last executing test programs:

14.246934704s ago: executing program 4 (id=824):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)=<r2=>0x0)
prlimit64(r2, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0xfe8e, 0x12)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r5, 0x8912, &(0x7f00000003c0)=@buf)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305, 0x7e15}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MTU={0x8, 0x4, 0x44}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x48094)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9)
openat$cgroup_procs(r7, &(0x7f0000000140)='cgroup.threads\x00', 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a32000000001400000011000100"], 0x88}}, 0x0)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x20000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

9.94480512s ago: executing program 4 (id=830):
r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x983c, 0x1, 0x1003, 0x2d9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x51, 0x0, 0x80, 0x2, 0x0, 0x127})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xfefc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r3, 0x0)
io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, r0, 0x35, {0x5, 0x1}, 0x1}, 0x1)

9.111796651s ago: executing program 4 (id=834):
r0 = openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
fsopen(0x0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x800, 0x0)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "246575a4000000004fb62fe6bce0eef5607264c7f28557a8046964d292934c2a2bb1dcc5a80c0107040000000000001e0000009000000000000800"}, 0xf0)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
readv(r0, 0x0, 0x0)

8.523773589s ago: executing program 2 (id=837):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
r3 = gettid()
fsmount(0xffffffffffffffff, 0x0, 0x0)
tkill(r3, 0xb)

7.329201644s ago: executing program 2 (id=840):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)=<r2=>0x0)
prlimit64(r2, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0xfe8e, 0x12)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r5, 0x8912, &(0x7f00000003c0)=@buf)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305, 0x7e15}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MTU={0x8, 0x4, 0x44}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x48094)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r7 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r7, &(0x7f0000000280), 0x9)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000140)='cgroup.threads\x00', 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a32000000001400000011000100"], 0x88}}, 0x0)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x20000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

5.228496881s ago: executing program 3 (id=843):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id='])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f000001a4c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x420, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
ioctl$HIDIOCSUSAGES(r2, 0x40305828, &(0x7f0000000d00)={{0x0, 0x100, 0x800, 0x19, 0x8, 0x4}, 0x22e, [0x88e, 0x1, 0x4275, 0x0, 0x3, 0xd348, 0x4, 0x4, 0xfbe, 0x0, 0x2, 0x6, 0x4800, 0xdba, 0xa, 0x10, 0x7, 0x4, 0x3, 0x4, 0x290, 0x2, 0x2, 0x0, 0x0, 0x5, 0xfffffbff, 0x4, 0x81, 0x5, 0x3, 0x6, 0x2, 0x0, 0x8, 0xa, 0x3, 0x3, 0x2, 0xa, 0x3, 0x0, 0x9, 0x152d, 0xffff35e4, 0xf915, 0x9, 0xfffffff8, 0x0, 0x7fff, 0x8865, 0x5, 0xb, 0xb3fc, 0x4, 0x0, 0x4, 0xfffffffa, 0x0, 0x5, 0x6, 0x8, 0x80000000, 0x4, 0x7, 0x7fff, 0x1, 0x5, 0x0, 0xffff, 0xffffffff, 0x3, 0x2, 0x34, 0xf7d6, 0xfd1, 0x6, 0xabb, 0xf, 0x800, 0x914, 0x19, 0x6, 0x3ff, 0xf, 0x10, 0x8, 0x9ae, 0x7, 0x9, 0x5, 0x2b2, 0xf12, 0x800, 0x6, 0xfffffd1f, 0x5, 0x8, 0x1, 0x400, 0x3, 0x3, 0x4, 0xffff0001, 0x3, 0x6, 0xfb8, 0x2c, 0xfffffeff, 0xfffffff9, 0x4, 0x6c, 0xa8, 0x4, 0x8001, 0x0, 0x7fffffff, 0xfffffff8, 0x7, 0x9, 0x3cea, 0xe200000, 0xff, 0x53bde360, 0x100, 0x6, 0x81, 0xfffffff7, 0x6, 0x8, 0x7fffffff, 0x76, 0x4, 0xe, 0xb0a, 0x1, 0x38, 0x2, 0x40, 0x9, 0x3ff, 0x9, 0x9, 0x8, 0x6dff2b2b, 0x7, 0x1, 0x3ff, 0x1, 0x1ff, 0x7, 0x8001, 0x2, 0x9, 0x68, 0x2, 0x3, 0x7, 0x7, 0xa, 0x80000001, 0xd00, 0x7ff, 0xd694, 0x1, 0x8001, 0xd, 0x0, 0x401, 0x7a4, 0x2, 0x80, 0x10000, 0x6, 0x4, 0x6, 0x2, 0x12b4, 0x4, 0x8, 0xa, 0x898e, 0x8, 0x3, 0x5, 0xf, 0x7e, 0x25e, 0x2075ac50, 0x1ff, 0x6, 0x37, 0x1, 0x0, 0x8001, 0x3, 0x7fffffff, 0x62e, 0x1000, 0x5, 0x6, 0xfff, 0x4, 0x3, 0x1, 0x8, 0xfffff33f, 0x8, 0x40, 0x3, 0x10000, 0x1, 0x3, 0x2, 0x9, 0xffffffff, 0x401, 0x8, 0x8000, 0x6062, 0xe, 0xfffffff6, 0x2, 0xffff, 0x6, 0xfffffff7, 0x5, 0x2, 0x3, 0x1ff, 0xffff, 0x2, 0x507, 0x9, 0xfff, 0x6, 0x4, 0x4200, 0x5, 0x401, 0x6, 0x2, 0x2, 0x6, 0x9, 0x1, 0x6, 0x3, 0x9, 0xf, 0x9, 0x2, 0x100, 0x8, 0x80000000, 0xf, 0x3, 0x3, 0xfffffff9, 0x4, 0x80, 0x5, 0x8000, 0xaee, 0x6, 0x101, 0x80, 0x5, 0x7, 0x7fffffff, 0x9, 0x2, 0x8001, 0x3, 0x1, 0x3, 0x0, 0x8, 0x7, 0x8001, 0xd0, 0x10001, 0xa, 0x10, 0x8, 0x2, 0x7, 0x6, 0x7, 0x9, 0xf, 0x6, 0x5, 0xffff0000, 0x2206, 0x9dc, 0x4, 0x10001, 0x800, 0x401, 0x2, 0x10, 0xffffffcb, 0x2, 0x1, 0x5123, 0x0, 0xfff, 0x8, 0xd, 0x3, 0x7, 0x7f, 0x101, 0x0, 0x7ff, 0x8, 0x6, 0xfc, 0x639, 0x8, 0x8, 0x40, 0x1000, 0x0, 0xffff, 0x7, 0x7, 0x8, 0xa, 0x1, 0x6, 0x57b, 0x1, 0x9, 0x9, 0x8, 0x40, 0x1, 0x6, 0xc88e, 0x5, 0x2, 0x8000, 0x0, 0xdced, 0x6, 0x0, 0x0, 0xfffff5b7, 0x0, 0x400, 0x0, 0x7fffffff, 0x40, 0x2, 0xfff, 0xa4, 0x80000001, 0x6, 0xd, 0xe406, 0x5, 0x3ff, 0x6, 0x4, 0x2, 0x80, 0x8, 0xfffffffc, 0x6, 0x4, 0x1, 0x14db, 0x8, 0xb, 0x2, 0x5, 0x7, 0x120000, 0x8000, 0x5, 0xfffffff7, 0x19, 0xa50a, 0x8001, 0x8, 0x101, 0xb, 0x2, 0x3, 0x5, 0x7, 0x81, 0x1, 0xdca, 0x6, 0x401, 0x8, 0x2, 0x7762ac7, 0x7, 0x49d, 0x9, 0x0, 0x968d, 0x2b8, 0x6, 0x8, 0x7, 0x8, 0x80, 0x2, 0x4, 0x5, 0x4, 0xffffff81, 0x2, 0x5, 0x3b, 0xe3, 0x0, 0xfffffff8, 0x5, 0x8, 0x80, 0x100, 0xb45, 0x9, 0xdd0, 0x101, 0xffffe630, 0xf, 0x80008, 0xf8, 0x8000, 0x4, 0xfffffffc, 0x3, 0x3, 0xd2bb, 0xf, 0x7, 0x9ce5cfe8, 0x5, 0x9, 0x80000001, 0x7, 0x0, 0x0, 0xfff, 0x7, 0x8, 0x9, 0x3, 0xd2, 0x8, 0x8, 0x64c2, 0x742162c5, 0x1, 0xe1f, 0xf, 0xfff, 0x5, 0x9, 0x7, 0x401, 0x6a, 0x282, 0x8, 0x1000, 0x0, 0x9, 0x7, 0x9, 0x40, 0x3, 0x1, 0x4, 0x0, 0x7, 0xd, 0xffffffff, 0x1ff, 0x7, 0x0, 0xea8, 0x2, 0x5, 0x6, 0x9a39, 0xf, 0xfff, 0xfff, 0x7, 0x7, 0xed49, 0x48, 0x7, 0x6, 0x8, 0x7fffffff, 0x0, 0xc, 0x9, 0xe47, 0x0, 0x6, 0x5, 0x13080, 0x5, 0x1, 0x3, 0x7, 0x8, 0xfffffffb, 0x7, 0x8, 0x5, 0x0, 0x4, 0xfffffff8, 0x17b1, 0x57b7eabd, 0x9, 0x7fff, 0x7, 0x9, 0x7, 0xde, 0x8, 0x213efa9, 0x3, 0x10001, 0x10, 0x4, 0x4, 0x1, 0x67081126, 0x8, 0xa4, 0x6, 0xffff, 0x0, 0x0, 0x5, 0x3, 0x87b4, 0x3a, 0x7fff, 0x101, 0x400, 0x1, 0x2, 0xb, 0x4, 0x7fffffff, 0x3, 0x8, 0x94, 0x5c, 0x7, 0x2, 0x2, 0x9, 0x5d63, 0x800, 0x1, 0x1, 0x0, 0x4, 0x3, 0x1, 0x7, 0x9, 0x9, 0x0, 0x0, 0xffffe6f6, 0x1000, 0x234, 0x0, 0x0, 0x3, 0x2, 0xfffffff9, 0x3, 0x10001, 0x8, 0x9, 0xfffffffc, 0x8000, 0x9, 0x0, 0x10001, 0x7, 0x7ff, 0x101, 0x0, 0x1, 0x9, 0x0, 0x1, 0xbc, 0x0, 0x4bca, 0x8da0, 0x5, 0x2, 0x2, 0x4, 0x3, 0x0, 0x2, 0xc36f0000, 0x4, 0x8000, 0xfffffff8, 0x1, 0x9, 0x5, 0x3, 0x0, 0x6, 0x7ff, 0x9, 0x3, 0x1ff, 0x1, 0x8a7, 0x4, 0xc, 0x2, 0x3, 0x0, 0x2, 0x5ab, 0xe819, 0x6, 0x0, 0x0, 0xff, 0x5, 0x7, 0xfff, 0x0, 0x0, 0x6, 0x86, 0x6, 0x845, 0x554, 0x1, 0x10000, 0x1000, 0xcf3, 0x0, 0x2, 0xf0, 0x100, 0x9, 0x8, 0x41a5, 0x6, 0x7, 0x1d, 0x9, 0x0, 0x20a, 0x9, 0x5, 0x3, 0x3, 0xc, 0x3, 0x0, 0x5b8, 0xdfce, 0xcc, 0x81, 0x0, 0x6, 0x44, 0x46e, 0xdf5, 0x9, 0x4, 0x4, 0x0, 0x3, 0x15, 0x8711, 0x360, 0xfffffff8, 0x5, 0x3, 0x200, 0x100, 0x3, 0x3, 0x6, 0x4, 0xa, 0x9, 0x5, 0xc93, 0x48b, 0x4a, 0xd, 0x29ca, 0x1, 0x20, 0xb, 0x4, 0x5, 0x2, 0x5, 0x4, 0xfffffff1, 0xfc, 0x8000, 0x5, 0xac, 0x2, 0xfffffffa, 0x100, 0x9, 0x2, 0xfffffffb, 0x7, 0x3, 0x10c000, 0x3ff, 0xffffd289, 0x3, 0x10001, 0x89, 0xf7b, 0xb9, 0x0, 0x5, 0x0, 0xfff, 0x1ff, 0x5, 0xfffffffd, 0x8, 0x0, 0x8, 0x1, 0x9, 0x3, 0xe, 0x81, 0x3, 0x7, 0x3626, 0x2, 0x1000, 0x6, 0x9, 0x6, 0x8, 0x9, 0x4, 0x8001, 0xfff, 0x7, 0x3, 0x5, 0x3ff, 0x36, 0x6, 0x7, 0x7, 0x20f, 0x1, 0x10, 0x3, 0x3, 0x80, 0x0, 0x1, 0x10, 0x3, 0x76, 0xe11, 0x3, 0x4, 0xffff, 0x3, 0x7, 0x3, 0x401, 0x2, 0x3, 0x48000, 0x6, 0x8, 0x1, 0x5, 0x5, 0x0, 0x101, 0xc, 0x8, 0x7, 0x1000, 0x11, 0x5, 0xffffff9d, 0x5, 0x600000, 0x6, 0x2, 0xffff1ac4, 0x7f, 0x4, 0x0, 0x0, 0x6bc, 0x2, 0xafa, 0x8, 0x6, 0x1000, 0x9, 0x8000, 0x6, 0x157, 0x0, 0xffffffff, 0x4000, 0x1ca, 0xffffffff, 0x7, 0xe6, 0x200, 0x5, 0x9, 0xfffffffc, 0x8, 0x8, 0x8, 0xfffffe00, 0xfce, 0x80, 0x9a, 0x10001, 0xaf8a, 0x0, 0x81, 0x2, 0x9, 0xa8, 0x1, 0x47b, 0x101, 0x7, 0x4856, 0xc9db, 0xffffff0a, 0xd4, 0x0, 0xe, 0x100, 0xffff5efc, 0xa1, 0x8, 0x8, 0xd44a, 0x2, 0x2, 0x101, 0x1, 0x80000000, 0x4, 0xfffffc35, 0x7, 0x7ff, 0xfe, 0x1, 0x4, 0x8, 0x8, 0x3893beb5, 0x7, 0x9, 0x76d1, 0x2, 0x6, 0xb7, 0x8, 0x2, 0xee4, 0x1ff, 0x5aa9, 0x15, 0x7, 0x4, 0x4, 0x81, 0x6, 0xffff, 0x7f, 0x3, 0xfff, 0x1, 0x4, 0x9, 0x0, 0x7, 0x401, 0xf, 0x10000, 0xfffffc1e, 0xa, 0x0, 0x7f, 0x7, 0x10000, 0xffff, 0x10, 0x30, 0x7, 0x1, 0x2, 0xfffffffb, 0xcd53, 0x4f, 0xab3, 0x10, 0x8, 0xfffffff7, 0x1, 0x5, 0x401, 0x7, 0x2, 0xd, 0x9, 0x8eee, 0x66, 0x3, 0x5, 0xffffffff, 0x8001, 0x4, 0x80000000, 0xffffff2a, 0x5, 0x6b7a9756, 0xff, 0x10001, 0x7, 0x2, 0xf09c, 0x5, 0x0, 0x800, 0x3, 0x6, 0x19be00, 0x9, 0x805, 0x5, 0x6, 0x4, 0x401, 0x7, 0x6, 0x9, 0xfffffff9, 0x0, 0x7, 0x7b, 0xb, 0x0, 0x1ff, 0x2, 0xf0000000, 0x7, 0x558, 0x7, 0x1, 0x7f, 0x10001, 0x1, 0x31, 0x9, 0x3, 0x4, 0x5a4f, 0x40, 0xfffffff2, 0x7, 0xc, 0x74, 0xd5, 0x1, 0xb133, 0x6, 0x8001, 0xea, 0x0, 0x40, 0x4, 0x2, 0xf5b, 0x5, 0x8000, 0x80000000, 0x3, 0xcc, 0x36f, 0x5, 0x4, 0x7f, 0x7, 0x3, 0x1, 0xffffff30, 0x80000000]})

5.072385904s ago: executing program 0 (id=844):
r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x983c, 0x1, 0x1003, 0x2d9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x51, 0x0, 0x80, 0x2, 0x0, 0x127})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xfefc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r3, 0x0)
io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, r0, 0x35, {0x5, 0x1}, 0x1}, 0x1)

5.072108204s ago: executing program 2 (id=845):
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setresgid(0xee00, 0xee01, 0x0)
setregid(0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f00000000c0), 0x1)

4.819905827s ago: executing program 1 (id=846):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000003700)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fallocate(r2, 0x0, 0xfea000, 0x2000402)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x36)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x9d3}}], 0x18}, 0x8000)

4.819205927s ago: executing program 3 (id=847):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000006380)="c66dd220cbdeb68f27c1f98bf43fd861bcf841572658a3308737983b31a434673f1003eeeb6d9b934bcd19cf754f4882114d61e15354449f763f772e86c9e2252731f7a098faad2accca3e470845b32918bcf530f9474d3cd610d9028cb7b247d3a73d887719f70554d8976c10784c8073e521a80b5ebe7501d6c3b6b5cf9a498a1e97b8201ac756e5f35d71bdd4d196e73cae0cc34c7140cde8380de823e8c76662f0844f549818b5ef6c732b8f412b79273508b69f2e6a653709b4d9bded080b6c15ca5c5b8ff23309e05d460dfb40403f60a3e5a0e1d4e1aa59d53823a047427673267e79d40fdd6f12ef696fe22887d24087373f64987e48ba20e7f47d1f08871e0c22a02593156648fc106c4529d8cf17c71d473f4ad43992b1cdbf5cfaaf1ce401d5ad8b9c6bdc3c60a88a91c52f5aae74a5d25e0cd738fd80169a98b84d4d24a7e86c9d8e4c3e3ff1a9fc44a87558aeb7acbfec13a26a4b121b2cb9ae628c682aa4c44311c45a673bab25880665d6cdf589e5c5415794c4fd6b940e7a44df93a34a684183581c850fbe97ef8c1de852ea836e0db1a104b498d6dd8fdf65c606e772de2e9dfe46a418fac3c0bdd72916c951e3df04f2ae85839305be2a86aebcf4898b6e49c27df6033ad2b8651279ceb20c779716240d3d0fef3bb6c417a8c6f75398a91942d8ab11f21f5795767650a96e246c7244f8e4935e9c01349616a098ae810487d657fd095beee05a36812f39f4266f25f4508e80f19a4aec7116f1d8bc48bc2c1f0f96ff34b66a965d428852766b78f1e7eb0260bbb355cc0859af6988ff7efa0b3fede3d5f2f2147ffae4a5eb58a7585b596270334c360a1547787a95634e13d59bf53f51f48e75a6a3e48f8348f4cb495d9699dfdf8cc71668c5b9622578100f7163394cb3171fc8a6c1e7f88f08b8c3cf4b0cd9a1bc16bd1488ebe43199d97cdf4bbcde8a06a79c5af6ff2ebf1a04add74830cfac0b946514b18de249e934dd8a1a96fce085320fa857c853480170208533acd3d41c4384a932eeccd4ce7d09827efae4c0d19d00c5b48943c4d877017be59434dae6bef767fb9ffd073c2261b06c0f23a0c77a5bcb1f5738dceb6abee00bd7c649f6ebc64b4b8b948319a22ed4add48eedda8a2cd1bad6799e1d9ed778e5ce22d5fead0cd06806cb4b7b5661f9db6bcf9ddcdc9e49e0e6a8ec98fc42c660d5d75311fb9c9d06074611ebbdbea45672dd78760ed92d0e95c1d5ae234d674dc3ffaeef3d928aa4b93c0fe55fa886bd3f2371a5bb22c4dd6b8bc13250490cf279d4e56b646dec4eaa53951d55f602c1f4081d49316f6bcb35aad0453b44c7f266e99838683404859bc372d1df5f1512f35558b3706b32093b72a78a40c8a188852a0b5aca11a34ba23195cb598ca595f243c260392cd793b65dda856f81be1b54d873a0366407ac26687262d6bda693e058f598bde80e304c83dd0c2fd0e634ff15e1ca4e2918bfa8e3a626aee7b5e445aa7fae096595fe58032c993eb06ce49c1045b1f132f2c90d6e23b76076838ad7ed7a6a74245d7ad72b38bdc04e458d3908d1d272f23fe18f68ad746e5440cfbcc3b7ad477dccd6fb2db536df0e4d24480d2765e724ca06cbde7e01cd32e36681796a454c801adc1b25b501cc4aaae778f3783dad15d12e656b09bb3d8f37efc86cc7faea5e51913902faed79ae5973f4413e275f78e7e66099f9e41bd73a07445a780dde0b189308e3b83d1a3cf5aef2d3e11fcad930eb6c60ebb899b22cdbd539412b2371d28a4331394d8f29d8b16f94ffd91d4eb5c278e7f6b4024fcc7af9dfde1b3c915b06dae683760fad05d6638c6389fdd19a9b12956c11e9b9ea7d30e09b13d9f681e012f1e41746341a61b71ac6c333b29883ca2cd1aaa3c02e66c85de1e3b2b7e77b0dd1469ab9db5c17beb2d33862db20fd77de685a1e70ba55b0d9cf4b2d3d1196196b5317324e5f189605baa37493c9586b7e475865b4bb21b335e8b291b9dea17f6afc1cd84618b189567817511de821a866a00b62c62516b716cf55dcf7f5b7d7520306fe03f00cc61b7dc297886459d74bedb8ac1d05cc506db74d018c877da735481c318224fd06f349b59f69b0d2d017c817e5a1f934d263789d418eb69c772d923b01a6a4a6afbba4a6980fbf7cddd84f8e4392eaccb98cdd30488919ea6d492d32f9ca4233649117474f4116f6ca4cb762d524c0f92bbb40d3f430dbd50dba20adda8b4170a73c3b66257c412311a7bd3ea3ecca0da47a7a00ef0a464ee0a4b2402b61db833f3cfe1847b9630de47f331d575f6e3c6fb44a9021700c6d8055ea982a05a5ba6a91a41e7445fdba7ac09202fee733a5c216b3c3090991225b98178508d1985832f8e7dae58482ec0fa2215c935bd0ef9f03c0ed3caf97bf4de023605aa8535f1e88e841471bd8842084c6715a3fd3acd07ec9c43f635e5f868d82cdc6f9424ed978d39e72cc92535c2637164f15e9a67770389535ba46cbf786189562908872274ba126b313bd1c0780e9d0ca38956d1277b58f04eaa1f97ed8c6c83d9c05df0df8b43da930707a84662e480a33d1868edc9ff65368d51fda828ad29ecbd3b2cc0ddb0aad251b4736f872ba5f066617a9e9675ed7f80685544af44c677b9d39a1a353984ea4ccbf36d759b490f8dcd5621e573baaa2c03ef367f543ca5d36d1c9d33d4762bb0b1e02ec67d3511582d69b06a57d15f5260fab5ed8d9361948eabf88d9e776a18c5c4f2d42bb46373861b613db9a91ccff8fbd563ddb37f0738fa1723c23c85cac0f9eb53a41d115fe0339eed3167f59b2f2f0739cf9c0ba5769b18a213d5809bccadecee6e781811bf584c22a6557516d12bd58420f5c67c673fdf0888ab31edcee3198927b5b87a63f89f7a07d1da8cb946f0a87e7d3bb455c888f394d17694378446c9073e54368564dc546b6c930ae17afcc8360cb2e31d87ad8923f60033aa637a399707398ffa51645ab1d9963c29375c834746004ac16d24d8f006e9674e45da3d938de524857c57fd39b22678f39096309527ed22c41677a65a67dc0998a8babc9cb688a56628d09a732773d9019d92399415e93852a12d66ccbfa571837b7689c7cc50026ed643a89c8f1bdef6d01016e6e1c21bb779db52c2254f5dae40ff173943ba62ce343ec035d93d5c92c64884d654777cf6995dd0c485c7c132db383769ae1f35f1980654d2b47e92b1862f653eeb81ada4eed6c9d0fe9da3d7db5dfb4d66b2d576676beddc4394ade2acf55f9ec24aee7c4c77138e799f62deb19367ce226a66715da515479b176c9ca06c739566d279142ce2163b8835c840a3de6e2d275b5d5a948b26ec8faa6cf322c5038fc00fb0a27f0b76b5e305780c9145e99feadf571bf8d87dc93ea0f8ff3bc246b16d4e43256507abc7ccc92e113a037ab13855058ba1e0770b90f52e0740c157d68963b3d236f681454589385c6124bddf948c5aa2e147a3543c301dc6d82acb504f76239c890b7d3d76dbd7c26445ab6fe66f9f71d95f4f0d6c51533ce4b05353ef27178f6b6813366189ff4cc19cc5c9f7aca4d6b6f3b5b213e828cbf8b8b5cacb42ade1fa2594cc4ccd3457a45a5b19926f17b9061c9072fdce96afbd3f2bbecc6dfbdf9d9b3e1a621e65a7cdf0a97cb0223b220b39a88b7414ce91e5fb52f3c9c7e10199ffc8fad826d40a798ecaebbd8881c1605f986bb0af06f416280f63f3a3c28d399d13c21e6d79501cbbfcc9483a73a931e91358807fbebefd39b466cb9f251fa4fc7d5f4fd2d87d4604c9750593d3a801b963085ad7aaa91e023977742b728d292b046d0bd49f81717a686f10096e154681b85aeb81a26fa8f46bf3dfdf5dc7c7ca37aa3da37e53a105be5935640baff476453f53ffcf786894eac35d1933a5e97fb9b6d975f9fbe7914d09dc948d305005eb4aba3a9b8cdefb30dbb3300f46041db06567956ba4327280721addb17425a2b223e81bc41467cb413cebbe16818468eeb5b24b6cd79ec4787f693f3c301e5dd10747bea13bf042d6fde42d18c48fec0e3e43454799da1d5501130fc98917fed27d696ae85a39debdb67d5b3d70a82a2097095476e24211757626c91a29e917796766bc4016456c4acf0436b6c02055778ce7f34e605264f7d6d1321072c4ba341866ac6f78e9b99a30478eb7f09a17f4fb3e23184e878c2f60d2c18617185007841778c7c256750a287ec0bbdd20bd37ab50538e43a5929456d336fb46a04593765b2692ba15e7b71b97788970a7903e12088211098bd356132862a4d586508b4aac077d3acd4f77c67d9066b436d14b20d3e2870cb19cdad5581de2e08da761fc95755c43cf0dc2cff84e6a3a8fa2d0390fcfee285a133b37ac7b2fefd0d3665b1705784187e228579680be97982194329136fb72d8b61cdeaa88f3dfc835ae22167c0130529fe81043b0e1c3aebccb1f4aadc28cb484f850158504439d389d1e559ff424217dc031d422a8b7b51731db75dc541e16fed8fae14f58c1f9c8d0fb91a685245ba558c1aeb243aa728db51c3f3aa6d8f7a4a547b8d95018402283a59a45173e7696f02304954ebfb43c2215f180c8e47e433e5262e279fdb63405c81b0f128b7d6a095ff5f85690331d94d34923a3e8beef5cccbf7b208b2a0aa898f9a32b2f1bb55aca4eaaefcdf09acd871f4b88feb535be87dfdbb5ad45ff3c26a2765230011d90baa4b5d5baaac5519f9013c8fd497d57083403ee6eb0c4e23428cf3846bd34d69840d021196f9a9a4fc101016fe2d4fbf4ec23c11e9d737c5e6d2cc3da7e0981c00ea9df07ed88ab05b7821033b2d311f2fe0525176660d0a33b0eb23a57f5b1d41e2c1698ac7bfe5f59c27792f899fd39610052b705862e798a27084450edfccd180a13d8adf8072430e9305f41b0a67bd1784b6ba9450b1e872794e0b7b55b22a2f649f83270b98d0a0137694fec0d16ec2ebf37c72d9398d231a71e40c912428929a29a433dc0fdcb697f64e07540da92067b1b5a7735fb7fb8ac8da2591fa44b676bbaa32ef5e6cc11f1b2ab3b262d9bc4b2082e081ee50fe71def63cf6e2d588bb8d66a8daa8c8a30ca07d2956463e1affc76003e4bacc632cdeee50098fe80cd7485fefed6eab639d8c42a1357fefae5a5a779fad536474e3bdebf6aab699552e807ffd8a44030f439756748dee9ddf19a6cbf5f75307b03c5ef4185a31a41583fb4ca3699e06319371c5d932d6e5f4e1bf77c02c70564d2140f7510e183ba2fa7ead8a9b8cfb085a9d0fa7dbca7561bd9dc1e5c1a1da0322982ff29c0fa2cc33bea18646445cc59b44965a01570b7b739d730df8f1f2cfe3558e7102de13994d6745ef8f91965265fbe0d29c3f381e1eb9c63242962a4409ddb0a4946ef9ce5b0eda90f8365362681943247a0d87d9b7fbbdd26d4902be34068499b6e2ab2ea746634402e1065c8cb9c32a211d10fc2796f1a7045c59b9cbc4771dbf56a5c38303f93951194d06a1b8cce31dd4869a148ae90a797d09de168e47974ed9699eab3a6424781f481d03cf1046df28b454af02df72c0f56c693343a82f7f383afb3ac452200ff155444010f6c988de71e3fb6f079bc6ac2bfab6ff451242b7e3e70578b8206529816764206d47115cda77b3e356e54f825ec745017ea8c3dcb412523b754b951d19fc075ec66012cceff51da925af9079f547e840c3f2774239cce5fd6533f3ee8d194812de2d4499ef18c4bebfa8d7273307d7aa0ac09e6ebfd95ba99946a585a4bd4afef8bb0b52857e8415a32b42e0a9ccb0749599d7a43cec793b22c96b3de91534c905456b25a5972124b83c7d8f0520cd71c5544e49afab26cccacdb7e112f0af1acbcb2b68760c7538aa6c990814d7cf7bde5ddd618bfd55bfbdd968e53e28f94042fafa2796b5bf2d1be612c81dbafbf90b0728b4b06fe216aab91b8898780ab06cff75be5239c39ac836dbdb5482222e61ff5971ea492c5b5ef509720fc886f8a07a9232653d427d176574c99d65244f1618fdaab109f732e1e1295391a25f9b750c9761bbceb81d316d9f9dcd555afb762191b7e173f06a4d8f4d97ab88b9ae19f6c85c361b8b5cbe91a3493cae594063ed457f3be99772485b34d3308da4e751e58a14cf7c771d8e5be77f88c7567af095caae1eb83d259cea709ea5441047ce96f0e21faf89ed491bba5d0dcc6bc33a07237fbef2fe671447ce14e16a1cae4361938767ce65ecfe0c63e1261cce5fbf603a2537d21b50c9a3a3ed6a7cf112a0586a653b43f813912a226aa4722f7edaf8dda5553efb22721dc71924aa73bf232c2439b1d806d3beaf157442643c81ce2b551b82d63cbcd4195029e2f63aef127ed4df0bffd41665d86213512557ce90ee54fcd01078a6a19085bde6a0343595f540b1ff610bd7a5a2d695bdc5e508cbf544d15cf5920b3e405ef4e10e6651c5ffff039adde2f805143b78916188fec05cadac443c93447d23bb25b0a0cfc787754a20f7efcdee5798de939b758f238f15c23f2622b8ed682378017c8f251dda0261baa33c6262d42d6365e68e85d43a46d92aaf04acee203c09487755df49f07ea1129782b1be0feb6f011bb914266fe2cf5361c377fe33a491089f701ac61bcab2bfa3bbe8bf7b0b834dba1bf187ab78fca751b57f1bddfc670c80d83c34c3461d823d7762b45ff0accc3af21b38137276d4e4d7a5d0a075902865f17f084cfa94cc28f70ee7296e216401b172184df0e060dd61be91efcdbeb03b4a6699c88a16ebb18f3e938cb458a377e29a3f3cbdaaf121e278b691c02b6f0dc790510840b3970b1f905b421a1cb376043cc7511e70e94cc63941ed0f864b4118592878538e12e986b9abaaf2ed588ad5f0e5e0851ffc29ef21aed080eb6f35fa10052f27767d0ddf3fea5a08c14657d68a9c3e6cba422d93a6aff222c40eee9f3c9fcb03a310453b616a80c48646f7d196433736fedcfc2ff4fa1a43bf9f8fc0a0660cf9f79fd0d8e106591a2319cff5eb0a5be578d178e0e184a9eca92991ca63bf1e9c5b1c56dba3c836975a74d9eb9b763ce7c5dc753cde77fb2d048e3656a15f9aa7f9dea249c4a3dc0456b64533513e69861fcb9f4348d78acd5b8ce1f3c41271b8551ba4d5754fbb123862236bc94192a5306c29adb2b0b053cd7d4deaa1be6c61f75bca27b53765a7356dd34a48437d5e5b356d48db64749243fea9b1f44e4625fe7ce820dc9f1a6022d77198e6e917cd4f5e23622d5b3b2fafd4f9be0b85db21371f5d35c7c651a616a8351a02dbfa74f9d273a0eb7d2ab9fca254bd28509b3d6f5420108cabc42d9a5670779dfdfb78afe74cd87fdf8e3be937e6c6981eb88156f5cbc91e4b92f8d65a151ee3307cce381dc189c54a29d21c9fa9f512c50dbc9f1c0ddb43b6b10d5190b8169f9e06f7c60a2103c9c3fa3fe0d1cab8358cf4ddf95d5e26fbed636b2f1f474b7d10426afb5aa21948f7486e0df5275ffa6c091c46c3868703c4e30e1a15a8d27a708b6d5fa7d123f1524c221fb93b5f9f8d87b0286de38c6112a05d1f07706923b531e335db326ff756acf6cf9a5e5352953d112a842d7b2f05d296f644b01bca413f2686dbdea6b2cc6dd8115e22d832af742eb801ee61f6b90f93d227b694fe474385125801d6eb58867c15246faa6c0a1cae0b05f104fb2e97476c73a79185796e0c26bb1b59527aba4b79db6ec99f1650898b996e068329d17b94730cd6ab79a3d77d80e5ed78eecc7d680b5425231357f24c46fd01732052eb18737634915131c7ffcdb0b48a35d8761c402ff5b56aa1a9080b46836e4a888c86d7a260fb6cc2f3b9f68d52201531220bbfe0e7b2890a390acb33831fa1126b88dceb126a555181edbfa4680cadb08d38abe00c91980ce68ab58274ec28eaa697f8a4d7d6db744d8c9daac2035d40a5eb565e12c8be5c2bc1d725f713d45a03ac14ceaf91bb1c5dddcac87553b9d22e23d738742e3bf994412ab153f66ddea53a35c9ec19c555a49ae1aea112a70ddc10201258536ba93ae0dc7fb60d51ffbbe9e96eb8eeea6878e3784dcd686fc0db4516249cdfcb9f6d880fdcf8f86cdadd23ea7455b3b7e3a0e8affc9b61be59814f8e32175c869adaf7dbb5acb4c994e2269d2657011e8751c5c0e6e97e9eda4e8e6c309e842c8ea01c20de3c5f4f6372cc8cb7cdf2b0e3519155e4c662fc8572c36d9d3b7eb3ee19e985bfab9eb20e077c20dec4172e584357cc54f9cd49742e0b31d1fed87812f19efa9ae81ebebb021df0c280aa9790d2f1acb94b38f268ca7861b1da63cbb86daaeac3a5b067c86fc532a1db230a29578563f16dee5b4267f9d474c81c9ad762216452cb3a37c8ed44cbaab2e4b9a9583b134da3a64390fe5f76946879a1757d127e6e10b3b3042de48189350d844ede16134c770dba47cf56483cc14e2cfc93fc11f47cd33b06b720f531efdd1ff1254966b68fc46645ec3b45c2a60427e69ba1d710f25571522ba90622315f9f0cad33f8b1a1053a45aa07964892621ecc9256b7c4e21716e546c235fdb618f339b55c377a30b61a9add4e3b5657e3433a6feaff5b67ef34771ae6d04449b5228b6b99ce7237996b307613d14602d76f21a58a55cdc71a1f348ca18265634f094012bf4eae241df634d7424de578eb4c4199de382f2795c17eefa11ac2ad4625be7263373de4bbe189d42fa51953652d433323b9e6110f00c7cb44e4e7df1e6e1cc421c5cc5e78eac4009824d73b4bf0a0340ebd883acb90e928f6034d6a44edee021abc40726df358ef83429351f46aaf10b63b0a5f4c68bdf4e425f8ce7c6a8ad95dc4874836a56a298f586a602ad7b33350fabaacfda30b80210432dc6b59cb807d50782399624d624bbb5e759c09daec8ab3afbff204f62f94754e377cca96b00ba4842d52d8f12a5ce7d1dd81b760c1c5392f739d91f8bdc8c290090fc6e3221ee69abd2648b6c7a818e8a0d04ffd83464f7b26002e4d5614392848205fc0e766713e4c65f46ec2f9d221e98fdeaa5c329d8a0e7481690164fa1ad829ce9dd2eec2fe92231b33415c3f564161353ea7f823e3dc97c9e905f40d693082be719aff77b3b35a832ed3fc16e3bf57305fbabfbbadea1d33ece1f05ba482d3dcc391e0c709c02c335a6289a8deb035fd5b99edde61f0d936631e21251eb65c1dc23574a7a8f9ba8fd0b6c958ee146954cdab3daf90c17ffe92aef5390b4e19d32fef469e9e60ef8ea16af6b66dab7de1d6ddfeeb602cd69d8f32e4d5f06bfaebe7f000d62abc793ad34d77d1369c63785e93c2ff205769589011208ed6affc73dda9287bc8f4d9e27d33038b699431f56285f92fd9f02e78745fcdca4a4840dcfc307bf8f1806146d954ed5ccc8a66edf2179e2a5356624b3b30f8f78839ddc9940794acce40290e5eb73dbb52fe1c633e88d1492aedc69b351912a0890b63eda0d8756a5b7c47c740fcd73a0f419fa363fbf0cd3fcdd38f0fd055627932c998421f086ee0cbe0520b2f2fd6d38fce1575a2c90fef9f81aa23fc7c4c5625d6f46fbfd02ac31cd1620a92c43b7884e4a050e5ef5bb9b8f9825a159bb0370c828519ef71090e09ab43ff2bd2cc75563fb9073eadcfd869f0d9b6986e4320b1986ce3f19a3f5dce202f8c13757726e5d6a9fc9e2b0b357625362fb873709fb307ee51bc58494857fdd3811f6a8aee0086b0a62da4e327c698e5639e373567d5eefc76e0d6725272527cdbc01a2b40e7511ac986e32bb7e48558756dca3b944855fd9dfdbb2358a52e53769817cad50af13d8a5941c41f6bd121cb267acdc461c500855c6f6c0750367c62dd32fa41595a6070e728f1915bab951e5536ff8230a0608ac96c2e19a5c1415209a3774c091174f575bc937d544d495370294aaffc5e6be76364c7a212bbb4ec7f3bd38db75a159b68e2b3075ae6bb68ffa02e6bfb42553b505da20f133b2855572b7e6f8f3de240d9ab1ff32b3d9825f087774f4932024be806b78f059d4b3b40414df456aef405d1cffb2f3604834dae38932d830298df7045d404f005f5edf81061850808d4998f6ce80bc7569081765875d908d4b6a0edcb434317543a4f5954a5e0e5b7c4da75cb369e2810e2aebf950b973ad3380bca5d0de8311e59a6ed3f01d8f7c1b39060fddc7ac1febe659626ed7ad27dcee7b3d409b9f84e4f55ceb2e462f55627857f8c485c35c9abdc2fa87c4281365790ecdf1971f3a285ea0bb2038ae91d927729f4bf847bf0fc724b002cb029d2a57b89218bd4a763ab01902b7b48cb609cf3b9ad8fb568aef0ceff20c5def1a4faee11d33d304e2227b83f3ab06f0b9fa5502b1d9c6fe2a34bf9abb9a5b13928800149488cead47e48c754c75a061d5ea8a515f7f55611b0c048b88c9772ca4b1eb3d6fc931801990f1611e9b1171223527dceccfe8cfd72600a88a8486e088e21c30b997af1b60b55bc5443cecb18c2dcf54dbca3ac34f10ad2be9d755679519bb674b42904be579df62436bcf06de4cfd636d592840d674d11195edeb4dfe61370e9a9453378957fdecf2115ee008224fb8c97fcd051ddb1ed8d0419b950f2cd085bf1debaafb2a46cf65be863939cffde741797fdf64c17f3b447464be0e6bb90324c4c65b3cf66958a15d537a1675dffbc4e41f7a6c92ed27c5ef0dd0dcce6f96225b4e0ece510ce00f9611e395215e116026499dce3417cee3fbde0106b2a6fbd5937423124f6549c2206afc2ad1df5bedcc5e1371ed2b9f09f76576589450b09dd990811c59c3f848c1a4fccdfe686968903edffbc010eb73f55ac5a675fa3db70db12c826c8b7360617d8abeacefa6e2a8da62e4f304543cc9217fe1b0ec4fb044ca849802c4a140b91cc056d566c8670e4600941a54b2eb8643ff206c3401c0bd9838a025545227ae3e6bcb47fa3dcd1b40d8a0917f63744fb1ec2b72211c6cfda13248b2d0b4232e4fe7015cc42d4928f07ca9161640102f22236cca7ca3b81ffc81c4ff20532b5203e0d94771b8d0ec70e637135fdbb788fa8b4704e11d3c6083a45f51efd8560c0e63435516586aa82eaa998c140767d3ce35491e301c12f74583c61cd4d2ef1caa6fea3e353637cdeb3332d964155c9d32f826829a7174ab06c44e32063e46ce742b7027cffb8999302b602949c60496a0bf3c7cdf859d4ba51102674414867af614cffb88ac177dfbdb6131f7370dcb851002cec1742fb1561257716850c9ed3b075a6c023bcf05b5d580ac8e5d7ab7e5b1723212c681989e5f91958b635e0d076634584920c1b98d7f6ea0ddded6be9eb74de778b3c57c36b18e0c56c3a051014e09fac70ce6a7b0f042f5eeca8b8885e500bcb41f6fd974e5f6888859abdf3600706a3de9fce060c3069600c63106aff24210461c5d3423fa4e350041fd166902ad86bdba8cf965917f7e3ab019e1911d8013dad576465319c4e04b89b5ee1d07f54705718592d6aa453558294743daa8dba33159fb0e291829ac220562b007597e067e5f65841563673b69cc1d549f50e9efbdf256d797fe8c7d09596c167a45d", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x18, 0xfffffffffffffff5, 0xffffffff, {0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)
close(r0)

4.325249493s ago: executing program 0 (id=848):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x4004080)

4.287016694s ago: executing program 1 (id=849):
socket$kcm(0x2, 0xa, 0x2)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

4.034518637s ago: executing program 2 (id=850):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
r2 = io_uring_setup(0x175c, &(0x7f000009df80)={0x0, 0x678, 0x0, 0x0, 0x2e8})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0)

3.77205001s ago: executing program 0 (id=851):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="00000000100000001c001a"], 0x44}}, 0x0)

3.696179542s ago: executing program 3 (id=852):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
r3 = gettid()
fsmount(0xffffffffffffffff, 0x0, 0x0)
tkill(r3, 0xb)

3.581444863s ago: executing program 2 (id=853):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000480)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000180)={{0x80, 0x80}, 'port0\x00', 0x172, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
write$cgroup_int(r3, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.340859506s ago: executing program 0 (id=854):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f00000000c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@nostrict}, {}, {@anchor={'anchor', 0x3d, 0x91}}, {@unhide}, {@lastblock={'lastblock', 0x3d, 0xcf8f}}, {@undelete}, {@longad}, {@unhide}, {@umask={'umask', 0x3d, 0x5}}]}, 0x1, 0xc43, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==")
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c0"], 0x398}}, 0x0)

3.313709336s ago: executing program 1 (id=855):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000840), 0x7)

2.562140526s ago: executing program 2 (id=856):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x840000000002, 0x3, 0xff)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x3)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCFLSH(r5, 0x541b, 0x69de07874f7f0000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000005c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [0x7, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x0, 0xfffffffc], [0x6, 0x4, 0x4]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000200)={r9, 0x80000, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r10})

2.148129382s ago: executing program 1 (id=857):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='RECLEV\nPHONEOUT\nSPEAKER \'CD\' 00000000000000'], 0xb8)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)

2.034984483s ago: executing program 3 (id=858):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r1, &(0x7f00000001c0), 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'syzkaller1\x00', {0x4}, 0x1})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})

1.752741267s ago: executing program 4 (id=859):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000003700)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fallocate(r2, 0x0, 0xfea000, 0x2000402)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x36)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x9d3}}], 0x18}, 0x8000)

1.708038307s ago: executing program 0 (id=860):
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setresgid(0xee00, 0xee01, 0x0)
setregid(0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f00000000c0), 0x1)

1.053495946s ago: executing program 4 (id=861):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)={0x70, 0x3e, 0x1, 0x7fffc, 0x4, {0x1}, [@typed={0x4}, @nested={0x4c, 0x1, 0x0, 0x1, [@nested={0x48, 0x10, 0x0, 0x1, [@nested={0x43, 0x8, 0x0, 0x1, [@generic="a831985351cb3d4a57729361f10318be72cb433d11a9b4781da90ad1a200b17485433caa6c97072c59b89aaa3987b4bfce08fe13e090413b9606330beb137e"]}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r0)

977.784897ms ago: executing program 1 (id=862):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
r4 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)

896.124148ms ago: executing program 3 (id=863):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
r2 = io_uring_setup(0x175c, &(0x7f000009df80)={0x0, 0x678, 0x0, 0x0, 0x2e8})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0)

763.93013ms ago: executing program 4 (id=864):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="00000000100000001c001a"], 0x44}}, 0x0)

422.103274ms ago: executing program 3 (id=865):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f00000007c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
connect$rose(r2, &(0x7f0000000240)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @null}, 0x1c)

196.065167ms ago: executing program 1 (id=866):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000480)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000180)={{0x80, 0x80}, 'port0\x00', 0x172, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
write$cgroup_int(r3, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

0s ago: executing program 0 (id=867):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, 0x0, 0x0)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r7, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000)

kernel console output (not intermixed with test programs):

omes ready
[   92.512577][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   92.534521][ T4253] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.550196][ T4263] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   92.578617][ T4265] device veth0_macvtap entered promiscuous mode
[   92.616127][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   92.632173][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   92.651428][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.673714][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.717644][ T4265] device veth1_macvtap entered promiscuous mode
[   92.767356][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   92.801410][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   92.817034][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   92.829510][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.849470][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.868399][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.879129][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   92.895727][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   92.913097][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   92.934625][ T4262] device veth0_vlan entered promiscuous mode
[   92.958353][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   92.977644][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   93.029623][ T4265] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.064037][ T4262] device veth1_vlan entered promiscuous mode
[   93.116555][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   93.136593][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   93.141221][ T4261] Bluetooth: hci4: command 0x040f tx timeout
[   93.147260][ T4274] Bluetooth: hci0: command 0x040f tx timeout
[   93.153819][ T4256] Bluetooth: hci3: command 0x040f tx timeout
[   93.192039][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   93.207289][ T4265] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.220931][ T4274] Bluetooth: hci2: command 0x040f tx timeout
[   93.223821][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   93.227384][ T4274] Bluetooth: hci1: command 0x040f tx timeout
[   93.257579][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   93.275534][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   93.294249][ T4265] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.313617][ T4265] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.327807][ T4265] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.352178][ T4265] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.435819][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   93.447343][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   93.461201][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   93.474016][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   93.485795][ T4262] device veth0_macvtap entered promiscuous mode
[   93.507724][ T4263] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.552321][ T4262] device veth1_macvtap entered promiscuous mode
[   93.572638][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   93.583501][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   93.627923][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   93.642083][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   93.674116][ T4262] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.696010][ T4262] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.710102][ T4262] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.742421][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   93.760125][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   93.771066][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   93.783224][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   93.794469][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   93.804460][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   93.816706][ T4262] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.828225][ T4262] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.841755][ T4262] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.878578][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   93.895123][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   93.909838][ T4262] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.922665][ T4262] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.933634][ T4262] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.943687][ T4262] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.958955][ T4255] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.985740][ T4263] device veth0_vlan entered promiscuous mode
[   93.999522][ T4253] device veth0_vlan entered promiscuous mode
[   94.008108][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.018357][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.029808][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.039938][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.049943][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.061411][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.070577][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.079511][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.103848][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.113084][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.125126][ T4263] device veth1_vlan entered promiscuous mode
[   94.152986][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   94.163619][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   94.195726][ T4253] device veth1_vlan entered promiscuous mode
[   94.237472][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.247654][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.292564][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   94.302999][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   94.313481][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   94.323302][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.332433][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   94.344798][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   94.356081][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.367320][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.396814][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.408840][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.421798][ T4263] device veth0_macvtap entered promiscuous mode
[   94.440339][ T4253] device veth0_macvtap entered promiscuous mode
[   94.479578][ T4329] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.487277][ T4263] device veth1_macvtap entered promiscuous mode
[   94.506647][ T4329] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.513817][ T4253] device veth1_macvtap entered promiscuous mode
[   94.535285][ T4255] device veth0_vlan entered promiscuous mode
[   94.578281][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.603015][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.623419][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.638242][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.644298][ T4337] loop1: detected capacity change from 0 to 512
[   94.650801][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   94.671181][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.683334][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.684006][ T4337] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   94.707758][ T4337] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   94.731043][ T4337] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   94.737292][ T4255] device veth1_vlan entered promiscuous mode
[   94.741791][ T4337] System zones: 1-12
[   94.761562][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.762214][ T4329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.771542][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.791732][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.794501][ T4337] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   94.812471][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.823676][ T4337] EXT4-fs (loop1): 1 truncate cleaned up
[   94.838264][ T4337] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   94.848470][ T4329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.866246][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.880512][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.894975][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.908418][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.925891][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.937435][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.954480][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.966319][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.981652][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.996947][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.019257][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.036671][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.037158][ T4265] EXT4-fs (loop1): unmounting filesystem.
[   95.048900][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.070067][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.084652][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.118109][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   95.147001][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   95.168293][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   95.180299][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   95.191039][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   95.202132][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   95.220185][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   95.230341][ T4274] Bluetooth: hci4: command 0x0419 tx timeout
[   95.230756][ T4274] Bluetooth: hci3: command 0x0419 tx timeout
[   95.238515][ T4260] Bluetooth: hci0: command 0x0419 tx timeout
[   95.254207][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.267443][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.278882][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.290696][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.302813][ T4260] Bluetooth: hci2: command 0x0419 tx timeout
[   95.307860][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.310920][ T4261] Bluetooth: hci1: command 0x0419 tx timeout
[   95.331675][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.348003][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.373568][ T4253] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.388286][ T4253] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.400296][ T4253] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.412404][ T4253] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.433456][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   95.446307][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   95.467884][ T4263] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.479621][ T4263] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.490739][ T4263] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.502970][   T27] usb 2-1: new low-speed USB device number 2 using dummy_hcd
[   95.506995][ T4263] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.589896][ T4255] device veth0_macvtap entered promiscuous mode
[   95.616204][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   95.633463][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   95.649487][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   95.720929][   T27] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[   95.754255][   T27] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[   95.769266][   T27] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[   95.784263][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.887260][ T4255] device veth1_macvtap entered promiscuous mode
[   95.934918][ T4329] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.129953][ T4329] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.147231][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.196831][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.233297][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.253321][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.280155][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.295108][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.384910][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.582363][   T27] usb 2-1: string descriptor 0 read error: -71
[   96.700767][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.738266][   T27] hub 2-1:32.0: USB hub found
[   96.747015][ T4255] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.750469][   T27] hub 2-1:32.0: config failed, can't read hub descriptor (err -22)
[   96.835671][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   96.864922][   T27] usb 2-1: USB disconnect, device number 2
[   96.865622][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   96.896000][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   96.952748][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   96.995425][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.015021][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.028610][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.046459][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.055056][ T4359] loop2: detected capacity change from 0 to 2048
[   97.059916][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.085549][ T4255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.098005][ T4255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.107174][ T4359] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   97.112547][ T4255] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.157153][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   97.183508][ T4335] udevd[4335]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.189402][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   97.223599][ T4255] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.245361][ T4255] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.272586][ T4262] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   97.276922][ T4255] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.303286][  T130] cfg80211: failed to load regulatory.db
[   97.312546][ T4255] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.364504][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.388158][ T4262] EXT4-fs (loop2): unmounting filesystem.
[   97.411293][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.415398][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.457302][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.479970][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   97.522253][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   97.685986][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.722549][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.731093][ T4325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.739835][ T4325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.779720][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   97.817629][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   97.846696][ T4368] overlayfs: missing 'lowerdir'
[   98.096771][ T4325] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.132909][ T4325] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.447572][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   99.120945][ T4382] process 'syz.3.12' launched './file0' with NULL argv: empty string added
[   99.465459][ T4383] loop0: detected capacity change from 0 to 32768
[   99.473798][ T4383] =======================================================
[   99.473798][ T4383] WARNING: The mand mount option has been deprecated and
[   99.473798][ T4383]          and is ignored by this kernel. Remove the mand
[   99.473798][ T4383]          option from the mount to silence this warning.
[   99.473798][ T4383] =======================================================
[   99.512558][ T4383] xfs: Unknown parameter 'uid<00000000000000000000'
[  100.183035][ T4383] loop0: detected capacity change from 0 to 22
[  100.191619][ T4383] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  100.236137][ T4383] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  102.121190][ T4406] loop1: detected capacity change from 0 to 40427
[  102.168481][ T4406] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  102.177762][ T4406] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  102.526678][ T4406] F2FS-fs (loop1): invalid crc value
[  102.831409][ T4406] F2FS-fs (loop1): Found nat_bits in checkpoint
[  102.943106][ T4406] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  102.951641][ T4406] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  104.035125][   T26] audit: type=1804 audit(1746246611.067:2): pid=4422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.19" name="/newroot/6/bus/file0" dev="loop1" ino=10 res=1 errno=0
[  106.579633][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  106.635793][ T4430] sched: RT throttling activated
[  107.909728][ T4436] loop2: detected capacity change from 0 to 32768
[  107.917991][ T4436] xfs: Unknown parameter 'uid<00000000000000000000'
[  108.196153][ T4444] loop2: detected capacity change from 0 to 64
[  108.246165][ T4444] BFS-fs: bfs_fill_super(): Last block not available on loop2: 4227079
[  110.454445][ T4467] loop3: detected capacity change from 0 to 16
[  110.472666][ T4462] loop4: detected capacity change from 0 to 40427
[  110.502516][ T4462] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  110.511024][ T4462] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  110.522524][ T4462] F2FS-fs (loop4): invalid crc value
[  110.551763][ T4467] erofs: (device loop3): mounted with root inode @ nid 36.
[  110.606843][ T4462] F2FS-fs (loop4): Found nat_bits in checkpoint
[  110.679604][ T4462] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  110.690596][ T4462] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  110.703419][ T4463] loop0: detected capacity change from 0 to 8192
[  111.059318][   T26] audit: type=1804 audit(1746246618.077:3): pid=4479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.35" name="/newroot/5/bus/file0" dev="loop4" ino=10 res=1 errno=0
[  112.831540][ T4491] loop3: detected capacity change from 0 to 32768
[  112.839809][ T4491] xfs: Unknown parameter 'uid<00000000000000000000'
[  113.007525][ T4342] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  113.019556][ T4491] loop3: detected capacity change from 0 to 22
[  113.020561][ T4491] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  113.113172][ T4491] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  113.155888][ T4499] loop0: detected capacity change from 0 to 64
[  113.625976][ T4499] hfs: request for non-existent node 24 in B*Tree
[  113.636260][ T4501] loop1: detected capacity change from 0 to 40427
[  113.644529][ T4501] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  113.652861][ T4501] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  113.663817][ T4501] F2FS-fs (loop1): invalid crc value
[  113.671785][ T4499] hfs: request for non-existent node 24 in B*Tree
[  113.773671][ T4499] hfs: request for non-existent node 25 in B*Tree
[  113.805928][ T4499] hfs: request for non-existent node 25 in B*Tree
[  114.094486][ T4501] F2FS-fs (loop1): Found nat_bits in checkpoint
[  114.237967][ T4509] ptrace attach of "./syz-executor exec"[4263] was attempted by "./syz-executor exec"[4509]
[  114.677063][ T4516] hfs: request for non-existent node 26 in B*Tree
[  114.692373][ T4516] hfs: request for non-existent node 26 in B*Tree
[  114.712740][ T4501] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  114.722125][ T4501] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  115.589741][   T26] audit: type=1804 audit(1746246622.617:4): pid=4524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.47" name="/newroot/11/bus/file0" dev="loop1" ino=10 res=1 errno=0
[  116.642710][ T4533] loop0: detected capacity change from 0 to 40427
[  116.651007][ T4533] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  116.659316][ T4533] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  116.991255][ T4543] loop3: detected capacity change from 0 to 32768
[  116.998832][ T4543] xfs: Unknown parameter 'uid<00000000000000000000'
[  117.053437][ T4533] F2FS-fs (loop0): invalid crc value
[  117.273633][ T4400] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  117.290437][ T4552] ptrace attach of "./syz-executor exec"[4253] was attempted by "./syz-executor exec"[4552]
[  117.446992][ T4533] F2FS-fs (loop0): Found nat_bits in checkpoint
[  117.591036][ T4533] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  117.591068][ T4533] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  117.816675][ T4543] loop3: detected capacity change from 0 to 22
[  117.817506][ T4543] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  117.818029][ T4543] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  118.034653][   T26] audit: type=1804 audit(1746246625.067:5): pid=4557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.52" name="/newroot/7/bus/file0" dev="loop0" ino=10 res=1 errno=0
[  118.628351][ T4556] loop2: detected capacity change from 0 to 4096
[  118.635745][ T4556] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512)
[  118.927013][ T4556] syz.2.61 (4556) used greatest stack depth: 20624 bytes left
[  120.258098][ T4570] loop1: detected capacity change from 0 to 64
[  120.275912][ T4260] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  120.286428][ T4260] CPU: 0 PID: 4260 Comm: kworker/u5:2 Not tainted 6.1.136-syzkaller #0
[  120.295091][ T4260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  120.305358][ T4260] Workqueue: hci3 hci_rx_work
[  120.310533][ T4260] Call Trace:
[  120.313967][ T4260]  <TASK>
[  120.317140][ T4260]  dump_stack_lvl+0x168/0x22e
[  120.322440][ T4260]  ? show_regs_print_info+0x12/0x12
[  120.327880][ T4260]  ? load_image+0x3b0/0x3b0
[  120.332780][ T4260]  sysfs_create_dir_ns+0x252/0x280
[  120.338259][ T4260]  ? hci_rx_work+0x3eb/0xd40
[  120.342920][ T4260]  ? sysfs_warn_dup+0xa0/0xa0
[  120.347737][ T4260]  ? do_raw_spin_unlock+0x11d/0x230
[  120.353181][ T4260]  kobject_add_internal+0x6b8/0xc80
[  120.358802][ T4260]  kobject_add+0x152/0x210
[  120.363505][ T4260]  ? kobject_init+0x1d0/0x1d0
[  120.368800][ T4260]  ? klist_children_get+0x50/0x50
[  120.374339][ T4260]  ? get_device_parent+0x121/0x3f0
[  120.379550][ T4260]  device_add+0x483/0xfb0
[  120.384120][ T4260]  ? kmem_cache_free+0xf7/0x290
[  120.389245][ T4260]  hci_conn_add_sysfs+0xd1/0x1e0
[  120.394337][ T4260]  le_conn_complete_evt+0xd1d/0x1320
[  120.400563][ T4260]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  120.406950][ T4260]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  120.412633][ T4260]  ? skb_pull_data+0xf7/0x200
[  120.417377][ T4260]  hci_le_enh_conn_complete_evt+0x185/0x460
[  120.423363][ T4260]  ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0
[  120.430105][ T4260]  ? hci_remote_host_features_evt+0x270/0x270
[  120.436233][ T4260]  hci_event_packet+0x791/0x1210
[  120.441250][ T4260]  ? bis_list+0x280/0x280
[  120.445822][ T4260]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  120.452059][ T4260]  ? kcov_remote_start+0x4c7/0x7e0
[  120.458103][ T4260]  ? mce_start+0x130/0x140
[  120.462925][ T4260]  ? hci_send_to_monitor+0x9c/0x4a0
[  120.468320][ T4260]  hci_rx_work+0x3eb/0xd40
[  120.473132][ T4260]  ? _raw_spin_unlock+0x40/0x40
[  120.478041][ T4260]  ? process_one_work+0x7a1/0x1160
[  120.483372][ T4260]  process_one_work+0x898/0x1160
[  120.488648][ T4260]  ? worker_detach_from_pool+0x240/0x240
[  120.494960][ T4260]  ? _raw_spin_lock_irq+0xab/0xe0
[  120.500697][ T4260]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  120.506828][ T4260]  ? kthread_data+0x4b/0xc0
[  120.511521][ T4260]  worker_thread+0xaa2/0x1250
[  120.517068][ T4260]  kthread+0x29d/0x330
[  120.521385][ T4260]  ? worker_clr_flags+0x1a0/0x1a0
[  120.527038][ T4260]  ? kthread_blkcg+0xd0/0xd0
[  120.532081][ T4260]  ret_from_fork+0x1f/0x30
[  120.536575][ T4260]  </TASK>
[  120.540077][    C0] vkms_vblank_simulate: vblank timer overrun
[  120.571337][ T4260] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  120.595697][ T4260] Bluetooth: hci3: failed to register connection device
[  120.600980][ T4568] loop4: detected capacity change from 0 to 40427
[  120.622383][ T4568] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  120.630305][ T4568] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  120.640689][ T4568] F2FS-fs (loop4): invalid crc value
[  120.659871][ T4570] hfs: request for non-existent node 24 in B*Tree
[  120.667302][ T4570] hfs: request for non-existent node 24 in B*Tree
[  120.675592][ T4570] hfs: request for non-existent node 25 in B*Tree
[  120.682528][ T4570] hfs: request for non-existent node 25 in B*Tree
[  120.691193][ T4570] hfs: request for non-existent node 26 in B*Tree
[  120.698322][ T4570] hfs: request for non-existent node 26 in B*Tree
[  120.707637][ T4570] hfs: request for non-existent node 27 in B*Tree
[  120.714275][ T4570] hfs: request for non-existent node 27 in B*Tree
[  120.746274][ T4568] F2FS-fs (loop4): Found nat_bits in checkpoint
[  120.821905][ T4568] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  120.829379][ T4568] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  121.830690][   T26] audit: type=1804 audit(1746246628.857:6): pid=4580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.64" name="/newroot/12/bus/file0" dev="loop4" ino=10 res=1 errno=0
[  122.512196][ T4583] loop1: detected capacity change from 0 to 40427
[  122.520595][ T4583] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  122.528571][ T4583] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  122.572004][ T4583] F2FS-fs (loop1): invalid crc value
[  122.664072][ T4583] F2FS-fs (loop1): Found nat_bits in checkpoint
[  122.711832][ T4583] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  122.720146][ T4583] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  124.005487][ T4600] ptrace attach of "./syz-executor exec"[4262] was attempted by "./syz-executor exec"[4600]
[  125.718347][ T4612] loop0: detected capacity change from 0 to 128
[  125.729263][ T4614] loop3: detected capacity change from 0 to 256
[  125.745380][ T4610] loop2: detected capacity change from 0 to 32768
[  125.753805][ T4610] xfs: Unknown parameter 'uid<00000000000000000000'
[  125.881743][ T4612] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  125.937145][ T4614] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  125.978567][ T4612] ext4 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  126.079175][ T4618] loop2: detected capacity change from 0 to 64
[  126.117776][ T4618] BFS-fs: bfs_fill_super(): Last block not available on loop2: 4227079
[  126.769291][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  126.913654][ T4630] netlink: 165 bytes leftover after parsing attributes in process `syz.4.77'.
[  126.929040][ T4260] Bluetooth: hci4: command 0x0405 tx timeout
[  127.364785][ T4629] loop1: detected capacity change from 0 to 2048
[  129.222348][ T4629] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  129.438221][ T4265] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  129.665483][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  129.731407][ T4649] loop4: detected capacity change from 0 to 512
[  131.401284][ T4656] loop3: detected capacity change from 0 to 256
[  132.010611][ T4658] ptrace attach of "./syz-executor exec"[4255] was attempted by "./syz-executor exec"[4658]
[  132.787613][ T4649] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  132.833264][ T4649] EXT4-fs: failed to create workqueue
[  132.838864][ T4649] EXT4-fs (loop4): mount failed
[  135.376288][ T4674] loop1: detected capacity change from 0 to 40427
[  135.449057][ T4675] loop2: detected capacity change from 0 to 32768
[  135.455719][ T4674] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  135.456576][ T4675] xfs: Unknown parameter 'uid<00000000000000000000'
[  135.463931][ T4674] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  135.492767][ T4674] F2FS-fs (loop1): invalid crc value
[  135.597564][ T4683] loop0: detected capacity change from 0 to 2048
[  135.603060][ T4674] F2FS-fs (loop1): Found nat_bits in checkpoint
[  135.606028][ T4675] loop2: detected capacity change from 0 to 22
[  135.617190][ T4675] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  135.626844][ T4681] IPVS: stopping master sync thread 4687 ...
[  135.639015][ T4675] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  135.842218][ T4674] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  135.849324][ T4674] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  136.680595][ T4692] netlink: 165 bytes leftover after parsing attributes in process `syz.4.90'.
[  137.117875][   T26] audit: type=1804 audit(1746246644.147:7): pid=4694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.81" name="/newroot/16/bus/file0" dev="loop1" ino=10 res=1 errno=0
[  137.582348][ T4683] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  137.861753][ T4255] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  138.074521][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  138.469892][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  138.476758][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  138.888482][ T4715] ptrace attach of "./syz-executor exec"[4255] was attempted by "./syz-executor exec"[4715]
[  139.616579][ T4724] loop0: detected capacity change from 0 to 512
[  139.771196][ T4724] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  139.853119][ T4724] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  139.911681][ T4724] System zones: 1-12
[  139.932364][ T4706] loop4: detected capacity change from 0 to 32768
[  141.185794][ T4724] EXT4-fs (loop0): 1 truncate cleaned up
[  141.336036][ T4724] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  141.517102][ T4728] loop2: detected capacity change from 0 to 4096
[  141.833132][ T4706] (syz.4.96,4706,0):ocfs2_initialize_super:2283 ERROR: status = -12
[  141.939806][ T4706] (syz.4.96,4706,1):ocfs2_fill_super:1176 ERROR: status = -12
[  141.971035][ T4746] netlink: 165 bytes leftover after parsing attributes in process `syz.1.103'.
[  142.719193][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  143.048144][ T4748] loop3: detected capacity change from 0 to 40427
[  143.188336][ T4748] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  143.196218][ T4748] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  143.211054][ T4748] F2FS-fs (loop3): invalid crc value
[  143.452520][ T4748] F2FS-fs (loop3): Found nat_bits in checkpoint
[  143.535075][ T4748] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  143.542381][ T4748] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  143.648441][ T4756] loop1: detected capacity change from 0 to 2048
[  143.768830][   T26] audit: type=1326 audit(1746246650.797:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4760 comm="syz.0.106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa09e18e969 code=0x0
[  144.160620][ T4756] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  144.410053][   T26] audit: type=1804 audit(1746246650.897:9): pid=4764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.105" name="/newroot/24/bus/file0" dev="loop3" ino=10 res=1 errno=0
[  144.507935][   T26] audit: type=1326 audit(1746246650.947:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4760 comm="syz.0.106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=230 compat=0 ip=0x7fa09e1c1225 code=0x0
[  144.596626][ T4265] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  144.642165][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  146.103539][ T4789] ptrace attach of "./syz-executor exec"[4263] was attempted by "./syz-executor exec"[4789]
[  147.714647][ T4796] loop1: detected capacity change from 0 to 512
[  147.809885][ T4796] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  147.886152][ T4796] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  147.904860][ T4796] System zones: 1-12
[  147.923060][ T4796] EXT4-fs (loop1): 1 truncate cleaned up
[  147.943845][ T4796] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  148.018702][ T4800] loop2: detected capacity change from 0 to 4096
[  148.108126][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  152.534374][ T4846] ptrace attach of "./syz-executor exec"[4262] was attempted by "./syz-executor exec"[4846]
[  152.811657][ T4848] syz.4.131 uses obsolete (PF_INET,SOCK_PACKET)
[  154.111044][ T4834] loop3: detected capacity change from 0 to 32768
[  154.320254][ T4834] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.128 (4834)
[  154.522614][ T4834] BTRFS error (device loop3): open_ctree failed: -4
[  155.987707][ T4867] netlink: 4 bytes leftover after parsing attributes in process `syz.3.138'.
[  158.517730][ T4889] loop0: detected capacity change from 0 to 512
[  158.808012][ T4888] ptrace attach of "./syz-executor exec"[4262] was attempted by "./syz-executor exec"[4888]
[  160.353104][ T4889] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  160.482928][ T4889] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  160.534748][ T4889] System zones: 1-12
[  160.593527][ T4889] EXT4-fs (loop0): 1 truncate cleaned up
[  160.599287][ T4889] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  161.399038][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  161.981513][ T4274] Bluetooth: hci2: unknown advertising packet type: 0x70
[  163.505925][ T4943] loop3: detected capacity change from 0 to 1024
[  163.530120][ T4943] EXT4-fs: Ignoring removed bh option
[  163.670902][ T4943] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  163.914334][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  164.175580][ T4956] loop4: detected capacity change from 0 to 512
[  164.262802][ T4956] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  164.359123][ T4956] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  164.376237][ T4956] System zones: 1-12
[  164.397692][ T4956] EXT4-fs (loop4): 1 truncate cleaned up
[  164.403757][ T4956] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  166.123696][ T4253] EXT4-fs (loop4): unmounting filesystem.
[  166.441504][ T4982] loop4: detected capacity change from 0 to 64
[  167.555643][ T4988] hfs: request for non-existent node 24 in B*Tree
[  167.603849][ T4988] hfs: request for non-existent node 24 in B*Tree
[  167.654493][ T4982] hfs: request for non-existent node 25 in B*Tree
[  167.731214][ T4982] hfs: request for non-existent node 25 in B*Tree
[  167.738227][ T4988] hfs: request for non-existent node 26 in B*Tree
[  167.794111][ T4993] loop0: detected capacity change from 0 to 1024
[  167.808246][ T4988] hfs: request for non-existent node 26 in B*Tree
[  167.808576][ T4993] EXT4-fs: Ignoring removed bh option
[  167.978441][ T5002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.176'.
[  168.050320][ T4993] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  168.972566][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  169.343489][ T5018] loop0: detected capacity change from 0 to 2048
[  169.406498][ T5018] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  170.151885][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  172.122333][ T5049] loop3: detected capacity change from 0 to 1024
[  172.255238][ T5049] EXT4-fs: Ignoring removed bh option
[  172.594205][ T5049] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  173.095366][ T5059] Zero length message leads to an empty skb
[  173.105242][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  175.657812][ T5071] loop4: detected capacity change from 0 to 32768
[  175.673373][ T5071] (syz.4.192,5071,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  175.689205][ T5071] (syz.4.192,5071,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  175.824606][ T5071] (syz.4.192,5071,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  175.868024][ T5071] JBD2: Ignoring recovery information on journal
[  176.106429][ T5071] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  177.925584][ T5093] loop2: detected capacity change from 0 to 40427
[  178.006598][ T5093] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  178.014511][ T5093] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  178.027400][ T5093] F2FS-fs (loop2): invalid crc value
[  178.157303][ T4253] ocfs2: Unmounting device (7,4) on (node local)
[  178.393597][ T5093] F2FS-fs (loop2): Found nat_bits in checkpoint
[  178.528594][ T5093] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  178.535843][ T5093] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  179.035529][ T5107] loop0: detected capacity change from 0 to 512
[  179.143926][ T5107] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  179.435581][ T5107] EXT4-fs (loop0): 1 truncate cleaned up
[  179.513165][ T5116] loop4: detected capacity change from 0 to 512
[  179.520600][ T5107] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  179.534403][ T5116] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  179.568379][ T5107] EXT4-fs (loop0): unmounting filesystem.
[  179.625351][ T5116] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  179.665234][ T5116] System zones: 1-12
[  179.688937][ T5116] EXT4-fs (loop4): 1 truncate cleaned up
[  179.768785][ T5116] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  179.939310][ T4253] EXT4-fs (loop4): unmounting filesystem.
[  180.278640][ T5121] loop0: detected capacity change from 0 to 40427
[  180.287002][ T5121] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  180.295665][ T5121] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  180.311761][ T5121] F2FS-fs (loop0): invalid crc value
[  180.546376][ T5121] F2FS-fs (loop0): Found nat_bits in checkpoint
[  180.598599][ T5121] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  180.607843][ T5121] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  180.968776][   T26] audit: type=1804 audit(1746246687.987:11): pid=5136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.209" name="/newroot/34/bus/file0" dev="loop0" ino=10 res=1 errno=0
[  182.509192][ T5147] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  182.555215][ T5145] loop4: detected capacity change from 0 to 4096
[  183.077520][ T5154] netlink: 12 bytes leftover after parsing attributes in process `syz.4.216'.
[  183.989822][ T5164] loop4: detected capacity change from 0 to 64
[  184.935055][ T5170] loop1: detected capacity change from 0 to 2048
[  185.107585][ T5170] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  185.202737][ T5170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.222'.
[  185.608242][ T5182] loop3: detected capacity change from 0 to 512
[  185.620475][ T5182] EXT4-fs: Ignoring removed nobh option
[  185.684764][ T5182] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  187.452259][ T5182] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  187.646542][ T5198] loop1: detected capacity change from 0 to 4096
[  188.527989][ T5209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.231'.
[  190.597804][ T4260] Bluetooth: hci1: unknown advertising packet type: 0x70
[  195.486615][ T5255] loop1: detected capacity change from 0 to 4096
[  197.778271][ T5278] netlink: 12 bytes leftover after parsing attributes in process `syz.1.247'.
[  199.050235][ T5285] loop4: detected capacity change from 0 to 32768
[  199.057644][ T5285] xfs: Unknown parameter 'uid<00000000000000000000'
[  199.086284][ T5292] loop2: detected capacity change from 0 to 64
[  199.244150][ T5292] hfs: request for non-existent node 24 in B*Tree
[  199.252279][ T5285] loop4: detected capacity change from 0 to 22
[  199.259334][ T5285] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  199.260479][ T5292] hfs: request for non-existent node 24 in B*Tree
[  199.271576][ T5285] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  199.332923][ T5294] hfs: request for non-existent node 25 in B*Tree
[  199.412077][ T5294] hfs: request for non-existent node 25 in B*Tree
[  199.591021][ T5292] hfs: request for non-existent node 26 in B*Tree
[  199.616176][ T5292] hfs: request for non-existent node 26 in B*Tree
[  199.703244][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  199.709698][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  201.145724][ T5310] loop2: detected capacity change from 0 to 16
[  201.180959][ T5310] erofs: (device loop2): mounted with root inode @ nid 36.
[  201.267996][ T5310] syz.2.263: attempt to access beyond end of device
[  201.267996][ T5310] loop2: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  201.395744][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 40 @ nid 36
[  201.406680][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 39 @ nid 36
[  201.416501][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 38 @ nid 36
[  201.433475][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 34 @ nid 36
[  201.479549][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 32 @ nid 36
[  201.718192][ T5314] syz.2.263: attempt to access beyond end of device
[  201.718192][ T5314] loop2: rw=0, sector=14546590688, nr_sectors = 8 limit=16
[  201.720864][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 30 @ nid 36
[  201.739020][ T5318] loop3: detected capacity change from 0 to 1024
[  202.693365][ T5318] EXT4-fs: Ignoring removed bh option
[  202.837801][ T5318] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  203.021831][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 27 @ nid 36
[  203.032026][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 26 @ nid 36
[  203.041465][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 25 @ nid 36
[  203.051958][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 24 @ nid 36
[  203.075564][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 23 @ nid 36
[  203.095759][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 22 @ nid 36
[  203.119721][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 21 @ nid 36
[  203.141552][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  203.159303][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 20 @ nid 36
[  203.159481][ T5327] loop0: detected capacity change from 0 to 4096
[  203.179079][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 18 @ nid 36
[  203.199573][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 12 @ nid 36
[  203.236489][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 10 @ nid 36
[  203.280692][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 6 @ nid 36
[  203.301744][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 4 @ nid 36
[  203.375877][ T5310] erofs: (device loop2): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  203.540741][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 0 @ nid 36
[  203.549847][ T5310] syz.2.263: attempt to access beyond end of device
[  203.549847][ T5310] loop2: rw=524288, sector=296, nr_sectors = 16 limit=16
[  203.674394][ T5333] loop1: detected capacity change from 0 to 32768
[  203.681942][ T5333] xfs: Unknown parameter 'uid<00000000000000000000'
[  203.758407][ T5338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'.
[  204.067300][ T5333] loop1: detected capacity change from 0 to 22
[  204.074360][ T5333] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  204.138995][ T5333] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  204.147935][ T5310] syz.2.263: attempt to access beyond end of device
[  204.147935][ T5310] loop2: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  204.421963][ T5310] syz.2.263: attempt to access beyond end of device
[  204.421963][ T5310] loop2: rw=524288, sector=6520, nr_sectors = 16 limit=16
[  204.442893][ T5310] syz.2.263: attempt to access beyond end of device
[  204.442893][ T5310] loop2: rw=524288, sector=34359736328, nr_sectors = 16 limit=16
[  204.459001][ T5341] loop3: detected capacity change from 0 to 64
[  204.530629][ T5310] syz.2.263: attempt to access beyond end of device
[  204.530629][ T5310] loop2: rw=524288, sector=720, nr_sectors = 16 limit=16
[  204.565117][ T5341] hfs: request for non-existent node 24 in B*Tree
[  204.606583][ T5341] hfs: request for non-existent node 24 in B*Tree
[  204.624001][ T5310] syz.2.263: attempt to access beyond end of device
[  204.624001][ T5310] loop2: rw=524288, sector=536576856, nr_sectors = 16 limit=16
[  204.639708][ T5310] syz.2.263: attempt to access beyond end of device
[  204.639708][ T5310] loop2: rw=524288, sector=13478624032, nr_sectors = 8 limit=16
[  204.656007][ T5310] syz.2.263: attempt to access beyond end of device
[  204.656007][ T5310] loop2: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  204.687412][ T5341] hfs: request for non-existent node 25 in B*Tree
[  204.710620][ T5341] hfs: request for non-existent node 25 in B*Tree
[  204.725463][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 86 @ nid 36
[  204.755130][ T5346] hfs: request for non-existent node 26 in B*Tree
[  204.763621][ T5347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'.
[  204.767949][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 84 @ nid 36
[  204.779334][ T5346] hfs: request for non-existent node 26 in B*Tree
[  204.837102][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 80 @ nid 36
[  204.880847][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 74 @ nid 36
[  204.897990][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 72 @ nid 36
[  204.955594][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 70 @ nid 36
[  204.983800][ T5310] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  205.024218][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 63 @ nid 36
[  205.060538][ T5310] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  205.101581][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 62 @ nid 36
[  205.141915][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 58 @ nid 36
[  205.164897][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 57 @ nid 36
[  205.187822][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 54 @ nid 36
[  205.207512][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 53 @ nid 36
[  205.233609][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 52 @ nid 36
[  205.262571][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 51 @ nid 36
[  205.306071][ T5310] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  205.324496][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 50 @ nid 36
[  205.334025][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 47 @ nid 36
[  205.350713][ T5310] erofs: (device loop2): z_erofs_readahead: readahead error at page 46 @ nid 36
[  207.578212][ T5369] loop1: detected capacity change from 0 to 256
[  207.612346][ T5369] exfat: Deprecated parameter 'utf8'
[  207.617807][ T5369] exfat: Deprecated parameter 'utf8'
[  207.699339][ T5369] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[  208.913606][ T5375] loop2: detected capacity change from 0 to 4096
[  209.445026][ T5391] loop1: detected capacity change from 0 to 8192
[  210.279831][ T5398] netlink: 12 bytes leftover after parsing attributes in process `syz.2.283'.
[  210.438066][ T5397] ceph: No mds server is up or the cluster is laggy
[  210.456514][ T4301] libceph: connect (1)[c::]:6789 error -101
[  210.466373][ T4301] libceph: mon0 (1)[c::]:6789 connect error
[  211.610984][   T27] libceph: connect (1)[c::]:6789 error -101
[  211.617064][   T27] libceph: mon0 (1)[c::]:6789 connect error
[  212.271747][ T4256] Bluetooth: hci2: command 0x0406 tx timeout
[  212.421971][ T4274] Bluetooth: hci0: command 0x0406 tx timeout
[  212.422019][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  212.422053][ T4256] Bluetooth: hci3: command 0x0406 tx timeout
[  212.440801][ T4274] Bluetooth: hci1: command 0x0406 tx timeout
[  213.308576][ T5436] loop0: detected capacity change from 0 to 64
[  213.361068][ T5412] loop4: detected capacity change from 0 to 32768
[  213.385308][ T5412] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 scanned by syz.4.295 (5412)
[  213.386921][ T5436] hfs: request for non-existent node 24 in B*Tree
[  213.432461][ T5412] BTRFS: Invalid seeding and uuid-changed device detected
[  213.444924][ T5436] hfs: request for non-existent node 24 in B*Tree
[  213.485721][ T5438] hfs: request for non-existent node 25 in B*Tree
[  213.518370][ T5438] hfs: request for non-existent node 25 in B*Tree
[  213.561979][ T5439] loop2: detected capacity change from 0 to 4096
[  213.572310][ T5441] hfs: request for non-existent node 26 in B*Tree
[  213.594453][ T5441] hfs: request for non-existent node 26 in B*Tree
[  213.645919][ T5436] hfs: request for non-existent node 27 in B*Tree
[  213.690251][ T5436] hfs: request for non-existent node 27 in B*Tree
[  213.717498][ T5438] hfs: request for non-existent node 28 in B*Tree
[  213.742819][ T5438] hfs: request for non-existent node 28 in B*Tree
[  214.714515][ T5455] loop4: detected capacity change from 0 to 64
[  214.750862][ T5453] loop1: detected capacity change from 0 to 2048
[  214.786428][ T5455] hfs: request for non-existent node 24 in B*Tree
[  214.829613][ T5455] hfs: request for non-existent node 24 in B*Tree
[  214.843686][ T5453] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  214.847969][ T5456] hfs: request for non-existent node 25 in B*Tree
[  214.899563][ T5456] hfs: request for non-existent node 25 in B*Tree
[  215.028788][   T22] libceph: connect (1)[c::]:6789 error -101
[  215.035069][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  215.072748][ T5463] netlink: 12 bytes leftover after parsing attributes in process `syz.2.304'.
[  215.111387][ T5455] hfs: request for non-existent node 26 in B*Tree
[  215.134017][ T5455] hfs: request for non-existent node 26 in B*Tree
[  215.192903][ T5460] ceph: No mds server is up or the cluster is laggy
[  215.425680][   T22] libceph: connect (1)[c::]:6789 error -101
[  215.441849][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  216.072809][  T130] libceph: connect (1)[c::]:6789 error -101
[  216.085496][  T130] libceph: mon0 (1)[c::]:6789 connect error
[  217.476021][ T5485] netlink: 'syz.0.316': attribute type 10 has an invalid length.
[  217.684560][ T5485] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  217.746131][ T5484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.041762][ T5499] loop1: detected capacity change from 0 to 32768
[  218.048974][ T5499] xfs: Unknown parameter 'uid<00000000000000000000'
[  218.087571][ T5501] loop2: detected capacity change from 0 to 64
[  218.209692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #38a!!!
[  218.209771][ T4707] I/O error, dev loop1, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  218.248751][ T5499] loop1: detected capacity change from 0 to 22
[  218.255826][ T5499] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  218.261664][ T5501] hfs: request for non-existent node 24 in B*Tree
[  218.269044][ T5501] hfs: request for non-existent node 24 in B*Tree
[  218.299902][ T5499] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  218.379867][ T5501] hfs: request for non-existent node 25 in B*Tree
[  218.500494][ T5501] hfs: request for non-existent node 25 in B*Tree
[  218.507956][ T5504] hfs: request for non-existent node 26 in B*Tree
[  218.521009][ T5504] hfs: request for non-existent node 26 in B*Tree
[  218.548720][ T5503] loop3: detected capacity change from 0 to 4096
[  218.610649][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  219.920573][ T5516] ptrace attach of "./syz-executor exec"[4265] was attempted by "./syz-executor exec"[5516]
[  221.628305][ T5524] loop0: detected capacity change from 0 to 8192
[  221.926590][ T5535] block device autoloading is deprecated and will be removed.
[  222.258172][ T4260] Bluetooth: hci2: unknown advertising packet type: 0x70
[  224.601166][ T5559] ptrace attach of "./syz-executor exec"[4263] was attempted by "./syz-executor exec"[5559]
[  226.615465][ T5576] loop2: detected capacity change from 0 to 512
[  227.026042][ T5576] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  227.150811][ T5576] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  227.158924][ T5576] System zones: 1-12
[  227.267934][ T5584] loop0: detected capacity change from 0 to 64
[  227.280288][ T5576] EXT4-fs (loop2): 1 truncate cleaned up
[  227.326524][ T5576] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  227.392470][ T5584] hfs: request for non-existent node 24 in B*Tree
[  227.464764][ T5584] hfs: request for non-existent node 24 in B*Tree
[  227.480215][ T5588] hfs: request for non-existent node 25 in B*Tree
[  227.497734][ T5588] hfs: request for non-existent node 25 in B*Tree
[  227.509683][ T4262] EXT4-fs (loop2): unmounting filesystem.
[  227.512823][ T5584] hfs: request for non-existent node 26 in B*Tree
[  227.522280][ T5584] hfs: request for non-existent node 26 in B*Tree
[  227.658778][ T4260] Bluetooth: hci4: unknown advertising packet type: 0x70
[  228.832127][ T5602] loop0: detected capacity change from 0 to 1024
[  228.851712][ T5602] EXT4-fs: Ignoring removed bh option
[  228.921423][ T5602] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  230.414562][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  230.746920][ T4260] Bluetooth: hci2: unknown advertising packet type: 0x70
[  233.433730][ T4260] Bluetooth: hci4: unknown advertising packet type: 0x70
[  234.955579][ T5662] loop0: detected capacity change from 0 to 1024
[  234.998958][ T5662] EXT4-fs: Ignoring removed bh option
[  235.877610][ T5672] tipc: Started in network mode
[  235.889900][ T5672] tipc: Node identity 4, cluster identity 4711
[  235.896324][ T5672] tipc: Node number set to 4
[  236.061406][ T5662] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  236.408342][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  237.977237][ T4260] Bluetooth: hci4: unknown advertising packet type: 0x70
[  238.115934][ T5697] loop4: detected capacity change from 0 to 4096
[  238.131736][ T5697] ntfs: (device loop4): parse_options(): Unrecognized mount option show_s1s_files.
[  238.240948][ T5697] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  238.522768][ T4260] Bluetooth: hci2: unknown advertising packet type: 0x70
[  242.206566][ T5728] sctp: failed to load transform for md5: -2
[  242.712137][ T5744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.394'.
[  242.850706][ T5745] device veth3 entered promiscuous mode
[  242.856571][ T5745] bridge1: port 1(veth3) entered blocking state
[  243.026545][ T5745] bridge1: port 1(veth3) entered disabled state
[  245.030360][ T5767] loop0: detected capacity change from 0 to 64
[  245.758988][ T5767] hfs: request for non-existent node 24 in B*Tree
[  245.826673][ T5767] hfs: request for non-existent node 24 in B*Tree
[  245.919101][ T5775] hfs: request for non-existent node 25 in B*Tree
[  245.940608][ T5775] hfs: request for non-existent node 25 in B*Tree
[  245.947541][ T5776] hfs: request for non-existent node 26 in B*Tree
[  245.954163][ T5776] hfs: request for non-existent node 26 in B*Tree
[  250.686058][ T5803] loop2: detected capacity change from 0 to 40427
[  250.720112][ T5803] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  250.728156][ T5803] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  250.750905][ T5803] F2FS-fs (loop2): invalid crc value
[  250.976509][ T4260] Bluetooth: hci3: unknown advertising packet type: 0x70
[  251.001432][ T5803] F2FS-fs (loop2): Found nat_bits in checkpoint
[  251.299583][ T5803] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  251.307087][ T5803] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  251.793354][   T26] audit: type=1804 audit(1746246758.827:12): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.414" name="/newroot/90/bus/file0" dev="loop2" ino=10 res=1 errno=0
[  253.857091][ T5845] loop3: detected capacity change from 0 to 64
[  254.039308][ T5845] hfs: request for non-existent node 24 in B*Tree
[  254.080463][ T5845] hfs: request for non-existent node 24 in B*Tree
[  254.379586][ T5854] block device autoloading is deprecated and will be removed.
[  254.409529][ T5851] md2: error: failed to get bitmap file
[  256.975180][ T4260] Bluetooth: hci1: unknown advertising packet type: 0x70
[  258.516729][ T5877] loop3: detected capacity change from 0 to 40427
[  258.544926][ T5877] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  258.552833][ T5877] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  258.589583][ T5877] F2FS-fs (loop3): invalid crc value
[  258.829539][ T5877] F2FS-fs (loop3): Found nat_bits in checkpoint
[  259.124644][ T5877] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  259.131950][ T5877] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  259.637907][   T26] audit: type=1804 audit(1746246766.577:13): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.431" name="/newroot/92/bus/file0" dev="loop3" ino=10 res=1 errno=0
[  260.138317][ T5890] loop0: detected capacity change from 0 to 2048
[  260.348123][ T5890] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  260.357240][ T5904] device veth3 entered promiscuous mode
[  260.476479][ T5890] overlayfs: missing 'lowerdir'
[  260.637146][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  261.161552][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  261.167995][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  261.852902][ T5924] loop1: detected capacity change from 0 to 64
[  262.014054][ T5924] hfs: request for non-existent node 24 in B*Tree
[  262.068026][ T5929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.436'.
[  262.077059][ T5924] hfs: request for non-existent node 24 in B*Tree
[  262.083595][ T5929] netlink: 24 bytes leftover after parsing attributes in process `syz.3.436'.
[  262.101337][ T5930] hfs: request for non-existent node 25 in B*Tree
[  262.118093][ T5930] hfs: request for non-existent node 25 in B*Tree
[  262.132831][ T5924] hfs: request for non-existent node 26 in B*Tree
[  262.149702][ T5924] hfs: request for non-existent node 26 in B*Tree
[  262.164237][ T5924] hfs: request for non-existent node 27 in B*Tree
[  262.180975][ T5924] hfs: request for non-existent node 27 in B*Tree
[  263.279612][ T5943] loop2: detected capacity change from 0 to 2048
[  263.634588][ T5943] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  263.722413][ T5943] overlayfs: unrecognized mount option "/" or missing value
[  263.858395][ T4262] EXT4-fs (loop2): unmounting filesystem.
[  267.197490][ T5984] loop2: detected capacity change from 0 to 40427
[  267.205899][ T5984] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  267.213840][ T5984] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  267.229721][ T5982] loop3: detected capacity change from 0 to 64
[  267.238497][ T5984] F2FS-fs (loop2): invalid crc value
[  267.308776][ T5982] hfs: request for non-existent node 24 in B*Tree
[  267.327692][ T5984] F2FS-fs (loop2): Found nat_bits in checkpoint
[  267.388433][ T5984] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  267.396208][ T5984] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  267.415816][ T5982] hfs: request for non-existent node 24 in B*Tree
[  267.423527][ T5982] hfs: request for non-existent node 25 in B*Tree
[  267.430029][ T5982] hfs: request for non-existent node 25 in B*Tree
[  267.437890][ T5982] hfs: request for non-existent node 26 in B*Tree
[  267.617887][ T5982] hfs: request for non-existent node 26 in B*Tree
[  267.647668][ T5982] hfs: request for non-existent node 27 in B*Tree
[  267.658491][   T26] audit: type=1804 audit(1746246774.687:14): pid=5994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.459" name="/newroot/99/bus/file0" dev="loop2" ino=10 res=1 errno=0
[  267.679755][    C1] vkms_vblank_simulate: vblank timer overrun
[  267.688051][ T5982] hfs: request for non-existent node 27 in B*Tree
[  269.057322][ T6009] loop0: detected capacity change from 0 to 2048
[  269.997034][ T6009] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  270.426460][ T6009] overlayfs: unrecognized mount option "/" or missing value
[  271.090218][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  272.976728][ T6046] loop3: detected capacity change from 0 to 64
[  273.362217][ T6046] hfs: request for non-existent node 24 in B*Tree
[  273.420353][    C0] hrtimer: interrupt took 73034 ns
[  273.945167][ T6046] hfs: request for non-existent node 24 in B*Tree
[  273.990672][ T6054] hfs: request for non-existent node 25 in B*Tree
[  274.023708][ T6054] hfs: request for non-existent node 25 in B*Tree
[  274.070682][ T6062] hfs: request for non-existent node 26 in B*Tree
[  274.081008][ T6062] hfs: request for non-existent node 26 in B*Tree
[  274.134499][ T6046] hfs: request for non-existent node 27 in B*Tree
[  274.264906][ T6046] hfs: request for non-existent node 27 in B*Tree
[  274.484073][ T6071] loop2: detected capacity change from 0 to 64
[  274.589888][ T6071] hfs: request for non-existent node 24 in B*Tree
[  274.642779][ T6071] hfs: request for non-existent node 24 in B*Tree
[  274.684799][ T6075] hfs: request for non-existent node 25 in B*Tree
[  274.717129][ T6075] hfs: request for non-existent node 25 in B*Tree
[  274.743002][ T6076] loop3: detected capacity change from 0 to 2048
[  274.755244][ T6077] hfs: request for non-existent node 26 in B*Tree
[  274.765513][ T6077] hfs: request for non-existent node 26 in B*Tree
[  274.807497][ T6071] hfs: request for non-existent node 27 in B*Tree
[  274.810429][ T6076] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  274.929450][ T6071] hfs: request for non-existent node 27 in B*Tree
[  274.942798][ T6076] overlayfs: unrecognized mount option "/" or missing value
[  274.977660][ T6083] loop1: detected capacity change from 0 to 1024
[  275.001956][ T6083] EXT4-fs: Ignoring removed bh option
[  275.036132][ T6083] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  275.187396][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  275.214638][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  277.348586][ T6113] loop3: detected capacity change from 0 to 256
[  279.656083][ T6129] loop3: detected capacity change from 0 to 1024
[  279.751228][ T6129] EXT4-fs: Ignoring removed bh option
[  279.825169][ T6129] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  280.190831][ T6136] loop4: detected capacity change from 0 to 2048
[  280.266761][ T6136] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  280.303676][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  281.204310][ T4253] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  281.311840][ T6158] loop1: detected capacity change from 0 to 16
[  281.351823][ T6158] erofs: (device loop1): mounted with root inode @ nid 36.
[  281.360574][ T4253] EXT4-fs (loop4): unmounting filesystem.
[  281.401964][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 86 @ nid 36
[  281.427623][ T6153] loop2: detected capacity change from 0 to 4096
[  281.440529][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 84 @ nid 36
[  281.502467][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 80 @ nid 36
[  281.603833][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 74 @ nid 36
[  281.666893][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 72 @ nid 36
[  281.710558][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 70 @ nid 36
[  281.719712][ T6158] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  283.205268][ T6175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.504'.
[  283.254276][ T4302] libceph: connect (1)[c::]:6789 error -101
[  283.284319][ T4302] libceph: mon0 (1)[c::]:6789 connect error
[  283.382399][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 63 @ nid 36
[  283.467848][ T6153] ceph: No mds server is up or the cluster is laggy
[  283.470973][ T6158] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  283.485938][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 62 @ nid 36
[  283.495820][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 58 @ nid 36
[  283.507900][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 57 @ nid 36
[  283.518086][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 54 @ nid 36
[  283.540782][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 53 @ nid 36
[  283.549978][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 52 @ nid 36
[  283.636714][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 51 @ nid 36
[  283.687300][ T6158] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  283.818643][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 50 @ nid 36
[  283.850615][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 47 @ nid 36
[  283.880103][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 46 @ nid 36
[  283.899802][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 40 @ nid 36
[  283.999453][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 39 @ nid 36
[  284.043549][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 38 @ nid 36
[  284.091847][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 34 @ nid 36
[  284.101077][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 32 @ nid 36
[  284.110208][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 30 @ nid 36
[  284.130732][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 27 @ nid 36
[  284.152516][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 26 @ nid 36
[  284.175479][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 25 @ nid 36
[  284.194316][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 24 @ nid 36
[  284.213231][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 23 @ nid 36
[  284.234076][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 22 @ nid 36
[  284.349140][ T6191] loop0: detected capacity change from 0 to 1024
[  284.389768][ T6191] EXT4-fs: Ignoring removed bh option
[  284.578380][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 21 @ nid 36
[  285.062675][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 20 @ nid 36
[  285.073535][ T6191] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  285.145793][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 18 @ nid 36
[  285.268994][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 12 @ nid 36
[  285.325023][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 10 @ nid 36
[  285.366608][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 6 @ nid 36
[  285.382612][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 4 @ nid 36
[  285.519705][ T6158] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  285.685512][ T6158] erofs: (device loop1): z_erofs_readahead: readahead error at page 0 @ nid 36
[  285.856250][ T6158] bio_check_eod: 19 callbacks suppressed
[  285.856293][ T6158] syz.1.506: attempt to access beyond end of device
[  285.856293][ T6158] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  285.994110][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  286.052690][ T6158] syz.1.506: attempt to access beyond end of device
[  286.052690][ T6158] loop1: rw=524288, sector=6520, nr_sectors = 16 limit=16
[  286.118650][ T6158] syz.1.506: attempt to access beyond end of device
[  286.118650][ T6158] loop1: rw=524288, sector=34359736328, nr_sectors = 16 limit=16
[  286.133630][ T6158] syz.1.506: attempt to access beyond end of device
[  286.133630][ T6158] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16
[  286.147692][ T6158] syz.1.506: attempt to access beyond end of device
[  286.147692][ T6158] loop1: rw=524288, sector=536576856, nr_sectors = 16 limit=16
[  286.161948][ T6158] syz.1.506: attempt to access beyond end of device
[  286.161948][ T6158] loop1: rw=524288, sector=13478624032, nr_sectors = 8 limit=16
[  286.206638][ T6158] syz.1.506: attempt to access beyond end of device
[  286.206638][ T6158] loop1: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  286.250569][ T6158] syz.1.506: attempt to access beyond end of device
[  286.250569][ T6158] loop1: rw=524288, sector=133693448, nr_sectors = 8 limit=16
[  286.275334][ T6211] overlayfs: missing 'workdir'
[  286.300538][ T6158] syz.1.506: attempt to access beyond end of device
[  286.300538][ T6158] loop1: rw=524288, sector=790384, nr_sectors = 16 limit=16
[  286.340504][ T6158] syz.1.506: attempt to access beyond end of device
[  286.340504][ T6158] loop1: rw=524288, sector=72, nr_sectors = 16 limit=16
[  286.445847][ T6213] loop0: detected capacity change from 0 to 2048
[  286.617688][ T6213] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  286.915168][ T4260] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  286.925416][ T4260] CPU: 1 PID: 4260 Comm: kworker/u5:2 Not tainted 6.1.136-syzkaller #0
[  286.933793][ T4260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  286.943870][ T4260] Workqueue: hci2 hci_rx_work
[  286.948599][ T4260] Call Trace:
[  286.951899][ T4260]  <TASK>
[  286.954875][ T4260]  dump_stack_lvl+0x168/0x22e
[  286.959603][ T4260]  ? show_regs_print_info+0x12/0x12
[  286.964839][ T4260]  ? load_image+0x3b0/0x3b0
[  286.969381][ T4260]  sysfs_create_dir_ns+0x252/0x280
[  286.974529][ T4260]  ? hci_rx_work+0x3eb/0xd40
[  286.979153][ T4260]  ? sysfs_warn_dup+0xa0/0xa0
[  286.983864][ T4260]  ? preempt_schedule_thunk+0x16/0x18
[  286.989369][ T4260]  kobject_add_internal+0x6b8/0xc80
[  286.994624][ T4260]  kobject_add+0x152/0x210
[  286.999156][ T4260]  ? kobject_init+0x1d0/0x1d0
[  287.003875][ T4260]  ? klist_children_get+0x50/0x50
[  287.008948][ T4260]  ? get_device_parent+0x121/0x3f0
[  287.014103][ T4260]  device_add+0x483/0xfb0
[  287.018485][ T4260]  hci_conn_add_sysfs+0xd1/0x1e0
[  287.023459][ T4260]  le_conn_complete_evt+0xd1d/0x1320
[  287.029221][ T4260]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  287.035500][ T4260]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  287.041171][ T4260]  ? skb_pull_data+0xf7/0x200
[  287.045895][ T4260]  hci_le_enh_conn_complete_evt+0x185/0x460
[  287.051823][ T4260]  ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0
[  287.058268][ T4260]  ? hci_remote_host_features_evt+0x270/0x270
[  287.064384][ T4260]  hci_event_packet+0x791/0x1210
[  287.069373][ T4260]  ? bis_list+0x280/0x280
[  287.073741][ T4260]  ? kcov_remote_start+0x27/0x7e0
[  287.078807][ T4260]  ? hci_send_to_monitor+0x9c/0x4a0
[  287.084056][ T4260]  hci_rx_work+0x3eb/0xd40
[  287.088539][ T4260]  ? process_one_work+0x7a1/0x1160
[  287.093690][ T4260]  process_one_work+0x898/0x1160
[  287.098679][ T4260]  ? worker_detach_from_pool+0x240/0x240
[  287.104365][ T4260]  ? _raw_spin_lock_irq+0xab/0xe0
[  287.109438][ T4260]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  287.114846][ T4260]  ? kthread_data+0x4b/0xc0
[  287.119471][ T4260]  worker_thread+0xaa2/0x1250
[  287.124214][ T4260]  kthread+0x29d/0x330
[  287.128321][ T4260]  ? worker_clr_flags+0x1a0/0x1a0
[  287.133376][ T4260]  ? kthread_blkcg+0xd0/0xd0
[  287.137998][ T4260]  ret_from_fork+0x1f/0x30
[  287.142561][ T4260]  </TASK>
[  287.174257][ T4260] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  287.188496][ T4260] Bluetooth: hci2: failed to register connection device
[  287.232086][ T6224] loop1: detected capacity change from 0 to 4096
[  287.505403][ T4255] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  287.527584][ T6222] loop3: detected capacity change from 0 to 4096
[  287.576760][ T6237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.522'.
[  287.590528][ T4304] libceph: connect (1)[c::]:6789 error -101
[  287.644087][ T4304] libceph: mon0 (1)[c::]:6789 connect error
[  287.656506][ T6222] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  287.736711][ T6234] ceph: No mds server is up or the cluster is laggy
[  287.859572][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  289.267479][ T6242] fs-verity: sha512 using implementation "sha512-avx2"
[  289.595242][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  291.478180][ T6272] loop0: detected capacity change from 0 to 16
[  291.486489][ T6273] loop1: detected capacity change from 0 to 64
[  292.044222][ T6272] erofs: (device loop0): mounted with root inode @ nid 36.
[  292.630961][ T6273] hfs: request for non-existent node 24 in B*Tree
[  292.637669][ T6272] bio_check_eod: 12 callbacks suppressed
[  292.637684][ T6272] syz.0.532: attempt to access beyond end of device
[  292.637684][ T6272] loop0: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  292.642544][ T6271] loop2: detected capacity change from 0 to 2048
[  292.677931][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 40 @ nid 36
[  292.740609][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 39 @ nid 36
[  292.749822][ T6273] hfs: request for non-existent node 24 in B*Tree
[  292.773749][ T6287] hfs: request for non-existent node 25 in B*Tree
[  292.792117][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 38 @ nid 36
[  292.809666][ T6286] loop3: detected capacity change from 0 to 4096
[  292.816429][ T6287] hfs: request for non-existent node 25 in B*Tree
[  292.832873][ T6290] hfs: request for non-existent node 26 in B*Tree
[  292.839349][ T6290] hfs: request for non-existent node 26 in B*Tree
[  292.890813][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 34 @ nid 36
[  292.901709][ T6271] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  292.986621][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 32 @ nid 36
[  293.007759][ T6273] hfs: request for non-existent node 27 in B*Tree
[  293.026058][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 30 @ nid 36
[  293.036637][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 27 @ nid 36
[  293.045899][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 26 @ nid 36
[  293.055541][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 25 @ nid 36
[  293.064864][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 24 @ nid 36
[  293.074031][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 23 @ nid 36
[  293.083163][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 22 @ nid 36
[  293.083296][ T6273] hfs: request for non-existent node 27 in B*Tree
[  293.092879][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 21 @ nid 36
[  293.893829][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 20 @ nid 36
[  293.903031][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 18 @ nid 36
[  293.912331][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 12 @ nid 36
[  293.951051][ T4262] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  293.977931][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 10 @ nid 36
[  294.013871][   T27] libceph: connect (1)[c::]:6789 error -101
[  294.019932][   T27] libceph: mon0 (1)[c::]:6789 connect error
[  294.036657][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 6 @ nid 36
[  294.052858][ T6300] netlink: 12 bytes leftover after parsing attributes in process `syz.3.536'.
[  294.116811][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 4 @ nid 36
[  294.157271][ T4262] EXT4-fs (loop2): unmounting filesystem.
[  294.311634][ T6297] ceph: No mds server is up or the cluster is laggy
[  294.321991][ T6272] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  294.373032][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 0 @ nid 36
[  294.373678][   T27] libceph: connect (1)[c::]:6789 error -101
[  294.388399][   T27] libceph: mon0 (1)[c::]:6789 connect error
[  295.007380][ T6272] syz.0.532: attempt to access beyond end of device
[  295.007380][ T6272] loop0: rw=524288, sector=296, nr_sectors = 16 limit=16
[  295.134456][ T6272] syz.0.532: attempt to access beyond end of device
[  295.134456][ T6272] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  295.240249][ T6272] syz.0.532: attempt to access beyond end of device
[  295.240249][ T6272] loop0: rw=524288, sector=6520, nr_sectors = 16 limit=16
[  295.324342][ T6272] syz.0.532: attempt to access beyond end of device
[  295.324342][ T6272] loop0: rw=524288, sector=34359736328, nr_sectors = 16 limit=16
[  295.369276][ T6272] syz.0.532: attempt to access beyond end of device
[  295.369276][ T6272] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16
[  295.383651][ T6272] syz.0.532: attempt to access beyond end of device
[  295.383651][ T6272] loop0: rw=524288, sector=536576856, nr_sectors = 16 limit=16
[  295.399232][ T6272] syz.0.532: attempt to access beyond end of device
[  295.399232][ T6272] loop0: rw=524288, sector=13478624032, nr_sectors = 8 limit=16
[  295.415316][ T6272] syz.0.532: attempt to access beyond end of device
[  295.415316][ T6272] loop0: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  295.434788][ T6272] syz.0.532: attempt to access beyond end of device
[  295.434788][ T6272] loop0: rw=524288, sector=133693448, nr_sectors = 8 limit=16
[  295.574208][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 86 @ nid 36
[  296.160476][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 84 @ nid 36
[  296.231526][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 80 @ nid 36
[  296.293664][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 74 @ nid 36
[  296.352886][ T6326] loop1: detected capacity change from 0 to 2048
[  296.360833][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 72 @ nid 36
[  296.370203][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 70 @ nid 36
[  296.379424][ T6272] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  296.388934][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 63 @ nid 36
[  296.398164][ T6272] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  296.407663][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 62 @ nid 36
[  296.417540][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 58 @ nid 36
[  296.426801][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 57 @ nid 36
[  296.438105][ T6327] netlink: 12 bytes leftover after parsing attributes in process `syz.3.547'.
[  296.448050][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 54 @ nid 36
[  296.487041][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 53 @ nid 36
[  296.574242][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 52 @ nid 36
[  296.583491][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 51 @ nid 36
[  296.861668][ T6272] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  296.990186][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 50 @ nid 36
[  297.158257][ T6326] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  297.178007][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 47 @ nid 36
[  297.202293][ T6327] device veth3 entered promiscuous mode
[  297.219154][ T6272] erofs: (device loop0): z_erofs_readahead: readahead error at page 46 @ nid 36
[  297.775082][ T4265] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  298.438077][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  298.620910][ T6347] loop0: detected capacity change from 0 to 4096
[  299.260723][   T22] libceph: connect (1)[c::]:6789 error -101
[  299.270035][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  299.281071][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.552'.
[  299.433410][ T6359] loop1: detected capacity change from 0 to 64
[  299.461820][ T6354] ceph: No mds server is up or the cluster is laggy
[  299.541226][ T6359] hfs: request for non-existent node 24 in B*Tree
[  299.624423][ T6359] hfs: request for non-existent node 24 in B*Tree
[  299.701834][ T6359] hfs: request for non-existent node 25 in B*Tree
[  299.714931][ T6359] hfs: request for non-existent node 25 in B*Tree
[  299.730277][ T6359] hfs: request for non-existent node 26 in B*Tree
[  299.994959][ T6359] hfs: request for non-existent node 26 in B*Tree
[  301.495114][ T6371] hfs: request for non-existent node 27 in B*Tree
[  301.920598][ T6371] hfs: request for non-existent node 27 in B*Tree
[  302.222857][ T6381] loop0: detected capacity change from 0 to 16
[  302.259285][ T6383] loop2: detected capacity change from 0 to 2048
[  302.268573][ T6381] erofs: (device loop0): mounted with root inode @ nid 36.
[  302.292158][ T6381] bio_check_eod: 18 callbacks suppressed
[  302.292174][ T6381] syz.0.562: attempt to access beyond end of device
[  302.292174][ T6381] loop0: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  302.700510][ T6383] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  302.883368][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 40 @ nid 36
[  302.951714][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 39 @ nid 36
[  303.011138][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 38 @ nid 36
[  303.021064][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 34 @ nid 36
[  303.030208][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 32 @ nid 36
[  303.047075][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 30 @ nid 36
[  303.066732][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 27 @ nid 36
[  303.084617][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 26 @ nid 36
[  303.100665][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 25 @ nid 36
[  303.118070][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 24 @ nid 36
[  303.138580][ T4262] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  303.156561][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 23 @ nid 36
[  303.167253][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 22 @ nid 36
[  303.184120][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 21 @ nid 36
[  303.195796][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 20 @ nid 36
[  303.207130][ T4262] EXT4-fs (loop2): unmounting filesystem.
[  303.260680][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 18 @ nid 36
[  303.285713][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 12 @ nid 36
[  303.308384][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 10 @ nid 36
[  303.343278][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 6 @ nid 36
[  303.358292][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 4 @ nid 36
[  303.376080][ T6389] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  303.395347][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 0 @ nid 36
[  303.405107][ T6389] syz.0.562: attempt to access beyond end of device
[  303.405107][ T6389] loop0: rw=524288, sector=296, nr_sectors = 16 limit=16
[  303.419385][ T6389] syz.0.562: attempt to access beyond end of device
[  303.419385][ T6389] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  303.433375][ T6389] syz.0.562: attempt to access beyond end of device
[  303.433375][ T6389] loop0: rw=524288, sector=6520, nr_sectors = 16 limit=16
[  303.447124][ T6389] syz.0.562: attempt to access beyond end of device
[  303.447124][ T6389] loop0: rw=524288, sector=34359736328, nr_sectors = 16 limit=16
[  303.467463][ T6389] syz.0.562: attempt to access beyond end of device
[  303.467463][ T6389] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16
[  303.612100][ T6389] syz.0.562: attempt to access beyond end of device
[  303.612100][ T6389] loop0: rw=524288, sector=536576856, nr_sectors = 16 limit=16
[  303.663657][ T6389] syz.0.562: attempt to access beyond end of device
[  303.663657][ T6389] loop0: rw=524288, sector=13478624032, nr_sectors = 8 limit=16
[  303.778547][ T6389] syz.0.562: attempt to access beyond end of device
[  303.778547][ T6389] loop0: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  303.881146][ T6389] syz.0.562: attempt to access beyond end of device
[  303.881146][ T6389] loop0: rw=524288, sector=133693448, nr_sectors = 8 limit=16
[  304.093241][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 86 @ nid 36
[  304.103876][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 84 @ nid 36
[  304.113735][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 80 @ nid 36
[  304.123335][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 74 @ nid 36
[  304.132934][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 72 @ nid 36
[  304.144176][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 70 @ nid 36
[  304.153748][ T6389] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  304.176522][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 63 @ nid 36
[  304.185990][ T6389] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  304.200840][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 62 @ nid 36
[  304.210091][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 58 @ nid 36
[  304.223526][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 57 @ nid 36
[  304.259859][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 54 @ nid 36
[  304.284013][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 53 @ nid 36
[  304.298420][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 52 @ nid 36
[  304.311634][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 51 @ nid 36
[  304.419129][ T6389] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  304.480408][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 50 @ nid 36
[  304.538286][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 47 @ nid 36
[  304.645189][ T6389] erofs: (device loop0): z_erofs_readahead: readahead error at page 46 @ nid 36
[  306.363936][ T6410] loop3: detected capacity change from 0 to 4096
[  306.544666][ T6422] loop0: detected capacity change from 0 to 64
[  306.571874][ T6422] hfs: request for non-existent node 24 in B*Tree
[  306.578389][ T6422] hfs: request for non-existent node 24 in B*Tree
[  306.591336][ T6422] hfs: request for non-existent node 25 in B*Tree
[  306.597814][ T6422] hfs: request for non-existent node 25 in B*Tree
[  306.605424][ T6422] hfs: request for non-existent node 26 in B*Tree
[  306.611951][ T6422] hfs: request for non-existent node 26 in B*Tree
[  306.619239][ T6422] hfs: request for non-existent node 27 in B*Tree
[  307.497412][ T6422] hfs: request for non-existent node 27 in B*Tree
[  307.559268][ T6431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.569'.
[  307.722850][   T22] libceph: connect (1)[c::]:6789 error -101
[  307.730183][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  307.763622][ T6429] ceph: No mds server is up or the cluster is laggy
[  308.816999][ T6438] loop2: detected capacity change from 0 to 2048
[  308.931350][ T6438] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  311.281822][ T4262] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  311.328409][ T4262] EXT4-fs (loop2): unmounting filesystem.
[  312.056881][ T6477] loop1: detected capacity change from 0 to 16
[  312.084295][ T6477] erofs: (device loop1): mounted with root inode @ nid 36.
[  312.094139][ T6479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.585'.
[  312.097899][ T6477] bio_check_eod: 18 callbacks suppressed
[  312.097915][ T6477] syz.1.584: attempt to access beyond end of device
[  312.097915][ T6477] loop1: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  312.143788][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 40 @ nid 36
[  312.175485][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 39 @ nid 36
[  312.196613][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 38 @ nid 36
[  312.226014][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 34 @ nid 36
[  312.257292][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 32 @ nid 36
[  312.280561][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 30 @ nid 36
[  312.309931][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 27 @ nid 36
[  312.320841][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 26 @ nid 36
[  312.330376][ T6479] device veth3 entered promiscuous mode
[  312.336732][ T6479] bridge1: port 1(veth3) entered blocking state
[  312.360540][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 25 @ nid 36
[  312.371203][ T6479] bridge1: port 1(veth3) entered disabled state
[  312.420591][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 24 @ nid 36
[  312.435351][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 23 @ nid 36
[  312.444882][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 22 @ nid 36
[  312.491469][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 21 @ nid 36
[  312.622500][ T6487] loop2: detected capacity change from 0 to 256
[  312.675343][ T4260] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  312.687400][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 20 @ nid 36
[  312.697007][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 18 @ nid 36
[  312.706303][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 12 @ nid 36
[  312.715466][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 10 @ nid 36
[  312.724733][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 6 @ nid 36
[  312.733835][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 4 @ nid 36
[  312.744197][ T6477] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  312.753746][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 0 @ nid 36
[  312.763393][ T6477] syz.1.584: attempt to access beyond end of device
[  312.763393][ T6477] loop1: rw=524288, sector=296, nr_sectors = 16 limit=16
[  312.777500][ T6477] syz.1.584: attempt to access beyond end of device
[  312.777500][ T6477] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  313.018794][ T6477] syz.1.584: attempt to access beyond end of device
[  313.018794][ T6477] loop1: rw=524288, sector=6520, nr_sectors = 16 limit=16
[  313.161193][ T6487] FAT-fs (loop2): Directory bread(block 64) failed
[  313.278474][ T6487] FAT-fs (loop2): Directory bread(block 65) failed
[  313.415327][ T6477] syz.1.584: attempt to access beyond end of device
[  313.415327][ T6477] loop1: rw=524288, sector=34359736328, nr_sectors = 16 limit=16
[  313.430562][ T6477] syz.1.584: attempt to access beyond end of device
[  313.430562][ T6477] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16
[  313.450556][ T6487] FAT-fs (loop2): Directory bread(block 66) failed
[  313.480645][ T6487] FAT-fs (loop2): Directory bread(block 67) failed
[  313.508406][ T6477] syz.1.584: attempt to access beyond end of device
[  313.508406][ T6477] loop1: rw=524288, sector=536576856, nr_sectors = 16 limit=16
[  313.535760][ T6487] FAT-fs (loop2): Directory bread(block 68) failed
[  313.542456][ T6487] FAT-fs (loop2): Directory bread(block 69) failed
[  313.563902][ T6487] FAT-fs (loop2): Directory bread(block 70) failed
[  313.571396][ T6487] FAT-fs (loop2): Directory bread(block 71) failed
[  313.578120][ T6487] FAT-fs (loop2): Directory bread(block 72) failed
[  313.585248][ T6487] FAT-fs (loop2): Directory bread(block 73) failed
[  313.600459][ T6477] syz.1.584: attempt to access beyond end of device
[  313.600459][ T6477] loop1: rw=524288, sector=13478624032, nr_sectors = 8 limit=16
[  313.659616][ T6477] syz.1.584: attempt to access beyond end of device
[  313.659616][ T6477] loop1: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  314.056283][ T6498] loop3: detected capacity change from 0 to 40427
[  314.478475][ T6498] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  314.486479][ T6498] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  314.960515][ T6498] F2FS-fs (loop3): invalid crc value
[  314.981675][ T6477] syz.1.584: attempt to access beyond end of device
[  314.981675][ T6477] loop1: rw=524288, sector=133693448, nr_sectors = 8 limit=16
[  315.069136][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 86 @ nid 36
[  315.078448][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 84 @ nid 36
[  315.079348][ T6498] F2FS-fs (loop3): Found nat_bits in checkpoint
[  315.087625][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 80 @ nid 36
[  315.087746][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 74 @ nid 36
[  315.087782][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 72 @ nid 36
[  315.087863][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 70 @ nid 36
[  315.087931][ T6477] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  315.087948][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 63 @ nid 36
[  315.087967][ T6477] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  315.087983][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 62 @ nid 36
[  315.088036][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 58 @ nid 36
[  315.198008][ T6498] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  315.207012][ T6498] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  315.423000][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 57 @ nid 36
[  315.433006][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 54 @ nid 36
[  315.463776][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 53 @ nid 36
[  315.577654][   T26] audit: type=1804 audit(1746246822.597:15): pid=6519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.592" name="/newroot/126/bus/file0" dev="loop3" ino=10 res=1 errno=0
[  315.700072][ T6518] loop0: detected capacity change from 0 to 2048
[  315.755230][ T6524] loop2: detected capacity change from 0 to 64
[  315.857764][ T6524] hfs: request for non-existent node 24 in B*Tree
[  315.890915][ T6518] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  315.899719][ T6524] hfs: request for non-existent node 24 in B*Tree
[  315.940738][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 52 @ nid 36
[  315.951144][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 51 @ nid 36
[  315.960356][ T6477] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  315.970189][ T6530] hfs: request for non-existent node 25 in B*Tree
[  315.977828][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 50 @ nid 36
[  315.987127][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 47 @ nid 36
[  315.996802][ T6530] hfs: request for non-existent node 25 in B*Tree
[  316.003393][ T6477] erofs: (device loop1): z_erofs_readahead: readahead error at page 46 @ nid 36
[  316.050837][ T6524] hfs: request for non-existent node 26 in B*Tree
[  316.071014][ T4255] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  316.101360][ T6524] hfs: request for non-existent node 26 in B*Tree
[  316.132252][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  316.816375][ T6539] loop4: detected capacity change from 0 to 4096
[  316.848521][ T6539] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
[  316.908611][ T6543] loop2: detected capacity change from 0 to 256
[  316.958175][ T6539] ntfs3: loop4: failed to convert "c46c" to cp852
[  316.972482][ T6543] exfat: Deprecated parameter 'namecase'
[  317.164403][ T6543] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  319.581086][ T6563] loop0: detected capacity change from 0 to 2048
[  319.697161][ T6566] loop1: detected capacity change from 0 to 40427
[  319.723732][ T6566] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  319.731676][ T6566] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  319.751299][ T6566] F2FS-fs (loop1): invalid crc value
[  319.798960][ T6562] loop2: detected capacity change from 0 to 4096
[  319.816916][ T6562] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512)
[  319.836860][ T6566] F2FS-fs (loop1): Found nat_bits in checkpoint
[  319.898819][ T6563] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  319.915508][ T6583] loop4: detected capacity change from 0 to 16
[  319.946546][ T6566] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  319.953708][ T6566] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  320.053571][ T6583] erofs: (device loop4): mounted with root inode @ nid 36.
[  320.192990][ T6583] bio_check_eod: 18 callbacks suppressed
[  320.193010][ T6583] syz.4.608: attempt to access beyond end of device
[  320.193010][ T6583] loop4: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  320.229379][ T4255] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  320.267640][   T26] audit: type=1804 audit(1746246827.297:16): pid=6585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.606" name="/newroot/117/bus/file0" dev="loop1" ino=10 res=1 errno=0
[  320.395973][ T6583] syz.4.608: attempt to access beyond end of device
[  320.395973][ T6583] loop4: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  320.701795][ T4255] EXT4-fs (loop0): unmounting filesystem.
[  320.846923][ T6594] loop4: detected capacity change from 0 to 512
[  321.001175][ T6594] EXT4-fs (loop4): 1 orphan inode deleted
[  321.007042][ T6594] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  321.022739][   T56] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  321.035541][ T6594] ext4 filesystem being mounted at /122/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  321.052053][   T56] EXT4-fs error (device loop4): ext4_release_dquot:6838: comm kworker/u4:4: Failed to release dquot type 1
[  321.164011][ T6594] EXT4-fs (loop4): re-mounted. Quota mode: writeback.
[  321.192359][ T6605] Bluetooth: MGMT ver 1.22
[  321.198787][ T6594] EXT4-fs (loop4): unmounting filesystem.
[  323.358046][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  323.391090][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  323.521572][ T6629] loop3: detected capacity change from 0 to 2048
[  323.612678][ T6629] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  323.629607][ T6633] loop2: detected capacity change from 0 to 16
[  323.815641][ T4263] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  323.838607][ T6633] erofs: (device loop2): mounted with root inode @ nid 36.
[  323.882307][ T6633] syz.2.623: attempt to access beyond end of device
[  323.882307][ T6633] loop2: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  323.896766][ T6633] syz.2.623: attempt to access beyond end of device
[  323.896766][ T6633] loop2: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  324.164271][ T6637] loop0: detected capacity change from 0 to 40427
[  324.288965][ T6637] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  324.296876][ T6637] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  324.321108][ T6637] F2FS-fs (loop0): invalid crc value
[  324.398247][ T4263] EXT4-fs (loop3): unmounting filesystem.
[  324.404169][ T6637] F2FS-fs (loop0): Found nat_bits in checkpoint
[  324.456924][ T6637] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  324.464123][ T6637] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  324.719219][   T26] audit: type=1804 audit(1746246831.747:17): pid=6647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.625" name="/newroot/115/bus/file0" dev="loop0" ino=10 res=1 errno=0
[  327.524050][ T6688] loop2: detected capacity change from 0 to 16
[  327.585625][ T6688] erofs: (device loop2): mounted with root inode @ nid 36.
[  327.661130][ T6688] syz.2.637: attempt to access beyond end of device
[  327.661130][ T6688] loop2: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  327.703532][ T6688] syz.2.637: attempt to access beyond end of device
[  327.703532][ T6688] loop2: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  327.759618][ T6694] device veth5 entered promiscuous mode
[  328.161347][ T6697] loop0: detected capacity change from 0 to 40427
[  328.220476][ T6697] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  328.228461][ T6697] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  328.297372][ T4260] Bluetooth: hci3: unknown advertising packet type: 0x70
[  328.314684][ T6697] F2FS-fs (loop0): invalid crc value
[  328.622133][ T6697] F2FS-fs (loop0): Found nat_bits in checkpoint
[  328.672715][ T6697] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  328.681556][ T6697] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  328.935520][   T26] audit: type=1804 audit(1746246835.967:18): pid=6707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.641" name="/newroot/118/bus/file0" dev="loop0" ino=10 res=1 errno=0
[  331.381390][ T4260] Bluetooth: hci4: unknown advertising packet type: 0x70
[  332.368031][ T6756] netlink: 12 bytes leftover after parsing attributes in process `syz.2.658'.
[  332.544457][ T6753] loop1: detected capacity change from 0 to 40427
[  332.584350][ T6753] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  332.592632][ T6753] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  332.644951][ T6756] bridge2: port 1(ip6gretap1) entered blocking state
[  332.694584][ T6753] F2FS-fs (loop1): invalid crc value
[  332.960818][ T6756] bridge2: port 1(ip6gretap1) entered disabled state
[  333.027194][ T6753] F2FS-fs (loop1): Found nat_bits in checkpoint
[  333.324956][ T6753] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  333.332426][ T6753] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  333.427375][ T6756] device ip6gretap1 entered promiscuous mode
[  333.615773][   T26] audit: type=1804 audit(1746246840.617:19): pid=6773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.657" name="/newroot/124/bus/file0" dev="loop1" ino=10 res=1 errno=0
[  333.654935][ T6766] device veth5 entered promiscuous mode
[  333.691735][ T6766] bridge2: port 2(veth5) entered blocking state
[  333.773101][ T6766] bridge2: port 2(veth5) entered disabled state
[  334.903895][ T6788] loop0: detected capacity change from 0 to 64
[  335.681615][ T6788] hfs: request for non-existent node 24 in B*Tree
[  335.688107][ T6788] hfs: request for non-existent node 24 in B*Tree
[  335.758170][ T6794] hfs: request for non-existent node 25 in B*Tree
[  335.818740][ T6794] hfs: request for non-existent node 25 in B*Tree
[  335.900966][ T6798] hfs: request for non-existent node 26 in B*Tree
[  335.915643][ T6798] hfs: request for non-existent node 26 in B*Tree
[  335.931537][ T6796] binder: 6793:6796 ioctl c0306201 200000000c00 returned -14
[  335.974986][ T6788] hfs: request for non-existent node 27 in B*Tree
[  336.011178][ T6788] hfs: request for non-existent node 27 in B*Tree
[  337.346930][ T6811] loop2: detected capacity change from 0 to 8192
[  338.550264][ T6811] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  338.610435][ T6811] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  338.638202][ T6811] REISERFS (device loop2): using ordered data mode
[  338.665345][ T6811] reiserfs: using flush barriers
[  338.703514][ T6811] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  338.844365][ T6811] REISERFS (device loop2): checking transaction log (loop2)
[  338.950263][ T6811] REISERFS (device loop2): Using r5 hash to sort names
[  340.331065][ T6849] netlink: 'syz.1.679': attribute type 3 has an invalid length.
[  340.948686][ T4260] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  341.025840][ T6851] loop1: detected capacity change from 0 to 4096
[  341.077477][ T6851] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  344.181260][ T6886] netlink: 12 bytes leftover after parsing attributes in process `syz.3.690'.
[  344.297935][ T6886] device veth5 entered promiscuous mode
[  344.474691][ T4260] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  344.484707][ T4260] CPU: 1 PID: 4260 Comm: kworker/u5:2 Not tainted 6.1.136-syzkaller #0
[  344.492997][ T4260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  344.503187][ T4260] Workqueue: hci4 hci_rx_work
[  344.508095][ T4260] Call Trace:
[  344.511401][ T4260]  <TASK>
[  344.514362][ T4260]  dump_stack_lvl+0x168/0x22e
[  344.519110][ T4260]  ? show_regs_print_info+0x12/0x12
[  344.524350][ T4260]  ? load_image+0x3b0/0x3b0
[  344.528902][ T4260]  sysfs_create_dir_ns+0x252/0x280
[  344.534157][ T4260]  ? hci_rx_work+0x3eb/0xd40
[  344.538789][ T4260]  ? sysfs_warn_dup+0xa0/0xa0
[  344.543598][ T4260]  ? do_raw_spin_unlock+0x11d/0x230
[  344.548849][ T4260]  kobject_add_internal+0x6b8/0xc80
[  344.554104][ T4260]  kobject_add+0x152/0x210
[  344.558568][ T4260]  ? kobject_init+0x1d0/0x1d0
[  344.563313][ T4260]  ? klist_children_get+0x50/0x50
[  344.568383][ T4260]  ? get_device_parent+0x121/0x3f0
[  344.573541][ T4260]  device_add+0x483/0xfb0
[  344.577910][ T4260]  ? kmem_cache_free+0xf7/0x290
[  344.582819][ T4260]  hci_conn_add_sysfs+0xd1/0x1e0
[  344.587803][ T4260]  le_conn_complete_evt+0xd1d/0x1320
[  344.593140][ T4260]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  344.599426][ T4260]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  344.605110][ T4260]  ? skb_pull_data+0xf7/0x200
[  344.609845][ T4260]  hci_le_enh_conn_complete_evt+0x185/0x460
[  344.615788][ T4260]  ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0
[  344.622259][ T4260]  ? hci_remote_host_features_evt+0x270/0x270
[  344.628244][ T6895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.695'.
[  344.628360][ T4260]  hci_event_packet+0x791/0x1210
[  344.642299][ T4260]  ? bis_list+0x280/0x280
[  344.646681][ T4260]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  344.652631][ T4260]  ? kcov_remote_start+0x4c7/0x7e0
[  344.657794][ T4260]  ? mce_start+0x130/0x140
[  344.662265][ T4260]  ? hci_send_to_monitor+0x9c/0x4a0
[  344.667492][ T4260]  hci_rx_work+0x3eb/0xd40
[  344.671933][ T4260]  ? _raw_spin_unlock+0x40/0x40
[  344.676821][ T4260]  ? process_one_work+0x7a1/0x1160
[  344.681952][ T4260]  process_one_work+0x898/0x1160
[  344.686952][ T4260]  ? worker_detach_from_pool+0x240/0x240
[  344.692608][ T4260]  ? _raw_spin_lock_irq+0xab/0xe0
[  344.697652][ T4260]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  344.703087][ T4260]  ? kthread_data+0x4b/0xc0
[  344.707631][ T4260]  worker_thread+0xaa2/0x1250
[  344.712345][ T4260]  kthread+0x29d/0x330
[  344.716431][ T4260]  ? worker_clr_flags+0x1a0/0x1a0
[  344.721467][ T4260]  ? kthread_blkcg+0xd0/0xd0
[  344.726082][ T4260]  ret_from_fork+0x1f/0x30
[  344.730533][ T4260]  </TASK>
[  344.745749][ T4260] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  344.759714][ T4260] Bluetooth: hci4: failed to register connection device
[  346.537202][ T4260] Bluetooth: hci3: unknown advertising packet type: 0x70
[  348.801802][ T6932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.705'.
[  348.900462][ T6932] device veth7 entered promiscuous mode
[  349.039109][ T4260] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  349.736016][ T6933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  351.376955][ T6968] loop3: detected capacity change from 0 to 16
[  351.409442][ T6968] erofs: (device loop3): mounted with root inode @ nid 36.
[  351.470048][ T6968] syz.3.715: attempt to access beyond end of device
[  351.470048][ T6968] loop3: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  351.502639][ T6968] syz.3.715: attempt to access beyond end of device
[  351.502639][ T6968] loop3: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  351.817068][ T4260] Bluetooth: hci2: unknown advertising packet type: 0x70
[  352.494968][ T4260] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  354.462302][ T6993] loop0: detected capacity change from 0 to 4096
[  355.084825][   T22] libceph: connect (1)[c::]:6789 error -101
[  355.101741][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  355.119211][ T7005] netlink: 12 bytes leftover after parsing attributes in process `syz.0.724'.
[  355.274928][ T7001] ceph: No mds server is up or the cluster is laggy
[  355.477967][ T4346] libceph: connect (1)[c::]:6789 error -101
[  355.484678][ T4346] libceph: mon0 (1)[c::]:6789 connect error
[  356.011937][ T4260] Bluetooth: hci0: unknown advertising packet type: 0x70
[  357.142698][ T4260] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  357.159746][ T4260] CPU: 0 PID: 4260 Comm: kworker/u5:2 Not tainted 6.1.136-syzkaller #0
[  357.168122][ T4260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  357.178317][ T4260] Workqueue: hci1 hci_rx_work
[  357.183050][ T4260] Call Trace:
[  357.186377][ T4260]  <TASK>
[  357.189341][ T4260]  dump_stack_lvl+0x168/0x22e
[  357.194101][ T4260]  ? show_regs_print_info+0x12/0x12
[  357.199367][ T4260]  ? load_image+0x3b0/0x3b0
[  357.203946][ T4260]  sysfs_create_dir_ns+0x252/0x280
[  357.209120][ T4260]  ? hci_rx_work+0x3eb/0xd40
[  357.213775][ T4260]  ? sysfs_warn_dup+0xa0/0xa0
[  357.218499][ T4260]  ? do_raw_spin_unlock+0x11d/0x230
[  357.223749][ T4260]  kobject_add_internal+0x6b8/0xc80
[  357.229019][ T4260]  kobject_add+0x152/0x210
[  357.233485][ T4260]  ? kobject_init+0x1d0/0x1d0
[  357.238216][ T4260]  ? klist_children_get+0x50/0x50
[  357.243267][ T4260]  ? get_device_parent+0x121/0x3f0
[  357.248590][ T4260]  device_add+0x483/0xfb0
[  357.252970][ T4260]  ? kmem_cache_free+0xf7/0x290
[  357.257892][ T4260]  hci_conn_add_sysfs+0xd1/0x1e0
[  357.262932][ T4260]  le_conn_complete_evt+0xd1d/0x1320
[  357.268702][ T4260]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  357.274989][ T4260]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  357.280644][ T4260]  ? skb_pull_data+0xf7/0x200
[  357.285516][ T4260]  hci_le_enh_conn_complete_evt+0x185/0x460
[  357.291443][ T4260]  ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0
[  357.297925][ T4260]  ? hci_remote_host_features_evt+0x270/0x270
[  357.304033][ T4260]  hci_event_packet+0x791/0x1210
[  357.309017][ T4260]  ? bis_list+0x280/0x280
[  357.313368][ T4260]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  357.319298][ T4260]  ? kcov_remote_start+0x4c7/0x7e0
[  357.324436][ T4260]  ? mce_start+0x130/0x140
[  357.328909][ T4260]  ? hci_send_to_monitor+0x9c/0x4a0
[  357.334151][ T4260]  hci_rx_work+0x3eb/0xd40
[  357.338685][ T4260]  ? _raw_spin_unlock+0x40/0x40
[  357.343577][ T4260]  ? process_one_work+0x7a1/0x1160
[  357.348716][ T4260]  process_one_work+0x898/0x1160
[  357.353774][ T4260]  ? worker_detach_from_pool+0x240/0x240
[  357.359429][ T4260]  ? _raw_spin_lock_irq+0xab/0xe0
[  357.364492][ T4260]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  357.369903][ T4260]  ? kthread_data+0x4b/0xc0
[  357.374444][ T4260]  worker_thread+0xaa2/0x1250
[  357.379686][ T4260]  kthread+0x29d/0x330
[  357.383773][ T4260]  ? worker_clr_flags+0x1a0/0x1a0
[  357.388812][ T4260]  ? kthread_blkcg+0xd0/0xd0
[  357.393440][ T4260]  ret_from_fork+0x1f/0x30
[  357.397905][ T4260]  </TASK>
[  357.405692][ T4260] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  357.419723][ T4260] Bluetooth: hci1: failed to register connection device
[  357.448212][ T7028] device veth7 entered promiscuous mode
[  358.790058][ T7036] loop0: detected capacity change from 0 to 64
[  360.817841][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.744'.
[  360.894728][ T7069] loop0: detected capacity change from 0 to 256
[  360.943327][ T7069] MINIX-fs: mounting file system with errors, running fsck is recommended
[  361.005130][ T7069] MINIX-fs warning: remounting fs with errors, running fsck is recommended
[  361.250845][ T7074] netlink: 'syz.0.746': attribute type 3 has an invalid length.
[  361.272513][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.746'.
[  361.880456][ T7082] xt_CT: No such helper "pptp"
[  362.533682][ T7078] loop0: detected capacity change from 0 to 32768
[  362.577637][ T7078] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.749 (7078)
[  362.796143][ T7095] fuse: Bad value for 'fd'
[  362.805806][ T7078] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  362.853642][ T7078] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  363.225216][ T7078] BTRFS info (device loop0): using free space tree
[  363.601211][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'.
[  364.050504][ T7078] BTRFS info (device loop0): enabling ssd optimizations
[  364.311878][ T7078] BTRFS info (device loop0): balance: start 
[  364.341326][ T7078] BTRFS info (device loop0): balance: ended with status: 0
[  364.528392][ T4255] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  365.226130][ T7156] loop2: detected capacity change from 0 to 1024
[  365.687819][ T7161] fuse: Bad value for 'fd'
[  367.569972][ T7183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.774'.
[  367.752435][ T7184] dccp_close: ABORT with 2 bytes unread
[  368.354838][ T7201] fuse: Bad value for 'fd'
[  373.673358][ T7248] loop1: detected capacity change from 0 to 4096
[  373.681665][ T7248] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  373.831554][ T7248] ntfs: volume version 3.1.
[  376.179654][ T7270] loop3: detected capacity change from 0 to 64
[  376.372337][ T7270] hfs: request for non-existent node 24 in B*Tree
[  376.430711][ T7270] hfs: request for non-existent node 24 in B*Tree
[  376.446929][ T7276] hfs: request for non-existent node 25 in B*Tree
[  376.458727][ T7276] hfs: request for non-existent node 25 in B*Tree
[  376.466658][ T7270] hfs: request for non-existent node 26 in B*Tree
[  376.544445][ T7270] hfs: request for non-existent node 26 in B*Tree
[  376.582024][ T7276] hfs: request for non-existent node 27 in B*Tree
[  376.616366][ T7276] hfs: request for non-existent node 27 in B*Tree
[  377.898841][ T7289] loop1: detected capacity change from 0 to 4096
[  377.969862][ T7289] ntfs: volume version 3.1.
[  380.491267][ T7317] fuse: Bad value for 'group_id'
[  381.036254][ T7328] loop3: detected capacity change from 0 to 64
[  381.175111][ T7328] hfs: request for non-existent node 24 in B*Tree
[  381.212845][ T7328] hfs: request for non-existent node 24 in B*Tree
[  381.266268][ T7332] hfs: request for non-existent node 25 in B*Tree
[  381.297255][ T7332] hfs: request for non-existent node 25 in B*Tree
[  381.332385][ T7328] hfs: request for non-existent node 26 in B*Tree
[  381.354673][ T7328] hfs: request for non-existent node 26 in B*Tree
[  381.597390][ T7332] hfs: request for non-existent node 27 in B*Tree
[  381.732826][ T7332] hfs: request for non-existent node 27 in B*Tree
[  386.702197][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  386.708559][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  387.005520][ T7369] fuse: Bad value for 'group_id'
[  391.821101][ T7423] fuse: Bad value for 'group_id'
[  392.779553][ T7444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.849'.
[  394.554231][ T7459] loop0: detected capacity change from 0 to 2048
[  394.624610][ T7459] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  394.749292][ T7459] netlink: 4 bytes leftover after parsing attributes in process `syz.0.854'.
[  396.008686][ T7482] netlink: 24 bytes leftover after parsing attributes in process `syz.1.862'.
[  396.896729][ T7493] ==================================================================
[  396.904856][ T7493] BUG: KASAN: use-after-free in rose_get_neigh+0x17e/0x550
[  396.912099][ T7493] Read of size 1 at addr ffff888056316030 by task syz.3.865/7493
[  396.919846][ T7493] 
[  396.922198][ T7493] CPU: 1 PID: 7493 Comm: syz.3.865 Not tainted 6.1.136-syzkaller #0
[  396.930210][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  396.940289][ T7493] Call Trace:
[  396.943593][ T7493]  <TASK>
[  396.946551][ T7493]  dump_stack_lvl+0x168/0x22e
[  396.951266][ T7493]  ? __lock_acquire+0x7c50/0x7c50
[  396.956332][ T7493]  ? show_regs_print_info+0x12/0x12
[  396.961572][ T7493]  ? load_image+0x3b0/0x3b0
[  396.966101][ T7493]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  396.971515][ T7493]  ? __virt_addr_valid+0x188/0x540
[  396.976661][ T7493]  ? __virt_addr_valid+0x465/0x540
[  396.981812][ T7493]  ? rose_get_neigh+0x17e/0x550
[  396.986683][ T7493]  print_report+0xa8/0x220
[  396.991133][ T7493]  kasan_report+0x10b/0x140
[  396.995672][ T7493]  ? rose_get_neigh+0x17e/0x550
[  397.000559][ T7493]  rose_get_neigh+0x17e/0x550
[  397.005266][ T7493]  rose_connect+0x412/0x1380
[  397.009881][ T7493]  ? aa_sk_perm+0x7e5/0x920
[  397.014415][ T7493]  ? rose_bind+0xa90/0xa90
[  397.018865][ T7493]  ? aa_af_perm+0x200/0x2b0
[  397.023482][ T7493]  ? tomoyo_socket_connect_permission+0x195/0x280
[  397.029964][ T7493]  ? __might_fault+0xa6/0x120
[  397.034684][ T7493]  ? bpf_lsm_socket_connect+0x5/0x10
[  397.040002][ T7493]  ? security_socket_connect+0x7c/0xa0
[  397.045510][ T7493]  ? rose_bind+0xa90/0xa90
[  397.049958][ T7493]  __sys_connect+0x389/0x410
[  397.054597][ T7493]  ? __sys_connect_file+0x170/0x170
[  397.059848][ T7493]  __x64_sys_connect+0x76/0x80
[  397.064654][ T7493]  do_syscall_64+0x4c/0xa0
[  397.069101][ T7493]  ? clear_bhb_loop+0x45/0xa0
[  397.073799][ T7493]  ? clear_bhb_loop+0x45/0xa0
[  397.078506][ T7493]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  397.084474][ T7493] RIP: 0033:0x7fd5f998e969
[  397.088931][ T7493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.108584][ T7493] RSP: 002b:00007fd5fa816038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  397.117029][ T7493] RAX: ffffffffffffffda RBX: 00007fd5f9bb5fa0 RCX: 00007fd5f998e969
[  397.125034][ T7493] RDX: 000000000000001c RSI: 0000200000000240 RDI: 0000000000000006
[  397.133028][ T7493] RBP: 00007fd5f9a10ab1 R08: 0000000000000000 R09: 0000000000000000
[  397.141021][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  397.149023][ T7493] R13: 0000000000000000 R14: 00007fd5f9bb5fa0 R15: 00007ffc30938718
[  397.157041][ T7493]  </TASK>
[  397.160088][ T7493] 
[  397.162433][ T7493] Allocated by task 5147:
[  397.166771][ T7493]  kasan_set_track+0x4b/0x70
[  397.171410][ T7493]  __kasan_kmalloc+0x8e/0xa0
[  397.176037][ T7493]  rose_add_node+0x227/0xdb0
[  397.180658][ T7493]  rose_rt_ioctl+0xa4c/0xe90
[  397.185279][ T7493]  rose_ioctl+0x27a/0x790
[  397.189641][ T7493]  sock_do_ioctl+0xd3/0x2f0
[  397.194164][ T7493]  sock_ioctl+0x4ed/0x6e0
[  397.198528][ T7493]  __se_sys_ioctl+0xfa/0x170
[  397.203150][ T7493]  do_syscall_64+0x4c/0xa0
[  397.207597][ T7493]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  397.213528][ T7493] 
[  397.215866][ T7493] Freed by task 7493:
[  397.219858][ T7493]  kasan_set_track+0x4b/0x70
[  397.224481][ T7493]  kasan_save_free_info+0x2d/0x50
[  397.229525][ T7493]  ____kasan_slab_free+0x126/0x1e0
[  397.234663][ T7493]  slab_free_freelist_hook+0x131/0x1a0
[  397.240149][ T7493]  __kmem_cache_free+0xb6/0x1f0
[  397.245025][ T7493]  rose_rt_device_down+0x3e5/0x430
[  397.250157][ T7493]  rose_device_event+0x600/0x690
[  397.255121][ T7493]  raw_notifier_call_chain+0xcb/0x160
[  397.260517][ T7493]  __dev_notify_flags+0x178/0x2d0
[  397.265566][ T7493]  dev_change_flags+0xe3/0x1a0
[  397.270357][ T7493]  dev_ifsioc+0x159/0xe90
[  397.274717][ T7493]  dev_ioctl+0x578/0xea0
[  397.278984][ T7493]  sock_do_ioctl+0x222/0x2f0
[  397.283599][ T7493]  sock_ioctl+0x4ed/0x6e0
[  397.287964][ T7493]  __se_sys_ioctl+0xfa/0x170
[  397.292587][ T7493]  do_syscall_64+0x4c/0xa0
[  397.297037][ T7493]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  397.302970][ T7493] 
[  397.305309][ T7493] The buggy address belongs to the object at ffff888056316000
[  397.305309][ T7493]  which belongs to the cache kmalloc-512 of size 512
[  397.319474][ T7493] The buggy address is located 48 bytes inside of
[  397.319474][ T7493]  512-byte region [ffff888056316000, ffff888056316200)
[  397.332687][ T7493] 
[  397.335022][ T7493] The buggy address belongs to the physical page:
[  397.342016][ T7493] page:ffffea000158c500 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888056316400 pfn:0x56314
[  397.353492][ T7493] head:ffffea000158c500 order:2 compound_mapcount:0 compound_pincount:0
[  397.361835][ T7493] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  397.369856][ T7493] raw: 00fff00000010200 ffffea0001657208 ffffea00009eb708 ffff888017441c80
[  397.378462][ T7493] raw: ffff888056316400 0000000000100003 00000001ffffffff 0000000000000000
[  397.387063][ T7493] page dumped because: kasan: bad access detected
[  397.393501][ T7493] page_owner tracks the page as allocated
[  397.399232][ T7493] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4244, tgid 4244 (kworker/1:3), ts 95569054452, free_ts 95563517041
[  397.421330][ T7493]  post_alloc_hook+0x173/0x1a0
[  397.426139][ T7493]  get_page_from_freelist+0x1a26/0x1ac0
[  397.431724][ T7493]  __alloc_pages+0x1df/0x4e0
[  397.436347][ T7493]  alloc_slab_page+0x5d/0x160
[  397.441060][ T7493]  new_slab+0x87/0x2c0
[  397.445157][ T7493]  ___slab_alloc+0xbc6/0x1220
[  397.449861][ T7493]  __kmem_cache_alloc_node+0x1a0/0x260
[  397.455346][ T7493]  __kmalloc_node_track_caller+0x9e/0x230
[  397.461104][ T7493]  __alloc_skb+0x22a/0x7e0
[  397.465544][ T7493]  ndisc_alloc_skb+0xa6/0x450
[  397.470245][ T7493]  ndisc_ns_create+0x1ce/0x620
[  397.475031][ T7493]  ndisc_send_ns+0xab/0x150
[  397.479557][ T7493]  addrconf_dad_work+0xa15/0x14d0
[  397.484627][ T7493]  process_one_work+0x898/0x1160
[  397.489595][ T7493]  worker_thread+0xaa2/0x1250
[  397.494295][ T7493]  kthread+0x29d/0x330
[  397.498402][ T7493] page last free stack trace:
[  397.503096][ T7493]  free_unref_page_prepare+0x8b4/0x9a0
[  397.508599][ T7493]  free_unref_page+0x2e/0x3f0
[  397.513308][ T7493]  __stack_depot_save+0x435/0x460
[  397.518364][ T7493]  kasan_set_track+0x60/0x70
[  397.523007][ T7493]  __kasan_slab_alloc+0x6b/0x80
[  397.527893][ T7493]  slab_post_alloc_hook+0x4b/0x480
[  397.533048][ T7493]  kmem_cache_alloc+0x123/0x2f0
[  397.537931][ T7493]  debug_objects_fill_pool+0x49e/0x650
[  397.543442][ T7493]  debug_object_activate+0x34/0x490
[  397.548642][ T7493]  __queue_work+0xb93/0xfb0
[  397.553151][ T7493]  queue_work_on+0x11d/0x1d0
[  397.557761][ T7493]  pcpu_alloc+0xfd6/0x1a30
[  397.562188][ T7493]  xt_percpu_counter_alloc+0x151/0x210
[  397.567645][ T7493]  translate_table+0x1322/0x2020
[  397.572587][ T7493]  ip6t_register_table+0x103/0x7b0
[  397.577699][ T7493]  ip6table_security_table_init+0x3d/0x60
[  397.583423][ T7493] 
[  397.585748][ T7493] Memory state around the buggy address:
[  397.591427][ T7493]  ffff888056315f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  397.599484][ T7493]  ffff888056315f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  397.607544][ T7493] >ffff888056316000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.615598][ T7493]                                      ^
[  397.621230][ T7493]  ffff888056316080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.629300][ T7493]  ffff888056316100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  397.637353][ T7493] ==================================================================
[  397.645458][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.651589][ T7493] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  397.658805][ T7493] CPU: 1 PID: 7493 Comm: syz.3.865 Not tainted 6.1.136-syzkaller #0
[  397.666803][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  397.676860][ T7493] Call Trace:
[  397.680161][ T7493]  <TASK>
[  397.683200][ T7493]  dump_stack_lvl+0x168/0x22e
[  397.687908][ T7493]  ? memcpy+0x3c/0x60
[  397.691894][ T7493]  ? show_regs_print_info+0x12/0x12
[  397.697100][ T7493]  ? load_image+0x3b0/0x3b0
[  397.701621][ T7493]  panic+0x2c9/0x710
[  397.705541][ T7493]  ? asm_common_interrupt+0x22/0x40
[  397.710751][ T7493]  ? bpf_jit_dump+0xd0/0xd0
[  397.715345][ T7493]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  397.721267][ T7493]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  397.727195][ T7493]  ? _raw_spin_unlock+0x40/0x40
[  397.732075][ T7493]  check_panic_on_warn+0x80/0xa0
[  397.737017][ T7493]  ? rose_get_neigh+0x17e/0x550
[  397.741883][ T7493]  end_report+0x66/0x110
[  397.746155][ T7493]  kasan_report+0x118/0x140
[  397.750671][ T7493]  ? rose_get_neigh+0x17e/0x550
[  397.755533][ T7493]  rose_get_neigh+0x17e/0x550
[  397.760218][ T7493]  rose_connect+0x412/0x1380
[  397.764814][ T7493]  ? aa_sk_perm+0x7e5/0x920
[  397.769407][ T7493]  ? rose_bind+0xa90/0xa90
[  397.773821][ T7493]  ? aa_af_perm+0x200/0x2b0
[  397.778348][ T7493]  ? tomoyo_socket_connect_permission+0x195/0x280
[  397.784788][ T7493]  ? __might_fault+0xa6/0x120
[  397.789468][ T7493]  ? bpf_lsm_socket_connect+0x5/0x10
[  397.794754][ T7493]  ? security_socket_connect+0x7c/0xa0
[  397.800226][ T7493]  ? rose_bind+0xa90/0xa90
[  397.804654][ T7493]  __sys_connect+0x389/0x410
[  397.809264][ T7493]  ? __sys_connect_file+0x170/0x170
[  397.814486][ T7493]  __x64_sys_connect+0x76/0x80
[  397.819272][ T7493]  do_syscall_64+0x4c/0xa0
[  397.823701][ T7493]  ? clear_bhb_loop+0x45/0xa0
[  397.828385][ T7493]  ? clear_bhb_loop+0x45/0xa0
[  397.833101][ T7493]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  397.839044][ T7493] RIP: 0033:0x7fd5f998e969
[  397.843463][ T7493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.863288][ T7493] RSP: 002b:00007fd5fa816038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  397.871727][ T7493] RAX: ffffffffffffffda RBX: 00007fd5f9bb5fa0 RCX: 00007fd5f998e969
[  397.879727][ T7493] RDX: 000000000000001c RSI: 0000200000000240 RDI: 0000000000000006
[  397.887703][ T7493] RBP: 00007fd5f9a10ab1 R08: 0000000000000000 R09: 0000000000000000
[  397.895680][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  397.903656][ T7493] R13: 0000000000000000 R14: 00007fd5f9bb5fa0 R15: 00007ffc30938718
[  397.911642][ T7493]  </TASK>
[  397.914842][ T7493] Kernel Offset: disabled
[  397.919177][ T7493] Rebooting in 86400 seconds..