPaTNnOaefFdrkuJCdvHpzjPo2xRXr4ytqkz0GytN1dVL1ckHpXpoVfbZ6LBwXZ1mLCInHYvHGNMXf/zpn6PbJF/GpElO+Obd2jF3esQjUT6qTfW4O62MvCRKs30HAQAAAHg6hkl/9pO3pMqz7RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfNrPf/K+4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJx3/wcAAP//QOD4ig==")
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0xffffffffffffffff}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x7, 0x6}, 0x10)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r6, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
close_range(r3, 0xffffffffffffffff, 0x0)
syz_clone(0xc001200, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000080)={0x8d0c, <r9=>0xffffffffffffffff, 'id1\x00'})
getsockopt$inet_udp_int(r9, 0x11, 0x65, &(0x7f0000000000), &(0x7f0000000100)=0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)

472.758661ms ago: executing program 1 (id=2192):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x02\x00', 0x40040, 0x6ab858183a7ef6ba)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r0, &(0x7f0000000400)=""/4096, 0x1000)

276.753009ms ago: executing program 0 (id=2193):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1a42028, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x49c002, 0x1)
io_setup(0x20fe, &(0x7f0000000540)=<r1=>0x0)
io_submit(r1, 0x3, &(0x7f0000002680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)='p', 0x8200, 0x600}])
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x2d, 0xe, 0x40000002, 0x7f, 0x9, 0x0, 0xb, 0x0, 0x0, 0x10, 0xffff}}, 0x50)

79.67964ms ago: executing program 6 (id=2194):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x5c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x4}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x5, 0x800, 0x1, 0x1aa2, 0xc}}, {0x4}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1d4}, 0x8840)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'team_slave_0\x00', 0x0})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 1 (id=2195):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x3})
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x3, 0x1, 0x246, 0x7ffffff7ffffffff, 0xfffffffffffffffa, 0xffffffffffffffff, 0xfffffffffffffff9, 0x7fff, 0x9b})
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141442, 0x40)
fallocate(r0, 0x1, 0xffc, 0x9)

kernel console output (not intermixed with test programs):

sb-us122l failed with error -22
[  443.773689][T15583] usb 7-1: USB disconnect, device number 5
[  443.853936][T15993] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  443.960307][T17692] loop1: detected capacity change from 0 to 1024
[  444.393186][T17716] batadv_slave_1: entered promiscuous mode
[  444.436443][T17715] batadv_slave_1: left promiscuous mode
[  444.633931][T17723] loop1: detected capacity change from 0 to 128
[  444.936957][T17698] loop0: detected capacity change from 0 to 131072
[  444.952870][T17698] F2FS-fs (loop0): Test dummy encryption mode enabled
[  445.048186][T17698] F2FS-fs (loop0): invalid crc value
[  445.297321][T17728] syz.1.1561: attempt to access beyond end of device
[  445.297321][T17728] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[  445.429098][T17698] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  445.442478][T17698] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  445.702367][T17701] loop7: detected capacity change from 0 to 32768
[  445.987785][T17701] JBD2: Ignoring recovery information on journal
[  446.036579][T17701] jbd2_journal_bmap: journal block not found at offset 32 on loop7-75
[  446.121167][T17701] JBD2: bad block at offset 32
[  446.136361][T17701] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  446.499757][T14917] ocfs2: Unmounting device (7,7) on (node local)
[  446.616666][T17748] loop1: detected capacity change from 0 to 40427
[  446.660865][T17748] F2FS-fs (loop1): build fault injection rate: 771
[  446.690112][T17748] F2FS-fs (loop1): invalid crc value
[  446.869891][T17748] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  446.894462][T17748] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  447.020889][   T29] audit: type=1804 audit(1773793745.727:31): pid=17748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1563" name="/newroot/356/file1/bus" dev="loop1" ino=10 res=1 errno=0
[  447.407682][T17799] loop0: detected capacity change from 0 to 512
[  447.584972][T17799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  447.636376][T17799] ext4 filesystem being mounted at /344/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  447.746995][ T5843] syz-executor: attempt to access beyond end of device
[  447.746995][ T5843] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  447.779584][   T29] audit: type=1800 audit(1773793746.487:32): pid=17799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1564" name="file1" dev="loop0" ino=15 res=0 errno=0
[  447.800087][ T5843] CPU: 0 UID: 0 PID: 5843 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  447.800115][ T5843] Tainted: [L]=SOFTLOCKUP
[  447.800120][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  447.800129][ T5843] Call Trace:
[  447.800135][ T5843]  <TASK>
[  447.800142][ T5843]  dump_stack_lvl+0xe8/0x150
[  447.800168][ T5843]  f2fs_handle_critical_error+0x37c/0x540
[  447.800195][ T5843]  f2fs_write_end_io+0x1274/0x1740
[  447.800236][ T5843]  __submit_merged_bio+0x256/0x700
[  447.800263][ T5843]  __submit_merged_write_cond+0x3c9/0x4e0
[  447.800289][ T5843]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  447.800330][ T5843]  f2fs_write_data_pages+0x287e/0x34f0
[  447.800385][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  447.800418][ T5843]  ? __pfx_css_rstat_updated+0x10/0x10
[  447.800466][ T5843]  ? mod_memcg_lruvec_state+0x208/0x220
[  447.800489][ T5843]  ? lru_gen_update_size+0x7c7/0xd10
[  447.800521][ T5843]  ? __lock_acquire+0x6b5/0x2cf0
[  447.800560][ T5843]  ? filemap_get_folios_tag+0x118/0x720
[  447.800583][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  447.800605][ T5843]  do_writepages+0x32e/0x550
[  447.800632][ T5843]  ? do_raw_spin_unlock+0xf5/0x210
[  447.800655][ T5843]  filemap_fdatawrite+0x1e9/0x2f0
[  447.800677][ T5843]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  447.800735][ T5843]  ? do_raw_spin_unlock+0xf5/0x210
[  447.800758][ T5843]  f2fs_sync_dirty_inodes+0x30e/0x860
[  447.800794][ T5843]  f2fs_write_checkpoint+0x9df/0x26a0
[  447.800838][ T5843]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  447.800894][ T5843]  ? kfree+0x1c5/0x650
[  447.800919][ T5843]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  447.800944][ T5843]  kill_f2fs_super+0x314/0x720
[  447.800971][ T5843]  ? __pfx_kill_f2fs_super+0x10/0x10
[  447.801005][ T5843]  ? lockdep_hardirqs_on+0x7a/0x110
[  447.801036][ T5843]  deactivate_locked_super+0xbc/0x130
[  447.801060][ T5843]  cleanup_mnt+0x437/0x4d0
[  447.801075][ T5843]  ? _raw_spin_unlock_irq+0x23/0x50
[  447.801095][ T5843]  task_work_run+0x1d9/0x270
[  447.801119][ T5843]  ? __pfx_task_work_run+0x10/0x10
[  447.801147][ T5843]  exit_to_user_mode_loop+0xed/0x480
[  447.801167][ T5843]  ? rcu_is_watching+0x15/0xb0
[  447.801188][ T5843]  do_syscall_64+0x32d/0xf80
[  447.801205][ T5843]  ? trace_irq_disable+0x3b/0x150
[  447.801222][ T5843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.801238][ T5843]  ? clear_bhb_loop+0x40/0x90
[  447.801257][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.801272][ T5843] RIP: 0033:0x7f0733b9d9d7
[  447.801289][ T5843] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  447.801301][ T5843] RSP: 002b:00007fffd8641b28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  447.801318][ T5843] RAX: 0000000000000000 RBX: 00007f0733c32050 RCX: 00007f0733b9d9d7
[  447.801329][ T5843] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd8641be0
[  447.801337][ T5843] RBP: 00007fffd8641be0 R08: 00007fffd8642be0 R09: 00000000ffffffff
[  447.801347][ T5843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd8642c70
[  447.801357][ T5843] R13: 00007f0733c32050 R14: 000000000006d30c R15: 00007fffd8642cb0
[  447.801385][ T5843]  </TASK>
[  447.803241][ T5843] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  448.126425][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.599674][T17840] loop6: detected capacity change from 0 to 2048
[  449.644705][T17840] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  449.676531][T17852] loop8: detected capacity change from 0 to 256
[  449.714504][T17852] FAT-fs (loop8): Directory bread(block 64) failed
[  449.727236][T17849] loop7: detected capacity change from 0 to 4096
[  449.730480][T17852] FAT-fs (loop8): Directory bread(block 65) failed
[  449.765003][   T29] audit: type=1804 audit(1773793748.437:33): pid=17840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1574" name="/newroot/79/file1/file1" dev="loop6" ino=1415 res=1 errno=0
[  449.772178][T17852] FAT-fs (loop8): Directory bread(block 66) failed
[  449.826353][T17849] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  449.856102][T17849] EXT4-fs (loop7): Test dummy encryption mode enabled
[  449.877420][T17852] FAT-fs (loop8): Directory bread(block 67) failed
[  449.904981][T17852] FAT-fs (loop8): Directory bread(block 68) failed
[  449.931908][T17852] FAT-fs (loop8): Directory bread(block 69) failed
[  449.955362][T17852] FAT-fs (loop8): Directory bread(block 70) failed
[  449.986013][T17852] FAT-fs (loop8): Directory bread(block 71) failed
[  450.000144][T17849] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.021611][T17849] EXT4-fs (loop7): shut down requested (1)
[  450.029777][T17849] EXT4-fs warning (device loop7): ext4_empty_dir:3097: inode #12: comm syz.7.1575: directory missing '..'
[  450.030063][T17852] FAT-fs (loop8): Directory bread(block 72) failed
[  450.070014][T17852] FAT-fs (loop8): Directory bread(block 73) failed
[  450.093234][T14917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.217567][T17871] raw_sendmsg: syz.0.1580 forgot to set AF_INET. Fix it!
[  450.525593][T17887] loop8: detected capacity change from 0 to 7
[  450.541552][ T5996] Dev loop8: unable to read RDB block 7
[  450.550809][ T5996]  loop8: unable to read partition table
[  450.556951][ T5996] loop8: partition table beyond EOD, truncated
[  450.592996][T17887] Dev loop8: unable to read RDB block 7
[  450.601061][T17887]  loop8: unable to read partition table
[  450.612830][T17887] loop8: partition table beyond EOD, truncated
[  450.628304][T17887] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  450.723283][T17898] loop8: detected capacity change from 0 to 128
[  450.749531][   T24] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  450.768397][T17898] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  450.805401][T17898] hpfs: filesystem error: improperly stopped
[  450.823784][T17903] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1587'.
[  450.839811][T17898] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  450.843016][T17861] loop1: detected capacity change from 0 to 32768
[  450.856454][T17898] hpfs: You really don't want any checks? You are crazy...
[  450.889882][T17898] hpfs: hpfs_map_sector(): read error
[  450.913719][T17898] hpfs: code page support is disabled
[  450.932493][   T24] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  450.938900][T17898] hpfs: hpfs_map_4sectors(): unaligned read
[  450.948071][T17861] (syz.1.1577,17861,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  450.977236][   T24] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  450.984922][T17898] hpfs: hpfs_map_4sectors(): unaligned read
[  451.016664][T17861] (syz.1.1577,17861,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  451.026215][T17898] hpfs: filesystem error: unable to find root dir
[  451.034660][   T24] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  451.044971][T17898] 
[  451.083062][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.107571][T17861] JBD2: Ignoring recovery information on journal
[  451.131600][T17888] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  451.150657][   T24] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  451.249699][T17861] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  451.322391][T17898] hpfs: hpfs_map_4sectors(): unaligned read
[  451.397555][T17898] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at aib
[  451.456843][   T24] usb 8-1: USB disconnect, device number 5
[  451.980024][T17913] loop6: detected capacity change from 0 to 32768
[  451.988907][ T5843] ocfs2: Unmounting device (7,1) on (node local)
[  452.037768][T17913] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1590 (17913)
[  452.116220][T17913] BTRFS info (device loop6): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  452.141635][T17913] BTRFS info (device loop6): using crc32c checksum algorithm
[  452.176109][T17913] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  452.337368][T17913] BTRFS info (device loop6): rebuilding free space tree
[  452.471415][T17913] BTRFS info (device loop6): disabling free space tree
[  452.493283][T17913] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  452.497087][T17935] loop0: detected capacity change from 0 to 40427
[  452.504898][T17913] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  452.517421][T17935] F2FS-fs: heap/no_heap options were deprecated
[  452.554707][T17913] BTRFS info (device loop6): enabling ssd optimizations
[  452.563485][T17913] BTRFS info (device loop6): turning on async discard
[  452.571682][T17935] F2FS-fs (loop0): build fault injection rate: 19
[  452.581236][T17913] BTRFS info (device loop6): enabling disk space caching
[  452.581757][T17935] F2FS-fs (loop0): build fault injection type: 0x77e8c
[  452.589048][T17913] BTRFS info (device loop6): force clearing of disk cache
[  452.611138][T17935] F2FS-fs (loop0): invalid crc value
[  452.631879][T17935] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21c/0xd60
[  452.637348][T17913] BTRFS info (device loop6): use zstd compression, level 3
[  452.675212][T17935] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xb00
[  452.717934][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  453.003136][T17935] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  453.028916][T18006] loop8: detected capacity change from 0 to 256
[  453.055991][T18006] exfat: Deprecated parameter 'namecase'
[  453.078621][T17935] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  453.111895][T18006] exfat: Deprecated parameter 'namecase'
[  453.138403][T18006] exfat: Deprecated parameter 'namecase'
[  453.151280][T18006] exfat: Deprecated parameter 'namecase'
[  453.162518][T17935] F2FS-fs (loop0): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x525/0xff0
[  453.224277][T18006] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xd8f0c8a0, utbl_chksum : 0xe619d30d)
[  453.261515][T17935] F2FS-fs (loop0): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0x181/0x600
[  453.314342][T13015] BTRFS info (device loop6): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  453.332103][ T5842] syz-executor: attempt to access beyond end of device
[  453.332103][ T5842] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  453.347970][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  453.347995][ T5842] Tainted: [L]=SOFTLOCKUP
[  453.348001][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  453.348010][ T5842] Call Trace:
[  453.348016][ T5842]  <TASK>
[  453.348023][ T5842]  dump_stack_lvl+0xe8/0x150
[  453.348052][ T5842]  f2fs_handle_critical_error+0x37c/0x540
[  453.348082][ T5842]  f2fs_write_end_io+0x1274/0x1740
[  453.348119][ T5842]  __submit_merged_bio+0x256/0x700
[  453.348144][ T5842]  __submit_merged_write_cond+0x3c9/0x4e0
[  453.348170][ T5842]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  453.348210][ T5842]  f2fs_write_data_pages+0x287e/0x34f0
[  453.348266][ T5842]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  453.348300][ T5842]  ? __pfx_css_rstat_updated+0x10/0x10
[  453.348347][ T5842]  ? mod_memcg_lruvec_state+0x208/0x220
[  453.348371][ T5842]  ? __lock_acquire+0x6b5/0x2cf0
[  453.348404][ T5842]  ? __lock_acquire+0x6b5/0x2cf0
[  453.348438][ T5842]  ? do_raw_spin_lock+0x12b/0x2f0
[  453.348463][ T5842]  ? do_raw_spin_unlock+0xf5/0x210
[  453.348481][ T5842]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  453.348504][ T5842]  do_writepages+0x32e/0x550
[  453.348533][ T5842]  ? do_raw_spin_unlock+0xf5/0x210
[  453.348555][ T5842]  filemap_fdatawrite+0x1e9/0x2f0
[  453.348576][ T5842]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  453.348633][ T5842]  ? do_raw_spin_unlock+0xf5/0x210
[  453.348655][ T5842]  f2fs_sync_dirty_inodes+0x30e/0x860
[  453.348691][ T5842]  f2fs_write_checkpoint+0x9df/0x26a0
[  453.348733][ T5842]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  453.348791][ T5842]  kill_f2fs_super+0x314/0x720
[  453.348819][ T5842]  ? __pfx_kill_f2fs_super+0x10/0x10
[  453.348851][ T5842]  ? lockdep_hardirqs_on+0x7a/0x110
[  453.348880][ T5842]  deactivate_locked_super+0xbc/0x130
[  453.348904][ T5842]  cleanup_mnt+0x437/0x4d0
[  453.348919][ T5842]  ? _raw_spin_unlock_irq+0x23/0x50
[  453.348938][ T5842]  task_work_run+0x1d9/0x270
[  453.348959][ T5842]  ? __pfx_task_work_run+0x10/0x10
[  453.348986][ T5842]  exit_to_user_mode_loop+0xed/0x480
[  453.349004][ T5842]  ? rcu_is_watching+0x15/0xb0
[  453.349023][ T5842]  do_syscall_64+0x32d/0xf80
[  453.349040][ T5842]  ? trace_irq_disable+0x3b/0x150
[  453.349057][ T5842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.349073][ T5842]  ? clear_bhb_loop+0x40/0x90
[  453.349092][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.349106][ T5842] RIP: 0033:0x7fa26239d9d7
[  453.349123][ T5842] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  453.349134][ T5842] RSP: 002b:00007ffccd8c4f18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  453.349151][ T5842] RAX: 0000000000000000 RBX: 00007fa262432050 RCX: 00007fa26239d9d7
[  453.349162][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffccd8c4fd0
[  453.349171][ T5842] RBP: 00007ffccd8c4fd0 R08: 00007ffccd8c5fd0 R09: 00000000ffffffff
[  453.349181][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffccd8c6060
[  453.349191][ T5842] R13: 00007fa262432050 R14: 000000000006ea88 R15: 00007ffccd8c60a0
[  453.349220][ T5842]  </TASK>
[  453.683543][ T5842] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  453.814277][ T1650] usb 8-1: new low-speed USB device number 6 using dummy_hcd
[  453.990108][ T1650] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  454.001167][ T1650] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  454.036459][ T1650] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  454.047559][ T1650] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  454.094826][ T1650] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.116147][T18016] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  454.153898][ T1650] hub 8-1:1.0: bad descriptor, ignoring hub
[  454.173908][ T1650] hub 8-1:1.0: probe with driver hub failed with error -5
[  454.203446][ T1650] cdc_wdm 8-1:1.0: skipping garbage
[  454.223039][ T1650] cdc_wdm 8-1:1.0: skipping garbage
[  454.255134][ T1650] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  454.271492][ T1650] cdc_wdm 8-1:1.0: Unknown control protocol
[  454.341933][T18007] loop1: detected capacity change from 0 to 32768
[  454.380719][T18007] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1599 (18007)
[  454.476985][T18007] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  454.511182][T18007] BTRFS info (device loop1): using sha256 checksum algorithm
[  454.537288][T18053] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  454.540789][ T1650] usb 8-1: USB disconnect, device number 6
[  454.552269][T18016] cdc_wdm 8-1:1.0: Error autopm - -16
[  455.295844][T18079] syz.6.1606: attempt to access beyond end of device
[  455.295844][T18079] loop6: rw=2049, sector=145, nr_sectors = 363 limit=128
[  455.443108][T18007] BTRFS info (device loop1): enabling ssd optimizations
[  455.455008][T18007] BTRFS info (device loop1): turning on async discard
[  455.480670][T18007] BTRFS info (device loop1): enabling free space tree
[  455.519097][T18097] ALSA: mixer_oss: invalid OSS volume 'syz_t'
[  455.588486][ T1650] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  455.722667][ T5843] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  455.795152][ T1650] usb 8-1: Using ep0 maxpacket: 8
[  455.848654][ T1650] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  455.868430][ T1650] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  455.869218][ T5853] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  455.915047][ T1650] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  455.947110][T18116] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1614'.
[  455.948372][ T1650] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  456.009234][ T1650] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  456.027824][ T1650] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.097604][ T1650] hub 8-1:1.0: bad descriptor, ignoring hub
[  456.106220][ T1650] hub 8-1:1.0: probe with driver hub failed with error -5
[  456.123340][ T5853] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  456.128590][ T1650] cdc_wdm 8-1:1.0: skipping garbage
[  456.160232][ T5853] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  456.175257][ T5853] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  456.183492][ T1650] cdc_wdm 8-1:1.0: skipping garbage
[  456.194609][ T5853] usb 7-1: SerialNumber: syz
[  456.211345][ T1650] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  456.248173][ T1650] cdc_wdm 8-1:1.0: Unknown control protocol
[  456.254549][T18106] set_capacity_and_notify: 1 callbacks suppressed
[  456.254563][T18106] loop8: detected capacity change from 0 to 32768
[  456.309982][   T24] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  456.323035][T18106] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1611 (18106)
[  456.418775][T18106] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  456.433089][T18106] BTRFS info (device loop8): using sha256 checksum algorithm
[  456.469364][  T808] usb 8-1: USB disconnect, device number 7
[  456.492781][   T24] usb 1-1: Using ep0 maxpacket: 8
[  456.547255][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  456.611537][   T24] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  456.630559][T18106] BTRFS info (device loop8): enabling ssd optimizations
[  456.636672][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.652705][T18106] BTRFS info (device loop8): turning on async discard
[  456.688440][T18106] BTRFS info (device loop8): enabling free space tree
[  456.723596][   T24] usb 1-1: config 0 descriptor??
[  456.795678][T18174] loop1: detected capacity change from 0 to 1024
[  456.851500][T15993] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  456.887633][T18174] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  456.956021][ T5853] cdc_ether 7-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.6-1, CDC Ethernet Device, 42:42:42:42:42:42
[  456.970113][   T24] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  456.997354][   T29] audit: type=1800 audit(1773793755.697:34): pid=18174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1618" name="file1" dev="loop1" ino=15 res=0 errno=0
[  457.247490][   T29] audit: type=1326 audit(1773793755.957:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18192 comm="syz.7.1621" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f562799c799 code=0x0
[  457.263229][   T24] usb 7-1: USB disconnect, device number 6
[  457.330485][T18174] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 25 vs 161808409 free clusters
[  457.362002][   T24] cdc_ether 7-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.6-1, CDC Ethernet Device
[  457.371584][T18174] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 512 with max blocks 1 with error 28
[  457.371792][T18174] EXT4-fs (loop1): This should not happen!! Data will be lost
[  457.371792][T18174] 
[  457.371807][T18174] EXT4-fs (loop1): Total free blocks count 0
[  457.371820][T18174] EXT4-fs (loop1): Free/Dirty block details
[  457.371872][T18174] EXT4-fs (loop1): free_blocks=2588934144
[  457.371921][T18174] EXT4-fs (loop1): dirty_blocks=32
[  457.371933][T18174] EXT4-fs (loop1): Block reservation details
[  457.410252][T18206] loop8: detected capacity change from 0 to 128
[  457.466848][T18174] EXT4-fs (loop1): i_reserved_data_blocks=2
[  457.489713][ T1650] usb 1-1: USB disconnect, device number 24
[  457.708911][   T35] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  458.414965][T18244] loop8: detected capacity change from 0 to 1024
[  458.498311][T18244] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  458.652513][T18260] loop7: detected capacity change from 0 to 128
[  458.697749][T18260] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  458.784280][T18260] hpfs: filesystem error: improperly stopped
[  458.832032][T18260] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  458.871857][T18260] hpfs: You really don't want any checks? You are crazy...
[  458.923064][T18260] hpfs: hpfs_map_sector(): read error
[  458.956926][T18274] ipvlan3: entered promiscuous mode
[  458.967350][T18260] hpfs: code page support is disabled
[  458.992290][T15993] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.003336][T18260] hpfs: hpfs_map_4sectors(): unaligned read
[  459.026110][T18260] hpfs: hpfs_map_4sectors(): unaligned read
[  459.082004][T18260] hpfs: filesystem error: unable to find root dir
[  459.237390][T18260] hpfs: hpfs_map_4sectors(): unaligned read
[  459.348159][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  459.395294][T18297] loop0: detected capacity change from 0 to 512
[  459.415988][T18297] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  459.487490][T18297] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  459.508352][T18297] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  459.642848][   T24] usb 7-1: Using ep0 maxpacket: 8
[  459.653511][   T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  459.686381][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  459.745753][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  459.768404][T18308] loop7: detected capacity change from 0 to 128
[  459.795142][   T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  459.866559][   T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  459.895038][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.662719][T18291] loop8: detected capacity change from 0 to 32768
[  460.676623][T18324] loop1: detected capacity change from 0 to 128
[  460.697092][T18291] XFS (loop8): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  460.715114][T18324] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  460.748330][   T24] usb 7-1: GET_CAPABILITIES returned 0
[  460.758979][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  460.764071][T18324] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  460.782781][T18283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  460.801028][   T24] usbtmc 7-1:16.0: can't read capabilities
[  460.832867][T18283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  460.848995][T18291] XFS (loop8): Ending clean mount
[  460.906360][   T24] usb 7-1: USB disconnect, device number 7
[  461.142882][T18350] loop7: detected capacity change from 0 to 32768
[  461.194407][T18365] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_vlan, syncid = 0, id = 0
[  461.227842][T18350] JBD2: Ignoring recovery information on journal
[  461.235749][T18350] jbd2_journal_bmap: journal block not found at offset 32 on loop7-75
[  461.244203][T18350] JBD2: bad block at offset 32
[  461.286702][T18350] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  461.335687][T18350] OCFS2: ERROR (device loop7): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 65 has invalid tree depth 312 in extent list
[  461.355508][T18350] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  461.365581][T18350] OCFS2: File system is now read-only.
[  461.371109][T18350] (syz.7.1639,18350,0):ocfs2_find_leaf:1949 ERROR: status = -30
[  461.381491][T18350] (syz.7.1639,18350,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  461.390112][T18350] (syz.7.1639,18350,0):ocfs2_get_clusters:634 ERROR: status = -30
[  461.397942][T18350] (syz.7.1639,18350,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -30
[  461.406606][T18350] (syz.7.1639,18350,0):ocfs2_read_virt_blocks:1005 ERROR: status = -30
[  461.415683][T18350] (syz.7.1639,18350,0):ocfs2_read_dir_block:524 ERROR: status = -30
[  461.534091][T15993] XFS (loop8): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  461.545144][   T35] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  461.860897][T14917] ocfs2: Unmounting device (7,7) on (node local)
[  461.973789][T18384] bridge0: port 3(syz_tun) entered blocking state
[  462.043094][T18384] bridge0: port 3(syz_tun) entered disabled state
[  462.077796][T18384] syz_tun: entered allmulticast mode
[  462.083719][ T1650] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  462.197653][T18384] syz_tun: entered promiscuous mode
[  462.227862][T18384] bridge0: port 3(syz_tun) entered blocking state
[  462.238009][T18384] bridge0: port 3(syz_tun) entered forwarding state
[  462.278434][ T1650] usb 2-1: config index 0 descriptor too short (expected 39, got 27)
[  462.317622][T18371] loop0: detected capacity change from 0 to 131072
[  462.318623][ T1650] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  462.352275][T18371] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name
[  462.365258][T18371] F2FS-fs (loop0): invalid crc value
[  462.507392][ T1650] usb 2-1: config 0 interface 0 has no altsetting 0
[  462.520281][T18371] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  462.534259][T18371] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b
[  462.585416][T18371] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=ba0003, run fsck to fix.
[  462.587211][ T1650] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  462.709871][ T1650] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  462.763826][ T1650] usb 2-1: Product: syz
[  462.784881][ T1650] usb 2-1: Manufacturer: syz
[  462.810412][ T1650] usb 2-1: SerialNumber: syz
[  462.849789][ T1650] usb 2-1: config 0 descriptor??
[  462.880756][ T1650] hub 2-1:0.0: bad descriptor, ignoring hub
[  462.907898][ T1650] hub 2-1:0.0: probe with driver hub failed with error -5
[  462.959053][ T1650] usb 2-1: selecting invalid altsetting 0
[  462.970900][T18416] loop6: detected capacity change from 0 to 4096
[  463.043081][T18419] loop8: detected capacity change from 0 to 128
[  463.069830][   T47] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  463.260219][   T47] usb 8-1: Using ep0 maxpacket: 32
[  463.280856][   T47] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  463.331821][   T47] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  463.866827][   T47] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  463.977174][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  463.987316][   T47] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  463.999005][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  464.009301][   T47] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  464.022185][   T47] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  464.047919][   T47] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  464.086555][   T47] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.226241][   T47] usb 8-1: config 0 descriptor??
[  464.457493][   T47] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  464.533515][ T1650] usb 2-1: reset high-speed USB device number 28 using dummy_hcd
[  464.702510][   T47] usb 8-1: USB disconnect, device number 8
[  464.766757][   T47] usblp0: removed
[  464.818276][ T1650] usb 2-1: device firmware changed
[  464.828300][ T5925] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  464.895658][ T1650] usb 2-1: USB disconnect, device number 28
[  464.999892][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  465.043628][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  465.073951][ T5925] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  465.083934][T18479] loop6: detected capacity change from 0 to 32768
[  465.104824][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.130771][T18479] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  465.147230][ T5925] usb 1-1: config 0 descriptor??
[  465.210670][T18479] XFS (loop6): Ending clean mount
[  465.845930][T18528] loop1: detected capacity change from 0 to 32768
[  465.882226][T18528] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  465.945168][T18526] loop7: detected capacity change from 0 to 65536
[  465.963804][T18526] XFS (loop7): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  465.975790][ T5925] cm6533_jd 0003:0D8C:0022.001D: unknown main item tag 0x0
[  465.986560][T18528] XFS (loop1): Ending clean mount
[  465.995294][ T5925] cm6533_jd 0003:0D8C:0022.001D: unknown main item tag 0x0
[  466.027751][T18526] XFS (loop7): Ending clean mount
[  466.032970][T18528] XFS (loop1): Quotacheck needed: Please wait.
[  466.054304][T18526] XFS (loop7): Quotacheck needed: Please wait.
[  466.090020][ T5925] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.001D/input/input23
[  466.256756][T18526] XFS (loop7): Quotacheck: Done.
[  466.283148][T13015] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  466.306841][ T5925] cm6533_jd 0003:0D8C:0022.001D: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  466.362717][T18562] loop0: detected capacity change from 0 to 512
[  466.429314][T14917] XFS (loop7): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  466.472466][ T5925] usb 1-1: USB disconnect, device number 25
[  466.515488][T18564] fido_id[18564]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  466.522751][T18528] XFS (loop1): Quotacheck: Done.
[  466.827844][T18580] loop0: detected capacity change from 0 to 64
[  467.396506][T18528] XFS (loop1): User initiated shutdown received.
[  467.444975][T18528] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x105/0x150 (fs/xfs/xfs_fsops.c:456).  Shutting down filesystem.
[  467.466153][T18528] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  467.563547][T18612] loop0: detected capacity change from 0 to 128
[  467.619564][T18617] loop6: detected capacity change from 0 to 512
[  467.710652][T18612] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  467.735142][ T5843] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  467.830968][T18612] ext4 filesystem being mounted at /370/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  468.023654][T18612] EXT4-fs error (device loop0): dx_make_map:1296: inode #2: block 20: comm syz.0.1667: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[  468.111509][T18612] EXT4-fs error (device loop0) in do_split:2027: Corrupt filesystem
[  468.154709][T18640] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  468.297793][ T5842] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  468.482647][T18662] loop8: detected capacity change from 0 to 128
[  468.554340][T18662] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  469.063031][T18659] UDF-fs: error (device loop8): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  469.089519][T18662] UDF-fs: error (device loop8): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  469.505796][T18667] loop0: detected capacity change from 0 to 32768
[  469.538657][T18667] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1676 (18667)
[  469.616753][T18667] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  469.669837][T18667] BTRFS info (device loop0): using crc32c checksum algorithm
[  469.822540][T18667] BTRFS info (device loop0): rebuilding free space tree
[  469.865192][T18686] loop6: detected capacity change from 0 to 32768
[  469.905297][T18686] XFS (loop6): DAX unsupported by block device. Turning off DAX.
[  469.971944][T18667] BTRFS info (device loop0): checking UUID tree
[  469.996349][T18686] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  470.028749][T18667] BTRFS info (device loop0): allowing degraded mounts
[  470.042220][T18667] BTRFS info (device loop0): enabling ssd optimizations
[  470.050110][T18667] BTRFS info (device loop0): enabling free space tree
[  470.057043][T18667] BTRFS info (device loop0): force clearing of disk cache
[  470.064703][T18667] BTRFS info (device loop0): force zlib compression, level 3
[  470.212899][T18686] XFS (loop6): Ending clean mount
[  470.253207][   T29] audit: type=1800 audit(1773793768.967:36): pid=18780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1676" name="file1" dev="loop0" ino=260 res=0 errno=0
[  470.347936][T18686] XFS (loop6): Quotacheck needed: Please wait.
[  470.548268][   T47] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  470.588634][T18793] loop8: detected capacity change from 0 to 1024
[  470.760342][   T29] audit: type=1800 audit(1773793769.477:37): pid=18793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1694" name="file1" dev="loop8" ino=20 res=0 errno=0
[  470.762022][T18686] XFS (loop6): Quotacheck: Done.
[  470.819168][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  470.876477][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  470.919381][   T47] usb 8-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  470.953069][   T47] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.986747][ T5842] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  471.034480][   T47] usb 8-1: config 0 descriptor??
[  471.239368][T13015] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  471.425664][T18822] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1698'.
[  471.492556][   T47] elan 0003:04F3:0755.001E: unknown main item tag 0x0
[  471.531713][   T47] elan 0003:04F3:0755.001E: unknown main item tag 0x0
[  471.561690][   T47] elan 0003:04F3:0755.001E: unknown main item tag 0x0
[  471.621422][   T47] elan 0003:04F3:0755.001E: unknown main item tag 0x0
[  471.636319][   T47] elan 0003:04F3:0755.001E: unknown main item tag 0x0
[  471.659055][   T47] elan 0003:04F3:0755.001E: failed to start in urb: -90
[  471.758631][   T47] elan 0003:04F3:0755.001E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.7-1/input0
[  471.841684][   T47] usb 8-1: USB disconnect, device number 9
[  471.992189][T18842] fido_id[18842]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory
[  472.023973][T18854] overlayfs: overlapping lowerdir path
[  472.934019][T18880] loop8: detected capacity change from 0 to 64
[  472.981518][   T29] audit: type=1800 audit(1773793771.687:38): pid=18880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1702" name="file1" dev="loop8" ino=22 res=0 errno=0
[  473.182661][T18900] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1706'.
[  473.208175][   T47] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  473.293126][T18909] loop7: detected capacity change from 0 to 128
[  473.369012][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  473.380452][T18909] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  473.414473][T18912] loop8: detected capacity change from 0 to 8192
[  473.415599][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.453759][T18909] ext4 filesystem being mounted at /73/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  473.481362][   T29] audit: type=1800 audit(1773793772.197:39): pid=18912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1707" name="file2" dev="loop8" ino=1048837 res=0 errno=0
[  473.513637][T18912] syz.8.1707: attempt to access beyond end of device
[  473.513637][T18912] loop8: rw=8388608, sector=57847, nr_sectors = 1 limit=8192
[  473.539115][   T47] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  473.548484][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.562685][T18912] Buffer I/O error on dev loop8, logical block 57847, async page read
[  473.564403][   T47] usb 1-1: config 0 descriptor??
[  473.630977][T18912] syz.8.1707: attempt to access beyond end of device
[  473.630977][T18912] loop8: rw=8388608, sector=57847, nr_sectors = 1 limit=8192
[  473.656099][T14917] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  473.662128][T18912] Buffer I/O error on dev loop8, logical block 57847, async page read
[  473.749574][T18932] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0
[  473.810471][T18926] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  473.844127][T18926] FAT-fs (loop8): Filesystem has been set read-only
[  473.899823][T18926] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  474.053966][   T47] elan 0003:04F3:0755.001F: unknown main item tag 0x0
[  474.063348][   T47] elan 0003:04F3:0755.001F: unknown main item tag 0x0
[  474.074845][   T47] elan 0003:04F3:0755.001F: unknown main item tag 0x0
[  474.130113][   T47] elan 0003:04F3:0755.001F: unknown main item tag 0x0
[  474.137074][   T47] elan 0003:04F3:0755.001F: unknown main item tag 0x0
[  474.177226][   T47] elan 0003:04F3:0755.001F: failed to start in urb: -90
[  474.232609][   T47] elan 0003:04F3:0755.001F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  474.272590][   T47] usb 1-1: USB disconnect, device number 26
[  474.317146][T18952] loop7: detected capacity change from 0 to 2048
[  474.475519][T18967] fido_id[18967]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  474.501930][T18979] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  474.627361][   T29] audit: type=1800 audit(1773793773.337:40): pid=18952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1714" name="file1" dev="loop7" ino=15 res=0 errno=0
[  474.869235][T18948] loop1: detected capacity change from 0 to 32768
[  474.910628][T18948] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  474.947698][T18989] loop8: detected capacity change from 0 to 4096
[  474.968228][T18948] JBD2: Ignoring recovery information on journal
[  474.976337][T18979] NILFS (loop7): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  475.014374][T18979] NILFS error (device loop7): nilfs_bmap_propagate: broken bmap (inode number=4)
[  475.028192][   T47] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  475.072011][T18979] Remounting filesystem read-only
[  475.088803][T18999] loop0: detected capacity change from 0 to 128
[  475.137853][T18948] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  475.201286][   T47] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  475.221955][   T47] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  475.245756][T14917] NILFS (loop7): disposed unprocessed dirty file(s) when stopping log writer
[  475.245913][   T47] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  475.273804][   T47] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  475.291686][   T47] usb 7-1: SerialNumber: syz
[  475.429928][ T1052] ntfs3(loop8): ino=5, mi_enum_attr
[  475.548045][   T47] usb 7-1: 0:2 : does not exist
[  475.731797][   T47] usb 7-1: USB disconnect, device number 8
[  475.951009][ T5843] ocfs2: Unmounting device (7,1) on (node local)
[  476.250278][T19042] syz.0.1719: attempt to access beyond end of device
[  476.250278][T19042] loop0: rw=2049, sector=145, nr_sectors = 363 limit=128
[  477.281144][T19081] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  477.315118][T19088] loop7: detected capacity change from 0 to 256
[  477.411934][T19088] FAT-fs (loop7): Directory bread(block 64) failed
[  477.448362][T19088] FAT-fs (loop7): Directory bread(block 65) failed
[  477.475093][T19088] FAT-fs (loop7): Directory bread(block 66) failed
[  477.513497][T19088] FAT-fs (loop7): Directory bread(block 67) failed
[  477.554849][T19088] FAT-fs (loop7): Directory bread(block 68) failed
[  477.581788][T19088] FAT-fs (loop7): Directory bread(block 69) failed
[  477.599862][T19088] FAT-fs (loop7): Directory bread(block 70) failed
[  477.658291][T19088] FAT-fs (loop7): Directory bread(block 71) failed
[  477.675571][T19088] FAT-fs (loop7): Directory bread(block 72) failed
[  477.696665][T19088] FAT-fs (loop7): Directory bread(block 73) failed
[  477.773589][T19073] loop8: detected capacity change from 0 to 32768
[  477.806181][T19073] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  477.840439][ T1650] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  477.935490][T19073] XFS (loop8): Ending clean mount
[  477.942919][T19088] syz.7.1732: attempt to access beyond end of device
[  477.942919][T19088] loop7: rw=2049, sector=1224, nr_sectors = 12 limit=256
[  477.982212][T19073] XFS (loop8): Quotacheck needed: Please wait.
[  478.009587][ T1650] usb 1-1: Using ep0 maxpacket: 8
[  478.021105][ T1650] usb 1-1: unable to get BOS descriptor or descriptor too short
[  478.034570][ T1650] usb 1-1: config 4 interface 0 has no altsetting 0
[  478.058737][ T1650] usb 1-1: string descriptor 0 read error: -22
[  478.072673][ T1650] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  478.095629][ T1650] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  478.146842][ T1650] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  478.157474][T19073] XFS (loop8): Quotacheck: Done.
[  478.163025][T19122] syz.7.1732: attempt to access beyond end of device
[  478.163025][T19122] loop7: rw=8390657, sector=1236, nr_sectors = 4 limit=256
[  478.181364][T19122] Buffer I/O error on dev loop7, logical block 309, lost async page write
[  478.191940][T19122] syz.7.1732: attempt to access beyond end of device
[  478.191940][T19122] loop7: rw=2049, sector=1240, nr_sectors = 104 limit=256
[  478.238634][T19088] syz.7.1732: attempt to access beyond end of device
[  478.238634][T19088] loop7: rw=8390657, sector=1228, nr_sectors = 4 limit=256
[  478.254547][T19088] Buffer I/O error on dev loop7, logical block 307, lost async page write
[  478.261988][ T1650] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  478.270029][T19088] syz.7.1732: attempt to access beyond end of device
[  478.270029][T19088] loop7: rw=8390657, sector=1232, nr_sectors = 4 limit=256
[  478.296672][T19088] Buffer I/O error on dev loop7, logical block 308, lost async page write
[  478.297144][ T1650] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  478.369776][ T1650] usb 1-1: media controller created
[  478.387672][ T1650] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  478.476047][ T1650] zl10353_read_register: readreg error (reg=127, ret==0)
[  478.604809][T15993] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  478.676773][T19156] loop6: detected capacity change from 0 to 128
[  478.735392][ T1650] usb 1-1: USB disconnect, device number 27
[  479.201608][T19175] netlink: 'syz.8.1739': attribute type 3 has an invalid length.
[  479.530404][T19185] syz.6.1740: attempt to access beyond end of device
[  479.530404][T19185] loop6: rw=2049, sector=145, nr_sectors = 363 limit=128
[  479.812295][T19191] loop0: detected capacity change from 0 to 2048
[  479.822201][T19193] loop8: detected capacity change from 0 to 128
[  479.925755][T19191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  480.024377][   T29] audit: type=1800 audit(1773793778.737:41): pid=19191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1746" name="bus" dev="loop0" ino=18 res=0 errno=0
[  480.164216][T19170] loop1: detected capacity change from 0 to 32768
[  480.201971][T19170] btrfs: Deprecated parameter 'usebackuproot'
[  480.221456][T19170] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  480.257041][T19170] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1741 (19170)
[  480.521073][T19188] loop7: detected capacity change from 0 to 131072
[  480.534941][T19188] F2FS-fs (loop7): Test dummy encryption mode enabled
[  480.548505][T19188] F2FS-fs (loop7): invalid crc value
[  480.653113][T19188] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  480.670588][T19170] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  480.688009][T19170] BTRFS info (device loop1): using crc32c checksum algorithm
[  480.694481][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.708219][T19188] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  480.876781][T19203] syz.8.1747: attempt to access beyond end of device
[  480.876781][T19203] loop8: rw=2049, sector=145, nr_sectors = 56 limit=128
[  480.943263][T19170] BTRFS info (device loop1): rebuilding free space tree
[  481.078755][T19170] BTRFS info (device loop1): enabling ssd optimizations
[  481.104276][T19170] BTRFS info (device loop1): using spread ssd allocation scheme
[  481.127616][T19170] BTRFS info (device loop1): turning on flush-on-commit
[  481.158285][T19170] BTRFS info (device loop1): enabling free space tree
[  481.178110][T19170] BTRFS info (device loop1): force clearing of disk cache
[  481.211342][T19170] BTRFS info (device loop1): trying to use backup root at mount time
[  481.234730][T19170] BTRFS info (device loop1): force zlib compression, level 3
[  481.747507][T19260] loop0: detected capacity change from 0 to 1024
[  481.753948][T19170] BTRFS info (device loop1): scrub: started on devid 1
[  481.802648][T19260] EXT4-fs: Ignoring removed bh option
[  481.865620][T19260] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  481.941633][T19260] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  482.067100][T19260] EXT4-fs (loop0): shut down requested (1)
[  482.228263][T19170] BTRFS info (device loop1): scrub: finished on devid 1 with status: 0
[  482.274317][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.508023][T19276] input: syz0 as /devices/virtual/input/input24
[  482.576817][T19256] block nbd6: shutting down sockets
[  482.753317][ T5843] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  483.078944][ T5866] Bluetooth: hci2: command 0x0406 tx timeout
[  483.164390][T19290] overlayfs: upper fs does not support file handles, falling back to index=off.
[  483.516074][T19296] loop0: detected capacity change from 0 to 4096
[  483.573788][T19296] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  483.716455][T19296] ntfs3(loop0): ino=19, mi_enum_attr
[  483.729821][T19296] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  484.135968][T19332] loop1: detected capacity change from 0 to 128
[  484.285444][T19338] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  484.331117][T19338] overlayfs: failed to set xattr on upper
[  484.354613][T19338] overlayfs: ...falling back to redirect_dir=nofollow.
[  484.385334][T19338] overlayfs: ...falling back to index=off.
[  484.633760][T19313] loop8: detected capacity change from 0 to 32768
[  484.946089][T19356] syz.1.1764: attempt to access beyond end of device
[  484.946089][T19356] loop1: rw=2049, sector=145, nr_sectors = 363 limit=128
[  485.598401][ T5966] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  485.938540][ T5966] usb 1-1: Using ep0 maxpacket: 8
[  486.032285][ T5966] usb 1-1: config 1 interface 0 has no altsetting 0
[  486.106032][ T5966] usb 1-1: string descriptor 0 read error: -22
[  486.149126][ T5966] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice= 0.40
[  486.171253][ T5966] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.296815][T19398] loop8: detected capacity change from 0 to 256
[  486.328389][  T808] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  486.332915][T19398] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  486.507544][  T808] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  486.543898][  T808] usb 8-1: config 0 has no interface number 0
[  486.564162][  T808] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  486.573695][  T808] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.582701][  T808] usb 8-1: Product: syz
[  486.587957][  T808] usb 8-1: Manufacturer: syz
[  486.597132][  T808] usb 8-1: SerialNumber: syz
[  486.615301][  T808] usb 8-1: config 0 descriptor??
[  486.623659][T19414] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check.
[  486.651953][ T5966] apple 0003:05AC:024C.0020: invalid report_size -1149171161
[  486.665288][ T5966] apple 0003:05AC:024C.0020: item 0 4 1 7 parsing failed
[  486.676240][ T5966] apple 0003:05AC:024C.0020: parse failed
[  486.684083][ T5966] apple 0003:05AC:024C.0020: probe with driver apple failed with error -22
[  486.755691][T19427] loop1: detected capacity change from 0 to 256
[  486.793405][T19427] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  486.850966][  T808] usb 8-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  486.895382][  T808] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  486.915534][ T5966] usb 1-1: USB disconnect, device number 28
[  486.936903][  T808] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  486.962671][  T808] usb 8-1: media controller created
[  486.987377][  T808] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  487.050824][T19410] loop8: detected capacity change from 0 to 32768
[  487.058747][  T808] i2c i2c-2: ec100: i2c rd failed=-32 reg=33
[  487.115285][T19410] XFS (loop8): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  487.174375][  T808] usb 8-1: USB disconnect, device number 10
[  487.179770][T19410] XFS (loop8): Ending clean mount
[  487.235651][T19471] loop1: detected capacity change from 0 to 256
[  487.246715][T19471] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  487.296083][   T29] audit: type=1800 audit(1773793786.007:42): pid=19471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1781" name="file1" dev="loop1" ino=1048845 res=0 errno=0
[  487.337345][   T29] audit: type=1800 audit(1773793786.037:43): pid=19471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1781" name="file1" dev="loop1" ino=1048845 res=0 errno=0
[  487.363658][ T1164] FAT-fs (loop1): error, invalid FAT chain (i_pos 196, last_block 8200)
[  487.377283][ T1164] FAT-fs (loop1): Filesystem has been set read-only
[  487.384992][T19471] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  487.399494][T15993] XFS (loop8): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  487.402015][T19471] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2052)
[  487.419200][T19471] FAT-fs (loop1): Filesystem has been set read-only
[  487.442173][T19471] FAT-fs (loop1): error, invalid FAT chain (i_pos 196, last_block 8200)
[  488.148200][ T5933] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  488.325097][T19507] loop7: detected capacity change from 0 to 4096
[  488.339521][T19507] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  488.348822][ T5933] usb 2-1: Using ep0 maxpacket: 16
[  488.366308][ T5933] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  488.404054][ T5933] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  488.423201][ T5933] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  488.426566][T19512] loop8: detected capacity change from 0 to 512
[  488.436904][T19507] ntfs3(loop7): ino=19, mi_enum_attr
[  488.472315][T19507] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  488.490784][ T5933] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  488.513638][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.551798][ T5933] usb 2-1: Product: syz
[  488.571897][ T5933] usb 2-1: Manufacturer: syz
[  488.610223][ T5933] usb 2-1: SerialNumber: syz
[  488.649010][ T5933] usb 2-1: 0:2 : does not exist
[  488.655252][T19512] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  488.686243][T19512] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  488.760152][T19524] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  488.781581][T19524] bridge0: port 3(syz_tun) entered disabled state
[  488.788406][T19524] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.796097][T19524] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.834224][T19512] EXT4-fs error (device loop8): ext4_do_update_inode:5572: inode #2: comm syz.8.1789: corrupted inode contents
[  488.859960][T19512] EXT4-fs error (device loop8): ext4_dirty_inode:6453: inode #2: comm syz.8.1789: mark_inode_dirty error
[  488.896261][T19512] EXT4-fs error (device loop8): ext4_do_update_inode:5572: inode #2: comm syz.8.1789: corrupted inode contents
[  488.915566][T19512] EXT4-fs error (device loop8): __ext4_ext_dirty:207: inode #2: comm syz.8.1789: mark_inode_dirty error
[  488.947591][T19512] EXT4-fs warning (device loop8): ext4_es_cache_extent:1082: inode #2: comm syz.8.1789: ES cache extent failed: add [0,1,21,0x1] conflict with existing [0,8,576460752303423487,0x18]
[  488.947591][T19512] 
[  489.017287][T15993] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.501522][   T47] usb 2-1: USB disconnect, device number 29
[  489.904163][T19602] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  490.233133][T19621] input: syz1 as /devices/virtual/input/input25
[  491.114945][T19618] loop0: detected capacity change from 0 to 32768
[  491.173664][T19640] loop6: detected capacity change from 0 to 8192
[  491.185479][T19618] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  491.246139][T19618] XFS (loop0): Ending clean mount
[  491.536182][ T5842] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  491.601735][T19669] loop1: detected capacity change from 0 to 1024
[  491.931143][T19663] FAT-fs (loop6): error, corrupted directory (invalid entries)
[  491.950566][T19663] FAT-fs (loop6): Filesystem has been set read-only
[  492.182490][T19685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1818'.
[  492.587817][T19675] loop7: detected capacity change from 0 to 32768
[  492.613690][T19675] (syz.7.1817,19675,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  492.641233][T19675] (syz.7.1817,19675,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  492.790455][T19675] JBD2: Ignoring recovery information on journal
[  492.913155][T19675] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  492.956798][T19702] loop6: detected capacity change from 0 to 40427
[  492.964438][T19702] F2FS-fs: heap/no_heap options were deprecated
[  492.973253][T19702] F2FS-fs (loop6): Image doesn't support compression
[  492.994398][T19702] F2FS-fs (loop6): build fault injection rate: 690
[  493.013682][T19702] F2FS-fs (loop6): build fault injection type: 0x4
[  493.047830][T19702] F2FS-fs (loop6): invalid crc value
[  493.285722][T19702] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  493.312811][T19702] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  493.446371][T19730] loop8: detected capacity change from 0 to 128
[  493.453873][   T29] audit: type=1800 audit(1773793792.157:44): pid=19702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1822" name="bus" dev="loop6" ino=14 res=0 errno=0
[  493.509687][T19702] syz.6.1822: attempt to access beyond end of device
[  493.509687][T19702] loop6: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  493.616791][T13015] syz-executor: attempt to access beyond end of device
[  493.616791][T13015] loop6: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  493.656757][T13015] CPU: 0 UID: 0 PID: 13015 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  493.656785][T13015] Tainted: [L]=SOFTLOCKUP
[  493.656791][T13015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  493.656800][T13015] Call Trace:
[  493.656807][T13015]  <TASK>
[  493.656815][T13015]  dump_stack_lvl+0xe8/0x150
[  493.656844][T13015]  f2fs_handle_critical_error+0x37c/0x540
[  493.656871][T13015]  f2fs_write_end_io+0x1274/0x1740
[  493.656916][T13015]  __submit_merged_bio+0x256/0x700
[  493.656943][T13015]  __submit_merged_write_cond+0x3c9/0x4e0
[  493.656973][T13015]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  493.657018][T13015]  f2fs_write_data_pages+0x287e/0x34f0
[  493.657081][T13015]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.657118][T13015]  ? __pfx_css_rstat_updated+0x10/0x10
[  493.657175][T13015]  ? mod_memcg_lruvec_state+0x208/0x220
[  493.657200][T13015]  ? __lock_acquire+0x6b5/0x2cf0
[  493.657240][T13015]  ? __lock_acquire+0x6b5/0x2cf0
[  493.657268][T13015]  ? do_raw_spin_lock+0x12b/0x2f0
[  493.657300][T13015]  ? do_raw_spin_unlock+0xf5/0x210
[  493.657320][T13015]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.657344][T13015]  do_writepages+0x32e/0x550
[  493.657380][T13015]  ? do_raw_spin_unlock+0xf5/0x210
[  493.657402][T13015]  filemap_fdatawrite+0x1e9/0x2f0
[  493.657425][T13015]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  493.657490][T13015]  ? do_raw_spin_unlock+0xf5/0x210
[  493.657518][T13015]  f2fs_sync_dirty_inodes+0x30e/0x860
[  493.657557][T13015]  f2fs_write_checkpoint+0x9df/0x26a0
[  493.657610][T13015]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  493.657671][T13015]  ? kfree+0x1c5/0x650
[  493.657691][T13015]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  493.657719][T13015]  kill_f2fs_super+0x314/0x720
[  493.657749][T13015]  ? __pfx_kill_f2fs_super+0x10/0x10
[  493.657786][T13015]  ? lockdep_hardirqs_on+0x7a/0x110
[  493.657820][T13015]  deactivate_locked_super+0xbc/0x130
[  493.657846][T13015]  cleanup_mnt+0x437/0x4d0
[  493.657862][T13015]  ? _raw_spin_unlock_irq+0x23/0x50
[  493.657884][T13015]  task_work_run+0x1d9/0x270
[  493.657908][T13015]  ? __pfx_task_work_run+0x10/0x10
[  493.657940][T13015]  exit_to_user_mode_loop+0xed/0x480
[  493.657961][T13015]  ? rcu_is_watching+0x15/0xb0
[  493.657984][T13015]  do_syscall_64+0x32d/0xf80
[  493.658002][T13015]  ? trace_irq_disable+0x3b/0x150
[  493.658020][T13015]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.658037][T13015]  ? clear_bhb_loop+0x40/0x90
[  493.658056][T13015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.658070][T13015] RIP: 0033:0x7fc1edb9d9d7
[  493.658086][T13015] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  493.658097][T13015] RSP: 002b:00007ffe35b9ed28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  493.658113][T13015] RAX: 0000000000000000 RBX: 00007fc1edc32050 RCX: 00007fc1edb9d9d7
[  493.658124][T13015] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe35b9ede0
[  493.658133][T13015] RBP: 00007ffe35b9ede0 R08: 00007ffe35b9fde0 R09: 00000000ffffffff
[  493.658144][T13015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe35b9fe70
[  493.658154][T13015] R13: 00007fc1edc32050 R14: 00000000000787f9 R15: 00007ffe35b9feb0
[  493.658183][T13015]  </TASK>
[  493.766911][T19735] syzkaller1: entered promiscuous mode
[  493.800396][T13015] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  493.828108][T19735] syzkaller1: entered allmulticast mode
[  493.830008][T13015] CPU: 0 UID: 0 PID: 13015 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  493.830032][T13015] Tainted: [L]=SOFTLOCKUP
[  493.830038][T13015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  493.830046][T13015] Call Trace:
[  493.830053][T13015]  <TASK>
[  493.830060][T13015]  dump_stack_lvl+0xe8/0x150
[  493.830090][T13015]  f2fs_handle_critical_error+0x37c/0x540
[  493.830118][T13015]  f2fs_write_end_io+0x1274/0x1740
[  493.830163][T13015]  __submit_merged_bio+0x256/0x700
[  493.830190][T13015]  __submit_merged_write_cond+0x3c9/0x4e0
[  493.830220][T13015]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  493.830265][T13015]  f2fs_write_data_pages+0x287e/0x34f0
[  493.830324][T13015]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.830369][T13015]  ? __pfx_css_rstat_updated+0x10/0x10
[  493.830422][T13015]  ? mod_memcg_lruvec_state+0x208/0x220
[  493.830445][T13015]  ? __lock_acquire+0x6b5/0x2cf0
[  493.830483][T13015]  ? __lock_acquire+0x6b5/0x2cf0
[  493.830510][T13015]  ? do_raw_spin_lock+0x12b/0x2f0
[  493.830541][T13015]  ? do_raw_spin_unlock+0xf5/0x210
[  493.830561][T13015]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.830584][T13015]  do_writepages+0x32e/0x550
[  493.830615][T13015]  ? do_raw_spin_unlock+0xf5/0x210
[  493.830638][T13015]  filemap_fdatawrite+0x1e9/0x2f0
[  493.830660][T13015]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  493.830726][T13015]  ? do_raw_spin_unlock+0xf5/0x210
[  493.830750][T13015]  f2fs_sync_dirty_inodes+0x30e/0x860
[  493.830788][T13015]  f2fs_write_checkpoint+0x9df/0x26a0
[  493.830837][T13015]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  493.830893][T13015]  ? kfree+0x1c5/0x650
[  493.830912][T13015]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  493.830938][T13015]  kill_f2fs_super+0x314/0x720
[  493.830966][T13015]  ? __pfx_kill_f2fs_super+0x10/0x10
[  493.831002][T13015]  ? lockdep_hardirqs_on+0x7a/0x110
[  493.831035][T13015]  deactivate_locked_super+0xbc/0x130
[  493.831058][T13015]  cleanup_mnt+0x437/0x4d0
[  493.831074][T13015]  ? _raw_spin_unlock_irq+0x23/0x50
[  493.831096][T13015]  task_work_run+0x1d9/0x270
[  493.831119][T13015]  ? __pfx_task_work_run+0x10/0x10
[  493.831149][T13015]  exit_to_user_mode_loop+0xed/0x480
[  493.831169][T13015]  ? rcu_is_watching+0x15/0xb0
[  493.831190][T13015]  do_syscall_64+0x32d/0xf80
[  493.831207][T13015]  ? trace_irq_disable+0x3b/0x150
[  493.831224][T13015]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.831240][T13015]  ? clear_bhb_loop+0x40/0x90
[  493.831260][T13015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.831275][T13015] RIP: 0033:0x7fc1edb9d9d7
[  493.831291][T13015] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  493.831303][T13015] RSP: 002b:00007ffe35b9ed28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  493.831320][T13015] RAX: 0000000000000000 RBX: 00007fc1edc32050 RCX: 00007fc1edb9d9d7
[  493.831331][T13015] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe35b9ede0
[  493.831340][T13015] RBP: 00007ffe35b9ede0 R08: 00007ffe35b9fde0 R09: 00000000ffffffff
[  493.831351][T13015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe35b9fe70
[  493.831366][T13015] R13: 00007fc1edc32050 R14: 00000000000787f9 R15: 00007ffe35b9feb0
[  493.831396][T13015]  </TASK>
[  493.831403][T13015] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  493.959822][T19741] syz.8.1825: attempt to access beyond end of device
[  493.959822][T19741] loop8: rw=2049, sector=145, nr_sectors = 363 limit=128
[  494.396063][T14917] ocfs2: Unmounting device (7,7) on (node local)
[  494.928149][   T47] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  495.242830][   T47] usb 2-1: config 1 interface 0 has no altsetting 0
[  495.272866][   T47] usb 2-1: string descriptor 0 read error: -22
[  495.293271][   T47] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.40
[  495.324716][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.854049][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.866988][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.889839][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.907327][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.927486][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.946868][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.964593][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.978204][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  495.995871][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  496.051588][   T47] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x0
[  496.212305][   T47] greenasia 0003:0E8F:0012.0021: hidraw0: USB HID vff.7f Device [HID 0e8f:0012] on usb-dummy_hcd.1-1/input0
[  496.256512][   T47] greenasia 0003:0E8F:0012.0021: no inputs found
[  496.275664][   T47] usb 2-1: USB disconnect, device number 30
[  496.366270][T19849] fido_id[19849]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  496.585681][T19869] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  496.697655][T19840] loop6: detected capacity change from 0 to 32768
[  496.752031][T19840] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  496.861096][T19840] XFS (loop6): Ending clean mount
[  496.952535][T19866] loop0: detected capacity change from 0 to 32768
[  497.153610][T13015] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  497.420409][T19885] loop7: detected capacity change from 0 to 32768
[  497.492617][T19885] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1852 (19885)
[  497.577565][T19885] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  497.588591][T19885] BTRFS info (device loop7): using crc32c checksum algorithm
[  497.770390][T19885] BTRFS info (device loop7): enabling ssd optimizations
[  497.881562][T19885] BTRFS info (device loop7): turning on async discard
[  497.913405][T19885] BTRFS info (device loop7): enabling free space tree
[  498.494978][T19947] random: crng reseeded on system resumption
[  498.610204][T19955] netlink: 'syz.0.1859': attribute type 29 has an invalid length.
[  498.721826][T19958] netlink: 'syz.0.1859': attribute type 29 has an invalid length.
[  498.793179][T19955] netlink: 484 bytes leftover after parsing attributes in process `syz.0.1859'.
[  498.816014][T19957] loop8: detected capacity change from 0 to 2048
[  498.972170][T19957] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  499.432338][ T5996] udevd[5996]: incorrect nilfs2 checksum on /dev/loop8
[  499.513684][T14917] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  499.545118][T19974] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  499.566713][T10688] udevd[10688]: incorrect nilfs2 checksum on /dev/loop8
[  499.670265][T19979] loop0: detected capacity change from 0 to 1024
[  499.726500][T19979] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  499.780774][   T29] audit: type=1800 audit(1773793798.487:45): pid=19979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1865" name="file1" dev="loop0" ino=15 res=0 errno=0
[  499.798893][T19979] EXT4-fs error (device loop0): mb_free_blocks:2047: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  500.116842][T19986] NILFS error (device loop8): nilfs_lookup: deleted inode referenced: 12
[  500.117647][   T29] audit: type=1800 audit(1773793798.827:46): pid=19957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1860" name="file2" dev="loop8" ino=16 res=0 errno=0
[  500.261713][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  500.359309][T19986] Remounting filesystem read-only
[  500.753915][T20034] input: syz0 as /devices/virtual/input/input26
[  501.205974][T20057] input: syz0 as /devices/virtual/input/input27
[  501.395019][T20061] loop1: detected capacity change from 0 to 4096
[  501.445613][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  501.453517][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  502.270249][T20105] loop1: detected capacity change from 0 to 128
[  502.577544][T20122] loop0: detected capacity change from 0 to 128
[  502.936372][T20139] syz.0.1897: attempt to access beyond end of device
[  502.936372][T20139] loop0: rw=2049, sector=145, nr_sectors = 363 limit=128
[  503.058367][   T24] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  503.218154][   T24] usb 2-1: Using ep0 maxpacket: 8
[  503.233818][   T24] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  503.243628][   T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  503.253961][   T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  503.264065][   T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  503.274486][   T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  503.291931][   T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  503.302295][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.534124][   T24] usb 2-1: GET_CAPABILITIES returned 0
[  503.548169][   T24] usbtmc 2-1:16.0: can't read capabilities
[  503.779343][ T5933] usb 2-1: USB disconnect, device number 31
[  504.483169][T20199] loop8: detected capacity change from 0 to 128
[  504.492791][T20180] loop7: detected capacity change from 0 to 32768
[  504.555265][T20180] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  504.688554][T20214] loop1: detected capacity change from 0 to 128
[  504.745743][T20180] XFS (loop7): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  504.826144][T20180] XFS (loop7): Starting recovery (logdev: internal)
[  504.951940][T20180] XFS (loop7): Ending recovery (logdev: internal)
[  505.138977][T14917] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  505.262204][T20223] syz.1.1913: attempt to access beyond end of device
[  505.262204][T20223] loop1: rw=2049, sector=145, nr_sectors = 40 limit=128
[  505.829439][T20236] syz.8.1911: attempt to access beyond end of device
[  505.829439][T20236] loop8: rw=2049, sector=145, nr_sectors = 320 limit=128
[  506.183217][   T29] audit: type=1326 audit(1773793804.897:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20255 comm="syz.0.1921" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa26239c799 code=0x0
[  506.213224][T20257] loop7: detected capacity change from 0 to 128
[  506.232929][T20257] EXT4-fs: Ignoring removed i_version option
[  506.271198][T20257] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0003]
[  506.332109][T20257] System zones: 1-3, 19-19, 35-36
[  506.392859][T20257] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  506.442236][T20257] ext4 filesystem being mounted at /122/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  506.744257][T20248] overlayfs: failed to resolve './file0': -2
[  506.760119][T14917] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  507.091878][T20302] loop1: detected capacity change from 0 to 128
[  508.340681][T20310] loop8: detected capacity change from 0 to 4096
[  508.383783][T20323] loop7: detected capacity change from 0 to 128
[  508.409705][T20325] loop1: detected capacity change from 0 to 128
[  508.639611][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  508.994478][T20335] syz.7.1933: attempt to access beyond end of device
[  508.994478][T20335] loop7: rw=2049, sector=145, nr_sectors = 88 limit=128
[  509.052464][T20348] loop8: detected capacity change from 0 to 16
[  509.062783][T20348] erofs (device loop8): mounted with root inode @ nid 36.
[  509.081482][   T29] audit: type=1800 audit(1773793807.797:48): pid=20348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1937" name="file1" dev="loop8" ino=86 res=0 errno=0
[  510.204135][T20370] loop0: detected capacity change from 0 to 8192
[  510.243346][T20368] syz.1.1934: attempt to access beyond end of device
[  510.243346][T20368] loop1: rw=2049, sector=145, nr_sectors = 352 limit=128
[  510.298796][T20356] loop8: detected capacity change from 0 to 32768
[  510.315305][T20356] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1940 (20356)
[  510.445496][T20356] BTRFS info (device loop8): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  510.479561][T20356] BTRFS info (device loop8): using blake2b checksum algorithm
[  510.621955][T20356] BTRFS info (device loop8): enabling ssd optimizations
[  510.666223][T20356] BTRFS info (device loop8): turning on async discard
[  510.715914][T20356] BTRFS info (device loop8): enabling free space tree
[  510.801789][T20381] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  510.847886][T20381] FAT-fs (loop0): Filesystem has been set read-only
[  511.465570][T15993] BTRFS info (device loop8): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  512.028292][ T1650] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  512.349298][ T1650] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  512.359181][ T1650] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.387282][ T1650] usb 1-1: config 0 descriptor??
[  512.418467][ T1650] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  513.330342][ T1650] gspca_stv06xx: I2C: Read error writing address: -71
[  513.358219][ T1650] usb 1-1: USB disconnect, device number 29
[  513.640190][   T47] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  513.808161][   T24] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  513.819938][   T47] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  513.835636][   T47] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  513.849231][   T47] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  513.862549][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.969875][   T24] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  513.993225][   T24] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  514.004589][   T24] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  514.018002][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.043082][T20463] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  514.069324][T20480] vcan0: tx drop: invalid sa for name 0x0000000000004000
[  514.080218][   T24] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  514.092476][   T47] usb 2-1: usb_control_msg returned -32
[  514.109877][   T47] usbtmc 2-1:16.0: can't read capabilities
[  514.273422][T20486] loop8: detected capacity change from 0 to 8192
[  514.549014][   T47] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  515.029749][  T808] usb 2-1: USB disconnect, device number 32
[  515.074940][   T24] usb 8-1: USB disconnect, device number 11
[  515.195112][T20513] FAT-fs (loop8): error, corrupted directory (invalid entries)
[  515.205228][T20513] FAT-fs (loop8): Filesystem has been set read-only
[  515.307704][   T47] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  515.330236][   T47] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  515.351623][   T47] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  515.362441][T20538] overlayfs: failed to clone upperpath
[  515.365361][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.404516][   T47] usb 1-1: Product: syz
[  515.422428][   T47] usb 1-1: Manufacturer: syz
[  515.439642][   T47] usb 1-1: SerialNumber: syz
[  515.498659][   T47] usb 1-1: 0:2 : does not exist
[  515.638500][T20558] loop7: detected capacity change from 0 to 2048
[  515.665666][T20558] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found
[  515.693463][T20558] UDF-fs: Scanning with blocksize 512 failed
[  515.710321][   T47] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  515.768914][T20558] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  515.849977][   T47] usb 1-1: USB disconnect, device number 30
[  515.982209][T10688] udevd[10688]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  516.003991][T20585] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1973'.
[  516.050581][T20585] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1973'.
[  516.531314][T20615] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1979'.
[  516.563029][T20615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1979'.
[  516.742610][T20615] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1979'.
[  516.743388][ T3492] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  516.765007][T20615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1979'.
[  516.806420][ T3492] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  516.829833][ T3492] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  516.858308][ T3492] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  517.208413][ T5933] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  517.256185][T20660] kvm: user requested TSC rate below hardware speed
[  517.375031][ T5933] usb 1-1: config 150 has an invalid interface number: 204 but max is 2
[  517.385901][ T5933] usb 1-1: config 150 has 2 interfaces, different from the descriptor's value: 3
[  517.399218][ T5933] usb 1-1: config 150 has no interface number 0
[  517.405849][ T5933] usb 1-1: config 150 interface 204 has no altsetting 0
[  517.415541][ T5933] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  517.425175][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.433642][ T5933] usb 1-1: Product: syz
[  517.444761][ T5933] usb 1-1: Manufacturer: syz
[  517.452571][ T5933] usb 1-1: SerialNumber: syz
[  517.674198][ T5933] xr_serial 1-1:150.204: skipping garbage
[  517.690735][ T5933] xr_serial 1-1:150.204: xr_serial converter detected
[  517.993791][T20680] loop7: detected capacity change from 0 to 32768
[  518.002035][T20680] btrfs: Deprecated parameter 'usebackuproot'
[  518.008615][T20680] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  518.020811][T20680] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1994 (20680)
[  518.053276][T20680] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  518.074292][T20680] BTRFS info (device loop7): using crc32c checksum algorithm
[  518.090639][T20680] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  518.280316][T20680] BTRFS info (device loop7): rebuilding free space tree
[  518.455627][T20680] BTRFS info (device loop7): disabling free space tree
[  518.493654][T20680] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  518.514669][ T5933] usb 1-1: xr_serial converter now attached to ttyUSB0
[  518.535597][T20680] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  518.592175][T20680] BTRFS info (device loop7): enabling ssd optimizations
[  518.599792][T20680] BTRFS info (device loop7): turning on flush-on-commit
[  518.607028][T20680] BTRFS info (device loop7): enabling disk space caching
[  518.614627][T20680] BTRFS info (device loop7): force clearing of disk cache
[  518.622206][T20680] BTRFS info (device loop7): trying to use backup root at mount time
[  518.630838][T20680] BTRFS info (device loop7): force zlib compression, level 3
[  518.713007][ T5933] usb 1-1: USB disconnect, device number 31
[  518.761774][ T5933] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0
[  518.791475][ T5933] xr_serial 1-1:150.204: device disconnected
[  518.856430][ T5925] libceph: connect (1)[c::]:6789 error -101
[  518.881226][T20711] ceph: No mds server is up or the cluster is laggy
[  518.932605][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[  518.945471][T14917] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  519.174877][T20755] xt_hashlimit: size too large, truncated to 1048576
[  519.187146][T20760] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2006'.
[  519.227355][ T5925] libceph: connect (1)[c::]:6789 error -101
[  519.240699][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[  519.528362][   T29] audit: type=1326 audit(1773793818.227:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20771 comm="syz.6.2009" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc1edb9c799 code=0x0
[  519.766428][T20769] loop0: detected capacity change from 0 to 32768
[  519.851320][T20769] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  519.862544][T20769] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  520.435085][T20769] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  520.452336][ T5933] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  520.468626][ T5933] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  520.837004][T20791] loop8: detected capacity change from 0 to 8
[  520.868902][ T5933] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 400ms
[  520.908702][ T5933] gfs2: fsid=syz:syz.0: jid=0: Done
[  520.944683][T20769] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  520.955293][T20791] SQUASHFS error: lzo decompression failed, data probably corrupt
[  520.966451][T20791] SQUASHFS error: Failed to read block 0x0: -5
[  520.972871][T20791] SQUASHFS error: Failed to read block 0xff: -5
[  520.980023][T20791] SQUASHFS error: lzo decompression failed, data probably corrupt
[  520.987880][T20791] SQUASHFS error: Failed to read block 0x0: -5
[  521.004907][   T29] audit: type=1800 audit(1773793819.717:50): pid=20791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2012" name="file2" dev="loop8" ino=3 res=0 errno=0
[  521.031199][T20791] SQUASHFS error: lzo decompression failed, data probably corrupt
[  521.039484][T20791] SQUASHFS error: Failed to read block 0x0: -5
[  521.060387][T20791] SQUASHFS error: Failed to read block 0x6a4: -5
[  521.067229][T20791] SQUASHFS error: Unable to read metadata cache entry [6a2]
[  521.074595][T20791] SQUASHFS error: read_indexes: reading block [6a2:0]
[  521.081467][T20791] SQUASHFS error: Failed to read block 0x0: -5
[  521.087689][T20791] SQUASHFS error: Unable to read metadata cache entry [6a2]
[  521.097793][T20791] SQUASHFS error: read_indexes: reading block [6a2:0]
[  521.104667][T20791] SQUASHFS error: Failed to read block 0x0: -5
[  521.175256][   T29] audit: type=1800 audit(1773793819.757:51): pid=20791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2012" name="file2" dev="loop8" ino=3 res=0 errno=0
[  521.178915][T20773] loop7: detected capacity change from 0 to 32768
[  521.397035][T20769] gfs2: fsid=syz:syz.0: found 1 quota changes
[  521.544330][T20811] syzkaller1: entered promiscuous mode
[  521.563359][T20811] syzkaller1: entered allmulticast mode
[  521.890607][T20773] read_mapping_page failed!
[  521.908351][T20773] ERROR: (device loop7): txCommit: 
[  521.908351][T20773] 
[  523.505923][T20873] loop0: detected capacity change from 0 to 128
[  523.742848][T20873] syz.0.2028: attempt to access beyond end of device
[  523.742848][T20873] loop0: rw=2049, sector=145, nr_sectors = 363 limit=128
[  523.934796][T20895] loop0: detected capacity change from 0 to 256
[  523.958529][T20895] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x395e47cf, utbl_chksum : 0xe619d30d)
[  523.973907][T20897] loop7: detected capacity change from 0 to 512
[  523.985010][T20895] exFAT-fs (loop0): start_clu is invalid cluster(0xffffffff)
[  523.997460][T20897] EXT4-fs: Ignoring removed orlov option
[  524.024337][T20897] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  524.061092][T20895] exFAT-fs (loop0): valid_size(150994954) is greater than size(10)
[  524.074750][T20897] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  524.093591][T20897] EXT4-fs error (device loop7): ext4_iget_extra_inode:5028: inode #15: comm syz.7.2032: corrupted in-inode xattr: e_value size too large
[  524.109640][T20897] loop7: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  524.117483][T20897] EXT4-fs error (device loop7): ext4_orphan_get:1396: comm syz.7.2032: couldn't read orphan inode 15 (err -117)
[  524.126711][    C1] EXT4-fs (loop7): error count since last fsck: 1
[  524.126737][    C1] EXT4-fs (loop7): initial error at time 1773793822: ext4_iget_extra_inode:5028: inode 15
[  524.126769][    C1] EXT4-fs (loop7): last error at time 1773793822: ext4_iget_extra_inode:5028: inode 15
[  524.165271][T20897] loop7: lost filesystem error report for type 5 error -117
[  524.180925][T20897] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  524.481868][T20919] overlayfs: failed to verify upper (447/file0, ino=2409, err=-116)
[  524.499364][T20919] overlayfs: failed to verify index dir 'upper' xattr
[  524.503748][T20897] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  524.520686][T20866] loop8: detected capacity change from 0 to 32768
[  524.532706][T20919] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  524.570205][T20866] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  524.625214][T14917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.654190][T20866] XFS (loop8): Ending clean mount
[  524.702294][T20866] XFS (loop8): Quotacheck needed: Please wait.
[  525.512919][T20866] XFS (loop8): Quotacheck: Done.
[  525.975683][T15993] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  527.125335][T21010] loop1: detected capacity change from 0 to 32768
[  527.408020][T21010] JBD2: Ignoring recovery information on journal
[  527.442874][T21010] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  527.827013][T21033] loop7: detected capacity change from 0 to 128
[  527.931240][ T5843] ocfs2: Unmounting device (7,1) on (node local)
[  528.410384][T21056] loop7: detected capacity change from 0 to 32768
[  528.438185][T15583] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  528.517153][T21056] (syz.7.2063,21056,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  528.532821][T21056] (syz.7.2063,21056,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  528.574325][T21056] JBD2: Ignoring recovery information on journal
[  528.628449][T15583] usb 2-1: Using ep0 maxpacket: 8
[  528.638125][T15583] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  528.645551][T21056] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  528.650413][T15583] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  528.667401][T15583] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.686839][T15583] usb 2-1: config 0 descriptor??
[  528.805150][   T29] audit: type=1800 audit(1773793827.517:52): pid=21056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2063" name="file0" dev="loop7" ino=16979 res=0 errno=0
[  528.930401][T15583] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  528.992619][T14917] ocfs2: Unmounting device (7,7) on (node local)
[  529.229320][T21079] netlink: 'syz.0.2068': attribute type 32 has an invalid length.
[  529.481011][ T5918] usb 2-1: USB disconnect, device number 33
[  529.549599][   T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  529.634728][T21108] loop8: detected capacity change from 0 to 512
[  529.701374][T21108] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  529.735129][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  529.748565][T21108] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  529.772073][   T24] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  529.807292][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.817215][T21108] EXT4-fs (loop8): shut down requested (0)
[  529.860360][   T24] usb 8-1: config 0 descriptor??
[  530.401428][   T24] usbhid 8-1:0.0: can't add hid device: -71
[  530.419571][   T24] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  530.430197][T15993] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.489220][   T24] usb 8-1: USB disconnect, device number 12
[  530.695384][T21137] loop8: detected capacity change from 0 to 2048
[  530.786166][T21137] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  531.181125][T15993] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.488176][ T5933] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  531.655163][ T5933] usb 1-1: Using ep0 maxpacket: 32
[  531.667292][ T5933] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  531.684286][ T5933] usb 1-1: config 0 has no interface number 0
[  531.703954][T21157] loop1: detected capacity change from 0 to 131072
[  531.712763][ T5933] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  531.715522][   T24] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  531.735499][T21157] F2FS-fs (loop1): invalid crc value
[  531.775541][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.809235][ T5933] usb 1-1: Product: syz
[  531.819351][T21157] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  531.828932][ T5933] usb 1-1: Manufacturer: syz
[  531.835573][T21157] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  531.856942][ T5933] usb 1-1: SerialNumber: syz
[  531.877386][   T29] audit: type=1800 audit(1773793830.587:53): pid=21157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2076" name="file1" dev="loop1" ino=7 res=0 errno=0
[  531.907224][ T5933] usb 1-1: config 0 descriptor??
[  531.918254][   T24] usb 8-1: Using ep0 maxpacket: 32
[  531.927064][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  531.966679][   T24] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  531.998273][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.028728][   T24] usb 8-1: config 0 descriptor??
[  532.048019][   T24] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  532.080772][   T24] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  532.754405][   T24] usb 8-1: USB disconnect, device number 13
[  532.821631][   T24] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  533.417059][ T5933] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  533.459251][ T5933] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  533.489767][ T5933] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  533.511643][ T5933] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  533.685020][ T5933] usb 1-1: USB disconnect, device number 32
[  534.424528][T21246] loop0: detected capacity change from 0 to 128
[  534.475489][T21246] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  534.488313][T21246] ext4 filesystem being mounted at /450/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  534.556153][ T5842] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  535.680011][T21275] loop7: detected capacity change from 0 to 32768
[  535.729119][T10688]  loop7: p1 p3 < >
[  535.830970][T21275]  loop7: p1 p3 < >
[  535.838570][ T5918] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  536.049190][   T49] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.073646][ T5918] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  536.130991][ T5918] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  536.176231][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  536.210633][ T5918] usb 2-1: Product: syz
[  536.225840][ T5918] usb 2-1: Manufacturer: syz
[  536.237163][T21315] overlayfs: failed to clone upperpath
[  536.255710][ T5918] usb 2-1: SerialNumber: syz
[  536.486803][T10688] udevd[10688]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[  536.501427][T10685] udevd[10685]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  536.511349][ T5918] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 34 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  536.597901][ T6015] udevd[6015]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  536.632139][T10688] udevd[10688]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[  536.734184][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  536.754338][   T49] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.764986][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  536.780145][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  536.795546][ T1650] usb 2-1: USB disconnect, device number 34
[  536.801639][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  536.825324][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  536.927314][ T1650] usblp0: removed
[  537.031080][T21352] loop0: detected capacity change from 0 to 128
[  537.438006][   T49] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  537.926429][   T49] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.209234][ T5933] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  538.258505][ T1650] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  538.368176][ T5933] usb 2-1: Using ep0 maxpacket: 16
[  538.381854][ T5933] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  538.407493][ T5933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  538.425638][ T1650] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  538.448382][ T1650] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  538.479468][ T1650] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  538.479644][ T5933] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  538.503640][ T1650] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  538.529873][ T1650] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.551308][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.587262][ T1650] usb 8-1: config 0 descriptor??
[  538.604986][ T5933] usb 2-1: Product: syz
[  538.635318][ T5933] usb 2-1: Manufacturer: syz
[  538.652127][ T5933] usb 2-1: SerialNumber: syz
[  538.679916][T21329] chnl_net:caif_netlink_parms(): no params data found
[  538.693531][ T5933] usb 2-1: config 0 descriptor??
[  538.711766][ T5933] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  538.726705][ T5933] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  538.956301][   T49] bridge_slave_1: left allmulticast mode
[  538.966574][   T51] Bluetooth: hci1: command tx timeout
[  538.978261][   T49] bridge_slave_1: left promiscuous mode
[  538.990511][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.013827][T21503] overlayfs: failed to clone upperpath
[  539.027860][   T49] bridge_slave_0: left allmulticast mode
[  539.043413][   T49] bridge_slave_0: left promiscuous mode
[  539.056500][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.094724][ T1650] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  539.323227][ T5933] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  539.332965][ T5933] em28xx 2-1:0.0: Config register raw data: 0x72
[  539.353427][ T5933] em28xx 2-1:0.0: I2S Audio (3 sample rate(s))
[  539.381662][ T5933] em28xx 2-1:0.0: No AC97 audio processor
[  539.442830][T21524] xt_hashlimit: size too large, truncated to 1048576
[  539.950020][ T5933] usb 2-1: USB disconnect, device number 35
[  539.975241][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  540.019587][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  540.036860][   T49] bond0 (unregistering): Released all slaves
[  540.209403][T21550] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2130'.
[  540.238014][T21329] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.245798][T21329] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.253809][T21329] bridge_slave_0: entered allmulticast mode
[  540.267565][T21329] bridge_slave_0: entered promiscuous mode
[  540.332032][T21329] bridge0: port 2(bridge_slave_1) entered blocking state
[  540.339626][T21329] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.347280][T21329] bridge_slave_1: entered allmulticast mode
[  540.357647][T21329] bridge_slave_1: entered promiscuous mode
[  540.375635][    C0] plantronics 0003:047F:FFFF.0022: usb_submit_urb(ctrl) failed: -1
[  540.431852][T21580] loop0: detected capacity change from 0 to 128
[  540.659597][T21329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  540.714559][T21329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  540.956997][T21329] team0: Port device team_slave_0 added
[  540.990220][T21329] team0: Port device team_slave_1 added
[  541.011263][T21617] syz.0.2131: attempt to access beyond end of device
[  541.011263][T21617] loop0: rw=2049, sector=145, nr_sectors = 240 limit=128
[  541.040239][   T51] Bluetooth: hci1: command tx timeout
[  541.097550][T21644] loop7: detected capacity change from 0 to 512
[  541.107826][T21645] overlayfs: failed to clone upperpath
[  541.116781][   T49] hsr_slave_0: left promiscuous mode
[  541.136797][   T49] hsr_slave_1: left promiscuous mode
[  541.165033][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  541.210012][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  541.226732][T21644] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  541.247550][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  541.264459][T21644] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  541.277892][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  541.278364][T21652] loop1: detected capacity change from 0 to 128
[  541.363179][T21644] IPv6: addrconf: prefix option has invalid lifetime
[  541.386386][T21652] EXT4-fs (loop1): Test dummy encryption mode enabled
[  541.430228][   T49] veth1_macvtap: left promiscuous mode
[  541.443732][   T49] veth0_macvtap: left promiscuous mode
[  541.444577][T21652] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  541.449658][   T49] veth1_vlan: left promiscuous mode
[  541.466921][   T49] veth0_vlan: left promiscuous mode
[  541.488466][T21644] IPv6: addrconf: prefix option has invalid lifetime
[  541.510914][   T47] usb 8-1: USB disconnect, device number 14
[  541.544186][T21652] ext4 filesystem being mounted at /465/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  541.611389][T14917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.905183][ T5843] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  542.078417][ T5925] usb 8-1: new full-speed USB device number 15 using dummy_hcd
[  542.251052][ T5925] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  542.264509][ T5925] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  542.281678][ T5925] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  542.299609][ T5925] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.312448][ T5925] usb 8-1: config 0 descriptor??
[  542.329019][ T5925] hub 8-1:0.0: USB hub found
[  542.537391][ T5925] hub 8-1:0.0: config failed, can't read hub descriptor (err -22)
[  542.546020][   T49] team0 (unregistering): Port device team_slave_1 removed
[  542.584601][   T49] team0 (unregistering): Port device team_slave_0 removed
[  542.791671][ T5925] hid-generic 0003:046D:C31C.0023: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.7-1/input0
[  542.869857][T21687] veth0: entered promiscuous mode
[  542.952507][T21329] batman_adv: batadv0: Adding interface: batadv_slave_0
[  542.960159][T21329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  542.991142][T21329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  543.007914][T21329] batman_adv: batadv0: Adding interface: batadv_slave_1
[  543.036229][T21329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  543.091795][T21329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  543.105736][T21686] veth0: left promiscuous mode
[  543.123973][   T51] Bluetooth: hci1: command tx timeout
[  543.125633][   T47] usb 8-1: USB disconnect, device number 15
[  543.496375][T21329] hsr_slave_0: entered promiscuous mode
[  543.527972][T21329] hsr_slave_1: entered promiscuous mode
[  543.573062][T21329] debugfs: 'hsr0' already exists in 'hsr'
[  543.583733][T21329] Cannot create hsr debugfs directory
[  544.045164][T21836] loop7: detected capacity change from 0 to 128
[  544.058671][ T5925] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  544.251036][ T5925] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  544.271813][ T5925] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  544.291641][T21840] loop0: detected capacity change from 0 to 2048
[  544.314775][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  544.352810][ T5996]  loop0: p3 < > p4 < >
[  544.401226][T21836] syz.7.2152: attempt to access beyond end of device
[  544.401226][T21836] loop7: rw=2049, sector=145, nr_sectors = 363 limit=128
[  544.511703][ T5925] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  544.529578][ T5996] loop0: partition table partially beyond EOD, truncated
[  544.530458][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.562776][ T5925] usb 2-1: Product: syz
[  544.573025][ T5996] loop0: p3 start 4284289 is beyond EOD, truncated
[  544.577819][ T5925] usb 2-1: Manufacturer: syz
[  544.603078][ T5925] usb 2-1: SerialNumber: syz
[  544.645179][T21799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  544.650427][T21840]  loop0: p3 < > p4 < >
[  544.671232][T21840] loop0: partition table partially beyond EOD, truncated
[  544.700587][T21799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  544.738463][T21840] loop0: p3 start 4284289 is beyond EOD, truncated
[  545.145188][T21903] xt_connbytes: Forcing CT accounting to be enabled
[  545.202080][   T51] Bluetooth: hci1: command tx timeout
[  545.319522][ T5925] rtl8150 2-1:1.0: couldn't reset the device
[  545.336016][ T5925] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5
[  545.360388][ T5925] usb 2-1: USB disconnect, device number 36
[  545.460360][   T47] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  545.614791][T21893] loop7: detected capacity change from 0 to 40427
[  545.616381][T21329] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  545.629975][   T47] usb 1-1: Using ep0 maxpacket: 32
[  545.637244][   T47] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  545.667767][T21329] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  545.684404][   T47] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  545.701269][T21893] F2FS-fs (loop7): invalid crc value
[  545.708585][T21329] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  545.730903][   T47] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  545.741144][T21329] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  545.769558][   T47] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  545.813782][   T47] usb 1-1: Product: syz
[  545.839836][   T47] usb 1-1: Manufacturer: syz
[  545.906823][   T47] hub 1-1:4.0: USB hub found
[  546.013232][T21893] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  546.055212][T21893] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  546.092954][   T47] hub 1-1:4.0: 2 ports detected
[  546.191176][   T29] audit: type=1800 audit(1773793844.907:54): pid=21893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2153" name="file1" dev="loop7" ino=10 res=0 errno=0
[  546.297408][T21329] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.407533][T21329] 8021q: adding VLAN 0 to HW filter on device team0
[  546.433420][T21893] syz.7.2153: attempt to access beyond end of device
[  546.433420][T21893] loop7: rw=2049, sector=45096, nr_sectors = 968 limit=40427
[  546.462440][ T1174] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.469702][ T1174] bridge0: port 1(bridge_slave_0) entered forwarding state
[  546.521514][T14917] syz-executor: attempt to access beyond end of device
[  546.521514][T14917] loop7: rw=2049, sector=46064, nr_sectors = 8 limit=40427
[  546.547004][   T47] hub 1-1:4.0: set hub depth failed
[  546.564565][T14917] CPU: 0 UID: 0 PID: 14917 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  546.564590][T14917] Tainted: [L]=SOFTLOCKUP
[  546.564595][T14917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  546.564605][T14917] Call Trace:
[  546.564611][T14917]  <TASK>
[  546.564618][T14917]  dump_stack_lvl+0xe8/0x150
[  546.564646][T14917]  f2fs_handle_critical_error+0x37c/0x540
[  546.564673][T14917]  f2fs_write_end_io+0x1274/0x1740
[  546.564713][T14917]  __submit_merged_bio+0x256/0x700
[  546.564738][T14917]  __submit_merged_write_cond+0x3c9/0x4e0
[  546.564763][T14917]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  546.564801][T14917]  f2fs_write_data_pages+0x287e/0x34f0
[  546.564856][T14917]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  546.564892][T14917]  ? __pfx_css_rstat_updated+0x10/0x10
[  546.564913][T14917]  ? finish_task_switch+0x41f/0xbe0
[  546.564962][T14917]  ? mod_memcg_lruvec_state+0x208/0x220
[  546.564986][T14917]  ? lru_gen_update_size+0x7c7/0xd10
[  546.565020][T14917]  ? __lock_acquire+0x6b5/0x2cf0
[  546.565061][T14917]  ? filemap_get_folios_tag+0x118/0x720
[  546.565085][T14917]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  546.565109][T14917]  do_writepages+0x32e/0x550
[  546.565138][T14917]  ? do_raw_spin_unlock+0xf5/0x210
[  546.565162][T14917]  filemap_fdatawrite+0x1e9/0x2f0
[  546.565185][T14917]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  546.565246][T14917]  ? do_raw_spin_unlock+0xf5/0x210
[  546.565271][T14917]  f2fs_sync_dirty_inodes+0x30e/0x860
[  546.565308][T14917]  f2fs_write_checkpoint+0x9df/0x26a0
[  546.565364][T14917]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  546.565430][T14917]  kill_f2fs_super+0x314/0x720
[  546.565459][T14917]  ? __pfx_kill_f2fs_super+0x10/0x10
[  546.565494][T14917]  ? lockdep_hardirqs_on+0x7a/0x110
[  546.565527][T14917]  deactivate_locked_super+0xbc/0x130
[  546.565553][T14917]  cleanup_mnt+0x437/0x4d0
[  546.565569][T14917]  ? _raw_spin_unlock_irq+0x23/0x50
[  546.565591][T14917]  task_work_run+0x1d9/0x270
[  546.565614][T14917]  ? __pfx_task_work_run+0x10/0x10
[  546.565648][T14917]  exit_to_user_mode_loop+0xed/0x480
[  546.565668][T14917]  ? rcu_is_watching+0x15/0xb0
[  546.565690][T14917]  do_syscall_64+0x32d/0xf80
[  546.565708][T14917]  ? trace_irq_disable+0x3b/0x150
[  546.565726][T14917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.565743][T14917]  ? clear_bhb_loop+0x40/0x90
[  546.565764][T14917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.565780][T14917] RIP: 0033:0x7f562799d9d7
[  546.565797][T14917] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  546.565811][T14917] RSP: 002b:00007ffe6bb81718 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  546.565829][T14917] RAX: 0000000000000000 RBX: 00007f5627a32050 RCX: 00007f562799d9d7
[  546.565840][T14917] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6bb817d0
[  546.565850][T14917] RBP: 00007ffe6bb817d0 R08: 00007ffe6bb827d0 R09: 00000000ffffffff
[  546.565861][T14917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6bb82860
[  546.565871][T14917] R13: 00007f5627a32050 R14: 0000000000085697 R15: 00007ffe6bb828a0
[  546.565900][T14917]  </TASK>
[  546.565919][T14917] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  546.571369][   T47] usb 1-1: USB disconnect, device number 33
[  546.578391][ T7984] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.893886][ T7984] bridge0: port 2(bridge_slave_1) entered forwarding state
[  547.778441][ T5925] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  547.805894][T21329] 8021q: adding VLAN 0 to HW filter on device batadv0
[  547.968197][ T5925] usb 2-1: Using ep0 maxpacket: 32
[  547.986613][ T5925] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  548.016623][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.045325][ T5925] usb 2-1: Product: syz
[  548.075218][ T5925] usb 2-1: Manufacturer: syz
[  548.098086][ T5925] usb 2-1: SerialNumber: syz
[  548.125471][ T5925] usb 2-1: config 0 descriptor??
[  548.468461][ T5933] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  548.495724][ T5925] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 037
[  548.671918][ T5933] usb 8-1: Using ep0 maxpacket: 32
[  548.693685][ T5933] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  548.710813][ T5933] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  548.733740][ T5933] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  548.744056][ T5933] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  548.756761][ T5933] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  548.778085][ T5933] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 102
[  548.803150][ T5933] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  548.840214][ T5933] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  548.851313][T21329] veth0_vlan: entered promiscuous mode
[  548.865445][ T5933] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.891364][ T5933] usb 8-1: config 0 descriptor??
[  548.898757][T21329] veth1_vlan: entered promiscuous mode
[  548.911942][T22059] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  548.995573][T21329] veth0_macvtap: entered promiscuous mode
[  549.011415][T21329] veth1_macvtap: entered promiscuous mode
[  549.055878][T21329] batman_adv: batadv0: Interface activated: batadv_slave_0
[  549.080284][T21329] batman_adv: batadv0: Interface activated: batadv_slave_1
[  549.106529][ T3581] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  549.127490][ T3581] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  549.204733][ T3581] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  549.207622][ T5933] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  549.216945][ T3581] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  549.457212][    C1] usblp0: nonzero read bulk status received: -71
[  549.516020][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.534033][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.649049][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.669439][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.674288][T22072] overlayfs: failed to clone upperpath
[  549.920094][T22139] loop9: detected capacity change from 0 to 128
[  550.410931][ T5898] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  550.447940][T22139] loop9: detected capacity change from 128 to 64
[  550.529277][   T47] usb 2-1: USB disconnect, device number 37
[  550.583920][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.621386][ T5898] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  550.673071][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.738460][T21329] syz-executor: attempt to access beyond end of device
[  550.738460][T21329] loop9: rw=8388608, sector=74, nr_sectors = 2 limit=64
[  550.759972][T21329] Buffer I/O error on dev loop9, logical block 37, async page read
[  550.763273][ T5898] usb 1-1: config 0 descriptor??
[  550.792434][T21329] syz-executor: attempt to access beyond end of device
[  550.792434][T21329] loop9: rw=8388608, sector=74, nr_sectors = 2 limit=64
[  550.815161][T21329] Buffer I/O error on dev loop9, logical block 37, async page read
[  550.825767][T21329] syz-executor: attempt to access beyond end of device
[  550.825767][T21329] loop9: rw=2049, sector=72, nr_sectors = 2 limit=64
[  551.020955][ T5898] usbhid 1-1:0.0: can't add hid device: -71
[  551.027720][ T5898] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  551.047448][ T5898] usb 1-1: USB disconnect, device number 34
[  551.099596][  T771] kworker/u8:6: attempt to access beyond end of device
[  551.099596][  T771] loop9: rw=1, sector=106, nr_sectors = 8 limit=64
[  551.122077][  T771] kworker/u8:6: attempt to access beyond end of device
[  551.122077][  T771] loop9: rw=8388609, sector=114, nr_sectors = 2 limit=64
[  551.157995][  T771] Buffer I/O error on dev loop9, logical block 57, lost async page write
[  551.186604][  T771] kworker/u8:6: attempt to access beyond end of device
[  551.186604][  T771] loop9: rw=8388609, sector=116, nr_sectors = 2 limit=64
[  551.187567][ T5925] usb 8-1: USB disconnect, device number 16
[  551.218463][  T771] Buffer I/O error on dev loop9, logical block 58, lost async page write
[  551.249220][  T771] kworker/u8:6: attempt to access beyond end of device
[  551.249220][  T771] loop9: rw=8388609, sector=118, nr_sectors = 2 limit=64
[  551.291445][ T5925] usblp0: removed
[  551.294917][  T771] Buffer I/O error on dev loop9, logical block 59, lost async page write
[  551.325943][  T771] kworker/u8:6: attempt to access beyond end of device
[  551.325943][  T771] loop9: rw=8388609, sector=122, nr_sectors = 2 limit=64
[  551.406529][   T13] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.435772][  T771] Buffer I/O error on dev loop9, logical block 61, lost async page write
[  551.558386][   T47] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  551.852384][   T47] usb 1-1: Using ep0 maxpacket: 32
[  551.964017][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.046001][   T47] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  552.125928][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.292551][   T47] usb 1-1: config 0 descriptor??
[  552.331951][   T47] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  552.376943][   T47] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  552.663040][   T13] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.763045][T22238] loop7: detected capacity change from 0 to 1024
[  552.880130][T22238] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  552.895659][ T5966] usb 1-1: USB disconnect, device number 35
[  552.912941][   T13] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.931589][ T5966] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  553.044331][   T13] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.100677][ T5866] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  553.104992][T14917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  553.166296][ T5866] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  553.177956][ T5866] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  553.192028][ T5866] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  553.208012][ T5866] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  553.305853][T22273] loop7: detected capacity change from 0 to 128
[  553.329405][T22254] geneve2: entered promiscuous mode
[  553.403502][T22280] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  553.457869][T22280] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  553.490534][T22280] overlayfs: overlapping lowerdir path
[  553.705525][T22301] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
[  553.714806][T22281] syz.7.2191: attempt to access beyond end of device
[  553.714806][T22281] loop7: rw=2049, sector=145, nr_sectors = 363 limit=128
[  553.717452][T22301] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[  553.717476][T22301] CPU: 0 UID: 0 PID: 22301 Comm: syz.0.2193 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  553.750328][T22301] Tainted: [L]=SOFTLOCKUP
[  553.754661][T22301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  553.764729][T22301] RIP: 0010:do_dentry_open+0xaf/0x14e0
[  553.770194][T22301] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f
[  553.789975][T22301] RSP: 0018:ffffc90004ab7638 EFLAGS: 00010206
[  553.796033][T22301] RAX: 0000000000000006 RBX: ffff888080a6eba0 RCX: 0000000000000000
[  553.804082][T22301] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff
[  553.812045][T22301] RBP: dffffc0000000000 R08: ffff888067a53e1b R09: 1ffff1100cf4a7c3
[  553.820004][T22301] R10: dffffc0000000000 R11: ffffed100cf4a7c4 R12: 0000000000000000
[  553.827968][T22301] R13: 1ffff1101014dd85 R14: ffff888080a6ec28 R15: 0000000000000030
[  553.835951][T22301] FS:  00007fa2632176c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  553.844951][T22301] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  553.851521][T22301] CR2: 000000110c41f995 CR3: 0000000063d26000 CR4: 00000000003526f0
[  553.859482][T22301] Call Trace:
[  553.862749][T22301]  <TASK>
[  553.865689][T22301]  ? vfs_open+0x31/0x340
[  553.869926][T22301]  vfs_open+0x3b/0x340
[  553.873980][T22301]  ? backing_file_open_user_path+0x12/0x50
[  553.879774][T22301]  backing_file_open_user_path+0x24/0x50
[  553.885392][T22301]  backing_tmpfile_open+0x9b/0xf0
[  553.890409][T22301]  ovl_tmpfile+0x400/0x810
[  553.894825][T22301]  ? __pfx_ovl_tmpfile+0x10/0x10
[  553.899755][T22301]  ? _raw_spin_unlock+0x28/0x50
[  553.904593][T22301]  ? d_alloc+0x144/0x190
[  553.908830][T22301]  ? mode_strip_sgid+0x6a/0x1b0
[  553.913667][T22301]  vfs_tmpfile+0x3ff/0x890
[  553.918084][T22301]  do_tmpfile+0xd3/0x240
[  553.922358][T22301]  path_openat+0x300d/0x3860
[  553.927023][T22301]  ? arch_stack_walk+0xfb/0x150
[  553.931862][T22301]  ? do_getname+0x2e/0x250
[  553.936266][T22301]  ? stack_trace_save+0xa9/0x100
[  553.941377][T22301]  ? __pfx_stack_trace_save+0x10/0x10
[  553.946751][T22301]  ? __futex_wait+0x371/0x420
[  553.951415][T22301]  ? do_getname+0x2e/0x250
[  553.955836][T22301]  ? stack_depot_save_flags+0x33/0x810
[  553.961284][T22301]  ? kasan_save_track+0x3e/0x80
[  553.966127][T22301]  ? __kasan_slab_alloc+0x6c/0x80
[  553.971228][T22301]  ? __pfx_path_openat+0x10/0x10
[  553.976148][T22301]  ? __x64_sys_openat+0x138/0x170
[  553.981166][T22301]  ? do_syscall_64+0x14d/0xf80
[  553.985952][T22301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.992008][T22301]  ? __lock_acquire+0x6b5/0x2cf0
[  553.996936][T22301]  do_file_open+0x23e/0x4a0
[  554.001429][T22301]  ? __pfx_do_file_open+0x10/0x10
[  554.006458][T22301]  ? _raw_spin_unlock+0x28/0x50
[  554.011295][T22301]  ? alloc_fd+0x64b/0x6c0
[  554.015618][T22301]  do_sys_openat2+0x113/0x200
[  554.020286][T22301]  ? __se_sys_futex+0x3a8/0x450
[  554.025125][T22301]  ? __pfx_do_sys_openat2+0x10/0x10
[  554.030320][T22301]  ? rcu_is_watching+0x15/0xb0
[  554.035071][T22301]  __x64_sys_openat+0x138/0x170
[  554.040015][T22301]  do_syscall_64+0x14d/0xf80
[  554.044598][T22301]  ? trace_irq_disable+0x3b/0x150
[  554.049610][T22301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.055660][T22301]  ? clear_bhb_loop+0x40/0x90
[  554.060325][T22301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.066206][T22301] RIP: 0033:0x7fa26239c799
[  554.070610][T22301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  554.090207][T22301] RSP: 002b:00007fa263217028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  554.098622][T22301] RAX: ffffffffffffffda RBX: 00007fa262615fa0 RCX: 00007fa26239c799
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  554.106582][T22301] RDX: 000000000049c002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  554.114543][T22301] RBP: 00007fa262432c99 R08: 0000000000000000 R09: 0000000000000000
[  554.122502][T22301] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  554.130456][T22301] R13: 00007fa262616038 R14: 00007fa262615fa0 R15: 00007ffccd8c5ca8
[  554.138450][T22301]  </TASK>
[  554.141640][T22301] Modules linked in:
[  554.146948][T22301] ---[ end trace 0000000000000000 ]---
[  554.182162][T22301] RIP: 0010:do_dentry_open+0xaf/0x14e0
[  554.188716][T22301] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f
[  554.268857][T22322] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2194'.
[  554.299044][T22342] loop1: detected capacity change from 0 to 512
[  554.312151][T22322] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2194'.
[  554.367587][T22301] RSP: 0018:ffffc90004ab7638 EFLAGS: 00010206
[  554.384941][T22301] RAX: 0000000000000006 RBX: ffff888080a6eba0 RCX: 0000000000000000
[  554.469585][T22301] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff
[  554.492817][   T13] bridge_slave_1: left allmulticast mode
[  554.511389][   T13] bridge_slave_1: left promiscuous mode
[  554.528092][T22301] RBP: dffffc0000000000 R08: ffff888067a53e1b R09: 1ffff1100cf4a7c3
[  554.529737][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.663862][   T13] bridge_slave_0: left allmulticast mode
[  554.671465][T22301] R10: dffffc0000000000 R11: ffffed100cf4a7c4 R12: 0000000000000000
[  554.690385][   T13] bridge_slave_0: left promiscuous mode
[  554.705532][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.732807][T22301] R13: 1ffff1101014dd85 R14: ffff888080a6ec28 R15: 0000000000000030
[  554.761015][T22301] FS:  00007fa2632176c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  554.805148][T22301] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  554.837610][T22301] CR2: 00007ffa3ed58000 CR3: 0000000063d26000 CR4: 00000000003526f0
[  554.859015][T22301] Kernel panic - not syncing: Fatal exception
[  554.865410][T22301] Kernel Offset: disabled
[  554.869725][T22301] Rebooting in 86400 seconds..