last executing test programs:

3m11.439962312s ago: executing program 0 (id=562):
r0 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000002c0)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0xfffffffe, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0xbb80}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffd], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8001}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x1}]}]}]}}]}, 0xb0}}, 0x0)

3m11.320293768s ago: executing program 0 (id=564):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000080)=0x5, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)

3m11.319476319s ago: executing program 0 (id=566):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])
io_destroy(r1)

3m11.109681665s ago: executing program 0 (id=571):
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000c40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000500)=ANY=[], 0x5, 0x6b5, &(0x7f0000001540)="$eJzs3c9vHGf9B/D3rNeOnW+Ur9MmbYSKiBKpgCISJ1YK4YJBCOVQoaocOFuJ01jZOJXtVm6FwAUEJyQO/QMKksWFExL3oHAuJ3r1sRISl4iD1YvRzM6u1951bCf+lfJ6RbPzzDzPPPOZzz4z493NagP8z7p1Oc1HKXLr8ptL5fLqymRrdWXyRF3dSlKWG0mzPUsxlxSPk6myvmivL+fpnff5ePbm2589Wf28vdRMz3aNp203wIC2y/WUC0mG6nm/4d3uYlN/t5Oc6msystu+Og2nOg+XOgtw1Nb7LO9l872ct8Ax07k7Fe37Zp/x5GSS0frvgNRXh8bhRXgw9nSVAwAAgBfUpw+POgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB48dS//1/UU6Oe50KKzu//j3TW1eUX2qOjDgAAAAAAAAAA9sHX1rKWpZzuLK8X1Wf+F6uFs/liPfm/vJeFzGQ+V7KU6SxmMfO5lmS8p6ORpenFxflr3S1Lg7e8PnDL64d1xAAAAAAAAADwpfTL3Nr4/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6DIhlqz6rpbKc8nkYz7bqRst1y8o9O+QVRDFr56PDjAAAAgOcy+gzb/P9a1rKU053l9aJ6zf9K9Xp5NO9lLouZzWJamcmd+jV0+aq/sboy2VpdmXxQTv39fv/fewqj6rF+f2Hwns9XLcZyN7PVmiu5XQVzJ41qy9L5TjyD4/qojKn4Xm2XkTXrtJY7+/127yLsi72+FTFeBpd0MzJRx1Zm40w7A0X1Rk2yNRM7PjvNrXtKI8PdPV1Lo/vOz9kDyPnJel4ez28ONOd71c1EI1UmrveMvld6spCcSt9Z8fW//vmn91pz9+/dXbh8fA6pqzFw7dDWFWO9W2yMicmeTLz69DFxzDPR3GP7iSoT57rLt/Kj/CSXcyFvZT6zeT/TWcxM1uv66Xo8l4/jT8/U1Kalt3aKZKQeoe3nbDcxXcgPq9J0Llbbns5sijzMnczkjerf9VzLt3MjN3Kz5xk+t23c1bFVZ31j61nfeab/NjD4S9+oC+UA++3GQJt62hH3jc591r72l3k905PX9qh/0m31p2++39y4Cm9k6aVOdoYHdv4s18bmV+pCuY9fbXvWHoXxKkvDa/9MuneJTnQvtzPRrO5F/eP8D9W5sdCauz9/b/rdbfpf3rL8ej0vh9XKV3cR4HD34YCV4+WljNZXkjM9V8mJqu7l7lXmzKa76kj9iUu7rtFXd66qK4rOmfrjbc/UkfpvuP6erld1rw6sm6zqzvfUbfp7Kw/Typ1DyB8Az2k8J0fG/jX26dgnY78euzf25ugPTnznxGsjGf778HebE0OvN14r/pJP8vON1/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCzW/jgw/vTrdbM/OBCY/uqHQo79bylUNQ/6PNM+zqGhdEkm9YMlysOPYyxrWH0FdZ/kRx6fjo/Iji4ze/KQjO76XBqpzYf7T3CL05sF9iXsjCUwQPgiC9MwIG7uvjg3asLH3z4rdkH0+/MvDMzN3zjxs2JmzfemLx6d7Y1M9F+POoogYOwcdM/6kgAAAAAAAAAAACA3Rr0xYCLp3b60siuvuPhfxYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA++LW5TQfpci1iSsT5fLqymSrnDrljZbNJI1GUvwsKR4nU2lPGe/prsgfH2d9wH4+nr359mdPVj/f6KvZbp806vlzWK6nXEgyVM/3q7/bz91f8Z/OEZYJu9RJHBy1/wYAAP//cjv1OA==")
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x11, &(0x7f0000002380)={[{@sysvgroups}, {@noquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x8}}, {@usrjquota}, {@data_journal}, {@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0x313}}, {@block_validity}]}, 0x0, 0x5fd, &(0x7f00000004c0)="$eJzs3c1vFVUbAPBnpp+07/u2kDcqLqSJMZAoLS1giDER9oTgx85VpYUghRJao0USS4IbE+PGhYkrF+J/oSRuXbh14caVISHGsBBD5Jq5nSnT23tLv+69pff3S4aeM8Odc6b04Zl7es7cADrWSPZHGrE/Iq4mEUOlY92RHxxZ+nv3/7xxLtuSqFTe/iOJG58ki+VzJfnXwfzF/wxF8nMasa9rdbtzC9cvTc7MTF/L62Pzl6+OzS1cP3zx8uSF6QvTVyZenThx/NjxE+NHtnR9Sal8+tb7Hw59dubdb79+mIx/9+uZJE7Go7xv2XXVvrZvSy1n37ORqCx5UN6ffV9PbPHcO8VfQ8XPyWNJ7Q52rDT/eeyJiGdjKLpK/5pD8embbe0c0FSVJIocBXScZFPx37/9HQFarLgPKN7b13sfvFra5LsSoBXunVoaAFiK/Z6IKOK/e2lsMPqrYwMD95MV4zxJRGxtZG5J1sZPP565lW3RYBwOaI7Fm8Uod23+T6qxORz91drA/XRF/KelLdv/1ibbH6mpi39oncWbEfFcnv97Y0PxP1KK//c22b74BwAAAAAAgO1z51REvFJv/l+6PP+nt878n8GIOLkN7T/593/p3byQbENzQMm9UxGv153/uzzHd7grr/23Oh+gJzl/cWb6SET8LyIORU9fVh+vOW95hvDhz/d91aj98vy/bMvaL+YC5me6212zEHdqcn5yq9cNRNy7GfF8df7vgXzPyvk/Wf5P6uT/LL6vrrONfS/dPtvo2JPjH2iWyjcRB+vm/8e328naz+cYq94PjBV3Bau98PEX3zdqX/xD+2T5f2Dt+O9Lys/rmdvY+Xsj4uhCd6XR8c3e//cm73QV5898NDk/f208ojc5vXr/xMb6DLtVEQ9FvGTxf+jFtcf/lu//S3G4JyIW19nmM48Gf2t0TP6H9snif2rt/D+8Mv9vvDBxe/iHRu2fXVf+P1bN6YfyPcb/oGz18zjWG6Bt6S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOXSiPhPJOnocjlNR0cjBiPi/zGQzszOzb98fvaDK1PZsern/6fFJ/0OLdWT4vP/h0v1iZr60YjYGxFfdu2p1kfPzc5MtfviAQAAAAAAAAAAAAAAAAAAYIcYrK75r/TVrv/P/N7V7t4BTdedfxXv0Hm6N/3KSt+2dgRouc3HP/C0W3/89zS1H0DrNY7/Bw8rVS3tDtBC7v+hc20y/v26AHYB+R861TrH9Pqb3Q+gHeR/AAAAAADYVfYeuPNLEhGLr+2pbpne/JjJ/rC7pe3uANA25vBC5+qebXcPgHbxHh9Ilkt/113s33j2f9KcDgEAAAAAAAAAAAAAqxzcb/0/dKq11/+b2w+72Rrr/+sFv8cFwC7S+KM/5H7Y7bzHB56U7a3/BwAAAAAAAAAAAIAdoP/6pcmZmelrcwtPX+GNndGNjRUWJ3dEN7a18Kg5Z+6JiJ1xga0uFI/gaGM32vz/EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOzfAAAA//+XNycY")
ptrace$getregset(0x4205, r1, 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40804)
link(0x0, &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3m10.962433842s ago: executing program 0 (id=573):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000b2b5000001"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)

3m10.669550288s ago: executing program 0 (id=575):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000009c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000000)={0xb4, r1, 0x1, 0x70bd2d, 0x65dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0xfffffffffffffe6c, 0xb, 0x4}, {0x6, 0x16, 0xb}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x80}, {0x8, 0xb, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x5}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0x4}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

3m10.222825648s ago: executing program 32 (id=575):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000009c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000000)={0xb4, r1, 0x1, 0x70bd2d, 0x65dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0xfffffffffffffe6c, 0xb, 0x4}, {0x6, 0x16, 0xb}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x80}, {0x8, 0xb, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x5}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0x4}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2m59.066184012s ago: executing program 3 (id=687):
syz_usb_connect(0x0, 0x34, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x80, 0xf, 0xe8, 0x8, 0x57c, 0x2200, 0xefd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x160, 0x0, [{{0x9, 0x4, 0x5e, 0x0, 0x0, 0x88, 0x68, 0x2b, 0x0, [@uac_control={{0xa, 0x24, 0x1, 0x400, 0x3}, [@extension_unit={0x7, 0x24, 0x8, 0x4, 0x1, 0x1d}]}]}}]}}]}}, 0x0)

2m57.836392685s ago: executing program 3 (id=705):
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000080)='./bus\x00', 0x80d0, &(0x7f0000000bc0)=ANY=[@ANYBLOB='dots,errors=continue,nodots,dmask=00000000000000000077777,nodots,dots,nodots,showexec,dots,sys_immutable,discard,dots,nodots,nodots,dots,nodots,dots,nfs,dots,dots,dots,dots,nodots,nodots,nodots,quiet,dots,nodots,gid=', @ANYRESHEX=0x0, @ANYRESOCT, @ANYRESDEC, @ANYBLOB="48a8"], 0xf5, 0x1cf, &(0x7f0000000e40)="$eJzs3c9qE1EUB+CT9M9MXXVXEIUBN66K+gQVqSAOCEoWulKobhoR7GZ00z6GD+gDSFfZyIidaceOitPCzNT0+zY5k9+9ybmQ3GSTm9e33u/vfTh493XrS6TpJKY7sROLSWzGNE4dBQCwTBZlGd/Kyl8HbQ3aEgDQsw6f/98HbgkA6NmLl6+ePszz3edZlkYcHxWzYlbdVvnjJ/nuvezEZjPruChmK2f5/az93eFnvhY36vxBNT87n6/H3TtVnkTEo2d5K09ir9+lAwAAAAAAAAAAAAAAAAAAAADAaG5HduqP5/tsb7fzjTqvrn45H6h1fs9q3FytL5vjgcrDIRYFAAAAAAAAAAAAAAAAAAAA/5mDT5/338znbz82RRIR5++5SDGpH/iS04cuptFh8Fq9pivSs+JfRXY12phf+F2wcvIaW4+IvhpblGXZaXCzRyRjbEwAAAAAAAAAAAAAAAAAAHANNT/6/T1Lx2gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEbQ/P//JYrDiOgw+OzJNkZdKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEvsRwAAAP//h9MxGw==")
utime(&(0x7f0000000400)='./file0\x00', &(0x7f0000019480)={0x400, 0x1})

2m57.749366244s ago: executing program 3 (id=707):
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x3214212, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYRES32], 0x7, 0xf08, &(0x7f0000001e40)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcRXnPXv3xZPdnaxnvbu/n/T32zdvdv7/8UbOzOzs2wCMrcb6z8OHl4oQPvji/Sdee7b43ZVl926ssW/9ZxF7zRDCVEu/yLb3VVxw6fyrx7Zqi3Bw/WfqhyfPbTx3LoRwJuwLX4Zm+HRl9cInHz6+/7O3Zm9/9/Tzr2/T7m/I9wMAAEbR2b+s/uPBf/354cWLZ/ceDTMby9PxeTP25+Jx/4F4oJyOlxuhvV+0RKvpbL2JGI1svYlsvcksz2RJvqlsO1Ml6013yDfRsmyr/QQAAIBhlM5rm6FoLLf1G43l5avn/Vd8tTBdLL94cvXEqQEVCgAAAFT23zfWb7oVQgghhBBCCCHECMfawqCvQAAAAADjJp8v7Bpn+jtT18bWmt3lP/dYY+vnQx/U/e9f/uHK//Gb/uIAAFDdqB5Npv1Kx9FpHoN8HsGJ7Hm9Hv83su1M9lhn2byCwzLfYFmd+e91pyqrv9fXcVDK6s/nw9ypyurP5+ncqcrqn6m5jqrK6p+tuY6qyurfVXMdVZXVv7vmOqoqq3+u5jqqKqt/vuY6qiqr/6aa66iqrP49NddRVVn9w3JbbVn9zZrrqKqs/sWa66iqrP6ba66jqrL6b6m5jqrK6r+15joG5Z7Ypt/D3my89fw5P6cblnM8AAAAGHf/M/+fEEIIIcQIxG07oAYhhBA7Od4Y9AUIAAAAYODS5wLSp97XojQ+0WF8ssP4VIfx6Q7jMx3GAQAAgBB+//aJO98rNj/nf6Pz4aV5o9L8S73OY5TPR9hr/hud96x9axd6zj8s85YBAAAwXorvf3n5oSc+ennx4tm9R1vOfi/H8900D+hkvDbweeyn+wLms36RzqGPtudplKyXXx+4qWx7T93gjgIAAMAYS+fvzVCsn3I3NvqNxvLy5vn4UpgqTpxcPX4g9tP3s/xpYWrmyvJH6y0bAAAA6MHm+X7RWN7i/D99j+9SmC6WXzy5euLU1f78xvKpRut1gYXN5UXrdYFmtvxgyfJDsZ++v/OHC7vWly8f+9Hqs/3eeQAAABgTp145/fwzq6vHf7zlg/Rp9uut08uD9PmCXp4VQhH6k90DDzzo9sEA/ygBAADb4uuv35/6yaH5P1z9/P/m/Hfp8//7Yr8Z5/b7a1wh3SeQPgdwzef1n27Ps1C23kvt6zWz9SZizGR1z7ZsJ7TMN5iet1iWr9m+nemSfHNZvvksXz5PwWS2fsq3J1uez0+Y1lvIlufzME5mOYos/30BAAAAyq28/MJLK6deOf3IyReeee74c8dfPHTwyPeOHDnw6HcfXVm/r3+l9e5+AAAAYBht3vQ76EoAAAAAAAAAAAAAAAAAAABgfNXxdWKD3kcAAAAYd/95I4RwRghREle/ArP/2938JsrB76MY3di1A2oQQgjR77h4nbGJHVCfEGLHxtpa/k3zAAAAANvr0vlXj7W21zhT9DXfxtbiu7GXY97Uzj/y98UrkVY791j79ZLdfa2GcVf3v3/5hyv/x2/2N/9setD1379G+waOVsv7wMqvllrz3zXZZf58/5+qln9/lv+B0F3+tY+y/E9Xy/9gln93l/mv2f+XquV/KOZfiv3993ebv/31n4lt2o9dXeb/Trb/z4Zu82f73+wyYebhmB8AxlFj0AVsk3SUkI6j52I/7W883Az53Q+9Hv83su1M3nDl7dtNx0F3xH46XprP8ia91j+Xbe+minXmhuWukrL6+/U6brey+qdqrqOqsvqna66jqrL6Z2quo6qy+mdrrqOqsvq7PQ8dtLL6h+W6cln9czXXUVVZ/fM111FVWf29/j8+KGX176m5jqrK6l+ouY6qyuqveFmtdmX1L9ZcR1Vl9d9ccx1VldV/S811VFVW/6011zEod8e27Hw4nX8uxLHUb2b9mS1+l6N6bQEAAACGzb/N/yeGJQ7PD74GIYToW+zaATWI8Y747s/A6xBiNGJt7fLaFYOuQ4jrxdraoK9AMEjb+2lmAHYqf//Hm9d/vHn9x5vXn+tJ9/AXWT+Z6DA+2WF8qsP4dDae/3ud6TB+S7bdtSiN39ph/LYO43s6jN/RYXypw/idHcbv6jB+d4dxAAAAxsPtsXV+CAAAAKPrtV9//s5vH3j6/OLFs3uPhulr5p0/EPsz8b31t2M/n/c+mYrv+f809n8Z2z/G9p/Z+u4/AQAAgO2XvifG+/8AAAAwutL3lDr/BwAAgNG1GFvn/wAAADC6bo6t838AAAAYYcXs1otjm64L3Bfbbuf1AwB2vm/E9p7Y7o3tvbH9ZmzTccD9sf1WTfUBAP3zix/87Mh7xeZ8/4ey8UtxeWqvcebqlYKi0T6T/67Y7o7tt7usJ/8+gG7zJ3u6zLNd+RduMD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDoa6z8PH14qQvjgi/ef+Pn0O3+7suzejTX2rf8sYq8ZQpjaeF4a3ez/Jq546fyrx1rby7EtwsFQhGJjeXjy3EamuRDCmbAvfBma4dOV1QuffPj4/s/emr393dPPv76Nv4K2/QMAAIBR9P8AAAD//6d9HGQ=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
lseek(r0, 0x100, 0x0)
getdents64(r0, 0x0, 0x0)

2m57.589570953s ago: executing program 3 (id=712):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)

2m57.557857887s ago: executing program 3 (id=714):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000180)={[{@noblock_validity}, {}, {@dax_never}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@jqfmt_vfsv0}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x89)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x200, 0x6, 0x8, 0x10000, 0x9de1})

2m57.321880588s ago: executing program 3 (id=716):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r1, 0x0, &(0x7f0000000000)='\x00', 0x1, 0x7fff800000000002})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000380)={0x28, 0x2, r1, r1, 0x1000, 0x5, 0x9})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f0000000200)='(', 0x1, 0xa})

2m57.206716228s ago: executing program 33 (id=716):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r1, 0x0, &(0x7f0000000000)='\x00', 0x1, 0x7fff800000000002})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000380)={0x28, 0x2, r1, r1, 0x1000, 0x5, 0x9})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f0000000200)='(', 0x1, 0xa})

25.762985663s ago: executing program 4 (id=2696):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401"], 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card3/oss_mixer\x00', 0x260601, 0x0)

24.516089009s ago: executing program 4 (id=2706):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x7d, 0x0, 0x0)

24.430447003s ago: executing program 4 (id=2707):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x34da17d3caf523c0})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)

24.380707718s ago: executing program 4 (id=2708):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000)
truncate(&(0x7f0000000240)='./file1\x00', 0x20fffffffc)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

24.210633146s ago: executing program 4 (id=2711):
syz_emit_ethernet(0x33, &(0x7f00000001c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x84, 0x0, @empty, @broadcast}, "dd9dec79219eb549dbd024c796335bc5ff"}}}}, 0x0)

23.946004399s ago: executing program 4 (id=2722):
r0 = semget$private(0x0, 0x4000000009, 0x0)
semop(r0, &(0x7f0000000080)=[{0x0, 0xec7b, 0x1000}], 0x1)
semop(r0, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1)
semtimedop(r0, &(0x7f0000000000)=[{0x4, 0x2}, {0x1, 0xfb7b, 0x1000}], 0x2, &(0x7f0000000040))

23.814262923s ago: executing program 34 (id=2722):
r0 = semget$private(0x0, 0x4000000009, 0x0)
semop(r0, &(0x7f0000000080)=[{0x0, 0xec7b, 0x1000}], 0x1)
semop(r0, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1)
semtimedop(r0, &(0x7f0000000000)=[{0x4, 0x2}, {0x1, 0xfb7b, 0x1000}], 0x2, &(0x7f0000000040))

1.738168879s ago: executing program 1 (id=2995):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0x38, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=0x0, @ANYBLOB="010029bd7000000000000d0000005400038014000600fc0000000000000000000000000000000800030002000000080003000300000008000500ac1414bb080005006401010114000600fe88f5ff00000000000000000000010108000500ac1414bb08000400d9020000200003800600040006000000140002006272696467655f736c6176655f310000080004000400000008000600080000006723743ca25220300fe4c535"], 0xa0}, 0x1, 0x0, 0x0, 0x44000}, 0x8000000)

1.670054789s ago: executing program 1 (id=2996):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000700000035da084f"], 0x0, 0x0, 0x0, 0x0})

1.469714627s ago: executing program 5 (id=3004):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
pread64(r0, &(0x7f0000000200)=""/62, 0x3e, 0x2)

1.469410041s ago: executing program 5 (id=3005):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
write$binfmt_aout(r1, 0x0, 0x400)

1.420755693s ago: executing program 5 (id=3006):
syz_emit_ethernet(0x6a, &(0x7f0000000400)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x4, 0x5c, 0x80, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x6, 0x3f18, {0x10, 0x2, 0x0, 0x0, 0x0, 0x67, 0xfff5, 0x0, 0x89, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, {[@timestamp_addr={0x44, 0x4, 0x12, 0x1, 0x5}, @rr={0x7, 0xf, 0xda, [@dev={0xac, 0x14, 0x14, 0x12}, @dev={0xac, 0x14, 0x14, 0x33}, @rand_addr=0x64010100]}, @timestamp={0x44, 0x10, 0xef, 0x0, 0x2, [0x8, 0x5, 0x0]}, @ssrr={0x89, 0x3, 0xf5}, @ra={0x94, 0x4, 0x1}]}}}}}}}, 0x0)

1.420342401s ago: executing program 5 (id=3007):
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x7, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3eb4}, 0x94)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/icmp\x00')
read$FUSE(r2, &(0x7f0000002440)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180800000000000000000000003475569288f244653b7400"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r3, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, 0x0, 0xb3}}, {{&(0x7f00000010c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f00000012c0)=ANY=[], 0x28}}], 0x2, 0x4000004)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='xfs\x00', 0x200013, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r6, r7, r7}, 0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x90, 0xfffffffffffffffe, 0xe81, {0x4, 0x3, 0x2, 0x800000000400000, 0x81, 0x0, {0x1, 0xfffffffffffffffe, 0x80000000000, 0x80000000004, 0x400000000000, 0x6, 0x0, 0xfffffffd, 0x0, 0x2000, 0x4000000, 0x0, 0x0, 0x8, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = dup(r4)
ioctl$PTP_EXTTS_REQUEST2(r4, 0x40603d10, &(0x7f00000002c0)={0x1})
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r8, 0x0, 0x484, &(0x7f00000000c0)=""/64, &(0x7f0000000180)=0x40)

760.372236ms ago: executing program 2 (id=3009):
r0 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x2000200, 0x0, 0x0, 0x0, 0x0, 0x0)

619.277298ms ago: executing program 2 (id=3010):
r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @rand_addr, 0x3}, 0x1c)
r1 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f0000000040)=0x800000001, 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0xcc08, @mcast1}, 0x1c)
sendto$inet6(r1, &(0x7f00000001c0)='~', 0x1, 0x40000, 0x0, 0x0)
pselect6(0x40, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x381, 0x0, 0x0, 0x9e25}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

466.335616ms ago: executing program 2 (id=3011):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
fchmodat(r1, &(0x7f0000000000)='.\x00', 0xe0)

359.264968ms ago: executing program 2 (id=3012):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@utf8no}, {@utf8no}, {@fat=@nfs}, {@fat=@check_strict}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@numtail}, {@uni_xlate}, {@uni_xlate}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@iocharset={'iocharset', 0x3d, 'cp863'}}, {@uni_xlateno}, {@utf8no}, {@uni_xlate}]}, 0x26, 0x336, &(0x7f00000001c0)="$eJzs3T1sW9UXAPDjviROI/VvD3+pgsmwIaGqCWKAKVFVpIoMUGTxtWDRlI/YVIqFpTDE9QJiBLEgwcTWAcbOiAEhNgZWioQKiIVulVrxkP1e7OeP0BThlI/fb4iOzj3H976Xq/glSm5eWo/tC4tx8caN67G8XIqF9TPrcbMU1TgWSWQuBwDwb3IzTePXNHPn6vdX9qOlOa8LAJifwfv/KydGifK9XA0AcBQO+f3/UzOzl+a2LABgjqbe/x8cG574Mf/C8HcCAIB/rmeef+HJjc2I87XackTrnU69U4/HR+MbF+O1aMZWnI5K3I7IHhSyp4X+xyfObZ49Xev7sRr1fkenHtHqdurZk8JGMugvx2pUopr3p8P+pN+/OuivRcTl7mD+aJU69cVYyef/biW2Yi0q8f+p/ohzm2fXavkL1Fv7/d2IXizvX0R//aeiEt+8HJeiGRei3zta/95qrXYm3Rzr71wpD+oAAAAAAAAAAAAAAAAAAAAAAGAeTtWGqsPzb9JWt/P2+cmC6tj5OPVsOD8fqJedD5SW90/neTeZPB9o/HyeTn0hjt3TKwcAAAAAAAAAAAAAAAAAAIC/j/buUjSaza2d9u5b28WgW8i88dWnXxyPyZrXk1EmFrKXG6vJc1HoSmLYng7b02SsJg+SiFHxlavDFRdrysOrmGrvB+WpoVK+pkazeeKBHz6a1fXbKJPE1G0ZD0r5/IWh1v+y1B90HRys3aHmWpqmB7XvfTjdFaWIhalP3F8RfHn91fseaZ98dJD5PD/04aGHK89e++CTn7cbzchvTbO5tNO+nf7puZLC/inl97k0YyfMDnqjTG+nvdtIvv3lufvf+3qiOJm9f9Ji5s2D5/psMrOUBf1lHuZKF2ds/tnBi7eGu/fub+bJj9cbV/e+/+mwXYUvEg7qAAAAAAAAAAAAAAAAAACAI1H4W/G78NjT81sRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy90f//LwS9qcxhglvdmB4qb+20D5z8+JFeKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2G/BwAA//9pxHjs")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)

158.879385ms ago: executing program 1 (id=3013):
r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401)
ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f00000000c0)={{{0x1, 0x1}}, 0x0, 0xa, 0x0})

158.725164ms ago: executing program 2 (id=3014):
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04fd0a20", @ANYRES64], 0x7)

118.607316ms ago: executing program 1 (id=3015):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x1000000000003f}, 0x60)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x62)

114.183919ms ago: executing program 5 (id=3016):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x3d, 0x0, 0x1, 0x20}, {0x4d}, {0x6, 0x0, 0x0, 0x41}]})

104.205273ms ago: executing program 2 (id=3017):
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f00000001c0)={0x14, &(0x7f0000000280)={0x20, 0x23, 0x3c, {0x3c, 0x21, "76860eb14cf01f314674c3656af2da8219129fafe34b7cf6921d056caff9ec077b82f89e939279267995ff4d7c0d749ee36f0e408f70098faaba"}}, 0x0}, 0x0)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddf8)
write$binfmt_elf32(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='H'], 0x69)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40)

5.557302ms ago: executing program 1 (id=3018):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x1c, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008080}, 0x200c0084)

5.2568ms ago: executing program 5 (id=3019):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, 0x0, 0x0}, 0x94)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b595000000000000000002000000", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[], 0x6c}, 0x1, 0x0, 0x0, 0x20008824}, 0x4800)

0s ago: executing program 1 (id=3020):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000100), 0x120)

kernel console output (not intermixed with test programs):

-000000000000.
[  174.412654][ T8981] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  174.421461][ T8997] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1191'.
[  175.330090][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.835275][ T9048] wireguard0: entered promiscuous mode
[  175.837564][ T9048] wireguard0: entered allmulticast mode
[  175.843607][ T9051] loop1: detected capacity change from 0 to 4096
[  175.846777][ T9051] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  176.984907][ T5957] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  177.134503][ T5957] usb 5-1: Using ep0 maxpacket: 16
[  177.138263][ T5957] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  177.142211][ T5957] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  177.147085][ T5957] usb 5-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  177.150453][ T5957] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.157453][ T5957] usb 5-1: config 0 descriptor??
[  177.392320][   T33] audit: type=1326 audit(1757451048.132:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.406392][   T33] audit: type=1326 audit(1757451048.132:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.424908][   T33] audit: type=1326 audit(1757451048.152:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.444106][   T33] audit: type=1326 audit(1757451048.152:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.455340][   T33] audit: type=1326 audit(1757451048.152:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.466699][   T33] audit: type=1326 audit(1757451048.162:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.475675][   T33] audit: type=1326 audit(1757451048.162:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.486192][   T33] audit: type=1326 audit(1757451048.162:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9084 comm="syz.1.1227" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  177.586604][ T5957] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0
[  177.589806][ T5957] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0
[  177.591973][ T6634] libceph: connect (1)[c::]:6789 error -101
[  177.599335][ T6634] libceph: mon0 (1)[c::]:6789 connect error
[  177.604290][ T5957] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0
[  177.607299][ T5957] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0
[  177.610383][ T5957] hid-picolcd 0003:04D8:C002.0004: unknown main item tag 0x0
[  177.621604][ T9091] ceph: No mds server is up or the cluster is laggy
[  177.683240][ T5957] hid-picolcd 0003:04D8:C002.0004: No report with id 0x11 found
[  177.785112][ T5957] usb 5-1: USB disconnect, device number 6
[  177.832059][ T9102] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1234'.
[  177.863793][ T6634] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  178.043715][ T6634] usb 2-1: Using ep0 maxpacket: 16
[  178.049097][ T6634] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  178.052544][ T6634] usb 2-1: config 1 has no interface number 0
[  178.055336][ T6634] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  178.059406][ T6634] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  178.063848][ T6634] usb 2-1: config 1 interface 105 has no altsetting 0
[  178.069024][ T6634] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  178.073029][ T6634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.077317][ T6634] usb 2-1: Product: syz
[  178.079046][ T6634] usb 2-1: Manufacturer: syz
[  178.080907][ T6634] usb 2-1: SerialNumber: syz
[  178.092165][ T9095] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  178.095335][ T9095] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  178.198688][   T54] Bluetooth: hci1: unexpected subevent 0x1a length: 30 > 6
[  178.313229][ T6634] aqc111 2-1:1.105: probe with driver aqc111 failed with error -71
[  178.320748][ T6634] usb 2-1: USB disconnect, device number 15
[  179.071014][ T9139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1249'.
[  180.027369][ T9171] loop1: detected capacity change from 0 to 512
[  180.030885][ T9171] EXT4-fs: Ignoring removed nobh option
[  180.037803][ T9171] fscrypt (loop1, inode 2): Error -61 getting encryption context
[  180.043227][ T9171] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61
[  180.047838][ T9171] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #13: comm syz.1.1264: casefold flag without casefold feature
[  180.054805][ T9171] EXT4-fs (loop1): Remounting filesystem read-only
[  180.059035][ T9171] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.069004][ T9171] fscrypt (loop1, inode 2): Error -61 getting encryption context
[  180.090651][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.447640][ T9200] input: syz1 as /devices/virtual/input/input10
[  181.961685][ T9247] loop1: detected capacity change from 0 to 512
[  181.998627][ T9249] loop4: detected capacity change from 0 to 4096
[  182.015422][ T9250] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  182.032916][ T9252] loop1: detected capacity change from 0 to 64
[  182.047619][ T9252] syz.1.1300: attempt to access beyond end of device
[  182.047619][ T9252] loop1: rw=0, sector=16777216, nr_sectors = 2 limit=64
[  182.058272][ T9252] Buffer I/O error on dev loop1, logical block 8388608, async page read
[  182.062402][ T9252] syz.1.1300: attempt to access beyond end of device
[  182.062402][ T9252] loop1: rw=0, sector=16777216, nr_sectors = 2 limit=64
[  182.067962][ T9252] Buffer I/O error on dev loop1, logical block 8388608, async page read
[  184.517863][ T9302] loop4: detected capacity change from 0 to 128
[  184.562793][ T9302] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  185.318958][ T9317] netlink: 'syz.4.1324': attribute type 29 has an invalid length.
[  185.335421][ T9317] netlink: 'syz.4.1324': attribute type 29 has an invalid length.
[  185.406393][ T9308] loop1: detected capacity change from 0 to 32768
[  185.418415][   T33] audit: type=1800 audit(1757451056.162:47): pid=9308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1320" name="file1" dev="loop1" ino=4 res=0 errno=0
[  185.521141][   T33] audit: type=1326 audit(1757451056.262:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.529964][   T33] audit: type=1326 audit(1757451056.262:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.538447][   T33] audit: type=1326 audit(1757451056.262:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.546152][   T33] audit: type=1326 audit(1757451056.262:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.554492][   T33] audit: type=1326 audit(1757451056.272:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.563326][   T33] audit: type=1326 audit(1757451056.272:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.571365][   T33] audit: type=1326 audit(1757451056.272:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.583625][   T33] audit: type=1326 audit(1757451056.282:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.592622][   T33] audit: type=1326 audit(1757451056.282:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9331 comm="syz.2.1333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3278ebe9 code=0x7ffc0000
[  185.642478][ T9338] netlink: 'syz.2.1335': attribute type 9 has an invalid length.
[  185.648764][ T9336] loop4: detected capacity change from 0 to 2048
[  185.652637][ T9336] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  185.662709][ T9339] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  186.256266][ T9362] random: crng reseeded on system resumption
[  187.695897][ T9377] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  187.700390][ T9377] overlayfs: missing 'lowerdir'
[  188.145712][ T6634] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  188.267411][ T9406] loop1: detected capacity change from 0 to 512
[  188.271367][ T9406] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  188.280101][ T9406] EXT4-fs (loop1): 1 truncate cleaned up
[  188.284003][ T9406] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.298378][ T6634] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 49499, setting to 1024
[  188.303152][ T6634] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  188.309314][ T6634] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  188.313883][ T6634] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.320762][ T6634] usb 5-1: config 0 descriptor??
[  188.346747][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.741328][ T6634] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  189.368123][    C1] plantronics 0003:047F:FFFF.0005: hid_field_extract() called with n (132) > 32! (syz.2.1372)
[  189.579476][ T5943] usb 5-1: USB disconnect, device number 7
[  190.363034][ T9462] loop4: detected capacity change from 0 to 512
[  190.489331][ T9462] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.579041][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.743556][ T9468] loop1: detected capacity change from 0 to 32768
[  190.850245][ T9486] netlink: 'syz.1.1396': attribute type 1 has an invalid length.
[  190.891776][ T9492] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  191.333707][ T5943] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  191.419278][ T9523] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  191.488872][ T5943] usb 5-1: unable to get BOS descriptor or descriptor too short
[  191.495400][ T5943] usb 5-1: config 160 has an invalid interface number: 19 but max is 0
[  191.499196][ T5943] usb 5-1: config 160 has no interface number 0
[  191.502116][ T5943] usb 5-1: config 160 interface 19 has no altsetting 0
[  191.509750][ T5943] usb 5-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=31.f3
[  191.522420][ T5943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.532670][ T5943] usb 5-1: Product: syz
[  191.535918][ T5943] usb 5-1: Manufacturer: syz
[  191.538367][ T5943] usb 5-1: SerialNumber: syz
[  191.763681][ T5943] usb 5-1: USB disconnect, device number 8
[  191.955632][ T9549] netlink: 'syz.1.1426': attribute type 4 has an invalid length.
[  192.312637][ T9556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1429'.
[  192.971596][ T9568] loop1: detected capacity change from 0 to 1024
[  193.320733][ T9578] loop4: detected capacity change from 0 to 128
[  193.350350][   T33] kauditd_printk_skb: 5 callbacks suppressed
[  193.350366][   T33] audit: type=1800 audit(1757451064.092:62): pid=9578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1438" name="bus" dev="loop4" ino=1048652 res=0 errno=0
[  193.391679][ T9574] loop1: detected capacity change from 0 to 40427
[  193.398628][ T9574] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  193.403082][ T9574] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  193.409307][ T9574] F2FS-fs (loop1): invalid crc value
[  193.475224][ T9574] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  193.481577][ T9574] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  193.484742][ T9574] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  193.553391][ T5915] syz-executor: attempt to access beyond end of device
[  193.553391][ T5915] loop1: rw=2051, sector=77824, nr_sectors = 2560 limit=40427
[  193.565519][ T5915] F2FS-fs (loop1): Issue discard(9728, 9728, 320) failed, ret: -5
[  194.002558][ T1366] ieee802154 phy0 wpan0: encryption failed: -22
[  194.005521][ T1366] ieee802154 phy1 wpan1: encryption failed: -22
[  194.237540][ T9608] loop1: detected capacity change from 0 to 8
[  194.246189][ T9608] cramfs: empty filesystem
[  194.290177][ T9610] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1448'.
[  194.366713][ T9614] loop1: detected capacity change from 0 to 512
[  194.373825][ T9614] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.1450: corrupted in-inode xattr: invalid ea_ino
[  194.380137][ T9614] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1450: couldn't read orphan inode 15 (err -117)
[  194.387381][ T9614] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  194.524651][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.037645][ T6634] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  195.176284][ T9631] netlink: 'syz.2.1456': attribute type 10 has an invalid length.
[  195.203782][ T6634] usb 5-1: Using ep0 maxpacket: 32
[  195.209864][ T6634] usb 5-1: config 0 has an invalid interface number: 247 but max is 0
[  195.213316][ T6634] usb 5-1: config 0 has no interface number 0
[  195.217999][ T6634] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  195.221630][ T6634] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  195.225183][ T6634] usb 5-1: Product: syz
[  195.226672][ T6634] usb 5-1: Manufacturer: syz
[  195.229444][ T6634] usb 5-1: config 0 descriptor??
[  195.442439][ T5943] usb 5-1: USB disconnect, device number 9
[  196.073625][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  196.075918][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  196.232436][ T9647] loop1: detected capacity change from 0 to 131072
[  196.237709][ T9647] F2FS-fs (loop1): Invalid log sectorsize (67108873)
[  196.240662][ T9647] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  196.251329][ T9647] F2FS-fs (loop1): invalid crc value
[  196.298900][ T9662] loop4: detected capacity change from 0 to 1024
[  196.302358][ T9662] EXT4-fs: Ignoring removed mblk_io_submit option
[  196.302596][ T9647] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  196.311868][ T9647] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  196.315674][ T9647] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  196.318578][ T9662] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.356676][ T9662] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  196.366886][ T9662] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  196.373945][ T9662] EXT4-fs (loop4): This should not happen!! Data will be lost
[  196.373945][ T9662] 
[  196.378240][ T9662] EXT4-fs (loop4): Total free blocks count 0
[  196.380926][ T9662] EXT4-fs (loop4): Free/Dirty block details
[  196.383871][ T9662] EXT4-fs (loop4): free_blocks=68451041280
[  196.387501][ T9662] EXT4-fs (loop4): dirty_blocks=80
[  196.390546][ T9662] EXT4-fs (loop4): Block reservation details
[  196.393238][ T9662] EXT4-fs (loop4): i_reserved_data_blocks=5
[  196.437100][   T27] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 3 with error 28
[  196.997450][ T9678] loop4: detected capacity change from 0 to 32768
[  197.004521][ T9678] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1475 (9678)
[  197.016204][ T9678] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  197.023295][ T9678] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  197.073636][ T9678] BTRFS info (device loop4): enabling ssd optimizations
[  197.076707][ T9678] BTRFS info (device loop4): enabling free space tree
[  197.079647][ T9678] BTRFS info (device loop4): use lzo compression, level 0
[  197.092325][ T9697] loop1: detected capacity change from 0 to 512
[  197.099913][ T9697] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  197.108316][ T9697] EXT4-fs (loop1): invalid journal inode
[  197.110704][ T9697] EXT4-fs (loop1): can't get journal size
[  197.117259][ T9697] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e056c118, mo2=0002]
[  197.120730][ T9697] System zones: 1-12, 13-13
[  197.122879][ T9697] EXT4-fs (loop1): orphan cleanup on readonly fs
[  197.128243][ T9697] EXT4-fs (loop1): 1 truncate cleaned up
[  197.132006][ T9697] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  197.149333][ T7681] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  197.181338][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.517112][ T9715] loop4: detected capacity change from 0 to 512
[  197.558425][ T9715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.566265][ T9715] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.617516][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.730437][ T9727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1488'.
[  198.541287][ T9750] loop1: detected capacity change from 0 to 128
[  198.732188][ T9756] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1501'.
[  198.803633][ T6634] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  198.809956][ T9762] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1504'.
[  199.190843][ T6634] usb 2-1: Using ep0 maxpacket: 32
[  199.195329][ T6634] usb 2-1: config 0 has an invalid interface number: 146 but max is 0
[  199.198112][ T6634] usb 2-1: config 0 has no interface number 0
[  199.200249][ T6634] usb 2-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  199.204371][ T6634] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  199.208753][ T6634] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  199.212550][ T6634] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  199.216529][ T6634] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  199.220567][ T6634] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  199.224384][ T6634] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  199.228217][ T6634] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 60572, setting to 64
[  199.232777][ T6634] usb 2-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  199.239899][ T6634] usb 2-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  199.243395][ T6634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.246848][ T6634] usb 2-1: Product: syz
[  199.248391][ T6634] usb 2-1: Manufacturer: syz
[  199.250061][ T6634] usb 2-1: SerialNumber: syz
[  199.253151][ T6634] usb 2-1: config 0 descriptor??
[  199.255366][ T9750] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  199.258706][ T6634] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk.
[  199.261822][ T6634] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out.
[  199.460182][ T5943] usb 2-1: USB disconnect, device number 16
[  199.473357][ T5957] Process accounting resumed
[  200.228769][ T9788] netlink: 'syz.1.1514': attribute type 3 has an invalid length.
[  200.232216][ T9788] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1514'.
[  200.261066][ T9775] Process accounting resumed
[  200.841975][ T9796] netlink: 'syz.4.1517': attribute type 1 has an invalid length.
[  200.845624][ T9796] netlink: 'syz.4.1517': attribute type 2 has an invalid length.
[  201.093493][ T9806] loop4: detected capacity change from 0 to 40427
[  201.098601][ T9806] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  201.101283][ T9806] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  201.105506][ T9806] F2FS-fs (loop4): invalid crc value
[  201.137120][ T9806] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  201.142497][ T9806] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  201.145707][ T9806] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  201.785318][ T9818] loop1: detected capacity change from 0 to 512
[  202.789759][ T9832] program syz.4.1529 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  202.896275][ T9834] loop4: detected capacity change from 0 to 256
[  203.463277][ T9843] loop1: detected capacity change from 0 to 512
[  203.469817][ T9843] EXT4-fs: Ignoring removed i_version option
[  203.493362][ T9843] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.650367][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.025253][ T9861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1541'.
[  204.285907][ T5943] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  204.461267][ T5943] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.493549][ T5943] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  204.497689][ T5943] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  204.529911][ T5943] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  204.534959][ T5943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.539892][ T5943] usb 2-1: Product: syz
[  204.541868][ T5943] usb 2-1: Manufacturer: syz
[  204.546175][ T5943] usb 2-1: SerialNumber: syz
[  204.856382][ T5943] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  204.859405][ T5943] cdc_ncm 2-1:1.0: bind() failure
[  204.879305][ T5943] usb 2-1: USB disconnect, device number 17
[  205.103820][ T9885] overlayfs: failed to clone upperpath
[  205.604188][ T9899] netlink: 'syz.1.1559': attribute type 21 has an invalid length.
[  206.149608][ T9917] loop4: detected capacity change from 0 to 4096
[  206.158226][ T9917] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.170680][ T9917] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  206.194739][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.212446][ T9922] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1570'.
[  206.216329][ T9922] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1570'.
[  206.251376][ T5970] kernel read not supported for file /dsp (pid: 5970 comm: kworker/1:4)
[  206.471528][ T9926] loop4: detected capacity change from 0 to 32768
[  206.478677][ T9926] (syz.4.1571,9926,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  206.487464][ T9926] (syz.4.1571,9926,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  206.508633][ T9926] JBD2: Ignoring recovery information on journal
[  206.551562][ T9926] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  206.608419][ T9942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1578'.
[  206.710238][ T7681] ocfs2: Unmounting device (7,4) on (node local)
[  206.730917][ T9946] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1581'.
[  207.393560][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  207.413623][ T5970] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  207.555204][   T24] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[  207.558116][   T24] usb 5-1: config 0 has no interface number 0
[  207.560169][   T24] usb 5-1: config 0 interface 255 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  207.566067][   T24] usb 5-1: config 0 interface 255 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  207.570092][   T24] usb 5-1: config 0 interface 255 altsetting 0 endpoint 0xA has an invalid bInterval 255, changing to 11
[  207.573906][ T5970] usb 2-1: Using ep0 maxpacket: 32
[  207.576240][   T24] usb 5-1: config 0 interface 255 altsetting 0 endpoint 0xA has invalid maxpacket 59391, setting to 1024
[  207.584537][   T24] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  207.588599][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.592154][   T24] usb 5-1: Product: syz
[  207.596000][ T5970] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC4, changing to 0x84
[  207.600882][   T24] usb 5-1: Manufacturer: syz
[  207.602607][   T24] usb 5-1: SerialNumber: syz
[  207.605361][ T5970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  207.614460][ T5970] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16
[  207.618300][ T5970] usb 2-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3
[  207.622378][   T24] usb 5-1: config 0 descriptor??
[  207.624790][ T5970] usb 2-1: Product: syz
[  207.627512][ T9967] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  207.630661][ T5970] usb 2-1: Manufacturer: syz
[  207.635331][ T5970] usb 2-1: SerialNumber: syz
[  207.641559][ T5970] usb 2-1: config 0 descriptor??
[  207.680661][ T5970] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  207.857301][ T5970] usb 2-1: USB disconnect, device number 18
[  207.862560][ T5920] usb 2-1: Failed to submit usb control message: -71
[  207.865121][ T5920] usb 2-1: unable to send the bmi data to the device: -71
[  207.867368][ T5920] usb 2-1: unable to get target info from device
[  207.870953][ T5920] usb 2-1: could not get target info (-71)
[  207.875012][ T5920] usb 2-1: could not probe fw (-71)
[  208.269033][T10002] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1602'.
[  208.421279][T10012] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1606'.
[  208.423585][T10011] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.1607'.
[  208.547929][T10022] loop1: detected capacity change from 0 to 16
[  208.571947][T10022] erofs (device loop1): mounted with root inode @ nid 36.
[  210.123759][ T6634] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  210.307998][ T6634] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  210.311130][ T6634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.314053][ T6634] usb 2-1: Product: syz
[  210.315634][ T6634] usb 2-1: Manufacturer: syz
[  210.317292][ T6634] usb 2-1: SerialNumber: syz
[  210.320963][ T6634] usb 2-1: config 0 descriptor??
[  210.527191][ T6634] hso 2-1:0.0: Can't find BULK IN endpoint
[  210.529821][ T6634] usb-storage 2-1:0.0: USB Mass Storage device detected
[  210.579946][T10059] netlink: 'syz.2.1628': attribute type 4 has an invalid length.
[  210.735292][ T5943] usb 2-1: USB disconnect, device number 19
[  212.611206][T10101] loop1: detected capacity change from 0 to 32768
[  212.619569][T10101] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1645 (10101)
[  212.792759][T10101] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  212.796587][T10101] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  213.171369][T10101] BTRFS info (device loop1): enabling ssd optimizations
[  213.176145][T10101] BTRFS info (device loop1): enabling free space tree
[  213.200368][ T5915] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  213.357290][T10129] loop1: detected capacity change from 0 to 512
[  213.368678][T10129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.379766][T10129] ext4 filesystem being mounted at /520/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.402887][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.535074][T10141] bond_slave_0: entered promiscuous mode
[  213.537537][T10141] bond_slave_1: entered promiscuous mode
[  213.539922][T10141] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  213.546395][T10141] macvtap1: entered allmulticast mode
[  213.548319][T10141] bond0: entered allmulticast mode
[  213.550697][T10141] bond_slave_0: entered allmulticast mode
[  213.553180][T10141] bond_slave_1: entered allmulticast mode
[  213.557472][T10141] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  213.563815][T10141] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  213.568393][T10141] bond0: left allmulticast mode
[  213.570550][T10141] bond_slave_0: left allmulticast mode
[  213.573002][T10141] bond_slave_1: left allmulticast mode
[  213.575568][T10141] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  213.578787][T10141] bond_slave_0: left promiscuous mode
[  213.581072][T10141] bond_slave_1: left promiscuous mode
[  213.583530][T10141] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[  213.658863][T10146] program syz.1.1656 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  213.691251][T10148] loop1: detected capacity change from 0 to 512
[  213.933536][ T5943] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  214.085988][ T5943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  214.090034][ T5943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 218, changing to 7
[  214.106093][ T5943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 32945, setting to 1024
[  214.116064][ T5943] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  214.120173][ T5943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.125895][ T5943] usb 2-1: Product: syz
[  214.127719][ T5943] usb 2-1: Manufacturer: syz
[  214.129659][ T5943] usb 2-1: SerialNumber: syz
[  214.142573][ T5943] usb 2-1: config 0 descriptor??
[  214.148197][ T5943] usb 2-1: 0:0 : invalid sync pipe. bmAttributes e5, bLength 9, bSynchAddress 2f
[  214.164380][T10172] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  214.170681][T10172] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.175597][T10172] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.254762][T10177] openvswitch: netlink: Duplicate or invalid key (type 0).
[  214.257970][T10177] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  214.320210][T10181] loop4: detected capacity change from 0 to 8
[  214.329771][T10181] squashfs image failed sanity check
[  214.374651][ T5943] usb 2-1: USB disconnect, device number 20
[  214.413780][T10185] netlink: 'syz.4.1676': attribute type 2 has an invalid length.
[  214.418505][T10185] netlink: 'syz.4.1676': attribute type 1 has an invalid length.
[  214.508914][T10193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1679'.
[  214.675249][T10203] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1683'.
[  214.679367][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1683'.
[  214.686989][T10203] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1683'.
[  214.691004][T10203] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1683'.
[  214.696333][T10203] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1683'.
[  214.924457][T10208] loop1: detected capacity change from 0 to 4096
[  214.945952][T10208] ntfs3(loop1): ino=1a, mi_enum_attr
[  214.948260][T10208] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  215.131455][T10213] netlink: 'syz.1.1687': attribute type 2 has an invalid length.
[  215.263003][T10219] loop1: detected capacity change from 0 to 512
[  215.301009][T10219] EXT4-fs (loop1): 1 orphan inode deleted
[  215.309432][T10219] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.314452][T10219] ext4 filesystem being mounted at /532/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.317336][   T27] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  215.327179][   T27] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u10:0: Failed to release dquot type 1
[  215.388457][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.528801][T10227] loop1: detected capacity change from 0 to 1024
[  215.532208][T10227] EXT4-fs: Ignoring removed orlov option
[  215.699395][T10227] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.893797][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.992077][T10238] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1696'.
[  216.025748][T10242] loop1: detected capacity change from 0 to 164
[  216.028290][T10242] iso9660: Unknown parameter 'ch]ck'
[  216.384087][T10265] overlayfs: failed to clone upperpath
[  216.462846][T10273] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1712'.
[  216.476412][T10273] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1712'.
[  216.533683][ T5943] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  216.683980][ T5943] usb 2-1: Using ep0 maxpacket: 8
[  216.695496][ T5943] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  216.699289][ T5943] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.706394][ T5943] pvrusb2: Hardware description: Terratec Grabster AV400
[  216.708797][ T5943] pvrusb2: **********
[  216.710134][ T5943] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  216.717496][ T5943] pvrusb2: Important functionality might not be entirely working.
[  216.720674][ T5943] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  216.725536][ T5943] pvrusb2: **********
[  216.921026][ T2399] pvrusb2: Invalid write control endpoint
[  216.962053][ T2399] pvrusb2: Invalid write control endpoint
[  216.968132][ T2399] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  216.974566][ T2399] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  216.983667][ T2399] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  216.987381][ T2399] pvrusb2: Device being rendered inoperable
[  216.993063][ T2399] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  217.001131][ T2399] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  217.011412][ T2399] pvrusb2: Attached sub-driver cx25840
[  217.020497][ T2399] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  217.024719][ T2399] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  217.121298][ T5943] usb 2-1: USB disconnect, device number 21
[  217.426478][T10321] netlink: 'syz.2.1733': attribute type 6 has an invalid length.
[  217.448089][T10283] delete_channel: no stack
[  217.761827][T10341] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1744'.
[  218.487551][T10358] ref_ctr_offset mismatch. inode: 0x5bc offset: 0x0 ref_ctr_offset(old): 0x3070 ref_ctr_offset(new): 0x0
[  218.571036][T10363] loop4: detected capacity change from 0 to 128
[  218.574020][T10363] affs: Bad value for 'root'
[  219.322093][T10394] netlink: 'syz.2.1768': attribute type 9 has an invalid length.
[  219.765106][ T5239] Bluetooth: hci0: command tx timeout
[  220.855645][T10414] loop4: detected capacity change from 0 to 32768
[  220.859224][T10414] XFS: noikeep mount option is deprecated.
[  220.868127][T10414] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  220.908346][T10414] XFS (loop4): Ending clean mount
[  220.913566][T10414] XFS (loop4): Quotacheck needed: Please wait.
[  220.936512][T10414] XFS (loop4): Quotacheck: Done.
[  220.982776][ T7681] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  221.328778][T10440] netlink: 'syz.2.1782': attribute type 83 has an invalid length.
[  221.573015][   T33] audit: type=1800 audit(1757451092.312:63): pid=10459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1790" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  221.610245][T10462] loop4: detected capacity change from 0 to 512
[  221.634633][T10462] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  221.718142][ T5239] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  221.721723][ T5239] CPU: 1 UID: 0 PID: 5239 Comm: kworker/u11:1 Not tainted syzkaller #0 PREEMPT(full) 
[  221.721740][ T5239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  221.721748][ T5239] Workqueue: hci0 hci_rx_work
[  221.721768][ T5239] Call Trace:
[  221.721774][ T5239]  <TASK>
[  221.721778][ T5239]  dump_stack_lvl+0x189/0x250
[  221.721790][ T5239]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.721798][ T5239]  ? __pfx__printk+0x10/0x10
[  221.721810][ T5239]  ? kernfs_path_from_node+0x250/0x290
[  221.721818][ T5239]  ? kernfs_path_from_node+0x2f/0x290
[  221.721842][ T5239]  sysfs_create_dir_ns+0x259/0x280
[  221.721854][ T5239]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  221.721862][ T5239]  ? do_raw_spin_unlock+0x4d/0x240
[  221.721872][ T5239]  kobject_add_internal+0x59f/0xb40
[  221.721884][ T5239]  kobject_add+0x155/0x220
[  221.721896][ T5239]  ? __pfx_kobject_add+0x10/0x10
[  221.721904][ T5239]  ? _raw_spin_unlock+0x28/0x50
[  221.721915][ T5239]  ? get_device_parent+0x366/0x3a0
[  221.721925][ T5239]  device_add+0x408/0xb50
[  221.721935][ T5239]  hci_conn_add_sysfs+0xd5/0x1e0
[  221.721945][ T5239]  le_conn_complete_evt+0xc3a/0x1220
[  221.721957][ T5239]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  221.721965][ T5239]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  221.721971][ T5239]  ? __asan_memcpy+0x40/0x70
[  221.721981][ T5239]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  221.721987][ T5239]  ? skb_pull_data+0xfb/0x200
[  221.721999][ T5239]  hci_le_conn_complete_evt+0x187/0x450
[  221.722012][ T5239]  hci_event_packet+0x78f/0x1200
[  221.722023][ T5239]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  221.722034][ T5239]  ? __pfx_hci_event_packet+0x10/0x10
[  221.722043][ T5239]  ? kcov_remote_start+0x4d3/0x7f0
[  221.722052][ T5239]  ? lockdep_hardirqs_on+0x90/0x150
[  221.722062][ T5239]  ? hci_send_to_monitor+0xe2/0x570
[  221.722071][ T5239]  hci_rx_work+0x46a/0xe80
[  221.722084][ T5239]  ? process_scheduled_works+0x9ef/0x17b0
[  221.722092][ T5239]  process_scheduled_works+0xae1/0x17b0
[  221.722109][ T5239]  ? __pfx_process_scheduled_works+0x10/0x10
[  221.722123][ T5239]  worker_thread+0x8a0/0xda0
[  221.722140][ T5239]  kthread+0x711/0x8a0
[  221.722149][ T5239]  ? __pfx_worker_thread+0x10/0x10
[  221.722155][ T5239]  ? __pfx_kthread+0x10/0x10
[  221.722164][ T5239]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.722173][ T5239]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.722179][ T5239]  ? __pfx_kthread+0x10/0x10
[  221.722187][ T5239]  ret_from_fork+0x3fc/0x770
[  221.722196][ T5239]  ? __pfx_ret_from_fork+0x10/0x10
[  221.722205][ T5239]  ? __switch_to_asm+0x39/0x70
[  221.722213][ T5239]  ? __switch_to_asm+0x33/0x70
[  221.722220][ T5239]  ? __pfx_kthread+0x10/0x10
[  221.722228][ T5239]  ret_from_fork_asm+0x1a/0x30
[  221.722243][ T5239]  </TASK>
[  221.722331][ T5239] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  221.861429][ T5239] Bluetooth: hci0: failed to register connection device
[  222.024201][  T792] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  222.173911][T10489] loop4: detected capacity change from 0 to 8192
[  222.191289][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  222.196965][  T792] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  222.200869][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  222.208653][  T792] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  222.215216][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.217674][T10489] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  222.217703][T10489] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  222.218708][T10489]  loop4: unable to read partition table
[  222.224019][  T792] usb 2-1: Product: syz
[  222.226757][T10489] loop_reread_partitions: partition scan of loop4 () failed (rc=-5)
[  222.227564][  T792] usb 2-1: Manufacturer: syz
[  222.227591][  T792] usb 2-1: SerialNumber: syz
[  222.234184][  T792] usb 2-1: config 0 descriptor??
[  222.238235][T10475] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  222.245500][T10475] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  222.250488][  T792] usb 2-1: ucan: probing device on interface #0
[  222.916443][  T792] ucan 2-1:0.0: probe with driver ucan failed with error -22
[  223.146291][ T5970] usb 2-1: USB disconnect, device number 22
[  223.548436][T10523] loop4: detected capacity change from 0 to 2048
[  223.552102][T10523] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  223.555725][T10523] NILFS (loop4): mounting unchecked fs
[  223.564972][T10523] NILFS (loop4): recovery complete
[  223.567262][T10524] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  223.968207][T10531] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  223.973126][T10531] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  224.585668][T10562] loop1: detected capacity change from 0 to 1024
[  224.589742][T10562] EXT4-fs: Ignoring removed nomblk_io_submit option
[  224.595255][T10562] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  224.598435][T10562] System zones: 0-1, 3-36
[  224.602209][T10562] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.608616][T10541] loop4: detected capacity change from 0 to 40427
[  224.613764][T10541] F2FS-fs (loop4): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  224.617386][T10541] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  224.621411][T10541] F2FS-fs (loop4): build fault injection type: 0x6
[  224.628899][T10541] F2FS-fs (loop4): invalid crc value
[  224.632929][ T5915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.721971][T10541] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  224.728462][T10541] F2FS-fs (loop4): Start checkpoint disabled!
[  224.741002][T10541] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  224.744350][T10541] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  224.807589][T10570] xfrm0: entered promiscuous mode
[  224.809996][T10570] xfrm0: entered allmulticast mode
[  225.326185][T10579] loop1: detected capacity change from 0 to 40427
[  225.332985][T10579] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  225.336791][T10579] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  225.342712][T10579] F2FS-fs (loop1): invalid crc value
[  225.391545][T10579] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  225.399495][T10579] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  225.402453][T10579] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  226.221977][T10587] f2fs: Unknown parameter 'm@{FeSL'
[  226.313805][   T33] audit: type=1800 audit(1757451096.492:64): pid=10590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1843" name="file1" dev="loop1" ino=10 res=0 errno=0
[  226.551934][   T26] kworker/u9:0: attempt to access beyond end of device
[  226.551934][   T26] loop1: rw=1, sector=77824, nr_sectors = 3784 limit=40427
[  226.569337][   T26] kworker/u9:0: attempt to access beyond end of device
[  226.569337][   T26] loop1: rw=1, sector=81608, nr_sectors = 312 limit=40427
[  226.611938][   T26] kworker/u9:0: attempt to access beyond end of device
[  226.611938][   T26] loop1: rw=1, sector=49152, nr_sectors = 4096 limit=40427
[  226.703078][   T26] kworker/u9:0: attempt to access beyond end of device
[  226.703078][   T26] loop1: rw=1, sector=57344, nr_sectors = 10848 limit=40427
[  227.336858][   T26] kworker/u9:0: attempt to access beyond end of device
[  227.336858][   T26] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  227.355954][   T26] CPU: 0 UID: 0 PID: 26 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  227.355974][   T26] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  227.355983][   T26] Workqueue: writeback wb_workfn (flush-7:4)
[  227.356003][   T26] Call Trace:
[  227.356017][   T26]  <TASK>
[  227.356022][   T26]  dump_stack_lvl+0x189/0x250
[  227.356041][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.356054][   T26]  ? __pfx_queue_work_on+0x10/0x10
[  227.356067][   T26]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  227.356085][   T26]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  227.356110][   T26]  f2fs_handle_critical_error+0x37c/0x540
[  227.356132][   T26]  f2fs_write_end_io+0x886/0xb60
[  227.356159][   T26]  __submit_merged_bio+0x27a/0x6a0
[  227.356181][   T26]  __submit_merged_write_cond+0x255/0x530
[  227.356203][   T26]  f2fs_write_data_pages+0x261d/0x3000
[  227.356240][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  227.356263][   T26]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  227.356304][   T26]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  227.356322][   T26]  ? look_up_lock_class+0x74/0x170
[  227.356341][   T26]  ? trace_f2fs_writepages+0x7f/0x200
[  227.356358][   T26]  ? f2fs_write_node_pages+0x478/0x6e0
[  227.356378][   T26]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  227.356405][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  227.356423][   T26]  do_writepages+0x32e/0x550
[  227.356443][   T26]  ? reacquire_held_locks+0x127/0x1d0
[  227.356455][   T26]  ? writeback_sb_inodes+0x384/0x1010
[  227.356478][   T26]  __writeback_single_inode+0x145/0xff0
[  227.356492][   T26]  ? do_raw_spin_unlock+0x4d/0x240
[  227.356510][   T26]  writeback_sb_inodes+0x6c7/0x1010
[  227.356571][   T26]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  227.356622][   T26]  ? rcu_is_watching+0x15/0xb0
[  227.356644][   T26]  wb_writeback+0x43b/0xaf0
[  227.356665][   T26]  ? queue_io+0x361/0x590
[  227.356683][   T26]  ? __pfx_wb_writeback+0x10/0x10
[  227.356704][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[  227.356725][   T26]  wb_workfn+0x409/0xef0
[  227.356750][   T26]  ? __pfx_wb_workfn+0x10/0x10
[  227.356767][   T26]  ? __lock_acquire+0xab9/0xd20
[  227.356793][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[  227.356810][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[  227.356825][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[  227.356837][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[  227.356849][   T26]  process_scheduled_works+0xae1/0x17b0
[  227.356885][   T26]  ? __pfx_process_scheduled_works+0x10/0x10
[  227.356913][   T26]  worker_thread+0x8a0/0xda0
[  227.356948][   T26]  kthread+0x711/0x8a0
[  227.356966][   T26]  ? __pfx_worker_thread+0x10/0x10
[  227.356977][   T26]  ? __pfx_kthread+0x10/0x10
[  227.356993][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[  227.357014][   T26]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.357024][   T26]  ? __pfx_kthread+0x10/0x10
[  227.357040][   T26]  ret_from_fork+0x3fc/0x770
[  227.357055][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[  227.357073][   T26]  ? __switch_to_asm+0x39/0x70
[  227.357088][   T26]  ? __switch_to_asm+0x33/0x70
[  227.357098][   T26]  ? __pfx_kthread+0x10/0x10
[  227.357114][   T26]  ret_from_fork_asm+0x1a/0x30
[  227.357141][   T26]  </TASK>
[  227.357146][   T26] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  227.916705][   T24] iguanair 5-1:0.255: failed to get version
[  227.925174][   T24] iguanair 5-1:0.255: probe with driver iguanair failed with error -110
[  227.946362][   T24] usb 5-1: USB disconnect, device number 10
[  228.120197][T10618] loop4: detected capacity change from 0 to 1024
[  228.126158][T10618] EXT4-fs: Ignoring removed nobh option
[  228.128727][T10618] EXT4-fs: Ignoring removed bh option
[  228.157639][T10618] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.315132][ T5239] Bluetooth: hci0: command 0x0406 tx timeout
[  228.664153][T10626] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1855: Allocating blocks 497-513 which overlap fs metadata
[  228.943593][ T6634] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  228.968056][T10617] EXT4-fs (loop4): pa ffff888107002ae0: logic 16, phys. 241, len 17
[  228.971508][T10617] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[  229.060082][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.098680][T10632] ALSA: mixer_oss: invalid OSS volume '49'
[  229.101264][T10632] ALSA: mixer_oss: invalid OSS volume 'Invalid'
[  229.114102][ T6634] usb 2-1: Using ep0 maxpacket: 8
[  229.118761][ T6634] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  229.123476][ T6634] usb 2-1: config 0 interface 0 has no altsetting 0
[  229.131999][ T6634] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  229.139740][ T6634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.143264][ T6634] usb 2-1: Product: syz
[  229.145881][ T6634] usb 2-1: Manufacturer: syz
[  229.148008][ T6634] usb 2-1: SerialNumber: syz
[  229.152048][ T6634] usb 2-1: config 0 descriptor??
[  229.159827][ T6634] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found
[  229.316301][T10634] loop4: detected capacity change from 0 to 32768
[  229.320142][T10634] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1861 (10634)
[  229.327805][T10634] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  229.332049][T10634] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  229.377443][ T6634] snd_usb_toneport 2-1:0.0: cannot get proper max packet size
[  229.380865][ T6634] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected
[  229.388594][ T6634] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  229.438455][T10634] BTRFS info (device loop4): enabling ssd optimizations
[  229.441312][T10634] BTRFS info (device loop4): enabling free space tree
[  229.465171][T10661] overlayfs: failed to clone upperpath
[  229.581483][ T6634] usb 2-1: USB disconnect, device number 23
[  229.983594][T10665] syz.4.1861 (10665) used greatest stack depth: 19376 bytes left
[  230.068293][ T7681] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  230.272663][T10669] loop4: detected capacity change from 0 to 2048
[  230.282314][T10669] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  230.286474][T10669] NILFS (loop4): mounting unchecked fs
[  230.289584][T10669] NILFS (loop4): recovery required for readonly filesystem
[  230.292804][T10669] NILFS (loop4): write access will be enabled during recovery
[  230.304776][T10669] NILFS (loop4): norecovery option specified, skipping roll-forward recovery
[  230.318057][T10669] NILFS (loop4): couldn't remount because the filesystem is in an incomplete recovery state
[  230.613347][T10673] loop1: detected capacity change from 0 to 32768
[  230.656136][T10673] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.680314][T10673] XFS (loop1): Ending clean mount
[  230.695340][T10700] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  230.807607][ T5915] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.974124][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  231.145645][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  231.153723][   T24] usb 5-1: config 4 has an invalid interface number: 4 but max is 0
[  231.157335][   T24] usb 5-1: config 4 has no interface number 0
[  231.162972][   T24] usb 5-1: config 4 interface 4 has no altsetting 0
[  231.175907][   T24] usb 5-1: New USB device found, idVendor=0f3d, idProduct=68a3, bcdDevice=53.4f
[  231.179120][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.192452][   T24] usb 5-1: Product: syz
[  231.194082][   T24] usb 5-1: Manufacturer: syz
[  231.195775][   T24] usb 5-1: SerialNumber: syz
[  231.272128][T10722] loop1: detected capacity change from 0 to 32768
[  231.277050][T10722] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1890 (10722)
[  231.287296][T10722] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  231.290745][T10722] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  231.332565][T10722] BTRFS info (device loop1): rebuilding free space tree
[  231.357776][T10722] BTRFS info (device loop1): allowing degraded mounts
[  231.360249][T10722] BTRFS info (device loop1): enabling ssd optimizations
[  231.362500][T10722] BTRFS info (device loop1): enabling free space tree
[  231.366465][T10722] BTRFS info (device loop1): force clearing of disk cache
[  231.368783][T10722] BTRFS info (device loop1): use zstd compression, level 3
[  231.371328][T10722] BTRFS info (device loop1): max_inline set to 0
[  231.412143][   T24] sierra 5-1:4.4: Sierra USB modem converter detected
[  231.423998][   T24] usb 5-1: Sierra USB modem converter now attached to ttyUSB0
[  231.434254][   T24] usb 5-1: USB disconnect, device number 11
[  231.443773][   T24] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  231.468497][   T24] sierra 5-1:4.4: device disconnected
[  231.476034][ T5915] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  231.510610][T10755] __nla_validate_parse: 2 callbacks suppressed
[  231.510631][T10755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1900'.
[  231.590573][T10755] netlink: 'syz.2.1900': attribute type 10 has an invalid length.
[  231.604409][T10755] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1900'.
[  231.608383][T10755] team0: entered promiscuous mode
[  231.610502][T10755] team_slave_0: entered promiscuous mode
[  231.613174][T10755] team_slave_1: entered promiscuous mode
[  231.616209][T10755] team0: entered allmulticast mode
[  231.618449][T10755] team_slave_0: entered allmulticast mode
[  231.620839][T10755] team_slave_1: entered allmulticast mode
[  231.624502][T10755] 8021q: adding VLAN 0 to HW filter on device team0
[  231.627905][T10755] bridge0: port 3(team0) entered blocking state
[  231.630914][T10755] bridge0: port 3(team0) entered disabled state
[  231.670864][T10760] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1901'.
[  231.715430][T10764] cgroup: noprefix used incorrectly
[  232.114770][T10774] loop1: detected capacity change from 0 to 32768
[  232.122308][T10774] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  232.166012][T10774] XFS (loop1): Ending clean mount
[  232.177006][T10774] XFS (loop1): Quotacheck needed: Please wait.
[  232.202016][T10774] XFS (loop1): Quotacheck: Done.
[  232.287034][ T5915] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  232.495975][T10795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1915'.
[  232.500081][T10795] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  232.503352][T10795] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  232.530211][T10799] program syz.4.1918 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  232.661814][T10814] loop4: detected capacity change from 0 to 1024
[  233.211609][T10849] Dead loop on virtual device ip6_vti0, fix it urgently!
[  233.227542][T10849] Dead loop on virtual device ip6_vti0, fix it urgently!
[  233.230782][T10849] Dead loop on virtual device ip6_vti0, fix it urgently!
[  233.363128][T10840] loop1: detected capacity change from 0 to 40427
[  233.368459][T10840] F2FS-fs (loop1): build fault injection rate: 14
[  233.370710][T10840] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  233.376904][T10840] F2FS-fs (loop1): invalid crc value
[  233.379898][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  233.397738][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  233.465587][T10840] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  233.469358][T10840] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  233.475302][T10840] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  233.515081][T10840] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  233.526908][T10840] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_write_inline_data+0x9b/0x790
[  233.532183][T10840] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  233.556795][T10839] F2FS-fs (loop1): f2fs_evict_inode: inconsistent node id, ino:10
[  233.586291][ T5915] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0
[  234.057373][T10883] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  235.085532][T10891] No control pipe specified
[  236.900352][T10921] syz.4.1963 (10921): drop_caches: 2
[  237.374936][T10964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1982'.
[  237.912136][T10970] sctp: [Deprecated]: syz.2.1983 (pid 10970) Use of int in maxseg socket option.
[  237.912136][T10970] Use struct sctp_assoc_value instead
[  238.633654][ T6634] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  238.785699][ T6634] usb 2-1: config 6 has an invalid interface number: 2 but max is 0
[  238.790672][ T6634] usb 2-1: config 6 has no interface number 0
[  238.793315][ T6634] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  238.799776][ T6634] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  238.806590][ T6634] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  238.813190][ T6634] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  238.817039][ T6634] usb 2-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  238.820414][ T6634] usb 2-1: Product: syz
[  238.822222][ T6634] usb 2-1: Manufacturer: syz
[  238.827605][ T6634] usb 2-1: SerialNumber: syz
[  238.834054][ T6634] hso 2-1:6.2: Failed to find INT IN ep
[  238.980532][T11016] 9pnet_fd: Insufficient options for proto=fd
[  239.041358][  T792] usb 2-1: USB disconnect, device number 24
[  240.723625][  T792] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  240.875418][  T792] usb 2-1: unable to get BOS descriptor or descriptor too short
[  240.879170][  T792] usb 2-1: not running at top speed; connect to a high speed hub
[  240.882689][  T792] usb 2-1: config 1 has an invalid interface descriptor of length 5, skipping
[  240.887013][  T792] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  240.891401][  T792] usb 2-1: config 1 has 3 interfaces, different from the descriptor's value: 19
[  240.895637][  T792] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 59, changing to 4
[  240.899210][  T792] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  240.906019][  T792] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  240.909036][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.911875][  T792] usb 2-1: Product: syz
[  240.913285][  T792] usb 2-1: Manufacturer: syz
[  240.915039][  T792] usb 2-1: SerialNumber: syz
[  241.130029][  T792] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  241.146903][  T792] usb 2-1: USB disconnect, device number 25
[  241.462023][ T5912] Bluetooth: hci0: unexpected event for opcode 0x1001
[  242.487358][T11141] loop4: detected capacity change from 0 to 1024
[  242.491433][T11141] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  242.508622][T11141] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.523581][   T33] audit: type=1804 audit(1757451113.262:65): pid=11141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2060" name="/newroot/360/file1/file1" dev="loop4" ino=15 res=1 errno=0
[  242.524426][T11141] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.2060: missing EA_INODE flag
[  242.541151][T11141] EXT4-fs (loop4): Remounting filesystem read-only
[  242.544287][ T6634] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  242.576277][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.776169][ T6634] usb 2-1: config 1 interface 0 has no altsetting 0
[  242.780260][ T6634] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  242.783207][ T6634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.787102][ T6634] usb 2-1: Product: syz
[  242.788743][ T6634] usb 2-1: Manufacturer: syz
[  242.790408][ T6634] usb 2-1: SerialNumber: syz
[  243.201270][ T6634] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 26 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  243.209412][ T6634] usb 2-1: USB disconnect, device number 26
[  243.218931][ T6634] usblp0: removed
[  243.776793][T11170] netlink: 'syz.1.2071': attribute type 13 has an invalid length.
[  243.779501][T11170] netlink: 'syz.1.2071': attribute type 17 has an invalid length.
[  243.809835][T11170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  243.861160][T11172] hsr0: entered promiscuous mode
[  243.863678][T11172] macvlan3: entered allmulticast mode
[  243.865596][T11172] hsr0: entered allmulticast mode
[  243.867479][T11172] hsr_slave_0: entered allmulticast mode
[  243.869418][T11172] hsr_slave_1: entered allmulticast mode
[  243.873358][T11172] hsr0: left allmulticast mode
[  243.875651][T11172] hsr_slave_0: left allmulticast mode
[  243.877474][T11172] hsr_slave_1: left allmulticast mode
[  243.890638][   T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  244.047951][   T24] usb 5-1: config 5 has an invalid interface number: 233 but max is 1
[  244.051259][   T24] usb 5-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  244.055100][   T24] usb 5-1: config 5 has no interface number 1
[  244.057318][   T24] usb 5-1: config 5 interface 233 has no altsetting 0
[  244.064514][   T24] usb 5-1: string descriptor 0 read error: -71
[  244.068500][   T24] usb 5-1: New USB device found, idVendor=1e2d, idProduct=0085, bcdDevice=96.e8
[  244.071881][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.077816][   T24] usb 5-1: can't set config #5, error -71
[  244.080847][   T24] usb 5-1: USB disconnect, device number 12
[  244.389774][T11204] netlink: 'syz.1.2088': attribute type 1 has an invalid length.
[  244.440262][T11209] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2090'.
[  244.871693][T11222] ALSA: mixer_oss: invalid OSS volume ''
[  245.017632][T11226] loop4: detected capacity change from 0 to 512
[  245.059669][T11226] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.069606][T11226] ext4 filesystem being mounted at /368/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.093308][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.804583][T11253] loop4: detected capacity change from 0 to 256
[  245.957770][T11257] loop4: detected capacity change from 0 to 64
[  246.443796][   T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  246.615796][   T24] usb 5-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=31.ad
[  246.619515][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.629337][   T24] usb 5-1: config 0 descriptor??
[  246.640333][   T24] gspca_main: tv8532-2.14.0 probing 0545:808b
[  246.896571][   T24] usb 5-1: USB disconnect, device number 13
[  247.042778][T11295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2125'.
[  248.364041][T11324] loop4: detected capacity change from 0 to 512
[  248.377744][T11324] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #12: comm syz.4.2137: corrupted in-inode xattr: invalid ea_ino
[  248.396942][T11324] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2137: couldn't read orphan inode 12 (err -117)
[  248.411803][T11324] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  248.438877][T11329] netlink: 'syz.1.2139': attribute type 1 has an invalid length.
[  248.476437][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.633313][T11349] loop4: detected capacity change from 0 to 128
[  249.729953][   T33] audit: type=1804 audit(1757451120.472:66): pid=11361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2153" name="file0" dev="ramfs" ino=23562 res=1 errno=0
[  250.095269][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2160'.
[  250.098922][T11375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2160'.
[  250.102546][T11375] netlink: 'syz.2.2160': attribute type 20 has an invalid length.
[  250.109763][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2160'.
[  250.113372][T11375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2160'.
[  250.117535][T11375] netlink: 'syz.2.2160': attribute type 20 has an invalid length.
[  250.224631][T11381] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2162'.
[  250.508501][T11398] PKCS7: Unknown OID: [5] (bad)
[  250.514706][T11398] PKCS7: Only support pkcs7_signedData type
[  250.719591][T11408] loop4: detected capacity change from 0 to 32768
[  250.757068][T11415] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2179'.
[  250.762128][T11408] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only
[  250.762140][T11408]   allowing incompatible features above 0.0: (unknown version)
[  250.762145][T11408]   features: lz4
[  250.773938][T11408] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  250.791154][T11408] bcachefs (loop4): invalid journal entry, version=1.7: mi_btree_bitmap type=btree_root in superblock: invalid btree root journal entry: wrong number of keys, shutting down
[  250.791208][T11408]   error not marked as autofix and not in fsck
[  250.791215][T11408]   run fsck, and forward to devs so error can be marked for self-healing
[  250.791222][T11408]   emergency read only at seq 0
[  250.807212][T11408] bcachefs (loop4): error in recovery: fsck_errors_not_fixed
[  250.810059][T11408] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  250.814039][T11408] bcachefs (loop4): shutting down
[  250.827700][T11408] bcachefs (loop4): shutdown complete
[  250.883996][ T5957] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  250.899254][T11421] 9pnet_fd: Insufficient options for proto=fd
[  251.039332][ T5957] usb 2-1: config 0 has an invalid interface number: 50 but max is 0
[  251.042915][ T5957] usb 2-1: config 0 has no interface number 0
[  251.047906][ T5957] usb 2-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=87.f7
[  251.051711][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.055813][ T5957] usb 2-1: Product: syz
[  251.057674][ T5957] usb 2-1: Manufacturer: syz
[  251.059723][ T5957] usb 2-1: SerialNumber: syz
[  251.065578][ T5957] usb 2-1: config 0 descriptor??
[  251.081890][ T5957] ttusb_dec_send_command: command bulk message failed: error -22
[  251.087708][ T5957] ttusb-dec 2-1:0.50: probe with driver ttusb-dec failed with error -22
[  251.279737][ T5957] usb 2-1: USB disconnect, device number 27
[  251.414802][T11408] bcachefs: bch2_fs_get_tree() error: fsck_errors_not_fixed
[  251.831353][T11434] bond1: entered promiscuous mode
[  251.837788][T11434] bond1: entered allmulticast mode
[  251.840445][T11434] 8021q: adding VLAN 0 to HW filter on device bond1
[  252.296849][T11461] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2200'.
[  252.300475][T11461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2200'.
[  252.544021][T11473] ieee802154 phy0 wpan0: encryption failed: -22
[  252.605486][T11477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  253.048719][T11512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2224'.
[  253.057342][T11512] bridge_slave_0: default FDB implementation only supports local addresses
[  253.828569][T11526] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2231'.
[  254.152013][T11547] 9pnet_fd: Insufficient options for proto=fd
[  254.155637][ T5970] kernel write not supported for file /1568/gid_map (pid: 5970 comm: kworker/1:4)
[  254.212205][T11552] netlink: 'syz.1.2244': attribute type 10 has an invalid length.
[  254.240191][T11554] pimreg: entered allmulticast mode
[  254.734452][T11567] loop4: detected capacity change from 0 to 512
[  254.738095][T11567] EXT4-fs (loop4): Test dummy encryption mode enabled
[  254.740653][T11567] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  254.748527][T11567] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.2251: bad orphan inode 131083
[  254.753101][T11567] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.785114][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.833502][ T5912] Bluetooth: hci0: unexpected event for opcode 0x0804
[  254.950542][T11587] loop4: detected capacity change from 0 to 256
[  254.968558][T11587] exFAT-fs (loop4): start_clu is invalid cluster(0x400)
[  255.032390][T11591] comedi comedi0: pcmda12: I/O port conflict (0x8,16)
[  255.147002][T11596] loop4: detected capacity change from 0 to 512
[  255.160729][T11596] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.166290][T11596] ext4 filesystem being mounted at /396/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  255.267895][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.436647][ T1366] ieee802154 phy0 wpan0: encryption failed: -22
[  255.439537][ T1366] ieee802154 phy1 wpan1: encryption failed: -22
[  255.547993][T11603] loop4: detected capacity change from 0 to 32768
[  255.636637][T11603] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  255.636661][T11603]   allowing incompatible features above 0.0: (unknown version)
[  255.636668][T11603]   features: 
[  255.655044][T11603] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  255.658470][T11603] bcachefs (loop4): initializing new filesystem
[  255.669245][T11603] bcachefs (loop4): going read-write
[  255.689671][T11603] bcachefs (loop4): marking superblocks
[  255.741644][T11603] bcachefs (loop4): initializing freespace
[  255.761422][T11603] bcachefs (loop4): done initializing freespace
[  255.781263][T11603] bcachefs (loop4): reading snapshots table
[  255.792452][T11603] bcachefs (loop4): reading snapshots done
[  255.831756][T11603] bcachefs (loop4): done starting filesystem
[  255.919955][T11603] syz.4.2267 (11603) used greatest stack depth: 16056 bytes left
[  255.979644][ T7681] bcachefs (loop4): shutting down
[  255.986235][ T7681] bcachefs (loop4): going read-only
[  255.988689][ T7681] bcachefs (loop4): finished waiting for writes to stop
[  256.008814][ T7681] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[  256.093790][ T7681] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  256.117418][ T7681] bcachefs (loop4): clean shutdown complete, journal seq 4
[  256.121393][ T7681] bcachefs (loop4): marking filesystem clean
[  256.241851][ T7681] bcachefs (loop4): shutdown complete
[  257.429728][T11673] netlink: 'syz.2.2294': attribute type 10 has an invalid length.
[  257.439556][T11673] team0: Device veth1_macvtap failed to register rx_handler
[  257.588121][T11679] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2273'.
[  257.674723][T11681] loop4: detected capacity change from 0 to 4096
[  257.679152][T11681] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  257.708187][T11681] ntfs3(loop4): ino=19, mi_enum_attr
[  257.710326][T11681] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  257.726299][T11681] ntfs3(loop4): failed to convert "c46c" to cp932
[  257.737243][T11681] ntfs3(loop4): ino=20, mi_enum_attr
[  257.837147][T11688] loop4: detected capacity change from 0 to 4096
[  257.854589][T11688] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  257.857460][T11688] ntfs3(loop4): Failed to initialize $Secure::$SII (-22).
[  257.863630][T11688] ntfs3(loop4): Failed to initialize $Secure (-22).
[  257.866680][T11688] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22.
[  257.922095][T11690] CIFS: VFS: Malformed UNC in devname
[  257.970118][T11692] loop4: detected capacity change from 0 to 1024
[  257.974756][T11692] EXT4-fs: Ignoring removed bh option
[  257.977163][T11692] EXT4-fs: Ignoring removed nobh option
[  257.979854][T11692] EXT4-fs: Ignoring removed bh option
[  257.999160][T11692] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.158930][ T5912] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  259.162581][ T5912] Bluetooth: hci0: Injecting HCI hardware error event
[  259.169231][ T5912] Bluetooth: hci0: hardware error 0x00
[  259.227867][T11705] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.2302: Allocating blocks 497-513 which overlap fs metadata
[  259.253076][T11705] EXT4-fs (loop4): pa ffff8881070020e8: logic 256, phys. 385, len 8
[  259.257970][T11705] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[  259.379685][T11708] input: syz0 as /devices/virtual/input/input13
[  259.550980][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.626965][T11715] loop4: detected capacity change from 0 to 256
[  260.047361][T11738] netlink: 'syz.1.2315': attribute type 2 has an invalid length.
[  260.050682][T11738] netlink: 1184 bytes leftover after parsing attributes in process `syz.1.2315'.
[  260.099771][T11744] Bluetooth: MGMT ver 1.23
[  260.415566][T11764] wg1: entered promiscuous mode
[  260.417574][T11764] wg1: entered allmulticast mode
[  260.559896][T11772] dlm: no local IP address has been set
[  260.564188][T11772] dlm: cannot start dlm midcomms -107
[  260.583049][T11772] loop4: detected capacity change from 0 to 512
[  260.588464][T11772] msdos: Bad value for 'tz'
[  260.723585][ T5943] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  260.876593][ T5943] usb 2-1: Using ep0 maxpacket: 8
[  260.924272][ T5943] usb 2-1: config index 0 descriptor too short (expected 19222, got 18)
[  260.938964][ T5943] usb 2-1: config 28 has too many interfaces: 241, using maximum allowed: 32
[  260.943108][ T5943] usb 2-1: config 28 has 1 interface, different from the descriptor's value: 241
[  260.952338][ T5943] usb 2-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=62.0d
[  260.958026][ T5943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.962402][ T5943] usb 2-1: Product: syz
[  260.965981][ T5943] usb 2-1: Manufacturer: syz
[  260.968209][ T5943] usb 2-1: SerialNumber: syz
[  261.025547][T11777] overlayfs: failed to clone upperpath
[  261.218810][ T5943] usb 2-1: USB disconnect, device number 28
[  261.273854][ T5912] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  262.098257][T11797] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2343'.
[  262.265491][T11807] xt_l2tp: v2 tid > 0xffff: 37482740
[  262.289807][ T5912] Bluetooth: hci1: unexpected event for opcode 0x202f
[  262.594226][T11831] bond_slave_0: entered promiscuous mode
[  262.596486][T11831] bond_slave_1: entered promiscuous mode
[  262.598868][T11831] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  262.691981][T11831] macsec1: entered promiscuous mode
[  262.701240][T11831] bond0: entered promiscuous mode
[  262.727528][T11831] macsec1: entered allmulticast mode
[  262.736943][T11831] bond0: entered allmulticast mode
[  262.743225][T11831] bond_slave_0: entered allmulticast mode
[  262.753828][T11831] bond_slave_1: entered allmulticast mode
[  262.763967][T11831] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  262.822009][T11831] bond0: left allmulticast mode
[  262.830459][T11831] bond_slave_0: left allmulticast mode
[  262.840240][T11831] bond_slave_1: left allmulticast mode
[  262.843578][T11831] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  262.848657][T11831] bond0: left promiscuous mode
[  262.853902][T11831] bond_slave_0: left promiscuous mode
[  262.856118][T11831] bond_slave_1: left promiscuous mode
[  262.858212][T11831] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[  263.295271][ T5943] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  263.453555][ T5943] usb 2-1: Using ep0 maxpacket: 32
[  263.467270][ T5943] usb 2-1: config 0 has an invalid interface number: 231 but max is 0
[  263.470863][ T5943] usb 2-1: config 0 has no interface number 0
[  263.473839][ T5943] usb 2-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  263.483732][ T5943] usb 2-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  263.492057][ T5943] usb 2-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b
[  263.496251][ T5943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.499491][ T5943] usb 2-1: Product: syz
[  263.516386][ T5943] usb 2-1: Manufacturer: syz
[  263.522052][ T5943] usb 2-1: SerialNumber: syz
[  263.530548][ T5943] usb 2-1: config 0 descriptor??
[  263.533318][T11842] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  263.544610][T11842] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  263.575525][ T5943] plusb 2-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.1-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 5a:c3:2b:c8:21:3d
[  263.686712][T11868] loop4: detected capacity change from 0 to 128
[  263.715187][T11868] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  263.725096][T11868] ext4 filesystem being mounted at /431/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  263.760493][   T24] usb 2-1: USB disconnect, device number 29
[  263.772974][   T24] plusb 2-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.1-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1
[  263.776101][T11874] team0: Device is already in use.
[  263.818515][ T7681] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  264.025787][T11889] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2384'.
[  264.343022][T11894] loop4: detected capacity change from 0 to 40427
[  264.347239][T11894] F2FS-fs (loop4): Image doesn't support compression
[  264.349550][T11894] F2FS-fs (loop4): build fault injection rate: 690
[  264.352638][T11894] F2FS-fs (loop4): invalid crc value
[  264.420580][T11894] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  264.442085][T11894] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  264.536854][ T7681] syz-executor: attempt to access beyond end of device
[  264.536854][ T7681] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  264.544444][ T7681] CPU: 0 UID: 0 PID: 7681 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  264.544465][ T7681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  264.544473][ T7681] Call Trace:
[  264.544479][ T7681]  <TASK>
[  264.544485][ T7681]  dump_stack_lvl+0x189/0x250
[  264.544511][ T7681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.544527][ T7681]  ? __pfx_queue_work_on+0x10/0x10
[  264.544541][ T7681]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  264.544559][ T7681]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  264.544587][ T7681]  f2fs_handle_critical_error+0x37c/0x540
[  264.544610][ T7681]  f2fs_write_end_io+0x886/0xb60
[  264.544639][ T7681]  __submit_merged_bio+0x27a/0x6a0
[  264.544662][ T7681]  __submit_merged_write_cond+0x255/0x530
[  264.544685][ T7681]  f2fs_write_data_pages+0x261d/0x3000
[  264.544724][ T7681]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  264.544780][ T7681]  ? folios_put_refs+0x559/0x640
[  264.544803][ T7681]  ? __pfx_folios_put_refs+0x10/0x10
[  264.544813][ T7681]  ? rcu_is_watching+0x15/0xb0
[  264.544833][ T7681]  ? __lock_acquire+0xab9/0xd20
[  264.544862][ T7681]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  264.544875][ T7681]  do_writepages+0x32e/0x550
[  264.544898][ T7681]  ? do_raw_spin_unlock+0x4d/0x240
[  264.544914][ T7681]  filemap_fdatawrite+0x199/0x240
[  264.544930][ T7681]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  264.544984][ T7681]  ? do_raw_spin_unlock+0x4d/0x240
[  264.545001][ T7681]  f2fs_sync_dirty_inodes+0x31f/0x830
[  264.545024][ T7681]  f2fs_write_checkpoint+0x95a/0x1df0
[  264.545056][ T7681]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  264.545103][ T7681]  ? kill_f2fs_super+0x298/0x6c0
[  264.545119][ T7681]  kill_f2fs_super+0x2c3/0x6c0
[  264.545133][ T7681]  ? __pfx_kill_f2fs_super+0x10/0x10
[  264.545142][ T7681]  ? radix_tree_delete_item+0x2b6/0x400
[  264.545165][ T7681]  ? shrinker_free+0x2ce/0x3e0
[  264.545180][ T7681]  deactivate_locked_super+0xbc/0x130
[  264.545197][ T7681]  cleanup_mnt+0x425/0x4c0
[  264.545211][ T7681]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.545225][ T7681]  task_work_run+0x1d4/0x260
[  264.545242][ T7681]  ? __pfx_task_work_run+0x10/0x10
[  264.545256][ T7681]  ? __x64_sys_umount+0x122/0x160
[  264.545275][ T7681]  ? exit_to_user_mode_loop+0x40/0x110
[  264.545318][ T7681]  exit_to_user_mode_loop+0xec/0x110
[  264.545336][ T7681]  do_syscall_64+0x2bd/0x3b0
[  264.545348][ T7681]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.545359][ T7681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.545369][ T7681]  ? exc_page_fault+0x9f/0xf0
[  264.545382][ T7681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.545392][ T7681] RIP: 0033:0x7f407558ff17
[  264.545405][ T7681] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  264.545415][ T7681] RSP: 002b:00007ffe04b5be18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  264.545428][ T7681] RAX: 0000000000000000 RBX: 00007f4075611c05 RCX: 00007f407558ff17
[  264.545435][ T7681] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe04b5bed0
[  264.545443][ T7681] RBP: 00007ffe04b5bed0 R08: 0000000000000000 R09: 0000000000000000
[  264.545449][ T7681] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe04b5cf60
[  264.545455][ T7681] R13: 00007f4075611c05 R14: 00000000000408c3 R15: 00007ffe04b5cfa0
[  264.545478][ T7681]  </TASK>
[  264.545483][ T7681] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  264.823732][ T5943] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  264.909573][T11910] bridge_slave_0: left allmulticast mode
[  264.912261][T11910] bridge_slave_0: left promiscuous mode
[  264.918822][T11910] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.927005][T11910] bridge_slave_1: left allmulticast mode
[  264.929687][T11910] bridge_slave_1: left promiscuous mode
[  264.932243][T11910] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.946790][T11910] bond0: (slave bond_slave_0): Releasing backup interface
[  264.958328][T11910] bond0: (slave bond_slave_1): Releasing backup interface
[  264.972494][T11910] team0: Port device team_slave_0 removed
[  264.977232][ T5943] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  264.981988][ T5943] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  264.987703][ T5943] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  264.989089][T11910] team0: Port device team_slave_1 removed
[  264.994634][ T5943] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  264.997992][T11910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  265.000713][ T5943] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.005818][T11910] batman_adv: batadv0: Removing interface: batadv_slave_0
[  265.018181][T11910] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  265.019732][ T5943] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  265.021512][T11910] batman_adv: batadv0: Removing interface: batadv_slave_1
[  265.046761][T11910] bond0: (slave wlan1): Releasing backup interface
[  265.047012][ T5943] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2
[  265.080965][T11911] team0: Mode changed to "activebackup"
[  265.084948][T11910] vlan0: entered promiscuous mode
[  265.095907][T11910] team0: Port device vlan0 added
[  265.228149][ T5957] usb 2-1: USB disconnect, device number 30
[  265.358009][T11927] vlan2: entered allmulticast mode
[  265.360041][T11927] hsr0: entered allmulticast mode
[  265.361934][T11927] hsr_slave_0: entered allmulticast mode
[  265.368922][T11927] hsr_slave_1: entered allmulticast mode
[  265.569665][T11943] capability: warning: `syz.4.2407' uses 32-bit capabilities (legacy support in use)
[  265.690902][T11949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2410'.
[  265.695461][T11949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2410'.
[  265.895852][T11961] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  265.920415][T11963] overlayfs: failed to clone upperpath
[  265.983977][ T5943] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  266.000759][T11972] sock: sock_set_timeout: `syz.1.2422' (pid 11972) tries to set negative timeout
[  266.138669][ T5943] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[  266.152822][ T5943] usb 5-1: config 0 has no interface number 0
[  266.155755][ T5943] usb 5-1: config 0 interface 101 has no altsetting 0
[  266.162304][ T5943] usb 5-1: New USB device found, idVendor=12d1, idProduct=1c1f, bcdDevice=ef.18
[  266.176023][ T5943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.179528][ T5943] usb 5-1: Product: syz
[  266.181368][ T5943] usb 5-1: Manufacturer: syz
[  266.185246][ T5943] usb 5-1: SerialNumber: syz
[  266.194397][ T5943] usb 5-1: config 0 descriptor??
[  266.199982][ T5943] usb 5-1: bad CDC descriptors
[  266.207049][ T5943] option 5-1:0.101: GSM modem (1-port) converter detected
[  266.432521][ T5943] usb 5-1: USB disconnect, device number 14
[  266.436483][ T5943] option 5-1:0.101: device disconnected
[  267.134018][T12001] netlink: 'syz.4.2434': attribute type 62 has an invalid length.
[  267.313313][T12015] loop4: detected capacity change from 0 to 4096
[  267.317246][T12015] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  267.415816][T12019] loop4: detected capacity change from 0 to 64
[  267.420019][T12019] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  267.513540][ T5970] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  267.685584][ T5970] usb 2-1: Using ep0 maxpacket: 32
[  267.689766][ T5970] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  267.696221][ T5970] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  267.700014][ T5970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.705867][ T5970] usb 2-1: Product: syz
[  267.707718][ T5970] usb 2-1: Manufacturer: syz
[  267.709599][ T5970] usb 2-1: SerialNumber: syz
[  267.714708][ T5970] usb 2-1: config 0 descriptor??
[  267.722153][T12013] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  267.729693][ T5970] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input14
[  267.830506][T12026] loop4: detected capacity change from 0 to 32768
[  267.834337][T12026] bcachefs (/dev/loop4): error reading default superblock: Invalid superblock: too big (got 4760 bytes, layout max 512)
[  267.838639][T12026] bcachefs (/dev/loop4): error reading superblock: Invalid superblock layout: superblocks overlap
[  267.838639][T12026]   (sb 0 ends at 2047 next starts at 0
[  267.844648][T12026] bcachefs: bch2_fs_get_tree() error: invalid_sb_layout_superblocks_overlap
[  267.929210][T12039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2452'.
[  267.967794][T12044] random: crng reseeded on system resumption
[  267.969534][    C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  267.973974][   T24] usb 2-1: USB disconnect, device number 31
[  268.293658][ T5943] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  268.453563][ T5943] usb 5-1: Using ep0 maxpacket: 8
[  268.457502][ T5943] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  268.461429][T12064] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  268.462095][ T5943] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.470287][ T5943] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.474638][ T5943] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  268.480076][ T5943] usb 5-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  268.486025][ T5943] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.495253][ T5943] usb 5-1: config 0 descriptor??
[  268.526787][T12068] netlink: 'syz.1.2466': attribute type 4 has an invalid length.
[  268.529840][T12068] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2466'.
[  268.538805][T12068] : renamed from bond0 (while UP)
[  269.250317][ T5943] redragon 0003:0C45:760B.0006: unknown main item tag 0x6
[  269.254872][ T5943] redragon 0003:0C45:760B.0006: item fetching failed at offset 7/133
[  269.259629][ T5943] redragon 0003:0C45:760B.0006: probe with driver redragon failed with error -22
[  269.265362][ T5943] usb 5-1: USB disconnect, device number 15
[  270.112454][T12116] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  270.418047][T12121] overlayfs: failed to clone lowerpath
[  270.509186][T12125] netlink: 'syz.1.2491': attribute type 2 has an invalid length.
[  270.861530][   T33] audit: type=1326 audit(1757451397.599:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12130 comm="syz.4.2492" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f407558ebe9 code=0x0
[  270.946579][T12133] netlink: 'syz.4.2494': attribute type 10 has an invalid length.
[  270.957037][T12133] veth0_vlan: entered allmulticast mode
[  270.975348][T12133] team0: Device veth0_vlan is already a lower device of the team interface
[  271.451427][T12156] loop4: detected capacity change from 0 to 40427
[  271.457355][T12156] F2FS-fs (loop4): build fault injection rate: 771
[  271.461963][T12156] F2FS-fs (loop4): invalid crc value
[  271.545602][T12156] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  271.554990][T12156] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  271.941840][ T7681] syz-executor: attempt to access beyond end of device
[  271.941840][ T7681] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  271.949026][ T7681] CPU: 0 UID: 0 PID: 7681 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  271.949041][ T7681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  271.949046][ T7681] Call Trace:
[  271.949050][ T7681]  <TASK>
[  271.949054][ T7681]  dump_stack_lvl+0x189/0x250
[  271.949070][ T7681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.949079][ T7681]  ? __pfx_queue_work_on+0x10/0x10
[  271.949088][ T7681]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  271.949100][ T7681]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  271.949116][ T7681]  f2fs_handle_critical_error+0x37c/0x540
[  271.949131][ T7681]  f2fs_write_end_io+0x886/0xb60
[  271.949147][ T7681]  __submit_merged_bio+0x27a/0x6a0
[  271.949160][ T7681]  __submit_merged_write_cond+0x255/0x530
[  271.949174][ T7681]  f2fs_write_data_pages+0x261d/0x3000
[  271.949196][ T7681]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  271.949228][ T7681]  ? folios_put_refs+0x559/0x640
[  271.949264][ T7681]  ? __lock_acquire+0xab9/0xd20
[  271.949281][ T7681]  ? do_raw_spin_lock+0x121/0x290
[  271.949296][ T7681]  ? do_raw_spin_unlock+0x4d/0x240
[  271.949304][ T7681]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  271.949312][ T7681]  do_writepages+0x32e/0x550
[  271.949328][ T7681]  ? do_raw_spin_unlock+0x4d/0x240
[  271.949338][ T7681]  filemap_fdatawrite+0x199/0x240
[  271.949348][ T7681]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  271.949378][ T7681]  ? do_raw_spin_unlock+0x4d/0x240
[  271.949388][ T7681]  f2fs_sync_dirty_inodes+0x31f/0x830
[  271.949403][ T7681]  f2fs_write_checkpoint+0x95a/0x1df0
[  271.949421][ T7681]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  271.949448][ T7681]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  271.949455][ T7681]  ? kfree+0x18e/0x440
[  271.949464][ T7681]  ? kill_f2fs_super+0x298/0x6c0
[  271.949475][ T7681]  kill_f2fs_super+0x2c3/0x6c0
[  271.949484][ T7681]  ? __pfx_kill_f2fs_super+0x10/0x10
[  271.949491][ T7681]  ? radix_tree_delete_item+0x2b6/0x400
[  271.949505][ T7681]  ? shrinker_free+0x2ce/0x3e0
[  271.949515][ T7681]  deactivate_locked_super+0xbc/0x130
[  271.949526][ T7681]  cleanup_mnt+0x425/0x4c0
[  271.949534][ T7681]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.949542][ T7681]  task_work_run+0x1d4/0x260
[  271.949578][ T7681]  ? __pfx_task_work_run+0x10/0x10
[  271.949586][ T7681]  ? __x64_sys_umount+0x122/0x160
[  271.949616][ T7681]  ? exit_to_user_mode_loop+0x40/0x110
[  271.949630][ T7681]  exit_to_user_mode_loop+0xec/0x110
[  271.949640][ T7681]  do_syscall_64+0x2bd/0x3b0
[  271.949648][ T7681]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.949654][ T7681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.949661][ T7681]  ? exc_page_fault+0x9f/0xf0
[  271.949668][ T7681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.949675][ T7681] RIP: 0033:0x7f407558ff17
[  271.949683][ T7681] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  271.949689][ T7681] RSP: 002b:00007ffe04b5be18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  271.949699][ T7681] RAX: 0000000000000000 RBX: 00007f4075611c05 RCX: 00007f407558ff17
[  271.949705][ T7681] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe04b5bed0
[  271.949709][ T7681] RBP: 00007ffe04b5bed0 R08: 0000000000000000 R09: 0000000000000000
[  271.949713][ T7681] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe04b5cf60
[  271.949718][ T7681] R13: 00007f4075611c05 R14: 00000000000425c0 R15: 00007ffe04b5cfa0
[  271.949731][ T7681]  </TASK>
[  271.949734][ T7681] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  272.508771][T12196] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2519'.
[  273.023594][ T5943] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  273.066817][T12235] Invalid ELF header magic: != ELF
[  273.183557][ T5943] usb 5-1: Using ep0 maxpacket: 8
[  273.187883][ T5943] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  273.192337][ T5943] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  273.197103][ T5943] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  273.202770][ T5943] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  273.206951][ T5943] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.214918][ T5943] usbtmc 5-1:16.0: bulk endpoints not found
[  273.393812][ T5970] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  273.418457][ T5943] usb 5-1: USB disconnect, device number 16
[  273.543644][ T5970] usb 2-1: Using ep0 maxpacket: 32
[  273.548994][ T5970] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  273.553566][ T5970] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  273.557384][ T5970] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  273.561280][ T5970] usb 2-1: config 1 has no interface number 0
[  273.566530][ T5970] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  273.571099][ T5970] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  273.581977][ T5970] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  273.586126][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.595618][ T5970] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  273.803744][ T5970] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  273.916598][T12273] netlink: 'syz.2.2556': attribute type 30 has an invalid length.
[  274.352112][ T5943] usb 2-1: USB disconnect, device number 32
[  274.373939][ T5943] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  274.939693][T12290] 8021q: adding VLAN 0 to HW filter on device 
[  274.946577][T12290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  276.102901][T12312] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2570'.
[  276.108064][T12312] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2570'.
[  276.861588][T12321] loop4: detected capacity change from 0 to 32768
[  276.874129][T12321] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  276.898630][T12321] XFS (loop4): Ending clean mount
[  276.908410][T12321] XFS (loop4): Quotacheck needed: Please wait.
[  276.927625][T12341] IPv6: Can't replace route, no match found
[  276.947480][T12321] XFS (loop4): Quotacheck: Done.
[  276.992895][ T7681] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  278.908652][T12396] loop4: detected capacity change from 0 to 4096
[  278.913254][T12396] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  278.918051][T12400] sctp: [Deprecated]: syz.2.2602 (pid 12400) Use of int in maxseg socket option.
[  278.918051][T12400] Use struct sctp_assoc_value instead
[  279.109835][T12416] loop4: detected capacity change from 0 to 64
[  279.143030][T12420] 9pnet_fd: Insufficient options for proto=fd
[  279.375163][   T24] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  279.398369][T12443] loop4: detected capacity change from 0 to 128
[  279.405010][T12443] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  279.411161][T12443] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  279.434500][T12445] netlink: 'syz.2.2624': attribute type 10 has an invalid length.
[  279.442856][T12445] 8021q: adding VLAN 0 to HW filter on device batadv0
[  279.451667][T12445] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  279.498577][T12449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2626'.
[  279.537632][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  279.542312][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  279.546269][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.552608][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  279.556637][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.563517][   T24] usb 2-1: Product: syz
[  279.565258][   T24] usb 2-1: Manufacturer: syz
[  279.567335][   T24] usb 2-1: SerialNumber: syz
[  279.578344][   T24] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  279.581331][   T24] cdc_ncm 2-1:1.0: bind() failure
[  279.778126][ T5943] usb 2-1: USB disconnect, device number 33
[  279.997127][T12459] netlink: 'syz.2.2630': attribute type 1 has an invalid length.
[  280.000529][T12459] netlink: 'syz.2.2630': attribute type 2 has an invalid length.
[  281.286635][T12483] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2640'.
[  282.926695][T12526] loop4: detected capacity change from 0 to 8
[  282.935855][   T24] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  282.960338][T12526] SQUASHFS error: zlib decompression failed, data probably corrupt
[  282.965538][T12526] SQUASHFS error: Failed to read block 0x9b: -5
[  282.968410][T12526] SQUASHFS error: Unable to read metadata cache entry [99]
[  282.971705][T12526] SQUASHFS error: Unable to read inode 0x127
[  283.018252][T12528] loop4: detected capacity change from 0 to 1024
[  283.097939][   T24] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  283.104651][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  283.110834][   T24] usb 2-1: config 0 has no interface number 0
[  283.118282][   T24] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  283.134332][   T24] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  283.137990][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.143011][   T24] usb 2-1: Product: syz
[  283.147490][   T24] usb 2-1: Manufacturer: syz
[  283.151465][   T24] usb 2-1: SerialNumber: syz
[  283.159851][T12534] loop4: detected capacity change from 0 to 1024
[  283.166158][   T24] usb 2-1: config 0 descriptor??
[  283.200735][T12534] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  283.209835][T12534] ext4 filesystem being mounted at /516/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  283.248999][ T7681] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.672802][ T5970] usb 2-1: USB disconnect, device number 34
[  287.130914][   T33] audit: type=1326 audit(1757451413.869:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12591 comm="syz.4.2686" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f407558ebe9 code=0x0
[  287.231551][T12601] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  287.237063][T12601] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  287.239711][T12601] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  287.242496][T12601] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  287.354695][T12612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2695'.
[  287.357798][T12612] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2695'.
[  287.593710][   T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  287.763871][   T24] usb 5-1: Using ep0 maxpacket: 32
[  287.768746][   T24] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  287.772290][   T24] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  287.781698][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  287.787457][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  287.791252][   T24] usb 5-1: config 1 has no interface number 0
[  287.796687][   T24] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  287.800515][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.812964][   T24] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  288.019344][T12631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2705'.
[  288.083357][   T24] snd_usb_pod 5-1:1.1: set_interface failed
[  288.087103][   T24] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  288.090044][   T24] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -71
[  288.094562][   T24] usb 5-1: USB disconnect, device number 17
[  288.745976][T12641] loop4: detected capacity change from 0 to 2048
[  288.752716][T12641] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  289.005802][T12653] openvswitch: netlink: IPv4 frag type 32 is out of range max 2
[  289.115438][T12661] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2718'.
[  289.205809][T12667] veth3: entered promiscuous mode
[  289.386045][T12672] netlink: 'syz.1.2724': attribute type 3 has an invalid length.
[  289.901856][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  289.907712][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  289.912589][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  289.915840][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  289.919561][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  290.066995][T12682] chnl_net:caif_netlink_parms(): no params data found
[  290.131366][T12682] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.133993][T12682] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.136416][T12682] bridge_slave_0: entered allmulticast mode
[  290.139251][T12682] bridge_slave_0: entered promiscuous mode
[  290.144772][T12682] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.147395][T12682] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.147882][T12699] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  290.149791][T12682] bridge_slave_1: entered allmulticast mode
[  290.156836][T12682] bridge_slave_1: entered promiscuous mode
[  290.180392][T12682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.185681][T12682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.209591][T12682] team0: Port device team_slave_0 added
[  290.213208][T12682] team0: Port device team_slave_1 added
[  290.373374][T12682] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.384187][T12682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.395743][T12682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.409781][T12682] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.412694][T12682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.430477][T12682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.723332][T12682] hsr_slave_0: entered promiscuous mode
[  290.729615][T12682] hsr_slave_1: entered promiscuous mode
[  290.735519][T12682] debugfs: 'hsr0' already exists in 'hsr'
[  290.739667][T12682] Cannot create hsr debugfs directory
[  291.510431][T12682] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  291.535173][T12682] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  291.551379][T12682] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  291.568433][T12682] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  291.843398][T12682] 8021q: adding VLAN 0 to HW filter on device bond0
[  291.876853][T12682] 8021q: adding VLAN 0 to HW filter on device team0
[  291.893482][  T704] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.896529][  T704] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.909054][   T33] audit: type=1326 audit(1757451418.649:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.1.2738" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  291.912614][  T704] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.921979][  T704] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.928422][   T33] audit: type=1326 audit(1757451418.649:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.1.2738" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x7ffc0000
[  291.995141][ T5239] Bluetooth: hci0: command tx timeout
[  292.126905][T12682] 8021q: adding VLAN 0 to HW filter on device batadv0
[  292.347476][T12682] veth0_vlan: entered promiscuous mode
[  292.361169][T12682] veth1_vlan: entered promiscuous mode
[  292.397541][T12754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2749'.
[  292.411828][T12682] veth0_macvtap: entered promiscuous mode
[  292.425683][T12682] veth1_macvtap: entered promiscuous mode
[  292.456372][T12682] batman_adv: batadv0: Interface activated: batadv_slave_0
[  292.462784][T12682] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.549403][ T5920] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.572672][ T5920] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.602383][ T5920] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.615407][ T5920] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.092774][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.099556][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.217224][  T704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.221377][  T704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.522418][T12774] loop5: detected capacity change from 0 to 1764
[  293.564932][T12774] iso9660: Corrupted directory entry in block 2 of inode 1920
[  294.075142][ T5239] Bluetooth: hci0: command tx timeout
[  294.103553][ T6634] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  294.342559][T12794] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  294.369965][ T6634] usb 6-1: Using ep0 maxpacket: 16
[  294.377169][ T6634] usb 6-1: config 0 has an invalid interface number: 68 but max is 0
[  294.380499][ T6634] usb 6-1: config 0 has no interface number 0
[  294.383022][ T6634] usb 6-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  294.399578][ T6634] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  294.402839][ T6634] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.406271][ T6634] usb 6-1: Product: syz
[  294.407574][ T6634] usb 6-1: Manufacturer: syz
[  294.409047][ T6634] usb 6-1: SerialNumber: syz
[  294.413080][ T6634] usb 6-1: config 0 descriptor??
[  294.415936][T12784] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  294.436226][T12800] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2764'.
[  294.445983][ T6634] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  294.632047][   T13] usb 6-1: Failed to submit usb control message: -71
[  294.636689][  T792] usb 6-1: USB disconnect, device number 2
[  294.643598][   T13] usb 6-1: unable to send the bmi data to the device: -71
[  294.653919][   T13] usb 6-1: unable to get target info from device
[  294.656537][   T13] usb 6-1: could not get target info (-71)
[  294.658892][   T13] usb 6-1: could not probe fw (-71)
[  295.187232][T12824] loop5: detected capacity change from 0 to 16
[  295.191212][T12824] erofs (device loop5): mounted with root inode @ nid 36.
[  295.235718][ T5970] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  295.413516][ T5970] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  295.417445][ T5970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  295.432025][ T5970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64
[  295.436468][ T5970] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  295.439913][T12842] loop5: detected capacity change from 0 to 256
[  295.452408][ T5970] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  295.457399][ T5970] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  295.459500][T12842] FAT-fs (loop5): Directory bread(block 64) failed
[  295.460617][ T5970] usb 2-1: Manufacturer: syz
[  295.467890][T12842] FAT-fs (loop5): Directory bread(block 65) failed
[  295.467989][ T5970] usb 2-1: config 0 descriptor??
[  295.470673][T12842] FAT-fs (loop5): Directory bread(block 66) failed
[  295.478171][T12842] FAT-fs (loop5): Directory bread(block 67) failed
[  295.480801][T12842] FAT-fs (loop5): Directory bread(block 68) failed
[  295.484350][T12842] FAT-fs (loop5): Directory bread(block 69) failed
[  295.487222][T12842] FAT-fs (loop5): Directory bread(block 70) failed
[  295.490188][T12842] FAT-fs (loop5): Directory bread(block 71) failed
[  295.493063][T12842] FAT-fs (loop5): Directory bread(block 72) failed
[  295.498003][T12842] FAT-fs (loop5): Directory bread(block 73) failed
[  295.605864][T12844] loop5: detected capacity change from 0 to 2048
[  295.610325][T12844] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051
[  295.624745][T12844] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  295.642567][   T33] audit: type=1800 audit(1757451422.379:71): pid=12844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2780" name="file1" dev="loop5" ino=1346 res=0 errno=0
[  295.744176][ T5970] rc_core: IR keymap rc-hauppauge not found
[  295.746573][ T5970] Registered IR keymap rc-empty
[  295.753867][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.786045][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.816169][ T5970] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  295.832853][ T5970] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input15
[  295.857165][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.893901][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.924141][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.948114][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.974034][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  295.994724][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  296.015698][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  296.035487][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  296.055357][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  296.075932][ T5970] mceusb 2-1:0.0: Error: mce write urb status = -71
[  296.105814][ T5970] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  296.109386][ T5970] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  296.114439][ T5970] usb 2-1: USB disconnect, device number 35
[  296.214468][ T5239] Bluetooth: hci0: command tx timeout
[  296.617722][T12872] Bluetooth: MGMT ver 1.23
[  298.233977][ T5239] Bluetooth: hci0: command tx timeout
[  299.262836][T12942] loop5: detected capacity change from 0 to 1024
[  299.267361][T12942] EXT4-fs: Ignoring removed nobh option
[  299.270318][T12942] EXT4-fs: Ignoring removed bh option
[  299.291501][T12942] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.635297][T12953] overlayfs: conflicting lowerdir path
[  300.196118][T12682] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.354157][ T5912] Bluetooth: hci0: command 0x0405 tx timeout
[  301.508437][T13005] netlink: 'syz.2.2849': attribute type 1 has an invalid length.
[  301.578996][T13009] 9pnet_fd: Insufficient options for proto=fd
[  301.913734][ T5943] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  302.068448][ T5943] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.077367][ T5943] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.081674][ T5943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  302.095602][ T5943] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  302.120990][ T5943] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  302.125454][ T5943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.128687][ T5943] usb 2-1: Product: syz
[  302.130340][ T5943] usb 2-1: Manufacturer: syz
[  302.132267][ T5943] usb 2-1: SerialNumber: syz
[  302.158245][ T5943] usb 2-1: config 0 descriptor??
[  302.164992][ T5943] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected
[  302.186402][ T5943] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[  302.192299][ T5943] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[  302.385588][ T5943] usb 2-1: USB disconnect, device number 36
[  302.392100][ T5943] garmin_gps 2-1:0.0: device disconnected
[  302.470152][T13046] all: renamed from lo (while UP)
[  303.042437][T13062] loop5: detected capacity change from 0 to 32768
[  303.869007][T13093] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2887'.
[  303.878478][T13093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2887'.
[  303.926235][   T33] audit: type=1326 audit(1757451686.666:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13098 comm="syz.1.2889" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaf558ebe9 code=0x0
[  304.390590][T13109] loop5: detected capacity change from 0 to 2048
[  304.447907][T13109] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.485834][T13109] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.857174][T12682] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.589091][T13123] loop5: detected capacity change from 0 to 16
[  305.659921][T13123] erofs (device loop5): mounted with root inode @ nid 36.
[  305.900206][T13149] loop5: detected capacity change from 0 to 164
[  305.915429][T13149] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[  305.988511][ T5912] Bluetooth: hci0: hcon ffff88810f448000 sent 1 < count 13
[  305.996533][T13156] Bluetooth: hci0: invalid length 0, exp 2 for type 13
[  306.995630][   T24] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  307.152946][   T24] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  307.159184][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.412897][   T24] usb 2-1: config 0 descriptor??
[  307.420877][   T24] cp210x 2-1:0.0: cp210x converter detected
[  307.607305][T13188] nftables ruleset with unbound chain
[  307.666388][T13190] netlink: 'syz.2.2924': attribute type 4 has an invalid length.
[  307.838072][   T24] usb 2-1: cp210x converter now attached to ttyUSB0
[  308.031091][ T5957] usb 2-1: USB disconnect, device number 37
[  308.042415][ T5957] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  308.052901][ T5957] cp210x 2-1:0.0: device disconnected
[  308.557646][T13230] loop5: detected capacity change from 0 to 164
[  308.587221][T13230] syz.5.2943: attempt to access beyond end of device
[  308.587221][T13230] loop5: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  308.592388][T13230] syz.5.2943: attempt to access beyond end of device
[  308.592388][T13230] loop5: rw=0, sector=263328, nr_sectors = 4 limit=164
[  308.606838][   T33] audit: type=1800 audit(1757451691.346:73): pid=13230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2943" name="file0" dev="overlay" ino=1862 res=0 errno=0
[  308.746313][T13250] netlink: 1041 bytes leftover after parsing attributes in process `syz.5.2953'.
[  309.481869][T13281] bridge0: entered promiscuous mode
[  309.486057][T13281] macvlan3: entered promiscuous mode
[  310.572701][T13309] netlink: 'syz.2.2979': attribute type 5 has an invalid length.
[  311.234950][T13329] loop5: detected capacity change from 0 to 32768
[  311.241023][T13329] bcachefs (/dev/loop5): error validating superblock: Invalid superblock layout: too many superblocks
[  311.253761][T13329] bcachefs: bch2_fs_get_tree() error: invalid_sb_layout_nr_superblocks
[  311.684698][ T6634] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  311.834304][ T6634] usb 2-1: Using ep0 maxpacket: 16
[  311.842331][ T6634] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  311.846379][ T6634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.849578][ T6634] usb 2-1: Product: syz
[  311.851279][ T6634] usb 2-1: Manufacturer: syz
[  311.853183][ T6634] usb 2-1: SerialNumber: syz
[  311.868438][ T6634] r8152-cfgselector 2-1: Unknown version 0x0000
[  311.871523][ T6634] r8152-cfgselector 2-1: config 0 descriptor??
[  312.300270][ T5957] r8152-cfgselector 2-1: USB disconnect, device number 38
[  312.400338][   T33] audit: type=1800 audit(1757451695.136:74): pid=13372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3009" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  312.969872][T13381] usb usb8: usbfs: process 13381 (syz.1.3013) did not claim interface 0 before use
[  313.003270][ T5912] Bluetooth: hci1: unexpected event for opcode 0x200a
[  313.160648][T13395] netlink: 'syz.5.3019': attribute type 1 has an invalid length.
[  313.166502][T13395] netlink: 'syz.5.3019': attribute type 2 has an invalid length.
[  313.168651][T13394] ------------[ cut here ]------------
[  313.171607][T13395] netlink: 'syz.5.3019': attribute type 1 has an invalid length.
[  313.172543][T13394] RTNL: assertion failed at net/core/dev.c (9342)
[  313.173004][T13394] WARNING: CPU: 0 PID: 13394 at net/core/dev.c:9342 __dev_set_promiscuity+0x569/0x740
[  313.179189][T13395] netlink: 'syz.5.3019': attribute type 2 has an invalid length.
[  313.188202][T13394] Modules linked in:
[  313.190585][T13394] CPU: 0 UID: 0 PID: 13394 Comm: syz.1.3020 Not tainted syzkaller #0 PREEMPT(full) 
[  313.194742][T13394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  313.199152][T13394] RIP: 0010:__dev_set_promiscuity+0x569/0x740
[  313.201812][T13394] Code: ed fb ff ff e8 58 80 5b f8 c6 05 dd 69 29 06 01 90 48 c7 c7 40 26 94 8c 48 c7 c6 40 25 94 8c ba 7e 24 00 00 e8 b8 1b 1f f8 90 <0f> 0b 90 90 e9 06 fb ff ff e8 29 80 5b f8 48 8b 7c 24 08 48 c7 c6
[  313.210236][T13394] RSP: 0018:ffffc90008127820 EFLAGS: 00010246
[  313.212948][T13394] RAX: 8a66ae508d188400 RBX: ffff88803937a000 RCX: 0000000000080000
[  313.216531][T13394] RDX: ffffc90020131000 RSI: 000000000000bc5a RDI: 000000000000bc5b
[  313.220092][T13394] RBP: 0000000000000000 R08: ffffffff8fa3a037 R09: 1ffffffff1f47406
[  313.223650][T13394] R10: dffffc0000000000 R11: fffffbfff1f47407 R12: 00000000ffffffff
[  313.227112][T13394] R13: 0000000000000000 R14: ffff88803937a0b0 R15: 1ffff1100726f416
[  313.230587][T13394] FS:  00007feaf63cd6c0(0000) GS:ffff8880b8615000(0000) knlGS:0000000000000000
[  313.234648][T13394] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  313.237552][T13394] CR2: 000000110c293fa9 CR3: 0000000023ba6000 CR4: 00000000000006f0
[  313.241039][T13394] Call Trace:
[  313.242547][T13394]  <TASK>
[  313.243944][T13394]  ? __hw_addr_add_ex+0x3c5/0x770
[  313.246151][T13394]  __dev_set_rx_mode+0x17c/0x260
[  313.248305][T13394]  dev_mc_add+0xc8/0x120
[  313.250212][T13394]  igmp6_group_added+0x225/0x800
[  313.252414][T13394]  ? __pfx_igmp6_group_added+0x10/0x10
[  313.254915][T13394]  __ipv6_dev_mc_inc+0x897/0xa50
[  313.257117][T13394]  __ipv6_sock_mc_join+0x535/0x9c0
[  313.259293][T13394]  ? _copy_from_user+0x94/0xb0
[  313.261688][T13394]  do_ipv6_setsockopt+0x20f2/0x2eb0
[  313.264125][T13394]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  313.266455][T13394]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  313.268745][T13394]  ? __pfx___might_resched+0x10/0x10
[  313.271003][T13394]  ? __lock_acquire+0xab9/0xd20
[  313.273091][T13394]  ? __pfx_aa_sk_perm+0x10/0x10
[  313.275412][T13394]  ? __fget_files+0x2a/0x420
[  313.277474][T13394]  ? aa_sock_opt_perm+0xff/0x1b0
[  313.279686][T13394]  ipv6_setsockopt+0x59/0x170
[  313.281657][T13394]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  313.284276][T13394]  do_sock_setsockopt+0x17c/0x1b0
[  313.286503][T13394]  __x64_sys_setsockopt+0x13f/0x1b0
[  313.288793][T13394]  do_syscall_64+0xfa/0x3b0
[  313.290807][T13394]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.293078][T13394]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.295843][T13394]  ? exc_page_fault+0x9f/0xf0
[  313.297929][T13394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.300551][T13394] RIP: 0033:0x7feaf558ebe9
[  313.302484][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.310549][T13394] RSP: 002b:00007feaf63cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  313.314176][T13394] RAX: ffffffffffffffda RBX: 00007feaf57c5fa0 RCX: 00007feaf558ebe9
[  313.317640][T13394] RDX: 0000000000000014 RSI: 0000000000000029 RDI: 0000000000000003
[  313.321087][T13394] RBP: 00007feaf5611e19 R08: 0000000000000120 R09: 0000000000000000
[  313.324576][T13394] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000
[  313.327849][T13394] R13: 00007feaf57c6038 R14: 00007feaf57c5fa0 R15: 00007ffd1fd5b498
[  313.331287][T13394]  </TASK>
[  313.332689][T13394] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  313.335870][T13394] CPU: 0 UID: 0 PID: 13394 Comm: syz.1.3020 Not tainted syzkaller #0 PREEMPT(full) 
[  313.339944][T13394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  313.344364][T13394] Call Trace:
[  313.345862][T13394]  <TASK>
[  313.347197][T13394]  dump_stack_lvl+0x99/0x250
[  313.349233][T13394]  ? __asan_memcpy+0x40/0x70
[  313.351303][T13394]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.353554][T13394]  ? __pfx__printk+0x10/0x10
[  313.355603][T13394]  vpanic+0x281/0x750
[  313.357303][T13394]  ? __pfx__printk+0x10/0x10
[  313.359279][T13394]  ? __pfx_vpanic+0x10/0x10
[  313.361282][T13394]  ? is_bpf_text_address+0x26/0x2b0
[  313.363562][T13394]  panic+0xb9/0xc0
[  313.365252][T13394]  ? __pfx_panic+0x10/0x10
[  313.367233][T13394]  __warn+0x31b/0x4b0
[  313.368997][T13394]  ? __dev_set_promiscuity+0x569/0x740
[  313.371386][T13394]  ? __dev_set_promiscuity+0x569/0x740
[  313.373745][T13394]  report_bug+0x2be/0x4f0
[  313.375670][T13394]  ? __dev_set_promiscuity+0x569/0x740
[  313.378080][T13394]  ? __dev_set_promiscuity+0x569/0x740
[  313.380441][T13394]  ? __dev_set_promiscuity+0x56b/0x740
[  313.382832][T13394]  handle_bug+0x84/0x160
[  313.384727][T13394]  exc_invalid_op+0x1a/0x50
[  313.386769][T13394]  asm_exc_invalid_op+0x1a/0x20
[  313.388912][T13394] RIP: 0010:__dev_set_promiscuity+0x569/0x740
[  313.391584][T13394] Code: ed fb ff ff e8 58 80 5b f8 c6 05 dd 69 29 06 01 90 48 c7 c7 40 26 94 8c 48 c7 c6 40 25 94 8c ba 7e 24 00 00 e8 b8 1b 1f f8 90 <0f> 0b 90 90 e9 06 fb ff ff e8 29 80 5b f8 48 8b 7c 24 08 48 c7 c6
[  313.399863][T13394] RSP: 0018:ffffc90008127820 EFLAGS: 00010246
[  313.402536][T13394] RAX: 8a66ae508d188400 RBX: ffff88803937a000 RCX: 0000000000080000
[  313.405867][T13394] RDX: ffffc90020131000 RSI: 000000000000bc5a RDI: 000000000000bc5b
[  313.409255][T13394] RBP: 0000000000000000 R08: ffffffff8fa3a037 R09: 1ffffffff1f47406
[  313.412667][T13394] R10: dffffc0000000000 R11: fffffbfff1f47407 R12: 00000000ffffffff
[  313.416111][T13394] R13: 0000000000000000 R14: ffff88803937a0b0 R15: 1ffff1100726f416
[  313.419479][T13394]  ? __hw_addr_add_ex+0x3c5/0x770
[  313.421709][T13394]  __dev_set_rx_mode+0x17c/0x260
[  313.423913][T13394]  dev_mc_add+0xc8/0x120
[  313.425805][T13394]  igmp6_group_added+0x225/0x800
[  313.428009][T13394]  ? __pfx_igmp6_group_added+0x10/0x10
[  313.430430][T13394]  __ipv6_dev_mc_inc+0x897/0xa50
[  313.432480][T13394]  __ipv6_sock_mc_join+0x535/0x9c0
[  313.434749][T13394]  ? _copy_from_user+0x94/0xb0
[  313.436872][T13394]  do_ipv6_setsockopt+0x20f2/0x2eb0
[  313.439188][T13394]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  313.441614][T13394]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  313.444044][T13394]  ? __pfx___might_resched+0x10/0x10
[  313.446358][T13394]  ? __lock_acquire+0xab9/0xd20
[  313.448533][T13394]  ? __pfx_aa_sk_perm+0x10/0x10
[  313.450678][T13394]  ? __fget_files+0x2a/0x420
[  313.452684][T13394]  ? aa_sock_opt_perm+0xff/0x1b0
[  313.454860][T13394]  ipv6_setsockopt+0x59/0x170
[  313.456954][T13394]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  313.459555][T13394]  do_sock_setsockopt+0x17c/0x1b0
[  313.461806][T13394]  __x64_sys_setsockopt+0x13f/0x1b0
[  313.464131][T13394]  do_syscall_64+0xfa/0x3b0
[  313.466139][T13394]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.468418][T13394]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.471069][T13394]  ? exc_page_fault+0x9f/0xf0
[  313.473025][T13394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.475581][T13394] RIP: 0033:0x7feaf558ebe9
[  313.477567][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.485906][T13394] RSP: 002b:00007feaf63cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  313.489544][T13394] RAX: ffffffffffffffda RBX: 00007feaf57c5fa0 RCX: 00007feaf558ebe9
[  313.492898][T13394] RDX: 0000000000000014 RSI: 0000000000000029 RDI: 0000000000000003
[  313.496385][T13394] RBP: 00007feaf5611e19 R08: 0000000000000120 R09: 0000000000000000
[  313.499887][T13394] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000
[  313.503366][T13394] R13: 00007feaf57c6038 R14: 00007feaf57c5fa0 R15: 00007ffd1fd5b498
[  313.506731][T13394]  </TASK>
[  313.508929][T13394] Kernel Offset: disabled
[  313.510860][T13394] Rebooting in 86400 seconds..

VM DIAGNOSIS:
20:53:04  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000037543 RDI=0000000000037544 RBP=00000000000003f8 RSP=ffffc90008127050
R8 =ffff888106600237 R9 =1ffff11020cc0046 R10=dffffc0000000000 R11=ffffffff854f6e00
R12=dffffc0000000000 R13=ffffffff99b00906 R14=ffffffff99df5420 R15=0000000000000000
RIP=ffffffff854f6e7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007feaf63cd6c0 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c293fa9 CR3=0000000023ba6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007feaf5797498 00007feaf5797470 XMM03=00007feaf57974a8 00007feaf57974a0
XMM04=00007feaf62fd100 00007feaf5797460 XMM05=00007feaf5797478 00007feaf57974c0
XMM06=00007feaf57974b8 00007feaf57974b0 XMM07=00007feaf57974a8 00007feaf57974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007feaf5612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=ffff888108380000
RSI=00000000000000e0 RDI=0000000000000001 RBP=ffffc90006767650 RSP=ffffc900067673a0
R8 =ffffea00041da207 R9 =1ffffd400083b440 R10=dffffc0000000000 R11=fffff9400083b441
R12=ffffea00041da218 R13=1ffffd400083b443 R14=ffffea00041da200 R15=00000000000000e0
RIP=ffffffff82094f4a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f78f4a266c0 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005631bf6f2ce8 CR3=00000000269b6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
