last executing test programs:

2m18.835937979s ago: executing program 2 (id=1040):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x10, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x27, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x0, 0x0}, 0x40)

2m18.569895469s ago: executing program 2 (id=1042):
r0 = syz_io_uring_setup(0x3ac6, &(0x7f00000001c0)={0x0, 0xfffffffd, 0x10100, 0x4, 0x37c}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[{0x10, 0x10d, 0x5}], 0x10}, 0x0, 0xe3d08660d3cd4684})
io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0)

2m18.506097478s ago: executing program 2 (id=1043):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000040000ffdbdf25020000000900030073797a3200000000090001009a"], 0x2c}}, 0x800)

2m18.434318667s ago: executing program 2 (id=1044):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000180)={[{@iocharset={'iocharset', 0x3d, 'cp869'}}, {@umask={'umask', 0x3d, 0x5}}, {@namecase}, {}, {@fmask={'fmask', 0x3d, 0xab}}, {@discard}, {@fmask={'fmask', 0x3d, 0x6}}, {@utf8}, {@umask={'umask', 0x3d, 0x6}}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
write$ppp(r0, &(0x7f00000002c0)="37bd", 0x2)

2m18.2208526s ago: executing program 2 (id=1050):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0xdfe5)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)

2m18.030485579s ago: executing program 2 (id=1053):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="480100001000010000000000000000000000000000000000000000000000000000000000f8ff0000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000001eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c00120073657169762863636d28626c6f77666973682d61736d29290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000c0008"], 0x148}}, 0x0)

2m17.459556922s ago: executing program 32 (id=1053):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="480100001000010000000000000000000000000000000000000000000000000000000000f8ff0000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000001eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c00120073657169762863636d28626c6f77666973682d61736d29290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000c0008"], 0x148}}, 0x0)

2m12.555054716s ago: executing program 3 (id=1087):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x78, 0x30, 0x51b, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, {0x4, 0x14}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)

2m12.475222918s ago: executing program 3 (id=1088):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002340)=@base={0xe, 0x4, 0x4, 0x12}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r2, &(0x7f0000000440)}, 0x20)

2m12.474995107s ago: executing program 3 (id=1089):
r0 = gettid()
tkill(r0, 0x1001b)

2m12.405211695s ago: executing program 3 (id=1090):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x1000052, &(0x7f0000000240)=ANY=[], 0xf5, 0x1219, &(0x7f0000002100)="$eJzs3E9rHGUcB/Bf1o1JU/NHrdX2oA948TQ0OXgSJEgKkgWlNkIrCFOz0SVjNmRCYEWsnrz2dXj2JvgOcvE1eMvFYw/iSGYam223VMHdFfv5HDI/nuf55pln2F2YZZ49eefel7s7ZbaTH0ZrZiZa+xHpfooUrTjz+mZzvHV7c73T2biR0vX1m6tvp5SW3vj5k6/nIuLixz8u/TQXxyufnvy29uvx5eMrJ3/c/KJXpl6ZVvqHKU93+v3D/E7RTdu9cjdL6cOim5fd1NsruwdD/TtFf39/kPK97cWF/YNuWaZ8b5B27+UR/XR4MEj553lvL2VZlhYXgieaffqQrR/uV1UVUVWz8XxUVVVdiIW4GC/EYizFtxHxYrwUL8eleCUux6vxWlypR03i9AEAAAAAAAAAAAAAAAAAAODZcX7/f0QM7f9fjhX7/wEAAAAAAAAAAAAAAAAAAGACPrp1e3O909m4kdJ8RPH90dbRVnNs+td3ohdFdONaLMfvUe/+bzT19fc7G9dSbSW+K+4+yN892nquyZ/+Oc2v1j8n8CDfrvvO8qtNPg3n52Lh/PxrsRyXRs+/NjI/H2+9eS6fxXL88ln0o4jteu6H+W9WU3rvg84j+av1OAAAAPg/yNJfRt6/Z9mT+pv83/5+oB2P3F+342p7umsnohx8tZu3iu5BXRRnxfxjLWMrZiNiUnONq5gbbmmNaa7WUy7UzLgW2P6PXGfF48Xpu/jf+D8XYrhl2p9MTMLDl8G0zwQAAAAAAAAAAIB/YszPJ7ZjxJNl705nqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCoAAP//I6LAUA==")
r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x40)
io_setup(0x9, &(0x7f0000000300)=<r1=>0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000}])
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x7, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
chdir(0x0)
mkdir(0x0, 0x0)
rmdir(&(0x7f0000000000)='./control\x00')
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12)
r3 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r3, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)

2m12.021403219s ago: executing program 3 (id=1091):
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="2100000000000000000000000000180000040000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000017"], 0x48)

2m10.702424741s ago: executing program 3 (id=1099):
r0 = socket$packet(0x11, 0x3, 0x300)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000022657a6e8b48b90000000008"], 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13b88a8", 0x36, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r2, 0x1, 0x0, 0x6, @local}, 0x14)

2m10.497607573s ago: executing program 33 (id=1099):
r0 = socket$packet(0x11, 0x3, 0x300)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000022657a6e8b48b90000000008"], 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13b88a8", 0x36, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r2, 0x1, 0x0, 0x6, @local}, 0x14)

1m26.598202998s ago: executing program 1 (id=1683):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e0000004a008102e00f80ecdb4cb9020a", 0x11}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)

1m26.458632321s ago: executing program 1 (id=1685):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8947, &(0x7f0000000080)={'vlan1\x00', 0x2000})

1m26.358366549s ago: executing program 1 (id=1686):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

1m26.358005071s ago: executing program 1 (id=1687):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000000700)=ANY=[@ANYBLOB='iocharset=default,noadinicb,gid=forget,gid=ignore,nostrict,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c616e63686f723d30303030000088be0900303030303030303030312c7569643d666f726765742c00215e8c2e42462f3ab5e1f7c0527abbb422be9178aa60681964adb069ae876c4a599d560075ac47c0de1a9bb9146af6433efdcdac853a8e8f16d6bad90ecce0a1fab46f48331e6b3c325c08df3c334e4da28067a30b3b1dc64bf692c712fc273bc1702008f563765c6f3e67d97e1369973c2a87f0ecca7320819863179fb85e394a8cf1d62c70d8306633b6958ebf998a0685bc5cdd1f97291328743add4c867115fae1082f8faf482e15eb939968"], 0xfd, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x49)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x40000}], 0x1, 0x7a00, 0x0, 0x3)
symlink(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
open(0x0, 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000440)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1m26.165850333s ago: executing program 1 (id=1691):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40895}, 0x20004804)

1m25.753218849s ago: executing program 1 (id=1694):
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @local, {[], @echo_request={0x91}}}}}}, 0x0)

1m25.580634234s ago: executing program 34 (id=1694):
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @local, {[], @echo_request={0x91}}}}}}, 0x0)

3.270827814s ago: executing program 0 (id=2731):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x2, @local, 0x4}, 0x1c)

2.321811836s ago: executing program 0 (id=2742):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_coalesce={0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x400000}})

2.163334141s ago: executing program 0 (id=2743):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000340)={@val={0x0, 0x800}, @val={0x3, 0x83, 0x0, 0x40, 0x14, 0x6}, @ipv4=@igmp={{0x6, 0x4, 0x2, 0x7, 0x20, 0x67, 0x0, 0x6f, 0x2, 0x0, @empty, @broadcast, {[@timestamp_prespec={0x44, 0x4, 0x8e, 0x3, 0x6}]}}, {0x1e, 0x7, 0x0, @local}}}, 0x2e)

2.013200984s ago: executing program 0 (id=2744):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$rxrpc(0x21, 0x2, 0x2)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={0x0, 0x88}, 0x1, 0x0, 0x0, 0x8054}, 0x40451)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x62181)
r2 = syz_open_procfs(0x0, &(0x7f0000000280)='numa_maps\x00')
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100002b4101", @ANYRESHEX=0x0, @ANYRES64=r2], 0x0)

1.46244653s ago: executing program 4 (id=2754):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f0000000040)=0x5, 0x4)

1.413240765s ago: executing program 5 (id=2755):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x20, 0xfa00, {0x8000000, &(0x7f0000000100), 0x111, 0x2}}, 0x20)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246803163199aee6fdb9291b3091ec1a2d41d2271101d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)

1.412955876s ago: executing program 5 (id=2756):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x5c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffffffff}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

1.361658516s ago: executing program 4 (id=2757):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf50009058402"], &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x1c0f}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x438}}, {0x0, 0x0}, {0x0, 0x0}]})

1.361299722s ago: executing program 5 (id=2758):
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240), 0x109801, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000016c0)={@cgroup=r0, r0, 0x2f, 0xc, 0x0, @void, @value=r0}, 0x20)

1.272862755s ago: executing program 5 (id=2759):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x3, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.272506324s ago: executing program 5 (id=2760):
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file1\x00', 0x12000c9, &(0x7f0000000080)=ANY=[@ANYBLOB="002cfbe4dfc52d07fe6b9670e93117085d789a4c3b76a7c8b3d273fd5392199ca0f5b52546f6050830f5a3ad42abe1a3b5b20f6e31132b03caec94aad2851bd2e7926212"], 0x1, 0xdab, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L36x8wuNm6ZJSkigj9iQumklNkaii1KE1CVLmgaa1gmP0AUoi5RFV0i1hPgDipDIpuqi6oJNFbGiG1Sp+wqx6iaVkLJAUcCV7XPG429mdGcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux8jg3N12l9N5H7z7zr7O/+NvylJOtHKdWHsfz2HxKqdmaL6XJsLz5idX0qy+uX2xPv85plc6nKlWt6en52615D6SUbqRT6VaaTE+9cOfeh4vPPrc4debm0Xc+vbs1rV9TbXUBAACwA3z58w9e+8djP70+dfcvJ+bTRGt62T6fz+MH83b/fN5QLtvL5X9A1ZZWHban94R843lohHxjHfK1l9MM+ca7lL8nLLfZJd9ETfljbdM6tRuG2dr/+Koxs2680ZiZWf1PvuyzsT3VzNXLCy9dG1BFgU1352TexWcwGEZuWDo06DUQwKp43PA+Nzb3SF1raeO9lX/76Ubn+WETbPfnX/nDVf4Hv7fGYfPs1k9TaVf5Hh3M4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvmemxUt/rHz8Vu9e2cltfhRIi3f3/iezos7zHQ2Zf2/xsMIzssDXoFBOxY8by5pazE43l9MT5RE99bE99XE99fEz9QE4dR9tc3/pgWq7X/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsZL8898mf7/zu1j/j+f9fh/P/T+ff0sm8gij7C+N+9da5/+HC4EaXfIdDfR7qkH/l+ZH1+aoja8tJbeuZ++oxvX6+Q93yHV+fbzLk25+3RfaG+sbtk/1hvrL9Udar5fUaD+1thnbsCfUo78xUTveG9kx1a1fYkb0n5Gvm4f9Du46Edj0c5vtGaFc1vb5dcf95qc/RMD0eJyn5wtt23+9SfC/idRmP5PTtnL6f049z+nmHckdR+Tx2O/+/fD6nU7N66fLCpSfyePmcfjLWnFie/uQ21xt4cL1e/zOd1l//c7A1vdloXy8cWpteta8XJsP0812m/zCPl9+zX4/tW5k+c/GVhV9tduNhxF17863fvriwcOl1TzzxxJPWk0GvmYCtNvvGlVdnr7351rnLV158+dLLl65e+MmPzj8x9+MLF2ZXNutn2zfugV1l7Ud/0DUBAAAAAAAAAAAAelbt6zw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZtT21BHNt92XE406DYCnf3X/X8NhpEdlpbcxR/YGQbd/1+572FJr/79Z3uXh5Lt9tPr15fx/oXwIHZ6/3PK3139/7X6v+p5/Rd6zJrcWLlX7j16s63YdKzX8mP7y31gj/RX/tVcfmnN2dRb+Ut/CuXHG5X26JVQ/v4ey7+v/cc3Vv6rufzysj1+utfyV2tcNdbXI+43LvcBjPuNi9dC+8u9/fpu/wY7ans9lw+jbFj6mezXsPT/2U1ZblkP5tVz6zhduf927O+g3/qX+36X34GHw/Krmt83/X8Ot7r+P8vnb1b/n7DrfOb4n8EwssPS0tJAuz4Z1X5XdopBv/6D3oYcdPmDfv3rxP4/4/+l2P9njMf+P2M89v8Z47F/rRiP/X/G1zP2/xnjR8NyY/+g0zXxb9bEj9XEv1UTP14Tj//fYvxUTfxETfxkTfxwTfyRmvjpmvijNfEzNfHHauKP18R3u+/kdFTbD6Ms9hvp+w+joxz/6fb9P1ITB4ZX7Nc5fr/P1sSB4VXO8/D9hhFUdb5jR9zfXvbjvp3T93P6cU4/37IKsh2+m9Pv5fT7Of1BTs/ldCansznVNeRw+8N/jp1YrNbO8zsU4r2eTxqvB4j3iXmyx/rE43P9ns96tMdytqr8DV4OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0GiuPc3PTVUrvffTuM/8+95vDy1NOtnKcWnkcz2PzKaVmSqnK4+NheTcmVtOvvrh+sVNapfMrj2U8PX+7Ne+B5fnTqXQrTaanXrhz78PFZ59bnDpz8+g7n97dmtavqba6AAAAABig/wUAAP//vrPsgA==")
mount(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x2012024, 0x0)

1.1322173s ago: executing program 5 (id=2761):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014008000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
preadv(r5, &(0x7f0000000b00)=[{&(0x7f0000000300)=""/30, 0x1e}], 0x1, 0x80000001, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$BLKTRACESETUP(r5, 0xc0481273, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

535.791416ms ago: executing program 0 (id=2762):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

442.673307ms ago: executing program 0 (id=2763):
r0 = fsopen(&(0x7f00000002c0)='pstore\x00', 0x1)
set_mempolicy(0x3, &(0x7f0000000040)=0xfff, 0x5)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0xffffff84, 0x10000, 0xffffff84, 0xffffffff}, 0x1c)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000300)='\x00', &(0x7f0000000340), 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x79)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0x0)

62.958432ms ago: executing program 4 (id=2764):
syz_emit_ethernet(0x72, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x3c, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0327f6", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @dev, [], "5a74cffa30d41cd96f0319b2"}}}}}}}, 0x0)

62.693543ms ago: executing program 4 (id=2765):
socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}})

1.125027ms ago: executing program 4 (id=2766):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f00000000c0)="09000000e70014000000cb7bfbf7", 0xe, 0x200000c4, &(0x7f0000000080)={0x11, 0x88a8, r2, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, 0x14)

0s ago: executing program 4 (id=2767):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800000, 0x80, 0xfdfffffd, 0x5, 0x3ffd, 0x7})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)

kernel console output (not intermixed with test programs):

hecksum failed, block 99: 0x27 != 0x4d
[  213.803503][T10141] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  213.854716][T10145] loop4: detected capacity change from 0 to 128
[  213.866290][T10145] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  213.873931][T10145] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  213.886097][T10141] loop1: detected capacity change from 2048 to 0
[  213.892463][    C1] blk_print_req_error: 11 callbacks suppressed
[  213.892474][    C1] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  213.898715][    C1] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  213.906141][    C1] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  213.912811][    C1] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  213.950998][    C0] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  213.958703][T10134] loop0: detected capacity change from 0 to 32768
[  213.959908][    C0] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  213.969434][    C0] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  213.974218][    C0] I/O error, dev loop1, sector 1408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  213.990755][T10134] syz.0.1684: attempt to access beyond end of device
[  213.990755][T10134] loop0: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  214.001049][T10134] metapage_write_end_io: I/O error
[  214.004503][T10134] ERROR: (device loop0): release_metapage: metapage_write_one() failed
[  214.004503][T10134] 
[  214.009825][    C0] I/O error, dev loop1, sector 128 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  214.013593][    C0] Buffer I/O error on dev loop1, logical block 128, lost sync page write
[  214.013983][T10134] ERROR: (device loop0): remounting filesystem as read-only
[  214.019924][T10134] ERROR: (device loop0): diWrite: ixpxd invalid
[  214.019924][T10134] 
[  214.023486][T10134] ERROR: (device loop0): txCommit: 
[  214.023486][T10134] 
[  214.049380][T10134] blkno = 8ed2c, nblocks = 1
[  214.145973][T10134] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  214.145973][T10134] 
[  214.154212][T10134] UFO tlock:0xffffc90002002120
[  214.188869][  T115] blkno = 8ed2c, nblocks = 4
[  214.190754][  T115] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  214.190754][  T115] 
[  214.197481][ T5861] syz-executor: attempt to access beyond end of device
[  214.197481][ T5861] loop0: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  214.202899][ T5861] metapage_write_end_io: I/O error
[  214.205028][ T5861] JFS: metapage_get_blocks failed
[  214.211353][ T5861] JFS: metapage_get_blocks failed
[  214.213319][ T5861] JFS: metapage_get_blocks failed
[  214.313257][T10149] loop4: detected capacity change from 0 to 32768
[  214.351650][T10149] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  214.361791][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.387081][T10149] XFS (loop4): Ending clean mount
[  214.397554][T10149] XFS (loop4): syz.4.1692 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  214.419558][ T8673] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  214.475822][ T5861] JFS: metapage_get_blocks failed
[  214.525471][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.634299][T10160] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1696'.
[  214.672084][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.801139][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.813205][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  214.820408][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  214.824229][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  214.828403][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  214.831654][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  214.833939][T10168] loop4: detected capacity change from 0 to 2048
[  214.846479][T10168] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.910105][ T8673] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.914642][T10165] virt_wifi0 speed is unknown, defaulting to 1000
[  215.021858][    T9] libceph: connect (1)[c::]:6789 error -101
[  215.024344][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  215.070021][T10181] loop0: detected capacity change from 0 to 256
[  215.072587][T10181] exfat: Deprecated parameter 'utf8'
[  215.081718][T10181] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  215.153225][   T13] team0: left allmulticast mode
[  215.155289][   T13] team_slave_0: left allmulticast mode
[  215.158059][   T13] team_slave_1: left allmulticast mode
[  215.160145][   T13] bridge0: port 3(team0) entered disabled state
[  215.167455][   T13] bridge_slave_1: left allmulticast mode
[  215.170102][   T13] bridge_slave_1: left promiscuous mode
[  215.172425][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.184746][   T13] bridge_slave_0: left allmulticast mode
[  215.190981][   T13] bridge_slave_0: left promiscuous mode
[  215.193632][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.312092][ T2305] libceph: connect (1)[c::]:6789 error -101
[  215.314610][ T2305] libceph: mon0 (1)[c::]:6789 connect error
[  215.765727][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  215.771717][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  215.781441][   T13] bond0 (unregistering): Released all slaves
[  215.795591][   T13] bond1 (unregistering): (slave bond2): Releasing backup interface
[  215.800075][   T13] bond1 (unregistering): Released all slaves
[  215.826119][ T5919] libceph: connect (1)[c::]:6789 error -101
[  215.829248][ T5919] libceph: mon0 (1)[c::]:6789 connect error
[  215.833369][T10175] ceph: No mds server is up or the cluster is laggy
[  216.033529][T10202] netlink: 'syz.4.1711': attribute type 2 has an invalid length.
[  216.036879][T10202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1711'.
[  216.093910][T10205] IPv6: addrconf: prefix option has invalid lifetime
[  216.153539][T10207] loop0: detected capacity change from 0 to 24
[  216.172830][   T13] bond2 (unregistering): Released all slaves
[  216.263561][T10165] chnl_net:caif_netlink_parms(): no params data found
[  216.550279][T10226] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1721'.
[  216.570153][T10165] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.573145][T10165] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.577302][T10165] bridge_slave_0: entered allmulticast mode
[  216.581166][T10165] bridge_slave_0: entered promiscuous mode
[  216.587840][T10227] loop4: detected capacity change from 0 to 4096
[  216.592768][T10165] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.595634][T10165] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.608384][T10165] bridge_slave_1: entered allmulticast mode
[  216.612200][T10165] bridge_slave_1: entered promiscuous mode
[  216.737985][T10165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.765003][   T13] hsr_slave_0: left promiscuous mode
[  216.779127][   T13] hsr_slave_1: left promiscuous mode
[  216.781997][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.784984][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  216.799803][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  216.803577][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  216.827771][   T13] veth1_macvtap: left promiscuous mode
[  216.830053][   T13] veth0_macvtap: left promiscuous mode
[  216.832453][   T13] veth1_vlan: left promiscuous mode
[  216.834546][   T13] veth0_vlan: left promiscuous mode
[  216.896295][ T5859] Bluetooth: hci1: command tx timeout
[  217.531440][   T13] team_slave_1 (unregistering): left promiscuous mode
[  217.535078][   T13] team0 (unregistering): Port device team_slave_1 removed
[  217.596268][   T13] team_slave_0 (unregistering): left promiscuous mode
[  217.602081][   T13] team0 (unregistering): Port device team_slave_0 removed
[  218.200108][T10165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.282876][T10165] team0: Port device team_slave_0 added
[  218.299546][T10165] team0: Port device team_slave_1 added
[  218.339296][T10165] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.341961][T10165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.351824][T10165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.359399][T10165] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.362097][T10165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.372125][T10165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.435760][T10165] hsr_slave_0: entered promiscuous mode
[  218.438323][T10165] hsr_slave_1: entered promiscuous mode
[  218.440517][T10165] debugfs: 'hsr0' already exists in 'hsr'
[  218.442945][T10165] Cannot create hsr debugfs directory
[  218.577769][   T13] IPVS: stop unused estimator thread 0...
[  218.600907][T10165] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  218.607342][T10165] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  218.612331][T10165] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  218.618332][T10165] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  218.663724][T10265] netlink: 'syz.0.1736': attribute type 1 has an invalid length.
[  218.689487][T10165] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.712292][T10165] 8021q: adding VLAN 0 to HW filter on device team0
[  218.722922][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.725283][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.740966][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.743832][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.749786][T10269] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  218.915801][T10165] 8021q: adding VLAN 0 to HW filter on device batadv0
[  218.976478][ T5859] Bluetooth: hci1: command tx timeout
[  219.046641][    T9] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  219.093711][T10165] veth0_vlan: entered promiscuous mode
[  219.101733][T10165] veth1_vlan: entered promiscuous mode
[  219.134424][T10165] veth0_macvtap: entered promiscuous mode
[  219.140774][T10165] veth1_macvtap: entered promiscuous mode
[  219.164978][T10165] batman_adv: batadv0: Interface activated: batadv_slave_0
[  219.178494][T10165] batman_adv: batadv0: Interface activated: batadv_slave_1
[  219.188842][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.195735][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.203708][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  219.210953][    T9] usb 1-1: config 8 has an invalid interface number: 43 but max is 0
[  219.213699][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  219.218620][    T9] usb 1-1: config 8 has no interface number 0
[  219.220853][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.224031][    T9] usb 1-1: config 8 interface 43 altsetting 255 bulk endpoint 0x4 has invalid maxpacket 64
[  219.230454][    T9] usb 1-1: config 8 interface 43 has no altsetting 0
[  219.235515][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=935b, bcdDevice=be.6c
[  219.240962][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.243602][    T9] usb 1-1: Product: syz
[  219.245070][    T9] usb 1-1: Manufacturer: syz
[  219.247463][    T9] usb 1-1: SerialNumber: syz
[  219.253712][T10271] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  219.310313][T10287] netlink: 300 bytes leftover after parsing attributes in process `syz.4.1742'.
[  219.331101][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.336877][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.365867][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.369998][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.382540][T10289] macvlan2: entered allmulticast mode
[  219.384841][T10289] veth1_vlan: entered allmulticast mode
[  219.512239][    T9] usb 1-1: USB disconnect, device number 34
[  219.693261][T10301] [U] 2
[  219.698600][T10300] [U] 2
[  219.721761][T10291] loop4: detected capacity change from 0 to 32768
[  219.757692][T10291] Dev loop4 SGI disklabel: csum bad, label corrupted
[  219.761457][T10303] loop5: detected capacity change from 0 to 1024
[  219.764912][T10303] EXT4-fs: Ignoring removed nobh option
[  219.772830][T10303] EXT4-fs: Ignoring removed bh option
[  219.809702][T10303] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.834725][   T33] kauditd_printk_skb: 2 callbacks suppressed
[  219.834742][   T33] audit: type=1800 audit(1757318324.782:81): pid=10303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1749" name="memory.events" dev="loop5" ino=18 res=0 errno=0
[  219.855506][   T33] audit: type=1804 audit(1757318324.802:82): pid=10303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1749" name="/newroot/5/file1/memory.events" dev="loop5" ino=18 res=1 errno=0
[  219.879102][T10303] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.1749: Allocating blocks 497-513 which overlap fs metadata
[  219.889534][T10303] EXT4-fs (loop5): pa ffff888112e7aae0: logic 138864, phys. 113, len 25
[  219.893594][T10303] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 24, pa_free 25
[  219.942462][T10165] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.003985][T10313] loop5: detected capacity change from 0 to 256
[  220.009127][T10313] exfat: Deprecated parameter 'utf8'
[  220.011286][T10313] exfat: Deprecated parameter 'utf8'
[  220.015840][T10313] exFAT-fs (loop5): Invalid boot checksum (boot checksum : 0x110009d0, checksum : 0x1119abd0)
[  220.031442][T10313] exFAT-fs (loop5): invalid boot region
[  220.033729][T10313] exFAT-fs (loop5): failed to recognize exfat type
[  220.084028][T10315] loop0: detected capacity change from 0 to 2048
[  220.098343][T10315] NILFS (loop0): couldn't find nilfs on the device
[  220.290706][T10330] loop5: detected capacity change from 0 to 512
[  220.294370][T10330] EXT4-fs: Invalid want_extra_isize 1430
[  220.516749][ T5919] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  220.604167][T10333] Bluetooth: hci0: Opcode 0x0401 failed: -112
[  220.766736][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  220.776819][ T5919] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  220.789989][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.837211][ T5919] usb 5-1: config 0 descriptor??
[  220.851972][ T5919] pwc: Askey VC010 type 2 USB webcam detected.
[  221.056650][ T5238] Bluetooth: hci1: command tx timeout
[  221.321187][T10351] overlayfs: conflicting options: userxattr,metacopy=on
[  221.893286][ T5919] pwc: recv_control_msg error -32 req 02 val 2b00
[  222.032293][ T5919] pwc: recv_control_msg error -32 req 02 val 2700
[  222.039690][ T5919] pwc: recv_control_msg error -32 req 02 val 2c00
[  222.044034][ T5919] pwc: recv_control_msg error -32 req 04 val 1000
[  222.047484][ T5919] pwc: recv_control_msg error -32 req 04 val 1300
[  222.052418][ T5919] pwc: recv_control_msg error -32 req 04 val 1400
[  222.061430][ T5919] pwc: recv_control_msg error -32 req 02 val 2000
[  222.266299][ T5919] pwc: recv_control_msg error -71 req 04 val 1500
[  222.272146][ T5919] pwc: recv_control_msg error -71 req 02 val 2500
[  222.274970][ T5919] pwc: recv_control_msg error -71 req 02 val 2400
[  222.280118][ T5919] pwc: recv_control_msg error -71 req 02 val 2600
[  222.283066][ T5919] pwc: recv_control_msg error -71 req 02 val 2900
[  222.286069][ T5919] pwc: recv_control_msg error -71 req 02 val 2800
[  222.291165][ T5919] pwc: recv_control_msg error -71 req 04 val 1100
[  222.294233][ T5919] pwc: recv_control_msg error -71 req 04 val 1200
[  222.298526][ T5919] pwc: Registered as video103.
[  222.302088][ T5919] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14
[  222.310451][ T5919] usb 5-1: USB disconnect, device number 10
[  222.547026][ T5238] Bluetooth: hci0: command 0x0401 tx timeout
[  222.697300][ T5859] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  223.151133][ T5859] Bluetooth: hci1: command tx timeout
[  224.053933][T10382] netlink: 830 bytes leftover after parsing attributes in process `syz.5.1777'.
[  224.455306][T10408] loop0: detected capacity change from 0 to 1024
[  224.460391][T10388] loop5: detected capacity change from 0 to 32768
[  224.463711][T10408] EXT4-fs: Ignoring removed oldalloc option
[  224.465957][T10408] EXT4-fs: Ignoring removed bh option
[  224.466292][T10388] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1780 (10388)
[  224.475964][T10388] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.482460][T10388] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  224.483319][T10408] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.512284][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.555978][T10423] loop0: detected capacity change from 0 to 512
[  224.574183][T10423] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1791: bg 0: block 5: invalid block bitmap
[  224.581092][T10423] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  224.581187][ T5859] Bluetooth: hci0: command 0x0401 tx timeout
[  224.585784][T10423] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1791: invalid indirect mapped block 4294967295 (level 1)
[  224.589163][T10388] BTRFS info (device loop5): enabling ssd optimizations
[  224.595092][T10423] EXT4-fs (loop0): 1 orphan inode deleted
[  224.597285][T10388] BTRFS info (device loop5): enabling free space tree
[  224.598363][T10423] EXT4-fs (loop0): 1 truncate cleaned up
[  224.603132][T10423] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.638226][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.651791][T10165] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  225.011567][T10435] loop0: detected capacity change from 0 to 32768
[  225.075266][ T5919] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  225.084576][ T5919] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  225.105988][T10435] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  225.106008][T10435]   allowing incompatible features above 0.0: (unknown version)
[  225.106018][T10435]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  225.127217][T10435] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  225.130725][T10435] bcachefs (loop0): initializing new filesystem
[  225.141120][T10435] bcachefs (loop0): going read-write
[  225.147091][T10435] bcachefs (loop0): marking superblocks
[  225.193146][T10435] bcachefs (loop0): initializing freespace
[  225.202902][T10435] bcachefs (loop0): done initializing freespace
[  225.213102][T10435] bcachefs (loop0): reading snapshots table
[  225.215517][T10435] bcachefs (loop0): reading snapshots done
[  225.245807][T10435] bcachefs (loop0): done starting filesystem
[  225.393557][T10435] syz.0.1794 (10435) used greatest stack depth: 17048 bytes left
[  225.439267][ T5861] bcachefs (loop0): shutting down
[  225.447443][ T5861] bcachefs (loop0): going read-only
[  225.449589][ T5861] bcachefs (loop0): finished waiting for writes to stop
[  225.459788][ T5861] bcachefs (loop0): flushing journal and stopping allocators, journal seq 2
[  225.521755][ T5861] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  225.530755][ T5861] bcachefs (loop0): clean shutdown complete, journal seq 4
[  225.538416][ T5861] bcachefs (loop0): marking filesystem clean
[  225.582266][ T5861] bcachefs (loop0): shutdown complete
[  225.868585][ T5918] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  226.250184][ T5918] usb 5-1: unable to get BOS descriptor or descriptor too short
[  226.254201][ T5918] usb 5-1: not running at top speed; connect to a high speed hub
[  226.259179][ T5918] usb 5-1: config 6 has an invalid interface number: 208 but max is 0
[  226.262509][ T5918] usb 5-1: config 6 has no interface number 0
[  226.265062][ T5918] usb 5-1: config 6 interface 208 has no altsetting 0
[  226.270248][ T5918] usb 5-1: New USB device found, idVendor=1410, idProduct=9010, bcdDevice=23.c2
[  226.273201][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.276146][ T5918] usb 5-1: Product: syz
[  226.278105][ T5918] usb 5-1: Manufacturer: syz
[  226.280103][ T5918] usb 5-1: SerialNumber: syz
[  226.491468][ T5918] qmi_wwan 5-1:6.208: invalid descriptor buffer length
[  226.496969][ T5918] qmi_wwan 5-1:6.208: probe with driver qmi_wwan failed with error -22
[  226.503037][ T5918] usb 5-1: USB disconnect, device number 11
[  226.867329][ T5904] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  227.019760][ T5904] usb 6-1: Using ep0 maxpacket: 8
[  227.026849][ T5904] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.037346][ T5904] usb 6-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  227.040853][ T5904] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.053973][ T5904] usb 6-1: config 0 descriptor??
[  227.282764][T10494] loop4: detected capacity change from 0 to 32768
[  227.291138][T10494] 
[  227.291138][T10494]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.291138][T10494] 
[  227.319122][T10494] ERROR: (device loop4): diWrite: ixpxd invalid
[  227.319122][T10494] 
[  227.328375][T10494] ERROR: (device loop4): txCommit: 
[  227.328375][T10494] 
[  227.366204][ T8673] 
[  227.366204][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.366204][ T8673] 
[  227.370949][ T8673] 
[  227.370949][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.370949][ T8673] 
[  227.468505][ T5904] kye 0003:0458:5015.000C: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  227.478275][ T5904] kye 0003:0458:5015.000C: item fetching failed at offset 0/2
[  227.481812][ T5904] kye 0003:0458:5015.000C: parse failed
[  227.484071][ T5904] kye 0003:0458:5015.000C: probe with driver kye failed with error -22
[  227.685410][ T5919] usb 6-1: USB disconnect, device number 2
[  227.927351][ T5904] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  227.947680][T10516] ubi31: attaching mtd0
[  227.970530][T10516] ubi31: scanning is finished
[  227.972314][T10516] ubi31: empty MTD device detected
[  228.259866][T10516] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  228.263165][T10516] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  228.265904][T10516] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  228.268673][T10516] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  228.271964][T10516] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  228.275233][T10516] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  228.278589][T10516] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4127222394
[  228.284138][T10516] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  228.289628][T10520] ubi31: background thread "ubi_bgt31d" started, PID 10520
[  228.375302][ T5904] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  228.379149][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.382653][ T5904] usb 1-1: Product: syz
[  228.384345][ T5904] usb 1-1: Manufacturer: syz
[  228.386076][ T5904] usb 1-1: SerialNumber: syz
[  228.393765][ T5904] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  228.436956][ T5316] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  228.548952][T10522] loop5: detected capacity change from 0 to 256
[  228.554162][T10522] exFAT-fs (loop5): Invalid exboot-signature(sector = 2): 0x1119abd0
[  228.560453][T10522] exFAT-fs (loop5): Invalid exboot-signature(sector = 5): 0x1119abd0
[  228.563868][T10522] exFAT-fs (loop5): Invalid exboot-signature(sector = 6): 0x00000000
[  228.567195][T10522] exFAT-fs (loop5): Invalid exboot-signature(sector = 7): 0x00000000
[  228.572211][T10522] exFAT-fs (loop5): Invalid exboot-signature(sector = 8): 0x00000000
[  228.575643][T10522] exFAT-fs (loop5): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e)
[  228.580327][T10522] exFAT-fs (loop5): invalid boot region
[  228.582413][T10522] exFAT-fs (loop5): failed to recognize exfat type
[  228.645691][T10524] can: request_module (can-proto-0) failed.
[  228.792697][T10533] loop5: detected capacity change from 0 to 1024
[  228.797174][T10533] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  228.801928][T10533] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  228.805632][T10533] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  228.809876][T10533] EXT4-fs (loop5): filesystem has both journal inode and journal device!
[  228.841981][ T5919] usb 1-1: USB disconnect, device number 35
[  229.013984][T10535] loop5: detected capacity change from 0 to 40427
[  229.018630][T10535] F2FS-fs (loop5): invalid crc value
[  229.050422][T10535] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  229.055016][T10535] F2FS-fs (loop5): Start checkpoint disabled!
[  229.061121][T10535] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  229.697896][ T5316] usb 1-1: Service connection timeout for: 256
[  229.709557][ T5316] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  229.724928][ T5316] ath9k_htc: Failed to initialize the device
[  229.836748][T10542] netlink: 'syz.0.1831': attribute type 3 has an invalid length.
[  229.840245][T10542] netlink: 'syz.0.1831': attribute type 1 has an invalid length.
[  229.843403][T10542] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1831'.
[  229.846987][T10542] NCSI netlink: No device for ifindex 33022
[  230.119713][ T5919] usb 1-1: ath9k_htc: USB layer deinitialized
[  230.611232][T10538] syz.5.1830: attempt to access beyond end of device
[  230.611232][T10538] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  231.054975][T10553] loop4: detected capacity change from 0 to 40427
[  231.066713][T10553] F2FS-fs (loop4): invalid crc value
[  231.136811][T10553] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  231.142520][T10553] F2FS-fs (loop4): Start checkpoint disabled!
[  231.158773][T10553] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  231.215922][   T52] kworker/u9:2: attempt to access beyond end of device
[  231.215922][   T52] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  231.231367][   T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  231.231388][   T52] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  231.231405][   T52] Workqueue: writeback wb_workfn (flush-7:5)
[  231.231428][   T52] Call Trace:
[  231.231434][   T52]  <TASK>
[  231.231442][   T52]  dump_stack_lvl+0x189/0x250
[  231.231464][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.231479][   T52]  ? __pfx_queue_work_on+0x10/0x10
[  231.231492][   T52]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  231.231510][   T52]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  231.231537][   T52]  f2fs_handle_critical_error+0x37c/0x540
[  231.231562][   T52]  f2fs_write_end_io+0x886/0xb60
[  231.231588][   T52]  __submit_merged_bio+0x27a/0x6a0
[  231.231611][   T52]  __submit_merged_write_cond+0x255/0x530
[  231.231635][   T52]  f2fs_write_data_pages+0x261d/0x3000
[  231.231677][   T52]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  231.231706][   T52]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  231.231741][   T52]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  231.231767][   T52]  ? trace_f2fs_writepages+0x7f/0x200
[  231.231784][   T52]  ? f2fs_write_node_pages+0x478/0x6e0
[  231.231806][   T52]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  231.231833][   T52]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  231.231852][   T52]  do_writepages+0x32e/0x550
[  231.231874][   T52]  ? reacquire_held_locks+0x127/0x1d0
[  231.231887][   T52]  ? writeback_sb_inodes+0x384/0x1010
[  231.231910][   T52]  __writeback_single_inode+0x145/0xff0
[  231.231927][   T52]  ? do_raw_spin_unlock+0x4d/0x240
[  231.231946][   T52]  writeback_sb_inodes+0x6c7/0x1010
[  231.231967][   T52]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  231.231997][   T52]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  231.232041][   T52]  ? rcu_is_watching+0x15/0xb0
[  231.232061][   T52]  wb_writeback+0x43b/0xaf0
[  231.232082][   T52]  ? queue_io+0x331/0x590
[  231.232099][   T52]  ? __pfx_wb_writeback+0x10/0x10
[  231.232119][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.232136][   T52]  wb_workfn+0x409/0xef0
[  231.232189][   T52]  ? __pfx_wb_workfn+0x10/0x10
[  231.232206][   T52]  ? __lock_acquire+0xab9/0xd20
[  231.232233][   T52]  ? process_scheduled_works+0x9ef/0x17b0
[  231.232251][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.232266][   T52]  ? process_scheduled_works+0x9ef/0x17b0
[  231.232277][   T52]  ? process_scheduled_works+0x9ef/0x17b0
[  231.232292][   T52]  process_scheduled_works+0xae1/0x17b0
[  231.232325][   T52]  ? __pfx_process_scheduled_works+0x10/0x10
[  231.232352][   T52]  worker_thread+0x8a0/0xda0
[  231.232386][   T52]  kthread+0x711/0x8a0
[  231.232473][   T52]  ? __pfx_worker_thread+0x10/0x10
[  231.232491][   T52]  ? __pfx_kthread+0x10/0x10
[  231.232510][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.232526][   T52]  ? lockdep_hardirqs_on+0x9c/0x150
[  231.232543][   T52]  ? __pfx_kthread+0x10/0x10
[  231.232558][   T52]  ret_from_fork+0x3fc/0x770
[  231.232573][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  231.232590][   T52]  ? __switch_to_asm+0x39/0x70
[  231.232607][   T52]  ? __switch_to_asm+0x33/0x70
[  231.232620][   T52]  ? __pfx_kthread+0x10/0x10
[  231.232637][   T52]  ret_from_fork_asm+0x1a/0x30
[  231.232670][   T52]  </TASK>
[  231.232676][   T52] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  231.880284][ T5980] kworker/u10:6: attempt to access beyond end of device
[  231.880284][ T5980] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  231.888888][ T5980] CPU: 1 UID: 0 PID: 5980 Comm: kworker/u10:6 Not tainted syzkaller #0 PREEMPT(full) 
[  231.888908][ T5980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  231.888918][ T5980] Workqueue: writeback wb_workfn (flush-7:4)
[  231.888940][ T5980] Call Trace:
[  231.888946][ T5980]  <TASK>
[  231.888952][ T5980]  dump_stack_lvl+0x189/0x250
[  231.888974][ T5980]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.888990][ T5980]  ? __pfx_queue_work_on+0x10/0x10
[  231.889002][ T5980]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  231.889022][ T5980]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  231.889049][ T5980]  f2fs_handle_critical_error+0x37c/0x540
[  231.889074][ T5980]  f2fs_write_end_io+0x886/0xb60
[  231.889132][ T5980]  __submit_merged_bio+0x27a/0x6a0
[  231.889176][ T5980]  __submit_merged_write_cond+0x255/0x530
[  231.889201][ T5980]  f2fs_write_data_pages+0x261d/0x3000
[  231.889247][ T5980]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  231.889277][ T5980]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  231.889319][ T5980]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  231.889347][ T5980]  ? look_up_lock_class+0x74/0x170
[  231.889373][ T5980]  ? trace_f2fs_writepages+0x7f/0x200
[  231.889393][ T5980]  ? f2fs_write_node_pages+0x478/0x6e0
[  231.889414][ T5980]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  231.889442][ T5980]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  231.889462][ T5980]  do_writepages+0x32e/0x550
[  231.889485][ T5980]  ? reacquire_held_locks+0x127/0x1d0
[  231.889498][ T5980]  ? writeback_sb_inodes+0x384/0x1010
[  231.889522][ T5980]  __writeback_single_inode+0x145/0xff0
[  231.889538][ T5980]  ? do_raw_spin_unlock+0x4d/0x240
[  231.889557][ T5980]  writeback_sb_inodes+0x6c7/0x1010
[  231.889594][ T5980]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  231.889643][ T5980]  ? rcu_is_watching+0x15/0xb0
[  231.889663][ T5980]  wb_writeback+0x43b/0xaf0
[  231.889687][ T5980]  ? queue_io+0x331/0x590
[  231.889705][ T5980]  ? __pfx_wb_writeback+0x10/0x10
[  231.889728][ T5980]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.889748][ T5980]  wb_workfn+0x409/0xef0
[  231.889776][ T5980]  ? __pfx_wb_workfn+0x10/0x10
[  231.889793][ T5980]  ? __lock_acquire+0xab9/0xd20
[  231.889820][ T5980]  ? process_scheduled_works+0x9ef/0x17b0
[  231.889839][ T5980]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.889855][ T5980]  ? process_scheduled_works+0x9ef/0x17b0
[  231.889867][ T5980]  ? process_scheduled_works+0x9ef/0x17b0
[  231.889882][ T5980]  process_scheduled_works+0xae1/0x17b0
[  231.889918][ T5980]  ? __pfx_process_scheduled_works+0x10/0x10
[  231.889945][ T5980]  worker_thread+0x8a0/0xda0
[  231.889961][ T5980]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  231.889985][ T5980]  ? __kthread_parkme+0x7b/0x200
[  231.890006][ T5980]  kthread+0x711/0x8a0
[  231.890025][ T5980]  ? __pfx_worker_thread+0x10/0x10
[  231.890038][ T5980]  ? __pfx_kthread+0x10/0x10
[  231.890054][ T5980]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.890070][ T5980]  ? lockdep_hardirqs_on+0x9c/0x150
[  231.890111][ T5980]  ? __pfx_kthread+0x10/0x10
[  231.890128][ T5980]  ret_from_fork+0x3fc/0x770
[  231.890145][ T5980]  ? __pfx_ret_from_fork+0x10/0x10
[  231.890163][ T5980]  ? __switch_to_asm+0x39/0x70
[  231.890178][ T5980]  ? __switch_to_asm+0x33/0x70
[  231.890193][ T5980]  ? __pfx_kthread+0x10/0x10
[  231.890209][ T5980]  ret_from_fork_asm+0x1a/0x30
[  231.890240][ T5980]  </TASK>
[  231.890246][ T5980] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  232.321680][T10564] gretap0: entered promiscuous mode
[  232.323633][T10564] vlan2: entered promiscuous mode
[  232.772248][T10566] loop5: detected capacity change from 0 to 4096
[  233.416809][T10571] loop0: detected capacity change from 0 to 512
[  233.444095][T10571] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.1840: iget: bad extended attribute block 1
[  233.464031][T10571] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1840: couldn't read orphan inode 15 (err -117)
[  233.476472][T10573] loop5: detected capacity change from 0 to 1024
[  233.486859][T10571] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.529348][T10571] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  233.646489][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.806523][T10590] loop0: detected capacity change from 0 to 64
[  233.931556][ T5918] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  233.933689][T10598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1851'.
[  234.068123][ T5904] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  234.100290][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  234.104601][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  234.109371][ T5918] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  234.117208][ T5918] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  234.121201][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.126412][ T5918] usb 6-1: config 0 descriptor??
[  234.241116][ T5904] usb 5-1: config 8 has an invalid interface number: 223 but max is 0
[  234.244650][ T5904] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  234.249156][ T5904] usb 5-1: config 8 has no interface number 0
[  234.251712][ T5904] usb 5-1: config 8 interface 223 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  234.265762][ T5904] usb 5-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.45
[  234.269628][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.272714][ T5904] usb 5-1: Product: syz
[  234.274401][ T5904] usb 5-1: Manufacturer: syz
[  234.276268][ T5904] usb 5-1: SerialNumber: syz
[  234.491439][ T5904] usb 5-1: USB disconnect, device number 12
[  234.544182][ T5918] plantronics 0003:047F:FFFF.000D: reserved main item tag 0xd
[  234.552602][ T5918] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  234.745964][T10582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.752331][T10582] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  234.822654][    T9] usb 6-1: USB disconnect, device number 3
[  235.038226][ T5918] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  235.191778][ T5918] usb 1-1: Using ep0 maxpacket: 8
[  235.208304][ T5918] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  235.211653][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.214560][ T5918] usb 1-1: Product: syz
[  235.216139][ T5918] usb 1-1: Manufacturer: syz
[  235.228240][ T5918] usb 1-1: SerialNumber: syz
[  235.237100][ T5918] usb 1-1: config 0 descriptor??
[  235.411556][T10628] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1866'.
[  235.507004][ T5918] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  235.526099][T10626] loop4: detected capacity change from 0 to 32768
[  235.529673][T10626] btrfs: Deprecated parameter 'usebackuproot'
[  235.532176][T10626] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  235.535937][T10626] btrfs: Deprecated parameter 'usebackuproot'
[  235.538097][T10626] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  235.545867][T10626] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1865 (10626)
[  235.554928][T10626] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  235.559858][T10626] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  235.563591][T10626] workqueue: max_active 40574 requested for btrfs-worker is out of range, clamping between 1 and 2048
[  235.579239][T10626] workqueue: max_active 40574 requested for btrfs-delalloc is out of range, clamping between 1 and 2048
[  235.607336][T10626] workqueue: max_active 40574 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  235.613170][T10626] workqueue: max_active 40574 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  235.630105][T10626] workqueue: max_active 40574 requested for btrfs-rmw is out of range, clamping between 1 and 2048
[  235.635075][T10626] workqueue: max_active 40574 requested for btrfs-endio-write is out of range, clamping between 1 and 2048
[  235.640316][T10626] workqueue: max_active 40574 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048
[  235.689006][T10626] BTRFS info (device loop4): rebuilding free space tree
[  235.710420][T10626] BTRFS info (device loop4): setting nodatasum
[  235.712974][T10626] BTRFS info (device loop4): enabling ssd optimizations
[  235.715812][T10626] BTRFS info (device loop4): enabling free space tree
[  235.718925][T10626] BTRFS info (device loop4): force clearing of disk cache
[  235.721955][T10626] BTRFS info (device loop4): doing ref verification
[  235.724654][T10626] BTRFS info (device loop4): trying to use backup root at mount time
[  235.766001][T10626] BTRFS info (device loop4): balance: start -f
[  235.766895][T10653] loop5: detected capacity change from 0 to 256
[  235.768966][T10626] BTRFS info (device loop4): balance: ended with status: 0
[  235.796845][T10653] FAT-fs (loop5): Directory bread(block 64) failed
[  235.799977][T10653] FAT-fs (loop5): Directory bread(block 65) failed
[  235.804314][ T8673] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  235.809148][T10653] FAT-fs (loop5): Directory bread(block 66) failed
[  235.813793][T10653] FAT-fs (loop5): Directory bread(block 67) failed
[  235.816875][T10653] FAT-fs (loop5): Directory bread(block 68) failed
[  235.820054][T10653] FAT-fs (loop5): Directory bread(block 69) failed
[  235.822392][T10653] FAT-fs (loop5): Directory bread(block 70) failed
[  235.825308][T10653] FAT-fs (loop5): Directory bread(block 71) failed
[  235.828432][T10653] FAT-fs (loop5): Directory bread(block 72) failed
[  235.831032][T10653] FAT-fs (loop5): Directory bread(block 73) failed
[  236.156563][T10659] loop4: detected capacity change from 0 to 8192
[  236.161237][T10659] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  236.258944][T10665] netlink: 'syz.5.1877': attribute type 142 has an invalid length.
[  236.264023][T10665] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1877'.
[  236.323962][T10669] mac80211_hwsim hwsim15 wlan0: entered promiscuous mode
[  236.328931][T10669] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  236.382172][T10673] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  236.437664][T10677] mkiss: ax0: crc mode is auto.
[  236.537561][T10682] loop5: detected capacity change from 0 to 2048
[  236.554769][T10682] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.616837][T10165] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.747168][ T5918] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  236.753552][ T5918] usb 1-1: USB disconnect, device number 36
[  236.929264][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  237.082098][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.086665][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.092444][    T9] usb 6-1: New USB device found, idVendor=056a, idProduct=003d, bcdDevice= 0.00
[  237.095896][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.101801][    T9] usb 6-1: config 0 descriptor??
[  237.312183][T10693] netlink: 648 bytes leftover after parsing attributes in process `syz.0.1888'.
[  237.392761][T10697] loop0: detected capacity change from 0 to 512
[  237.404165][T10697] [EXT4 FS bs=4096, gc=1, bpg=71, ipg=32, mo=a84ec028, mo2=0041]
[  237.407166][T10697] System zones: 0-2, 18-18, 34-34
[  237.414767][T10697] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  237.419381][T10697] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  237.424712][T10697] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.1890: Failed to acquire dquot type 0
[  237.430191][T10697] EXT4-fs (loop0): Remounting filesystem read-only
[  237.432843][T10697] EXT4-fs (loop0): 1 orphan inode deleted
[  237.436445][T10697] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.441255][T10697] ext4 filesystem being mounted at /607/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  237.465698][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.504037][T10701] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1891'.
[  237.526050][    T9] wacom 0003:056A:003D.000E: unknown main item tag 0x0
[  237.528518][    T9] wacom 0003:056A:003D.000E: unknown main item tag 0x0
[  237.538667][    T9] wacom 0003:056A:003D.000E: unknown main item tag 0x0
[  237.540779][    T9] wacom 0003:056A:003D.000E: unknown main item tag 0x0
[  237.549821][   T33] audit: type=1326 audit(1757318342.510:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10702 comm="syz.0.1892" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe12718ebe9 code=0x0
[  237.728822][ T5918] usb 6-1: USB disconnect, device number 4
[  237.997171][T10714] pim6reg: entered allmulticast mode
[  238.003728][T10714] pim6reg: left allmulticast mode
[  238.305604][T10732] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  239.528340][ T5859] Bluetooth: hci1: Malformed Event: 0x02
[  239.730817][T10775] loop0: detected capacity change from 0 to 1024
[  239.756566][T10775] loop0: detected capacity change from 0 to 2048
[  239.764074][T10775] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  239.796546][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.216194][T10788] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1929'.
[  240.223868][T10788] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1929'.
[  240.226857][T10788] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1929'.
[  240.233156][T10788] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1929'.
[  240.906259][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1936'.
[  241.139692][T10815] loop0: detected capacity change from 0 to 2048
[  241.193335][T10815]  loop0: p1 < >
[  241.226504][T10817] random: crng reseeded on system resumption
[  241.557886][T10829] loop5: detected capacity change from 0 to 32768
[  241.564693][T10829] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1949 (10829)
[  241.575009][T10829] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  241.579295][T10829] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  241.587302][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881102f9800: rx timeout, send abort
[  241.624872][T10829] BTRFS info (device loop5): enabling ssd optimizations
[  241.627753][T10829] BTRFS info (device loop5): enabling free space tree
[  241.636558][T10829] BTRFS warning (device loop5): get dev_stats failed, device not found
[  241.658412][T10165] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  241.663139][T10846] overlayfs: failed to verify upper root origin
[  242.087514][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881102fb400: rx timeout, send abort
[  242.090608][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881102f9800: abort rx timeout. Force session deactivation
[  242.221779][T10860] netlink: 'syz.0.1956': attribute type 2 has an invalid length.
[  242.227112][T10860] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1956'.
[  242.509364][    T9] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  242.590293][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881102fb400: abort rx timeout. Force session deactivation
[  242.610882][T10872] netlink: 'syz.5.1962': attribute type 12 has an invalid length.
[  242.613286][T10872] netlink: 'syz.5.1962': attribute type 29 has an invalid length.
[  242.615580][T10872] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1962'.
[  242.618442][T10872] netlink: 'syz.5.1962': attribute type 2 has an invalid length.
[  242.628594][T10872] netlink: 19 bytes leftover after parsing attributes in process `syz.5.1962'.
[  242.660645][    T9] usb 1-1: Using ep0 maxpacket: 16
[  242.673712][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  242.684114][    T9] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  242.687091][    T9] usb 1-1: config 1 has no interface number 1
[  242.694029][    T9] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  242.710538][    T9] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  242.715387][    T9] usb 1-1: config 1 interface 2 has no altsetting 0
[  242.722896][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  242.726365][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.735700][    T9] usb 1-1: Product: syz
[  242.737496][    T9] usb 1-1: Manufacturer: syz
[  242.749329][    T9] usb 1-1: SerialNumber: syz
[  242.759392][T10880] loop5: detected capacity change from 0 to 1024
[  242.777579][T10880] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.786136][T10880] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.811419][T10880] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 3: comm syz.5.1966: lblock 3 mapped to illegal pblock 3 (length 13)
[  242.823673][T10880] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  242.828332][T10880] EXT4-fs (loop5): This should not happen!! Data will be lost
[  242.828332][T10880] 
[  242.863120][T10165] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.964995][    T9] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor
[  242.968184][    T9] usb 1-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  242.972932][    T9] usb 1-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  242.975924][    T9] usb 1-1: selecting invalid altsetting 0
[  242.995548][    T9] usb 1-1: USB disconnect, device number 37
[  243.243498][T10899] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1974'.
[  243.247920][T10899] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1974'.
[  243.283564][T10901] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1975'.
[  243.288304][T10901] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1975'.
[  243.735748][ T5918] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  243.786215][   T33] audit: type=1326 audit(1757318348.739:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10922 comm="syz.0.1986" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe12718ebe9 code=0x7ffc0000
[  243.810390][   T33] audit: type=1326 audit(1757318348.739:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10922 comm="syz.0.1986" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe12718ebe9 code=0x7ffc0000
[  243.825855][   T33] audit: type=1326 audit(1757318348.739:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10922 comm="syz.0.1986" exe="/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fe12718ebe9 code=0x7ffc0000
[  243.834793][   T33] audit: type=1326 audit(1757318348.739:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10922 comm="syz.0.1986" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe12718ebe9 code=0x7ffc0000
[  243.846318][   T33] audit: type=1326 audit(1757318348.739:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10922 comm="syz.0.1986" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe12718ebe9 code=0x7ffc0000
[  243.860981][T10927] loop4: detected capacity change from 0 to 2048
[  243.872454][T10927] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  243.882854][T10929] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1989'.
[  243.911949][ T5918] usb 6-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  243.916047][ T5918] usb 6-1: config 0 interface 0 has no altsetting 0
[  243.918613][ T5918] usb 6-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00
[  243.936653][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.942498][ T5918] usb 6-1: config 0 descriptor??
[  243.944885][T10907] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  244.254351][T10931] loop0: detected capacity change from 0 to 40427
[  244.258109][T10931] F2FS-fs: heap/no_heap options were deprecated
[  244.266321][T10931] F2FS-fs (loop0): build fault injection rate: 19
[  244.268999][T10931] F2FS-fs (loop0): build fault injection type: 0x77fd1
[  244.275653][T10944] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1995'.
[  244.276437][T10931] F2FS-fs (loop0): invalid crc value
[  244.295498][T10931] F2FS-fs (loop0): inject kmalloc in f2fs_kmalloc of f2fs_build_segment_manager+0x30ed/0x49f0
[  244.301338][T10931] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-12)
[  244.358832][ T5918] thrustmaster 0003:044F:B323.000F: hidraw0: USB HID v0.00 Device [HID 044f:b323] on usb-dummy_hcd.5-1/input0
[  244.371459][ T5918] thrustmaster 0003:044F:B323.000F: no inputs found
[  244.526848][T10957] loop4: detected capacity change from 0 to 2048
[  244.537678][T10957] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.559994][ T5919] usb 6-1: USB disconnect, device number 5
[  245.575433][T10968] tap0: tun_chr_ioctl cmd 1074025677
[  245.577739][T10968] tap0: linktype set to 0
[  245.749337][T10970] loop0: detected capacity change from 0 to 16
[  245.758218][T10970] erofs (device loop0): mounted with root inode @ nid 36.
[  246.554204][T10988] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2011'.
[  246.562875][T10988] unsupported nlmsg_type 40
[  247.120234][T10992] gre2: entered promiscuous mode
[  247.242335][T10998] loop5: detected capacity change from 0 to 8
[  247.247336][T10998] SQUASHFS error: zlib decompression failed, data probably corrupt
[  247.257118][T10998] SQUASHFS error: Failed to read block 0x9b: -5
[  247.259158][T10998] SQUASHFS error: Unable to read metadata cache entry [99]
[  247.261952][T10998] SQUASHFS error: Unable to read inode 0x127
[  247.313381][T11000] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2018'.
[  247.446118][   T33] audit: type=1804 audit(1757318352.399:89): pid=11007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2020" name="/newroot/294/file0" dev="tmpfs" ino=1549 res=1 errno=0
[  247.468483][T10996] loop0: detected capacity change from 0 to 32768
[  247.472374][T10996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2014 (10996)
[  247.480179][T10996] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  247.483531][T10996] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  247.501751][T10996] BTRFS info (device loop0): enabling ssd optimizations
[  247.503884][T10996] BTRFS info (device loop0): enabling free space tree
[  247.576452][ T5861] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  247.577165][T11029] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2023'.
[  247.586497][T11029] (unnamed net_device) (uninitialized): option mode: invalid value (7)
[  247.672916][T11033] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2026'.
[  247.917064][T11047] ipvlan2: entered promiscuous mode
[  247.923888][T11047] bridge0: port 3(ipvlan2) entered blocking state
[  247.926079][T11047] bridge0: port 3(ipvlan2) entered disabled state
[  247.943763][T11047] ipvlan2: entered allmulticast mode
[  247.945408][T11047] gretap0: entered allmulticast mode
[  247.948217][T11047] ipvlan2: left allmulticast mode
[  247.952807][T11047] gretap0: left allmulticast mode
[  248.067668][T11051] loop0: detected capacity change from 0 to 764
[  248.109250][T11044] loop5: detected capacity change from 0 to 32768
[  248.116161][T11044] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2029 (11044)
[  248.136851][T11044] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  248.146155][T11044] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  248.238903][T11044] BTRFS info (device loop5): enabling ssd optimizations
[  248.243180][T11044] BTRFS info (device loop5): enabling free space tree
[  248.365449][T10165] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  248.813149][T11095] loop0: detected capacity change from 0 to 1024
[  248.835734][T11095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  248.841724][T11095] ext4 filesystem being mounted at /650/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.855159][T11095] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 4)
[  248.863118][T11095] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 117
[  248.869456][T11095] EXT4-fs (loop0): This should not happen!! Data will be lost
[  248.869456][T11095] 
[  248.876611][T11095] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 1)
[  248.890375][T11095] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 1)
[  248.903970][T11095] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 1)
[  248.908037][T11089] loop5: detected capacity change from 0 to 32768
[  248.913497][T11095] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 1)
[  248.921714][T11094] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 4)
[  248.921941][T11089] JBD2: Ignoring recovery information on journal
[  248.933480][T11094] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 4)
[  248.944008][T11094] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 4)
[  248.952193][T11089] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  248.960351][T11094] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 4)
[  248.966064][T11094] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: comm syz.0.2046: lblock 0 mapped to illegal pblock 0 (length 4)
[  249.088025][T10165] ocfs2: Unmounting device (7,5) on (node local)
[  249.192693][T11104] loop4: detected capacity change from 0 to 64
[  249.252601][T11110] ieee802154 phy0 wpan0: encryption failed: -22
[  249.732541][T11113] overlayfs: overlapping lowerdir path
[  249.754831][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  249.808141][T11118] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2053'.
[  250.001737][T11128] loop0: detected capacity change from 0 to 4096
[  250.187190][T11132] loop0: detected capacity change from 0 to 1024
[  250.526612][T11158] bond0: (slave bond_slave_1): Releasing backup interface
[  250.557989][T11163] netlink: 'syz.0.2075': attribute type 1 has an invalid length.
[  250.560608][T11163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2075'.
[  250.684338][T11180] netlink: 21 bytes leftover after parsing attributes in process `syz.4.2083'.
[  250.737713][T11184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2085'.
[  250.842812][T11192] binder: Bad value for 'max'
[  250.910866][   T33] audit: type=1326 audit(1757318355.868:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11199 comm="syz.5.2093" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f678658ebe9 code=0x0
[  251.003882][T11203] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2093'.
[  251.060843][T11198] loop4: detected capacity change from 0 to 32768
[  251.065363][T11198] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2092 (11198)
[  251.072117][T11198] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  251.075797][T11198] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  251.096434][T11202] loop0: detected capacity change from 0 to 32768
[  251.103855][T11202] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  251.107346][T11202] XFS (loop0): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent.
[  251.117771][T11198] BTRFS info (device loop4): allowing degraded mounts
[  251.120762][T11198] BTRFS info (device loop4): enabling ssd optimizations
[  251.123505][T11198] BTRFS info (device loop4): enabling free space tree
[  251.127827][T11198] BTRFS info (device loop4): force zlib compression, level 3
[  251.149596][ T5861] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  251.173671][ T8673] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  251.286654][T11228] loop0: detected capacity change from 0 to 2048
[  251.295456][T11228] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  251.304338][T11228] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  251.685462][T11247] loop4: detected capacity change from 0 to 64
[  251.689852][T11247] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  252.097869][T11255] comedi comedi0: mpc624: I/O port conflict (0x4,16)
[  252.106080][T11256] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2107'.
[  252.109831][T11256] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2107'.
[  252.186042][T11260] loop5: detected capacity change from 0 to 4096
[  252.203336][T11263] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  252.212995][   T33] audit: type=1800 audit(1757318357.168:91): pid=11260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2110" name="file1" dev="loop5" ino=15 res=0 errno=0
[  252.267572][T11267] netlink: 'syz.4.2114': attribute type 12 has an invalid length.
[  252.464310][T11275] loop5: detected capacity change from 0 to 4096
[  252.479943][T11275] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  252.494483][T11275] ntfs3(loop5): Failed to load $Extend (-22).
[  252.496881][T11275] ntfs3(loop5): Failed to initialize $Extend.
[  253.014067][T11315] netlink: 'syz.5.2132': attribute type 10 has an invalid length.
[  253.042441][T11315] veth1_macvtap: left promiscuous mode
[  253.044380][T11317] loop4: detected capacity change from 0 to 64
[  253.052838][T11317] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  253.070983][T11317] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop4
[  253.199101][T11321] "syz.4.2135" (11321) uses obsolete ecb(arc4) skcipher
[  254.177767][T11346] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2144'.
[  254.819582][T11362] loop0: detected capacity change from 0 to 128
[  255.258604][T11372] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2157'.
[  255.323481][T11372] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.334019][T11372] bridge_slave_1: left allmulticast mode
[  255.336639][T11372] bridge_slave_1: left promiscuous mode
[  255.339576][T11372] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.393399][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  255.395872][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  255.639203][T11393] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  255.647979][T11396] netlink: 'syz.4.2168': attribute type 10 has an invalid length.
[  255.668637][T11396] team0: Port device dummy0 added
[  255.681339][T11396] netlink: 'syz.4.2168': attribute type 10 has an invalid length.
[  255.694009][T11396] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  255.718192][T11396] team0: Failed to send options change via netlink (err -105)
[  255.727563][T11396] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  255.733514][T11396] team0: Port device dummy0 removed
[  255.744040][T11396] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  255.748327][T11401] loop0: detected capacity change from 0 to 128
[  255.752312][T11401] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  255.757555][T11401] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  255.814310][T11403] bond2: entered promiscuous mode
[  255.826129][   T52] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  255.832732][T11403] bond2: entered allmulticast mode
[  255.840161][T11403] 8021q: adding VLAN 0 to HW filter on device bond2
[  255.950175][T11413] loop0: detected capacity change from 0 to 2048
[  255.959141][T11413] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  256.455906][T11426] loop4: detected capacity change from 0 to 1764
[  257.040847][ T5918] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  257.191345][ T5918] usb 6-1: Using ep0 maxpacket: 32
[  257.198205][ T5918] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  257.205694][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.222796][ T5918] usb 6-1: config 0 descriptor??
[  257.244890][ T5918] gspca_main: sunplus-2.14.0 probing 041e:400b
[  257.646105][ T5918] gspca_sunplus: reg_w_riv err -71
[  257.648509][ T5918] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  257.659279][ T5918] usb 6-1: USB disconnect, device number 6
[  257.768074][T11445] loop0: detected capacity change from 0 to 8
[  257.779549][T11445] SQUASHFS error: Failed to read block 0x636: -5
[  257.784315][T11445] SQUASHFS error: Unable to read metadata cache entry [634]
[  257.787269][T11445] SQUASHFS error: Unable to read metadata cache entry [634]
[  257.789981][T11445] SQUASHFS error: Unable to read directory block [634:0]
[  258.571135][T11459] netlink: 'syz.0.2196': attribute type 9 has an invalid length.
[  258.574372][T11459] netlink: 'syz.0.2196': attribute type 7 has an invalid length.
[  258.577337][T11459] netlink: 'syz.0.2196': attribute type 8 has an invalid length.
[  258.651624][T11454] loop4: detected capacity change from 0 to 131072
[  258.932927][T11466] netlink: 27 bytes leftover after parsing attributes in process `syz.5.2197'.
[  258.940658][T11454] F2FS-fs (loop4): Bad quota inode 2:2048
[  258.945878][T11454] F2FS-fs (loop4): Failed to enable quota tracking (type=2, err=-2). Please run fsck to fix.
[  258.949667][T11454] F2FS-fs (loop4): Cannot turn on quotas: error -2
[  258.952477][T11454] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  258.956174][T11454] F2FS-fs (loop4): Mounted with checkpoint version = 1b41e955
[  259.056135][T11477] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2203'.
[  259.059246][T11477] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2203'.
[  259.062997][T11477] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2203'.
[  259.150385][T11483] loop5: detected capacity change from 0 to 512
[  259.169399][T11483] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  259.196429][T11483] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.203500][T11483] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  259.234449][T11483] EXT4-fs error (device loop5): ext4_xattr_block_find:1869: inode #15: comm syz.5.2205: corrupted xattr block 19: overlapping e_value 
[  259.244396][T11483] EXT4-fs (loop5): Remounting filesystem read-only
[  259.282589][T10165] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.536080][T11494] loop5: detected capacity change from 0 to 32768
[  259.576975][T11494] XFS (loop5): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  259.600321][T11494] XFS (loop5): Ending clean mount
[  259.626827][T10165] XFS (loop5): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  259.857670][ T5904] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  259.997137][T11521] loop9: detected capacity change from 0 to 7
[  260.013853][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.017106][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.020604][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.031874][ T5904] usb 5-1: Using ep0 maxpacket: 16
[  260.040956][ T5904] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  260.046237][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  260.049296][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.066549][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.069950][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.074186][ T5904] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  260.084143][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.087626][ T5904] usb 5-1: Product: syz
[  260.093188][ T5904] usb 5-1: Manufacturer: syz
[  260.093823][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.098035][ T5904] usb 5-1: SerialNumber: syz
[  260.119270][ T5904] usb 5-1: config 0 descriptor??
[  260.120727][T11521] ldm_validate_partition_table(): Disk read failed.
[  260.125807][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.140564][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.150764][T11521] Buffer I/O error on dev loop9, logical block 0, async page read
[  260.153725][ T5904] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  260.161418][T11521] Dev loop9: unable to read RDB block 0
[  260.163772][ T5904] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  260.168846][T11521]  loop9: unable to read partition table
[  260.176977][T11521] loop9: partition table beyond EOD, truncated
[  260.187234][T11521] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ
[  260.187234][T11521] ) failed (rc=-5)
[  260.750857][ T5904] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  260.755451][ T5904] em28xx 5-1:0.0: Config register raw data: 0x41
[  260.770942][T11524] loop5: detected capacity change from 0 to 32768
[  260.816163][T11524] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  260.894755][T11524] XFS (loop5): Ending clean mount
[  260.975101][ T5919] usb 5-1: USB disconnect, device number 13
[  260.991537][ T5919] em28xx 5-1:0.0: Disconnecting em28xx
[  261.013961][ T5919] em28xx 5-1:0.0: Freeing device
[  261.099675][T10165] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  261.946071][T11567] netlink: 'syz.4.2235': attribute type 1 has an invalid length.
[  262.006014][T11569] loop5: detected capacity change from 0 to 4096
[  262.020847][T11571] loop4: detected capacity change from 0 to 2048
[  262.046755][T11555] loop0: detected capacity change from 0 to 32768
[  262.049860][T11555] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got  should be 
[  262.056506][T11555] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section clean: entry type (unknown jset_entry_type 255) overruns end of section
[  262.056506][T11555] clean (size 2912):
[  262.056506][T11555] flags:          0
[  262.056506][T11555] journal_seq:    10
[  262.056506][T11555] usage: type=inodes v=8
[  262.056506][T11555] usage: type=key_version v=0
[  262.056506][T11555] usage: type=reserved v=0
[  262.056506][T11555] usage: type=reserved v=0
[  262.056506][T11555] usage: type=reserved v=0
[  262.056506][T11555] usage: type=reserved v=0
[  262.056506][T11555] data_usage: btree: 1/1 [0]=2816
[  262.056506][T11555] data_usage: journal: 1/1 [0]=0
[  262.056506][T11555] data_usage: user: 1/1 [0]=16
[  262.056506][T11555] dev_usage: dev=0  
[  262.056506][T11555]   free: buckets=83 sectors=0 fragmented=0
[  262.056506][T11555]   sb: buckets=25 sectors=6152 fragmented=248
[  262.056506][T11555]   journal: buckets=8 sectors=2048 fragmented=0
[  262.056506][T11555]   btree: buckets=11 sectors=2816 fragmented=0
[  262.056506][T11555]   user: buckets=1 sectors=16 fragmented=240
[  262.056506][T11555]   cached: buckets=0 sectors=0 fragmented=0
[  262.056506][T11555]   parity: buckets=432345564227567616 sectors=0 fragmented=0
[  262.056506][T11555]   stripe: buckets=0 sectors=0 fragmented=0
[  262.056506][T11555]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  262.056506][T11555]   need_discard: buckets=0 sectors=0 fragmented=0
[  262.056506][T11555] clock: read=0
[  262.056506][T11555] clock: write=1280
[  262.056506][T11555] log_bkey: btree=extents level=0 u64s 11 type btree_p
[  262.056626][T11555] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  262.135764][T11571] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  262.158388][T11571] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:169: inode #12: comm syz.4.2237: inline data xattr refers to an external xattr inode
[  262.175939][T11571] EXT4-fs (loop4): Remounting filesystem read-only
[  262.205649][ T8673] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.349374][T11588] netlink: 'syz.0.2243': attribute type 4 has an invalid length.
[  262.355240][T11588] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2243'.
[  262.504861][T11595] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2240'.
[  262.800355][T11600] loop5: detected capacity change from 0 to 16
[  262.806327][T11600] erofs (device loop5): mounted with root inode @ nid 36.
[  262.811145][   T33] audit: type=1800 audit(1757318367.757:92): pid=11600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2247" name="file1" dev="loop5" ino=86 res=0 errno=0
[  262.812765][T11600] Invalid ELF header len 10
[  263.487541][T11624] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2257'.
[  263.792044][ T5919] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  263.916271][T11628] loop6: detected capacity change from 0 to 63
[  263.961898][ T5919] usb 5-1: Using ep0 maxpacket: 16
[  263.978241][ T5919] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  263.982152][ T5919] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  263.991497][ T5919] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  264.004021][ T5919] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  264.011477][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.016481][ T5919] usb 5-1: Product: syz
[  264.018135][ T5919] usb 5-1: Manufacturer: syz
[  264.019919][ T5919] usb 5-1: SerialNumber: syz
[  264.031231][T11634] loop0: detected capacity change from 0 to 512
[  264.039887][T11634] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  264.049692][T11634] EXT4-fs error (device loop0): ext4_init_orphan_info:611: comm syz.0.2262: orphan file block 0: bad magic
[  264.055232][T11634] EXT4-fs (loop0): Remounting filesystem read-only
[  264.058217][T11634] EXT4-fs (loop0): mount failed
[  264.227522][T11645] loop0: detected capacity change from 0 to 512
[  264.235418][T11626] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2258'.
[  264.245003][T11645] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  264.247056][ T5919] usb 5-1: 0:2 : does not exist
[  264.262624][ T5919] usb 5-1: USB disconnect, device number 14
[  264.264080][T11645] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  264.276957][T11645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2267: bg 0: block 248: padding at end of block bitmap is not set
[  264.286091][T11645] Quota error (device loop0): write_blk: dquota write failed
[  264.293759][T11645] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  264.298270][T11645] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.2267: Failed to acquire dquot type 1
[  264.328981][T11645] EXT4-fs (loop0): 1 truncate cleaned up
[  264.333298][T11645] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  264.374544][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  264.394774][T11653] usb usb8: usbfs: process 11653 (syz.5.2270) did not claim interface 0 before use
[  264.416647][T11655] usb usb8: usbfs: process 11655 (syz.0.2271) did not claim interface 0 before use
[  264.491478][T11663] netlink: 'syz.5.2275': attribute type 1 has an invalid length.
[  264.494988][T11663] nbd: couldn't find a device at index 393224
[  264.749185][T11673] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only
[  264.754945][T11673] overlayfs: NFS export requires an index dir, falling back to nfs_export=off.
[  264.848571][T11679] vxcan1 speed is unknown, defaulting to 1000
[  264.858581][T11679] vxcan1 speed is unknown, defaulting to 1000
[  264.863492][T11679] vxcan1 speed is unknown, defaulting to 1000
[  265.046232][   T51] vxcan1 speed is unknown, defaulting to 1000
[  265.056113][T11679] infiniband syz2: set active
[  265.058363][T11679] infiniband syz2: added vxcan1
[  265.108628][T11679] RDS/IB: syz2: added
[  265.110976][T11679] smc: adding ib device syz2 with port count 1
[  265.114022][T11679] smc:    ib device syz2 port 1 has pnetid 
[  265.119125][ T5919] vxcan1 speed is unknown, defaulting to 1000
[  265.125895][T11679] vxcan1 speed is unknown, defaulting to 1000
[  265.264056][T11679] vxcan1 speed is unknown, defaulting to 1000
[  265.383915][T11691] input: syz1 as /devices/virtual/input/input16
[  265.554381][T11691] loop5: detected capacity change from 0 to 2048
[  265.581759][T11693] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  265.814967][T11679] vxcan1 speed is unknown, defaulting to 1000
[  265.865036][T11707] loop0: detected capacity change from 0 to 512
[  265.873304][T11707] FAT-fs (loop0): bogus logical sector size 0
[  265.876147][T11707] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; no bootstrapping code
[  265.879925][T11707] FAT-fs (loop0): Can't find a valid FAT filesystem
[  266.129452][T11716] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2296'.
[  266.320078][T11720] loop4: detected capacity change from 0 to 32768
[  266.323205][T11720] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2299 (11720)
[  266.329099][T11720] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  266.332408][T11720] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  266.441191][T11720] BTRFS info (device loop4): turning off barriers
[  266.444194][T11720] BTRFS info (device loop4): enabling free space tree
[  266.447166][T11720] BTRFS info (device loop4): use zstd compression, level 3
[  266.670838][T11720] BTRFS info (device loop4 state M): resize thread pool 4 -> 2097158
[  266.674240][T11720] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  266.679280][T11720] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  266.684224][T11720] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW
[  266.688616][T11720] BTRFS info (device loop4 state M): disabling log replay at mount time
[  266.691886][T11720] BTRFS info (device loop4 state M): force clearing of disk cache
[  266.695083][T11720] BTRFS info (device loop4 state M): ignoring bad roots
[  266.697673][T11720] BTRFS info (device loop4 state M): ignoring data csums
[  266.700177][T11720] BTRFS info (device loop4 state M): ignoring meta csums
[  266.702796][T11720] BTRFS info (device loop4 state M): ignoring unknown super block flags
[  266.726418][ T8673] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  266.947596][T11740] loop0: detected capacity change from 0 to 512
[  266.955510][T11740] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.959483][T11740] ext4 filesystem being mounted at /744/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  267.004597][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.050759][T11752] dns_resolver: Unsupported content type (218)
[  267.055552][T11751] openvswitch: netlink: IPv4 tun info is not correct
[  267.150841][T11759] loop0: detected capacity change from 0 to 1024
[  267.164670][T11759] hfsplus: bad catalog entry type
[  267.192731][   T32] hfsplus: b-tree write err: -5, ino 4
[  267.241560][T11762] loop5: detected capacity change from 0 to 4096
[  267.247237][T11762] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  267.251187][T11762] ntfs3(loop5): ino=3, mi_enum_attr
[  267.253576][T11762] ntfs3(loop5): MFT: r=1, expect seq=1 instead of 0!
[  267.256426][T11762] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  267.259214][T11762] ntfs3(loop5): Failed to load $MFTMirr (-22).
[  268.146222][T11803] loop5: detected capacity change from 0 to 256
[  268.151437][T11803] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  268.163391][T11803] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  268.166285][T11803] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  268.168593][T11803] UDF-fs: Scanning with blocksize 512 failed
[  268.174039][T11803] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  268.179287][T11803] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  268.526108][ T5919] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  268.672535][ T5919] usb 6-1: Using ep0 maxpacket: 16
[  268.676932][ T5919] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[  268.681376][ T5919] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  268.688218][ T5919] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  268.691983][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.695292][ T5919] usb 6-1: Product: syz
[  268.697377][ T5919] usb 6-1: SerialNumber: syz
[  268.790283][T11826] loop4: detected capacity change from 0 to 32768
[  268.793604][T11826] btrfs: Deprecated parameter 'usebackuproot'
[  268.796002][T11826] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  268.800445][T11826] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2339 (11826)
[  268.808327][T11826] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  268.812814][T11826] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  268.816510][T11826] BTRFS error (device loop4): nologreplay must be used with ro mount option
[  268.819740][T11826] BTRFS error (device loop4): open_ctree failed: -22
[  268.921567][ T5919] usb 6-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  268.925488][ T5919] usb 6-1: found format II with max.bitrate = 0, frame size=0
[  268.928505][ T5919] usb 6-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  268.940834][T11829] loop4: detected capacity change from 0 to 1024
[  268.943977][ T5919] usb 6-1: found format II with max.bitrate = 0, frame size=0
[  268.951855][ T5919] usb 6-1: failed to enable PITCH for EP 0x82
[  268.955322][ T5919] usb 6-1: unit 4 not found!
[  268.970853][T11829] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  268.982445][ T5919] usb 6-1: USB disconnect, device number 7
[  268.991317][T11829] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2340: bg 0: block 494: padding at end of block bitmap is not set
[  268.999586][T11829] EXT4-fs (loop4): Remounting filesystem read-only
[  269.004526][T11829] EXT4-fs (loop4): error restoring inline_data for inode -- potential data loss! (inode 12, error -30)
[  269.036850][ T8673] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.354692][T11849] sch_fq: defrate 4294967295 ignored.
[  270.176249][T11889] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2368'.
[  270.378552][T11900] netlink: 'syz.0.2373': attribute type 3 has an invalid length.
[  270.501634][T11909] bond0: entered promiscuous mode
[  270.504542][T11909] bond_slave_0: entered promiscuous mode
[  270.507093][T11909] bond_slave_1: entered promiscuous mode
[  270.509750][T11909] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  270.524608][T11909] bond0: left promiscuous mode
[  270.526573][T11909] bond_slave_0: left promiscuous mode
[  270.528839][T11909] bond_slave_1: left promiscuous mode
[  270.531068][T11909] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  270.634944][T11917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2381'.
[  271.032647][ T5919] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  271.142945][    T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  271.180629][T11948] IPVS: Error joining to the multicast group
[  271.182593][ T5919] usb 1-1: Using ep0 maxpacket: 16
[  271.187688][ T5919] usb 1-1: config index 0 descriptor too short (expected 16456, got 72)
[  271.190197][ T5919] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  271.194391][ T5919] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  271.198359][ T5919] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  271.201663][ T5919] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  271.207592][ T5919] usb 1-1: config 0 has no interface number 0
[  271.210305][ T5919] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  271.215876][ T5919] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  271.219676][ T5919] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  271.228566][ T5919] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  271.237374][ T5919] usb 1-1: config 0 interface 125 has no altsetting 0
[  271.240030][ T5919] usb 1-1: config 0 interface 125 has no altsetting 2
[  271.245575][ T5919] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  271.249135][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.252122][ T5919] usb 1-1: Product: syz
[  271.256563][ T5919] usb 1-1: Manufacturer: syz
[  271.258436][ T5919] usb 1-1: SerialNumber: syz
[  271.262329][ T5919] usb 1-1: config 0 descriptor??
[  271.268039][ T5919] usb 1-1: selecting invalid altsetting 2
[  271.292960][    T9] usb 6-1: Using ep0 maxpacket: 8
[  271.306100][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  271.312437][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  271.320140][    T9] usb 6-1: config 1 interface 0 altsetting 249 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  271.325818][    T9] usb 6-1: config 1 interface 0 has no altsetting 0
[  271.332918][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  271.336401][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.340149][    T9] usb 6-1: Product: syz
[  271.341957][    T9] usb 6-1: Manufacturer: syz
[  271.343960][    T9] usb 6-1: SerialNumber: syz
[  271.481782][    C0] usb 1-1: async_complete: urb error -71
[  271.484266][    C0] usb 1-1: async_complete: urb error -71
[  271.486639][    C0] usb 1-1: async_complete: urb error -71
[  271.488995][    C0] usb 1-1: async_complete: urb error -71
[  271.495986][ T5919] get_1284_register: usb error -71
[  271.498349][ T5919] uss720 1-1:0.125: probe with driver uss720 failed with error -71
[  271.507860][ T5919] usb 1-1: USB disconnect, device number 38
[  271.563033][    T9] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  271.571897][    T9] usb 6-1: USB disconnect, device number 8
[  272.325288][T12005] netlink: 'syz.5.2419': attribute type 10 has an invalid length.
[  272.333550][    T9] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  272.355074][T12005] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  272.360726][T12005] netlink: 'syz.5.2419': attribute type 10 has an invalid length.
[  272.410237][T12013] QAT: failed to copy from user.
[  272.625202][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  272.628734][    T9] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  272.632142][    T9] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  272.636249][    T9] usb 5-1: config 1 has no interface number 1
[  272.639601][    T9] usb 5-1: config 1 interface 2 has no altsetting 0
[  272.648227][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  272.651878][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.662998][    T9] usb 5-1: Product: syz
[  272.664839][    T9] usb 5-1: Manufacturer: syz
[  272.666803][    T9] usb 5-1: SerialNumber: syz
[  272.899303][    T9] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  272.899326][    T9] usb 5-1: selecting invalid altsetting 0
[  272.909186][    T9] usb 5-1: USB disconnect, device number 15
[  272.988939][T12033] netlink: 324 bytes leftover after parsing attributes in process `syz.5.2432'.
[  272.992899][T12033] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2432'.
[  272.996425][T12033] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2432'.
[  273.223782][T12043] loop5: detected capacity change from 0 to 128
[  273.237585][T12043] omfs: Invalid superblock (7b3184f9)
[  273.302864][T12047] netlink: 'syz.5.2439': attribute type 5 has an invalid length.
[  273.431052][T12054] loop0: detected capacity change from 0 to 4096
[  273.434955][T12054] EXT4-fs: Ignoring removed mblk_io_submit option
[  273.438506][T12054] EXT4-fs (loop0): Test dummy encryption mode enabled
[  273.449059][T12054] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.466447][T12054] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  273.510058][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.568376][T12066] loop0: detected capacity change from 0 to 256
[  273.593911][T12066] FAT-fs (loop0): error, clusters badly computed (1 != 0)
[  273.633875][T12070] loop4: detected capacity change from 0 to 512
[  273.636840][T12070] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  273.643433][T12070] EXT4-fs (loop4): invalid journal inode
[  273.645803][T12070] EXT4-fs (loop4): can't get journal size
[  273.651569][T12070] EXT4-fs error (device loop4): ext4_protect_reserved_inode:182: inode #2: comm syz.4.2449: blocks 6-6 from inode overlap system zone
[  273.660251][T12070] EXT4-fs (loop4): failed to initialize system zone (-117)
[  273.665193][T12070] EXT4-fs (loop4): mount failed
[  273.673058][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  273.834294][    T9] usb 6-1: Using ep0 maxpacket: 32
[  273.837790][    T9] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  273.841663][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.847950][    T9] usb 6-1: config 0 descriptor??
[  273.851465][    T9] gspca_main: nw80x-2.14.0 probing 055f:d001
[  273.943376][   T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  274.103179][   T10] usb 5-1: Using ep0 maxpacket: 8
[  274.115374][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  274.120963][   T10] usb 5-1: config 4 has an invalid interface number: 147 but max is 0
[  274.127757][   T10] usb 5-1: config 4 has an invalid descriptor of length 104, skipping remainder of the config
[  274.133531][   T10] usb 5-1: config 4 has no interface number 0
[  274.141385][   T10] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  274.149801][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.153678][   T10] usb 5-1: Product: syz
[  274.155514][   T10] usb 5-1: Manufacturer: syz
[  274.157605][   T10] usb 5-1: SerialNumber: syz
[  274.248594][T12095] netlink: 'syz.0.2461': attribute type 17 has an invalid length.
[  274.251525][T12095] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2461'.
[  274.266644][    T9] gspca_nw80x: reg_r err -71
[  274.273279][    T9] nw80x 6-1:0.0: probe with driver nw80x failed with error -71
[  274.281646][    T9] usb 6-1: USB disconnect, device number 9
[  274.379385][   T10] usb 5-1: Found UVC 0.02 device syz (04f2:b746)
[  274.382223][   T10] usb 5-1: No valid video chain found.
[  274.387168][   T10] usb 5-1: USB disconnect, device number 16
[  274.543679][T12101] Failed to get privilege flags for destination (handle=0x2:0x0)
[  275.031794][T12119] netlink: 140 bytes leftover after parsing attributes in process `syz.5.2472'.
[  275.730837][ T5918] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  275.913129][ T5918] usb 6-1: Using ep0 maxpacket: 32
[  275.917067][ T5918] usb 6-1: config 0 has an invalid interface number: 35 but max is 0
[  275.919891][ T5918] usb 6-1: config 0 has no interface number 0
[  275.925186][ T5918] usb 6-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  275.928734][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.931694][ T5918] usb 6-1: Product: syz
[  275.933673][ T5918] usb 6-1: Manufacturer: syz
[  275.951667][ T5918] usb 6-1: SerialNumber: syz
[  275.955813][ T5918] usb 6-1: config 0 descriptor??
[  276.166686][T12135] loop0: detected capacity change from 0 to 256
[  276.179910][T12135] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  276.200521][T12135] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  276.208956][T12135] FAT-fs (loop0): Filesystem has been set read-only
[  276.379017][ T5918] radio-si470x 6-1:0.35: si470x_get_report: usb_control_msg returned -71
[  276.382221][ T5918] radio-si470x 6-1:0.35: probe with driver radio-si470x failed with error -5
[  276.413725][ T5918] radio-raremono 6-1:0.35: this is not Thanko's Raremono.
[  276.422590][ T5918] usb 6-1: USB disconnect, device number 10
[  276.483268][    T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  276.527600][   T10] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  276.633457][    T9] usb 1-1: Using ep0 maxpacket: 16
[  276.637093][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  276.640554][    T9] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  276.644616][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.649006][    T9] usb 1-1: config 0 descriptor??
[  276.678687][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  276.682619][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  276.688627][   T10] usb 5-1: config 106 has an invalid interface number: 8 but max is 0
[  276.691752][   T10] usb 5-1: config 106 has no interface number 0
[  276.694378][   T10] usb 5-1: config 106 interface 8 has no altsetting 0
[  276.699739][   T10] usb 5-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=93.dd
[  276.702698][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.707354][   T10] usb 5-1: Product: syz
[  276.709046][   T10] usb 5-1: Manufacturer: syz
[  276.710618][   T10] usb 5-1: SerialNumber: syz
[  276.923868][   T10] kalmia 5-1:106.8 (unnamed net_device) (uninitialized): Error sending init packet. Status -22
[  276.927601][   T10] kalmia 5-1:106.8: probe with driver kalmia failed with error -22
[  276.932153][   T10] usb 5-1: USB disconnect, device number 17
[  277.001749][T12148] loop5: detected capacity change from 0 to 64
[  277.007955][T12148] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
[  277.076953][    T9] mcp2221 0003:04D8:00DD.0010: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  277.488936][    T9] usb 1-1: USB disconnect, device number 39
[  278.288384][T12161] loop5: detected capacity change from 0 to 4096
[  278.310481][T12161] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  278.339415][T12161] ntfs3(loop5): Failed to load $Extend (-22).
[  278.341810][T12161] ntfs3(loop5): Failed to initialize $Extend.
[  278.758130][T12177] netem: incorrect gi model size
[  278.760529][T12177] netem: change failed
[  278.768592][T12179] loop0: detected capacity change from 0 to 512
[  278.772190][T12179] EXT4-fs: Ignoring removed mblk_io_submit option
[  278.779279][T12179] EXT4-fs (loop0): orphan cleanup on readonly fs
[  278.781869][T12179] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  278.795492][T12179] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #13: comm syz.0.2498: attempt to clear invalid blocks 2 len 1
[  278.806526][T12179] EXT4-fs (loop0): Remounting filesystem read-only
[  278.810168][T12179] EXT4-fs (loop0): 1 truncate cleaned up
[  278.814395][T12179] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  278.822823][T12179] EXT4-fs (loop0): Quota file not on filesystem root. Journaled quota will not work
[  278.840060][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.048828][T12192] loop4: detected capacity change from 0 to 1024
[  279.052170][T12192] EXT4-fs: Ignoring removed bh option
[  279.064251][   T51] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  279.077283][T12192] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.107933][ T8673] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.386983][   T51] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  279.392478][   T51] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  279.422940][   T51] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  279.427129][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  279.430806][   T51] usb 6-1: SerialNumber: syz
[  279.770396][   T51] usb 6-1: 0:2 : does not exist
[  279.780864][   T51] usb 6-1: USB disconnect, device number 11
[  280.261668][T12220] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  280.264173][T12220] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  280.268744][T12220] vhci_hcd vhci_hcd.0: Device attached
[  280.274651][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.282615][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.288941][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.297566][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.301852][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.308462][T12220] vhci_hcd vhci_hcd.0: pdev(0) rhport(6) sockfd(17)
[  280.311152][T12220] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  280.315846][T12220] vhci_hcd vhci_hcd.0: Device attached
[  280.324993][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.329170][T12220] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  280.339635][T12223] vhci_hcd: connection closed
[  280.343174][   T13] vhci_hcd: stop threads
[  280.348983][T12221] vhci_hcd: connection closed
[  280.351802][   T13] vhci_hcd: release socket
[  280.356256][   T13] vhci_hcd: disconnect device
[  280.357979][   T13] vhci_hcd: stop threads
[  280.359483][   T13] vhci_hcd: release socket
[  280.361233][   T13] vhci_hcd: disconnect device
[  280.398723][T12229] loop5: detected capacity change from 0 to 128
[  280.406497][T12229] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  280.521481][T12231] loop5: detected capacity change from 0 to 4096
[  280.525804][T12231] ntfs3(loop5): Primary boot: invalid bytes per MFT record 0 (0).
[  280.529303][T12231] ntfs3(loop5): try to read out of volume at offset 0x1ffe00
[  280.594644][T12233] loop5: detected capacity change from 0 to 2048
[  280.599753][T12233] NILFS (loop5): invalid segment: Magic number mismatch
[  280.602258][T12233] NILFS (loop5): trying rollback from an earlier position
[  280.618719][T12233] NILFS (loop5): recovery complete
[  280.622286][T12234] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  280.665960][T12233] overlayfs: upper fs does not support tmpfile.
[  280.671562][T12233] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  280.675816][T12233] overlayfs: failed to set xattr on upper
[  280.678186][T12233] overlayfs: ...falling back to redirect_dir=nofollow.
[  280.680954][T12233] overlayfs: ...falling back to index=off.
[  280.906029][T12244] loop5: detected capacity change from 0 to 512
[  280.909799][T12244] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  280.922319][T12244] EXT4-fs (loop5): 1 truncate cleaned up
[  280.926669][T12244] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  280.940808][   T33] audit: type=1800 audit(1757318385.885:93): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2523" name="file1" dev="loop5" ino=15 res=0 errno=0
[  281.095477][T10165] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.152002][ T5859] Bluetooth: latency 16387 > 499
[  281.193186][T12259] loop5: detected capacity change from 0 to 64
[  281.383976][ T5904] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  281.543924][ T5904] usb 1-1: Using ep0 maxpacket: 8
[  281.550911][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  281.555553][ T5904] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  281.560023][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.573793][ T5904] usb 1-1: config 0 descriptor??
[  281.584814][ T5904] gspca_main: vc032x-2.14.0 probing 046d:0892
[  282.191341][ T5904] gspca_vc032x: reg_r err -71
[  282.195790][ T5904] vc032x 1-1:0.0: probe with driver vc032x failed with error -71
[  282.207036][ T5904] usb 1-1: USB disconnect, device number 40
[  282.604122][    T9] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  282.760147][    T9] usb 6-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  282.765604][    T9] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.768463][    T9] usb 6-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[  282.772196][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.781145][    T9] usb 6-1: config 0 descriptor??
[  282.900346][T12274] loop0: detected capacity change from 0 to 512
[  282.906341][T12274] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  282.913073][T12274] EXT4-fs (loop0): 1 truncate cleaned up
[  282.918682][T12274] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  282.962944][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.052237][T12279] tipc: Started in network mode
[  283.057388][T12279] tipc: Node identity , cluster identity 4711
[  283.060037][T12279] tipc: Failed to set node id, please configure manually
[  283.063330][T12279] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  283.205078][    T9] uclogic 0003:5543:0064.0011: item fetching failed at offset 2/5
[  283.208219][    T9] uclogic 0003:5543:0064.0011: parse failed
[  283.210501][    T9] uclogic 0003:5543:0064.0011: probe with driver uclogic failed with error -22
[  283.234279][ T5859] Bluetooth: hci1: command tx timeout
[  283.259183][T12284] loop0: detected capacity change from 0 to 4096
[  283.275607][T12284] ntfs3(loop0): ino=1a, mi_enum_attr
[  283.277436][T12284] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  283.406297][ T5904] usb 6-1: USB disconnect, device number 12
[  283.471496][T12297] loop4: detected capacity change from 0 to 16
[  283.477482][T12297] erofs (device loop4): mounted with root inode @ nid 36.
[  283.614298][    T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  283.764350][    T9] usb 1-1: Using ep0 maxpacket: 32
[  283.772543][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  283.783737][T12303] loop4: detected capacity change from 0 to 32768
[  283.788358][    T9] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  283.791941][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.795731][    T9] usb 1-1: Product: syz
[  283.797373][    T9] usb 1-1: Manufacturer: syz
[  283.799193][    T9] usb 1-1: SerialNumber: syz
[  283.803297][    T9] usb 1-1: config 0 descriptor??
[  283.811054][    T9] etas_es58x 1-1:0.0: Starting syz syz (Serial Number syz)
[  283.946275][T12306] loop4: detected capacity change from 0 to 128
[  283.950243][T12306] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  283.983307][T12306] FAT-fs (loop4): FAT read failed (blocknr 128)
[  284.020566][    T9] usb 1-1: USB disconnect, device number 41
[  284.094248][T12314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2554'.
[  284.210392][T12314] veth1_vlan (unregistering): left allmulticast mode
[  284.671574][T12318] loop0: detected capacity change from 0 to 4096
[  284.676983][T12318] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  284.682682][T12318] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  284.686931][T12318] ntfs3(loop0): Failed to load $Bitmap (-22).
[  285.280042][T12327] loop4: detected capacity change from 0 to 32768
[  285.293276][T12327] 
[  285.293276][T12327]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  285.293276][T12327] 
[  285.307131][T12327] ERROR: (device loop4): ea_get: invalid ea.flag
[  285.307131][T12327] 
[  285.321805][T12327] ERROR: (device loop4): remounting filesystem as read-only
[  285.470123][ T5904] IPVS: starting estimator thread 0...
[  285.563931][T12349] IPVS: using max 64 ests per chain, 153600 per kthread
[  285.666529][T12363] syz_tun (unregistering): left allmulticast mode
[  285.853966][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  285.921647][T12369] binder: 12368:12369 ioctl c0306201 200000000080 returned -14
[  286.015414][    T9] usb 5-1: Using ep0 maxpacket: 8
[  286.019552][    T9] usb 5-1: config 5 has an invalid interface number: 52 but max is 1
[  286.023368][T12373] loop0: detected capacity change from 0 to 256
[  286.026092][    T9] usb 5-1: config 5 has an invalid interface number: 4 but max is 1
[  286.029172][    T9] usb 5-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  286.033270][    T9] usb 5-1: config 5 has no interface number 0
[  286.038314][T12373] exfat: Deprecated parameter 'utf8'
[  286.040621][    T9] usb 5-1: config 5 has no interface number 1
[  286.042966][    T9] usb 5-1: config 5 interface 52 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  286.048923][T12373] exfat: Deprecated parameter 'utf8'
[  286.051118][T12373] exfat: Deprecated parameter 'utf8'
[  286.053718][    T9] usb 5-1: config 5 interface 4 altsetting 9 endpoint 0x5 has invalid wMaxPacketSize 0
[  286.059502][    T9] usb 5-1: config 5 interface 4 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  286.069670][T12373] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  286.076051][    T9] usb 5-1: config 5 interface 52 has no altsetting 0
[  286.078870][    T9] usb 5-1: config 5 interface 4 has no altsetting 0
[  286.083744][    T9] usb 5-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=e2.5c
[  286.086993][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.090110][    T9] usb 5-1: Product: syz
[  286.091790][    T9] usb 5-1: Manufacturer: syz
[  286.093666][    T9] usb 5-1: SerialNumber: syz
[  286.305922][    T9] cytherm 5-1:5.52: Cypress thermometer device now attached
[  286.312128][    T9] cytherm 5-1:5.4: Cypress thermometer device now attached
[  286.317586][    T9] usb 5-1: USB disconnect, device number 18
[  286.320296][    T9] cytherm 5-1:5.52: Cypress thermometer now disconnected
[  286.324727][    T9] cytherm 5-1:5.4: Cypress thermometer now disconnected
[  286.444369][ T5919] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  286.598936][ T5919] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  286.602163][ T5919] usb 1-1: config 0 has no interface number 0
[  286.605093][ T5919] usb 1-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  286.608866][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.616487][ T5919] usb 1-1: config 0 descriptor??
[  286.620897][ T5919] usb 1-1: bad CDC descriptors
[  286.831599][ T5919] usb 1-1: USB disconnect, device number 42
[  286.867945][T12403] cifs: Unknown parameter 'no'aN[Gzob,er;%j
[  286.867945][T12403] z,@qJ#"h/.W1ȱnNC"C׈E)8+1<;8+`#'
[  288.344510][T12426] loop4: detected capacity change from 0 to 4096
[  288.365339][T12426] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  288.377199][T12426] ntfs3(loop4): Failed to load $Extend (-22).
[  288.379938][T12426] ntfs3(loop4): Failed to initialize $Extend.
[  288.480215][T12430] loop4: detected capacity change from 0 to 512
[  288.483699][T12430] EXT4-fs: Ignoring removed i_version option
[  288.515463][T12430] EXT4-fs (loop4): 1 orphan inode deleted
[  288.521613][T12430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.632564][ T8673] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.730033][T12428] loop5: detected capacity change from 0 to 32768
[  288.746354][T12437] Driver unsupported XDP return value 0 on prog  (id 212) dev N/A, expect packet loss!
[  288.843417][T12428] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=none,compression=lz4,background_compression=lz4,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,read_only,no_data_io
[  288.843499][T12428]   allowing incompatible features above 0.0: (unknown version)
[  288.843508][T12428]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  288.863646][T12428] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  288.867868][T12428] bcachefs (loop5): invalid journal entry, version=1.7: mi_btree_bitmap type=blacklist in superblock: invalid journal seq blacklist entry: bad size, fixing
[  288.877462][T12428] bcachefs (loop5): recovering from clean shutdown, journal seq 10
[  288.880299][T12428] bcachefs (loop5): Version upgrade required:
[  288.880299][T12428] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  288.880299][T12428] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  288.880299][T12428]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  288.929244][T12428] bcachefs (loop5): btree node read error at btree alloc level 0/0
[  288.929300][T12428]   u64s 11 type btree_ptr_v2 283673999966207:U64_MAX:U32_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  288.929309][T12428]   loop5 node offset 0/24 bset u64s 0: incorrect max key SPOS_MAX
[  288.929314][T12428]   loop5 btree validate error
[  288.929318][T12428]   flagging btree alloc lost data
[  288.929322][T12428]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  288.929326][T12428]   ret btree_node_read_err_bad_node
[  288.960796][T12428] bcachefs (loop5): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  289.009738][T12428] bcachefs (loop5): check_topology... done
[  289.022155][T12428] bcachefs (loop5): accounting_read... done
[  289.053421][T12428] bcachefs (loop5): alloc_read... done
[  289.105013][T12442] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  289.185521][T12428] bcachefs (loop5): Fixed errors, running fsck a second time to verify fs is clean
[  289.222876][T12428] bcachefs (loop5): done starting filesystem
[  289.456855][T10165] bcachefs (loop5): shutting down
[  289.633342][T10165] bcachefs (loop5): shutdown complete
[  290.336878][T12453] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  290.409357][T12459] loop4: detected capacity change from 0 to 1024
[  290.412675][T12459] EXT4-fs: Ignoring removed nobh option
[  290.415172][T12459] EXT4-fs: Ignoring removed bh option
[  290.445501][T12459] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.498628][ T8673] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.004342][    T9] usb 1-1: new full-speed USB device number 43 using dummy_hcd
[  291.050780][T12473] loop5: detected capacity change from 0 to 40427
[  291.058892][T12473] F2FS-fs (loop5): invalid crc value
[  291.092893][T12473] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  291.097532][T12473] F2FS-fs (loop5): Start checkpoint disabled!
[  291.101239][T12473] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  291.167423][    T9] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  291.170787][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.178898][    T9] usb 1-1: config 0 descriptor??
[  291.368433][T12483] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2625'.
[  291.391951][    T9] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  291.413048][    T9] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 3
[  291.416290][    T9] [drm] Initialized udl on minor 3
[  291.611638][    T9] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed
[  291.624518][    T9] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  291.649176][T12506] netlink: 'syz.5.2636': attribute type 9 has an invalid length.
[  291.652116][T12506] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2636'.
[  291.711027][T12511] loop5: detected capacity change from 0 to 8
[  291.717391][T12511] SQUASHFS error: lzo decompression failed, data probably corrupt
[  291.722160][T12511] SQUASHFS error: Failed to read block 0x91: -5
[  291.727592][T12511] SQUASHFS error: Unable to read metadata cache entry [8f]
[  291.730429][T12511] SQUASHFS error: Unable to read inode 0x11f
[  291.782150][T12516] loop4: detected capacity change from 0 to 64
[  291.818361][    T9] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  291.824224][ T5919] usb 1-1: USB disconnect, device number 43
[  291.829179][    T9] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  291.831743][    T9] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  291.966674][T12528] loop5: detected capacity change from 0 to 1024
[  292.147309][T12535] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2650'.
[  292.179651][T12537] loop5: detected capacity change from 0 to 256
[  292.183772][T12537] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  292.189853][T12537] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  292.200630][T12537] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62dd34a, utbl_chksum : 0xe619d30d)
[  292.480341][T12554] trusted_key: syz.0.2660 sent an empty control message without MSG_MORE.
[  292.513579][T12558] autofs4:pid:12558:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967295.0), cmd(0xc018937e)
[  292.519470][T12558] autofs4:pid:12558:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e)
[  292.666043][T12569] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2666'.
[  292.732941][T12575] loop0: detected capacity change from 0 to 256
[  292.799480][T12579] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  292.879615][T12585] loop5: detected capacity change from 0 to 512
[  292.882986][T12585] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  292.903043][T12585] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF
[  293.464227][ T5859] Bluetooth: hci0: command 0x0401 tx timeout
[  293.663498][T12616] input: syz1 as /devices/virtual/input/input17
[  294.019563][T12618] loop5: detected capacity change from 0 to 32768
[  294.023197][T12618] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value
[  294.498846][T12642] netlink: 'syz.4.2700': attribute type 29 has an invalid length.
[  294.501986][T12642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2700'.
[  294.560143][T12647] netlink: 'syz.5.2702': attribute type 1 has an invalid length.
[  294.563407][T12647] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2702'.
[  294.688602][T12661] netlink: 'syz.4.2707': attribute type 1 has an invalid length.
[  294.730687][T12661] 8021q: adding VLAN 0 to HW filter on device bond1
[  294.743225][T12661] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2707'.
[  295.184652][ T5919] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  295.245073][T12683] loop0: detected capacity change from 0 to 32768
[  295.289081][T12683] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  295.314827][T12683] (syz.0.2717,12683,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  295.346556][ T5919] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  295.352044][ T5919] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 4
[  295.357094][ T5919] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  295.361265][ T5919] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.367047][ T5919] usb 6-1: config 0 descriptor??
[  295.401358][ T5861] ocfs2: Unmounting device (7,0) on (node local)
[  295.412741][T12693] loop4: detected capacity change from 0 to 64
[  295.590902][ T5919] ath6kl: Failed to submit usb control message: -71
[  295.600348][ T5919] ath6kl: unable to send the bmi data to the device: -71
[  295.603300][ T5919] ath6kl: Unable to send get target info: -71
[  295.623436][ T5919] ath6kl: Failed to init ath6kl core: -71
[  295.629849][ T5919] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[  295.657958][ T5919] usb 6-1: USB disconnect, device number 13
[  295.846172][T12703] loop0: detected capacity change from 0 to 1024
[  295.916224][T12703] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.969541][T12703] EXT4-fs error (device loop0): ext4_empty_dir:3120: inode #11: block 33: comm syz.0.2724: bad entry in directory: rec_len % 4 != 0 - offset=1024, inode=0, rec_len=2874, size=1024 fake=0
[  296.040978][ T5861] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.400788][T12714] netlink: 'syz.0.2728': attribute type 1 has an invalid length.
[  296.425503][T12712] loop5: detected capacity change from 0 to 8192
[  296.922804][ T5919] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  297.074118][ T5919] usb 6-1: Using ep0 maxpacket: 32
[  297.078266][ T5919] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.082655][ T5919] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  297.087489][ T5919] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  297.091388][ T5919] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.098640][ T5919] usb 6-1: config 0 descriptor??
[  297.235691][T12737] autofs: Bad value for 'fd'
[  297.552136][ T5919] savu 0003:1E7D:2D5A.0012: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  297.775537][ T5919] usb 6-1: USB disconnect, device number 14
[  297.958593][T12749] syzkaller1: entered promiscuous mode
[  297.960920][T12749] syzkaller1: entered allmulticast mode
[  298.324807][ T5919] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  298.499729][ T5919] usb 1-1: Using ep0 maxpacket: 16
[  298.513274][ T5919] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  298.523238][ T5919] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  298.536208][ T5919] usb 1-1: config 0 has no interface number 0
[  298.548850][ T5919] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  298.553055][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.561645][ T5919] usb 1-1: Product: syz
[  298.563484][ T5919] usb 1-1: Manufacturer: syz
[  298.571590][ T5919] usb 1-1: SerialNumber: syz
[  298.581121][ T5919] usb 1-1: config 0 descriptor??
[  298.589056][ T5919] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[  298.591596][ T5919] usb 1-1: No valid video chain found.
[  298.791219][ T5918] usb 1-1: USB disconnect, device number 44
[  298.888034][T12788] loop5: detected capacity change from 0 to 4096
[  298.921680][T12789] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  298.964006][ T5919] usb 5-1: new low-speed USB device number 19 using dummy_hcd
[  299.118294][ T5919] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  299.123566][ T5919] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  299.127218][ T5919] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  299.132130][ T5919] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  299.165895][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  299.170290][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  299.174854][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  299.188705][ T5919] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  299.192397][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.197141][ T5919] usb 5-1: Manufacturer: и
[  299.201044][ T5919] usb 5-1: config 0 descriptor??
[  299.206189][ T5919] hub 5-1:0.0: bad descriptor, ignoring hub
[  299.208312][ T5919] hub 5-1:0.0: probe with driver hub failed with error -5
[  299.212857][ T5919] input: и as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input18
[  299.553448][ T5919] usb 5-1: USB disconnect, device number 19
[  300.198193][T12808] ==================================================================
[  300.201524][T12808] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  300.204636][T12808] Read of size 2 at addr ffff8881126a57c2 by task syz.4.2768/12808
[  300.208407][T12808] 
[  300.209873][T12808] CPU: 1 UID: 0 PID: 12808 Comm: syz.4.2768 Not tainted syzkaller #0 PREEMPT(full) 
[  300.209893][T12808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  300.209904][T12808] Call Trace:
[  300.209912][T12808]  <TASK>
[  300.209920][T12808]  dump_stack_lvl+0x189/0x250
[  300.209941][T12808]  ? __kasan_check_byte+0x12/0x40
[  300.209962][T12808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.209979][T12808]  ? lock_release+0x4b/0x3e0
[  300.210002][T12808]  ? __virt_addr_valid+0x4a5/0x5c0
[  300.210020][T12808]  print_report+0xca/0x240
[  300.210034][T12808]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  300.210047][T12808]  kasan_report+0x118/0x150
[  300.210067][T12808]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  300.210084][T12808]  __xfrm_state_lookup+0x6ad/0x8d0
[  300.210102][T12808]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  300.210119][T12808]  xfrm_input_state_lookup+0x6e9/0xa60
[  300.210138][T12808]  ? xfrm_input_state_lookup+0xcf/0xa60
[  300.210151][T12808]  ? __pfx_xfrm_input_state_lookup+0x10/0x10
[  300.210166][T12808]  ? __asan_memset+0x22/0x50
[  300.210182][T12808]  esp6_gro_receive+0x543/0xfe0
[  300.210199][T12808]  ? __pfx_esp6_gro_receive+0x10/0x10
[  300.210212][T12808]  ? __udp6_lib_lookup+0x8c1/0xa30
[  300.210228][T12808]  ? __pfx_esp6_gro_receive+0x10/0x10
[  300.210241][T12808]  ? xfrm6_gro_udp_encap_rcv+0x1cf/0x8e0
[  300.210255][T12808]  xfrm6_gro_udp_encap_rcv+0x4bd/0x8e0
[  300.210308][T12808]  ? xfrm6_gro_udp_encap_rcv+0x1cf/0x8e0
[  300.210322][T12808]  ? __pfx_xfrm6_gro_udp_encap_rcv+0x10/0x10
[  300.210338][T12808]  udp_gro_receive+0x254b/0x25e0
[  300.210359][T12808]  ? __pfx_udp6_gro_receive+0x10/0x10
[  300.210373][T12808]  ipv6_gro_receive+0x1200/0x1640
[  300.210392][T12808]  ? __pfx_ipv6_gro_receive+0x10/0x10
[  300.210405][T12808]  ? dev_gro_receive+0x10f4/0x23b0
[  300.210425][T12808]  dev_gro_receive+0x183f/0x23b0
[  300.210445][T12808]  ? dev_gro_receive+0x10f4/0x23b0
[  300.210470][T12808]  napi_gro_frags+0x5e6/0x1030
[  300.210493][T12808]  ? tun_get_user+0x266c/0x3e20
[  300.210506][T12808]  tun_get_user+0x28cb/0x3e20
[  300.210524][T12808]  ? tun_get_user+0x266c/0x3e20
[  300.210539][T12808]  ? aa_file_perm+0x44d/0x1550
[  300.210554][T12808]  ? __pfx_tun_get_user+0x10/0x10
[  300.210566][T12808]  ? __futex_wait+0x34f/0x3e0
[  300.210589][T12808]  ? __pfx___futex_wait+0x10/0x10
[  300.210611][T12808]  ? ref_tracker_alloc+0x318/0x460
[  300.210629][T12808]  ? __lock_acquire+0xab9/0xd20
[  300.210649][T12808]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  300.210669][T12808]  ? tun_get+0x1c/0x2f0
[  300.210683][T12808]  ? tun_get+0x1c/0x2f0
[  300.210695][T12808]  ? tun_get+0x1c/0x2f0
[  300.210715][T12808]  tun_chr_write_iter+0x113/0x200
[  300.210730][T12808]  vfs_write+0x5c9/0xb30
[  300.210750][T12808]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  300.210763][T12808]  ? __pfx_vfs_write+0x10/0x10
[  300.210784][T12808]  ? __fget_files+0x2a/0x420
[  300.210799][T12808]  ksys_write+0x145/0x250
[  300.210817][T12808]  ? __pfx_ksys_write+0x10/0x10
[  300.210834][T12808]  ? rcu_is_watching+0x15/0xb0
[  300.210849][T12808]  ? do_syscall_64+0xbe/0x3b0
[  300.210862][T12808]  do_syscall_64+0xfa/0x3b0
[  300.210875][T12808]  ? lockdep_hardirqs_on+0x9c/0x150
[  300.210893][T12808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.210907][T12808]  ? exc_page_fault+0x9f/0xf0
[  300.210926][T12808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.210939][T12808] RIP: 0033:0x7f4ed518ebe9
[  300.210953][T12808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.210967][T12808] RSP: 002b:00007f4ed5fdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  300.210982][T12808] RAX: ffffffffffffffda RBX: 00007f4ed53c5fa0 RCX: 00007f4ed518ebe9
[  300.210992][T12808] RDX: 00000000000000d6 RSI: 00002000000003c0 RDI: 0000000000000004
[  300.211001][T12808] RBP: 00007f4ed5211e19 R08: 0000000000000000 R09: 0000000000000000
[  300.211009][T12808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  300.211018][T12808] R13: 00007f4ed53c6038 R14: 00007f4ed53c5fa0 R15: 00007ffdfaa1a038
[  300.211033][T12808]  </TASK>
[  300.211038][T12808] 
[  300.365776][T12808] Allocated by task 10160:
[  300.367566][T12808]  kasan_save_track+0x3e/0x80
[  300.369475][T12808]  __kasan_slab_alloc+0x6c/0x80
[  300.371439][T12808]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  300.373623][T12808]  xfrm_state_alloc+0x24/0x2f0
[  300.375528][T12808]  __find_acq_core+0x8a7/0x1c00
[  300.377492][T12808]  xfrm_find_acq+0x78/0xa0
[  300.379324][T12808]  xfrm_alloc_userspi+0x6b3/0xc90
[  300.381358][T12808]  xfrm_user_rcv_msg+0x7a3/0xab0
[  300.383370][T12808]  netlink_rcv_skb+0x208/0x470
[  300.385299][T12808]  xfrm_netlink_rcv+0x79/0x90
[  300.387115][T12808]  netlink_unicast+0x82f/0x9e0
[  300.388933][T12808]  netlink_sendmsg+0x805/0xb30
[  300.390720][T12808]  __sock_sendmsg+0x21c/0x270
[  300.392600][T12808]  ____sys_sendmsg+0x505/0x830
[  300.394458][T12808]  ___sys_sendmsg+0x21f/0x2a0
[  300.396279][T12808]  __x64_sys_sendmsg+0x19b/0x260
[  300.398196][T12808]  do_syscall_64+0xfa/0x3b0
[  300.400050][T12808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.402401][T12808] 
[  300.403407][T12808] Freed by task 5918:
[  300.405008][T12808]  kasan_save_track+0x3e/0x80
[  300.406915][T12808]  kasan_save_free_info+0x46/0x50
[  300.408896][T12808]  __kasan_slab_free+0x5b/0x80
[  300.410836][T12808]  kmem_cache_free+0x18f/0x400
[  300.412763][T12808]  xfrm_state_gc_task+0x52d/0x6b0
[  300.414784][T12808]  process_scheduled_works+0xae1/0x17b0
[  300.416954][T12808]  worker_thread+0x8a0/0xda0
[  300.418811][T12808]  kthread+0x711/0x8a0
[  300.420397][T12808]  ret_from_fork+0x3fc/0x770
[  300.422270][T12808]  ret_from_fork_asm+0x1a/0x30
[  300.424224][T12808] 
[  300.425215][T12808] The buggy address belongs to the object at ffff8881126a5680
[  300.425215][T12808]  which belongs to the cache xfrm_state of size 928
[  300.430482][T12808] The buggy address is located 322 bytes inside of
[  300.430482][T12808]  freed 928-byte region [ffff8881126a5680, ffff8881126a5a20)
[  300.435749][T12808] 
[  300.436744][T12808] The buggy address belongs to the physical page:
[  300.439277][T12808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881126a4900 pfn:0x1126a4
[  300.443193][T12808] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  300.446540][T12808] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  300.449508][T12808] page_type: f5(slab)
[  300.451048][T12808] raw: 057ff00000000040 ffff888104c17c80 dead000000000122 0000000000000000
[  300.454407][T12808] raw: ffff8881126a4900 00000000800e000b 00000000f5000000 0000000000000000
[  300.457851][T12808] head: 057ff00000000040 ffff888104c17c80 dead000000000122 0000000000000000
[  300.461137][T12808] head: ffff8881126a4900 00000000800e000b 00000000f5000000 0000000000000000
[  300.464583][T12808] head: 057ff00000000002 ffffea000449a901 00000000ffffffff 00000000ffffffff
[  300.467959][T12808] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  300.471374][T12808] page dumped because: kasan: bad access detected
[  300.473901][T12808] page_owner tracks the page as allocated
[  300.476180][T12808] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 8156, tgid 8155 (syz.0.920), ts 149706296025, free_ts 149651182812
[  300.483586][T12808]  post_alloc_hook+0x240/0x2a0
[  300.485507][T12808]  get_page_from_freelist+0x21e4/0x22c0
[  300.487699][T12808]  __alloc_frozen_pages_noprof+0x181/0x370
[  300.489994][T12808]  alloc_pages_mpol+0x232/0x4a0
[  300.491952][T12808]  allocate_slab+0x8a/0x370
[  300.493775][T12808]  ___slab_alloc+0xbeb/0x1410
[  300.495670][T12808]  kmem_cache_alloc_noprof+0x283/0x3c0
[  300.497836][T12808]  xfrm_state_alloc+0x24/0x2f0
[  300.499785][T12808]  xfrm_add_sa+0x17d1/0x4070
[  300.501636][T12808]  xfrm_user_rcv_msg+0x7a3/0xab0
[  300.503653][T12808]  netlink_rcv_skb+0x208/0x470
[  300.505547][T12808]  xfrm_netlink_rcv+0x79/0x90
[  300.507467][T12808]  netlink_unicast+0x82f/0x9e0
[  300.509400][T12808]  netlink_sendmsg+0x805/0xb30
[  300.511330][T12808]  __sock_sendmsg+0x21c/0x270
[  300.513219][T12808]  ____sys_sendmsg+0x505/0x830
[  300.515131][T12808] page last free pid 5864 tgid 5864 stack trace:
[  300.517593][T12808]  __free_frozen_pages+0xbc4/0xd30
[  300.519684][T12808]  __slab_free+0x303/0x3c0
[  300.521453][T12808]  qlist_free_all+0x97/0x140
[  300.523346][T12808]  kasan_quarantine_reduce+0x148/0x160
[  300.525415][T12808]  __kasan_slab_alloc+0x22/0x80
[  300.527189][T12808]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  300.529270][T12808]  getname_flags+0xb8/0x540
[  300.531115][T12808]  vfs_fstatat+0x43/0x170
[  300.532861][T12808]  __x64_sys_newfstatat+0x116/0x190
[  300.534957][T12808]  do_syscall_64+0xfa/0x3b0
[  300.536799][T12808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.539141][T12808] 
[  300.540056][T12808] Memory state around the buggy address:
[  300.542066][T12808]  ffff8881126a5680: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  300.545264][T12808]  ffff8881126a5700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  300.548391][T12808] >ffff8881126a5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  300.551510][T12808]                                            ^
[  300.553923][T12808]  ffff8881126a5800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  300.556978][T12808]  ffff8881126a5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  300.560148][T12808] ==================================================================
[  300.563647][T12808] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  300.566722][T12808] CPU: 1 UID: 0 PID: 12808 Comm: syz.4.2768 Not tainted syzkaller #0 PREEMPT(full) 
[  300.570373][T12808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  300.574542][T12808] Call Trace:
[  300.575989][T12808]  <TASK>
[  300.577262][T12808]  dump_stack_lvl+0x99/0x250
[  300.579156][T12808]  ? __asan_memcpy+0x40/0x70
[  300.581010][T12808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.583151][T12808]  ? __pfx__printk+0x10/0x10
[  300.585039][T12808]  vpanic+0x281/0x750
[  300.586685][T12808]  ? __pfx_vpanic+0x10/0x10
[  300.588583][T12808]  ? irqentry_exit+0x74/0x90
[  300.590400][T12808]  panic+0xb9/0xc0
[  300.591894][T12808]  ? __pfx_panic+0x10/0x10
[  300.593606][T12808]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  300.595926][T12808]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  300.598258][T12808]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  300.600368][T12808]  check_panic_on_warn+0x89/0xb0
[  300.602307][T12808]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  300.604451][T12808]  end_report+0x78/0x160
[  300.606155][T12808]  kasan_report+0x129/0x150
[  300.607923][T12808]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  300.610022][T12808]  __xfrm_state_lookup+0x6ad/0x8d0
[  300.612042][T12808]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  300.614249][T12808]  xfrm_input_state_lookup+0x6e9/0xa60
[  300.616363][T12808]  ? xfrm_input_state_lookup+0xcf/0xa60
[  300.618470][T12808]  ? __pfx_xfrm_input_state_lookup+0x10/0x10
[  300.620764][T12808]  ? __asan_memset+0x22/0x50
[  300.622596][T12808]  esp6_gro_receive+0x543/0xfe0
[  300.624543][T12808]  ? __pfx_esp6_gro_receive+0x10/0x10
[  300.626603][T12808]  ? __udp6_lib_lookup+0x8c1/0xa30
[  300.628592][T12808]  ? __pfx_esp6_gro_receive+0x10/0x10
[  300.630690][T12808]  ? xfrm6_gro_udp_encap_rcv+0x1cf/0x8e0
[  300.632826][T12808]  xfrm6_gro_udp_encap_rcv+0x4bd/0x8e0
[  300.634818][T12808]  ? xfrm6_gro_udp_encap_rcv+0x1cf/0x8e0
[  300.636921][T12808]  ? __pfx_xfrm6_gro_udp_encap_rcv+0x10/0x10
[  300.639255][T12808]  udp_gro_receive+0x254b/0x25e0
[  300.641079][T12808]  ? __pfx_udp6_gro_receive+0x10/0x10
[  300.643146][T12808]  ipv6_gro_receive+0x1200/0x1640
[  300.645259][T12808]  ? __pfx_ipv6_gro_receive+0x10/0x10
[  300.647396][T12808]  ? dev_gro_receive+0x10f4/0x23b0
[  300.649516][T12808]  dev_gro_receive+0x183f/0x23b0
[  300.651445][T12808]  ? dev_gro_receive+0x10f4/0x23b0
[  300.653570][T12808]  napi_gro_frags+0x5e6/0x1030
[  300.655417][T12808]  ? tun_get_user+0x266c/0x3e20
[  300.657345][T12808]  tun_get_user+0x28cb/0x3e20
[  300.659212][T12808]  ? tun_get_user+0x266c/0x3e20
[  300.661168][T12808]  ? aa_file_perm+0x44d/0x1550
[  300.663109][T12808]  ? __pfx_tun_get_user+0x10/0x10
[  300.665261][T12808]  ? __futex_wait+0x34f/0x3e0
[  300.667179][T12808]  ? __pfx___futex_wait+0x10/0x10
[  300.669264][T12808]  ? ref_tracker_alloc+0x318/0x460
[  300.671366][T12808]  ? __lock_acquire+0xab9/0xd20
[  300.673367][T12808]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  300.675606][T12808]  ? tun_get+0x1c/0x2f0
[  300.677334][T12808]  ? tun_get+0x1c/0x2f0
[  300.679001][T12808]  ? tun_get+0x1c/0x2f0
[  300.680592][T12808]  tun_chr_write_iter+0x113/0x200
[  300.682578][T12808]  vfs_write+0x5c9/0xb30
[  300.684394][T12808]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  300.686707][T12808]  ? __pfx_vfs_write+0x10/0x10
[  300.688697][T12808]  ? __fget_files+0x2a/0x420
[  300.690615][T12808]  ksys_write+0x145/0x250
[  300.692406][T12808]  ? __pfx_ksys_write+0x10/0x10
[  300.694269][T12808]  ? rcu_is_watching+0x15/0xb0
[  300.696160][T12808]  ? do_syscall_64+0xbe/0x3b0
[  300.698687][T12808]  do_syscall_64+0xfa/0x3b0
[  300.700568][T12808]  ? lockdep_hardirqs_on+0x9c/0x150
[  300.702657][T12808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.705133][T12808]  ? exc_page_fault+0x9f/0xf0
[  300.707076][T12808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.709521][T12808] RIP: 0033:0x7f4ed518ebe9
[  300.711209][T12808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.718720][T12808] RSP: 002b:00007f4ed5fdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  300.721456][T12808] RAX: ffffffffffffffda RBX: 00007f4ed53c5fa0 RCX: 00007f4ed518ebe9
[  300.723834][T12808] RDX: 00000000000000d6 RSI: 00002000000003c0 RDI: 0000000000000004
[  300.726593][T12808] RBP: 00007f4ed5211e19 R08: 0000000000000000 R09: 0000000000000000
[  300.729364][T12808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  300.731836][T12808] R13: 00007f4ed53c6038 R14: 00007f4ed53c5fa0 R15: 00007ffdfaa1a038
[  300.734927][T12808]  </TASK>
[  300.736854][T12808] Kernel Offset: disabled
[  300.738265][T12808] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:47:17  Registers:
info registers vcpu 0

CPU#0
RAX=25f6c2946c6a7900 RBX=ffffffff819683c8 RCX=25f6c2946c6a7900 RDX=0000000000000001
RSI=ffffffff8d9b8241 RDI=ffffffff8be33880 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa39030 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b79c3f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8618000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4ed5fdcfc8 CR3=000000003196c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4ed5212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000033 RBX=0000000000000033 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001300 RDI=0000000000001301 RBP=00000000000003f8 RSP=ffffc90006cb6b50
R8 =ffff8880211a8237 R9 =1ffff11004235046 R10=dffffc0000000000 R11=ffffffff854f3b00
R12=dffffc0000000000 R13=ffffffff99afd8c4 R14=ffffffff99df2420 R15=0000000000000000
RIP=ffffffff854f3b7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4ed5fdd6c0 ffffffff 00c00000
GS =0000 ffff8881a3c18000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33018ff8 CR3=0000000032c42000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8167993b ffffffff8167993b
XMM02=0000000000000000 ffffffff8167993b XMM03=0000000000000000 0000000000000000
XMM04=00007fe127efd100 00007fe127397460 XMM05=00007fe127397478 00007fe1273974c0
XMM06=00007fe1273974b8 00007fe1273974b0 XMM07=00007fe1273974a8 00007fe1273974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fe127212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
