last executing test programs:

2m31.523999521s ago: executing program 0 (id=303):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000b59c00000008000300", @ANYRES32=r2, @ANYBLOB="38002d80"], 0x54}, 0x1, 0x0, 0x0, 0x100000d0}, 0x0)

2m31.449569121s ago: executing program 0 (id=304):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
nanosleep(&(0x7f0000000000)={0x0, 0x3938700}, &(0x7f0000000080))

2m31.44903743s ago: executing program 0 (id=305):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000600)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x28, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x20042000}, 0x40894)

2m31.447756749s ago: executing program 0 (id=306):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000008080)='./file0\x00', r0, 0x0, 0x160)

2m31.38093751s ago: executing program 0 (id=307):
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x6c, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x71}, 0x2c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3, {0x1000}}, './file0\x00'})

2m31.380741447s ago: executing program 0 (id=308):
syz_usb_connect(0x2, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0xde, 0xfa, 0x1a, 0x20, 0x5ac, 0x238, 0xdd7c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x4, 0xf0, 0x0, [{{0x9, 0x4, 0xfc, 0x9, 0x0, 0x3, 0x9d, 0x2}}]}}]}}, 0x0)

2m31.280035475s ago: executing program 32 (id=308):
syz_usb_connect(0x2, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0xde, 0xfa, 0x1a, 0x20, 0x5ac, 0x238, 0xdd7c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x4, 0xf0, 0x0, [{{0x9, 0x4, 0xfc, 0x9, 0x0, 0x3, 0x9d, 0x2}}]}}]}}, 0x0)

2m8.050787385s ago: executing program 1 (id=607):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r0, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
close(0x4)

2m8.050629926s ago: executing program 1 (id=608):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

2m8.004624861s ago: executing program 1 (id=609):
r0 = syz_io_uring_setup(0x1593, &(0x7f0000000200)={0x0, 0xe5dc, 0x8, 0x3, 0x2f0}, &(0x7f0000000280), &(0x7f0000002c00))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, 0x0}, 0xffffffffffffff39)
io_uring_setup(0x5, &(0x7f0000000040)={0x0, 0x3c1d, 0xc000, 0x3, 0x38})
io_uring_register$IORING_UNREGISTER_RING_FDS(r0, 0x15, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000000280)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b32346d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb3655668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

2m7.89053377s ago: executing program 1 (id=610):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file1\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x110)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cb19976d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "64885973ff030000000000000000d01cd3160000ffffff7f0000000000002000", [0x200]})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)

2m7.760905466s ago: executing program 1 (id=611):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf})

2m7.517801721s ago: executing program 1 (id=613):
r0 = socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r2, 0x2)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}}, 0x0)
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1020}], 0x1}}], 0x8, 0x34000, 0x0)

2m7.217422868s ago: executing program 33 (id=613):
r0 = socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r2, 0x2)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}}, 0x0)
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1020}], 0x1}}], 0x8, 0x34000, 0x0)

1m53.540724107s ago: executing program 4 (id=763):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==")
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000"], 0xc0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
r4 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x10100}, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))

1m53.339735274s ago: executing program 4 (id=766):
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)

1m53.280280685s ago: executing program 3 (id=768):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb01001800000000000000140000001400000002000000000000001000000604"], &(0x7f0000000080)=""/159, 0x2e, 0x9f, 0x1}, 0x28)

1m53.18999925s ago: executing program 3 (id=769):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
listen(r0, 0x80000000)

1m53.189759708s ago: executing program 4 (id=770):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0)
r1 = add_key(&(0x7f0000001340)='keyring\x00', &(0x7f0000001380)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, 0x0, 0x0)
keyctl$set_timeout(0xf, r1, 0xfffffffffffffffd)
read$FUSE(r0, &(0x7f0000001580)={0x2020}, 0x2020)

1m53.135424695s ago: executing program 3 (id=771):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)

1m53.135226017s ago: executing program 4 (id=772):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x1010051, &(0x7f00000000c0)={[{@errors_remount}, {@noload}, {@noblock_validity}, {@norecovery}, {@nouid32}, {@nomblk_io_submit}]}, 0x1, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
lstat(&(0x7f0000000300)='./file2\x00', 0x0)

1m53.027895221s ago: executing program 3 (id=773):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00')

1m53.027586001s ago: executing program 3 (id=774):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}})

1m52.96739865s ago: executing program 4 (id=776):
socket$l2tp(0x2, 0x2, 0x73)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r0 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000500)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x30, 0x0, @fd_index=0x5, 0x3, 0x0, 0xffffffff, 0x3})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1m52.746309757s ago: executing program 3 (id=782):
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000040)='./file2\x00', 0xa00000, &(0x7f0000000300)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRES32, @ANYBLOB="47df5e7b86808e20e3d6e7a5596c703f29000000"], 0x1, 0x16b, &(0x7f0000000340)="$eJzs27+KE1EUB+AzSTS72mwtFgM2VkGtLBVZQRxQlBRarbDabCRgmtEqj+ILCpIq3RUzYaJJLIKMI5nva3LIjwvnkj+HO3Avbn+8upzOPkxfLuIky2LwKPJYZnEWvehHZR4AwDFZphTf03A15U+/Rkqp7Y4AgKZV8z+lNDT/AaAr6vl/Gvvn/8OWGgMAGuP8DwDd8/rN2+ePi+L8VZ6fRHybl+NyXL1W+dNnxfm9fOVss2pRluN+nd+v8vz3/FrcWOcP9ubX4+6dKv+ZPXlRbOU347L57QMAAEAnjPLa3vP9aPSnvKp+eT6wdX4fxK3BP9sGAHCA2ecvV+8mk/efVkU/1kX9juJoit7Ox71VDNffifZb3RS9/6ONDhYt/zEBjdv86A9ceNFQQwAAAAAAAAAAAAAAwI5mLg9lf3OzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABr3IwAA///srEdL")
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)

1m52.590658085s ago: executing program 34 (id=782):
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000040)='./file2\x00', 0xa00000, &(0x7f0000000300)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRES32, @ANYBLOB="47df5e7b86808e20e3d6e7a5596c703f29000000"], 0x1, 0x16b, &(0x7f0000000340)="$eJzs27+KE1EUB+AzSTS72mwtFgM2VkGtLBVZQRxQlBRarbDabCRgmtEqj+ILCpIq3RUzYaJJLIKMI5nva3LIjwvnkj+HO3Avbn+8upzOPkxfLuIky2LwKPJYZnEWvehHZR4AwDFZphTf03A15U+/Rkqp7Y4AgKZV8z+lNDT/AaAr6vl/Gvvn/8OWGgMAGuP8DwDd8/rN2+ePi+L8VZ6fRHybl+NyXL1W+dNnxfm9fOVss2pRluN+nd+v8vz3/FrcWOcP9ubX4+6dKv+ZPXlRbOU347L57QMAAEAnjPLa3vP9aPSnvKp+eT6wdX4fxK3BP9sGAHCA2ecvV+8mk/efVkU/1kX9juJoit7Ox71VDNffifZb3RS9/6ONDhYt/zEBjdv86A9ceNFQQwAAAAAAAAAAAAAAwI5mLg9lf3OzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABr3IwAA///srEdL")
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)

1m50.99077201s ago: executing program 4 (id=796):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x200000, @mcast1, 0x6}, 0x1c)

1m50.929247251s ago: executing program 35 (id=796):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x200000, @mcast1, 0x6}, 0x1c)

42.780216938s ago: executing program 2 (id=1638):
r0 = syz_open_dev$dri(&(0x7f0000001100), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000b00)={0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})

42.730138177s ago: executing program 2 (id=1640):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xe}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="06000000040000005b0000008a"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

42.670349462s ago: executing program 2 (id=1642):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=""/227, 0xe3}, 0x1}], 0x1, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

42.510253034s ago: executing program 2 (id=1645):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@jqfmt_vfsv1}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@usrjquota}]}, 0xfe, 0x46c, &(0x7f0000000940)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)

42.377876105s ago: executing program 2 (id=1654):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)

42.047463019s ago: executing program 2 (id=1660):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x100000)
io_setup(0x6, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0xfffd, r0, 0x0}])
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000100)={[0x3]}, 0x8, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffff1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
shutdown(r0, 0x0)

41.976655849s ago: executing program 36 (id=1660):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x100000)
io_setup(0x6, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0xfffd, r0, 0x0}])
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000100)={[0x3]}, 0x8, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffff1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
shutdown(r0, 0x0)

11.66960684s ago: executing program 6 (id=2119):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000040), &(0x7f0000000400)='%pi6   \x00'}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)

11.669453676s ago: executing program 6 (id=2120):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000600)='./file0/file0\x00', 0x0, 0x1)

11.669363822s ago: executing program 6 (id=2121):
io_setup(0x7, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x20, 0x0, 0x0, r1, 0x0, 0x0, 0x9, 0x0, 0x2}])

11.496440622s ago: executing program 6 (id=2122):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000001880)={[{@noadinicb}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x400}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@longad}]}, 0xfd, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file1\x00', 0x4000, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000ac0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]})

11.470967999s ago: executing program 6 (id=2123):
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r0, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7)
write$apparmor_exec(r0, &(0x7f0000000040)={'exec ', ':\x00'}, 0x7)

11.100478052s ago: executing program 6 (id=2127):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r0, 0x8b21, &(0x7f0000000040))

11.071744597s ago: executing program 37 (id=2127):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r0, 0x8b21, &(0x7f0000000040))

2.969283755s ago: executing program 5 (id=2321):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="93378e66cf9b48cb24f73793e9594b1061790c6a3302853a9fa89527996042ab", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg$unix(r1, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/21, 0x15}], 0x1}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)=""/195, 0xc3}], 0x1}}], 0x2, 0x40000022, 0x0)

2.919548747s ago: executing program 5 (id=2322):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000000)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0)

1.554714902s ago: executing program 5 (id=2336):
r0 = openat$userfaultfd(0xffffff9c, &(0x7f00000005c0), 0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000e00)={'gretap0\x00', 0x0})

1.487276621s ago: executing program 5 (id=2337):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f00000001c0)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r4, 0x1}, 0x14}}, 0x0)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x40047452, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x86400, 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
r6 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_UNMAP(r5, 0x3b86, &(0x7f0000000040)={0x18, 0x0, 0x0, 0x100000001})
ioctl$FS_IOC_ENABLE_VERITY(r5, 0x40806685, &(0x7f0000000200)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

608.78687ms ago: executing program 5 (id=2354):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
recvmmsg(r0, &(0x7f0000004e80)=[{{0x0, 0x5f, &(0x7f0000000d40)=[{0x0}, {0x0, 0x2b}, {&(0x7f0000000c00)=""/102, 0x66}, {&(0x7f0000000c80)=""/21, 0x15}, {&(0x7f0000000280)=""/66, 0x42}], 0x5}}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000e80)=""/82, 0x52}, {0x0}], 0x2, &(0x7f0000000340)=""/158, 0x9e}, 0xffffff01}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000004e40)}, 0x2}], 0x4, 0x0, 0x0)

518.234916ms ago: executing program 8 (id=2357):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x14}, @TCA_FQ_ORPHAN_MASK={0x8}]}}]}, 0x40}}, 0x4048000)

517.596442ms ago: executing program 8 (id=2358):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newtaction={0x60, 0x30, 0x53b, 0x70bd2b, 0x0, {0x9}, [{0x4c, 0x1, [@m_sample={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x300, 0xfffffffd, 0xffffffffffffffff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x60}}, 0x0)

489.992429ms ago: executing program 8 (id=2359):
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

421.734444ms ago: executing program 8 (id=2360):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0)

421.46435ms ago: executing program 8 (id=2361):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0)
ioctl$VIDIOC_S_CROP(r0, 0xc0405626, &(0x7f00000000c0)={0x1, {0xa000, 0x6ff6, 0x9a0b, 0x721}})

421.342652ms ago: executing program 8 (id=2362):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='attr/current\x00')
seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0)
write$tun(r0, 0x0, 0x0)

130.259078ms ago: executing program 7 (id=2368):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x34, 0xe, 0xc08}}, 0x120)

130.113421ms ago: executing program 7 (id=2369):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x9)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)=0x7)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000840))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x20, 0x9, 0x10001, 0x0, 0xffffdffffffffffd, 0x40000007, 0x0, 0xfffffffffffffffd, 0x9, 0xfffffffb, 0x1})
ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000340)=0x6)

129.866011ms ago: executing program 7 (id=2370):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x2}, 0x7a)

58.605167ms ago: executing program 7 (id=2371):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000003300)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002ebd7000000000001400000018000180140002006e657464657673696d3000000000000008000300fd0f000005000b000100000008000e000000000008000900010100000500190000000000080009003500000005000c0000000000080011"], 0x6c}, 0x1, 0x0, 0x0, 0x104}, 0x20000050)

58.405183ms ago: executing program 7 (id=2372):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x7, 0x6, 0x8c}, 0x50)

72.686µs ago: executing program 5 (id=2373):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r3, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000002c00)}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000540)="679512f062b8d965651edd4c06c901784e56aa174403ad4134742b71d211c6a85d8bc563c27f754fc2af5351f2f41e867c71c19837f2feba7862e511a47c446cd11c960f018962a53f6cf31a1123ff8092c9ff560701bfc579fa80f9149acafe2a225fed70d9173f0243a55be3c4028da556cf126da9c1b9b8f8e11356", 0x7d}, {&(0x7f0000002d80)="15", 0x1}, {&(0x7f0000000e80)='S', 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000003200)="8c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000380)="01", 0x1}, {&(0x7f00000012c0)="c89339f96fa636ba2f527aaa37159cc815448e015b23284d531bdd25a86c02e88b8f962021a37fd9614193094b27b21bf40bc7b43441ae5179a127ea80e91899e1f10a7045c4412bb7997ff8838923521fe0754832209cd546f4ed81500298511e080ec7059b1c32c07fd26f721c6611b8cb344a3fd8f7a889c50a42881e09d4d7ee7ee6c308a13ae6436c858933dc99f71924b68ae0faf95b0afcd3533bcc32840737f434728a12e99aea5c4ee6a603636560b8d9de530d395181e440c1a025ff8d6f33062f14ba2403a178e32ff2d4ec5d0d2c83233b01a41103ef38daeed650987abebe0e8ba7effc07bb5dbbc9a38a11f082f2c99937942f017c37a59572f5069ca709702ef133aa9730ebb5b72687f6175906dbc32289108cc93e5c84284bc701a0629e12eca8c15e763acd011323b758fdb82a63665c906b176042a6c601b5428722c8f6b795a4effc0d4c9a4b4963ae30e77afa0b473d27f4938b1f081765f30aee60de80b1154e3afc3593cad6a146f1c4e954a6b7535f7c4f1baf0e7280ae8957eb14aecb29cc42be434b6a73840fb4668ab11c7ad5f300d7561aa60619fc26a1bfe8fa4858b8b4282d0c9a86c8c2eed644303c1213114081f9cd2358f6609ed25113de321db6b3efbfea341c7318fdcf6776383d3329f080e2386a708679852ee2c28c2ab423163be97f818424b862486791ce5b8b25836a4f07079b65c7c3b2e797eee7f267e5cf37fb63bb89f6b15c332da46b2a313ff6cd958152701a73601c7d02b74622ba7ff9c2fccb1826a3238b95163edcf5dbb381c666fcd8f0ce22eb182135bd8a32c627e20354f2253edb77efadbb48d512ca030763df825c1dd71d34295dc2e75e0a3054354ca6674e2d16ae319c8f3bf7a7fe1e1e596cc2679444c2b5e84a5caaa40136a41a3a35e2ca053d8e4ff2134c2bd7dc2c5c7ef55579a7b569b5face778afba93a877b622f473d942fef36d909b7c17e2ba3948fc889f377f0bce583835ce70b86ee8c419f77c9fa9da33d5f3fd2f994c2229b59db0670a15d7ba9b8b3245c7c2f83953c046528db1d9626877752071b0389bb18edd4d3797b6846e8746911526b6cfb1da1a206f5d13f69d7a8a76f5dfaf02abdfde171ed51a80ca2146fe8a181df5f9c9e969c1e2113bb355a956dd0139446d7e5b1ae338513459753977c245177ed5ae398bb23ad503739c2d75b99d70af19a2faf0a6922585378c0c881298f5af7dc63f99b40be3aea8c25bb8f599ffc4d47caec400357f2fa0675c5a81141d6b1697a92f7ab1e465361bdec4bc837595cc257aac0bcd3333eef2199c622268f0aafdccf73b3fda6ddef6102aa03c1a07a85509025be45443e71d63e4a8b54cde98554b1dd9a2f431b62d29f0cf67e069c15988b8b78c6c66f7f1d831e6307473250bf66b88c1c326faa8f093f03824980bbddc34e2324754fdaafa45ea1a1cc4baaef3104108c8e7987696d3634aa61cd9af0f2b5e427eff51cc66792a37a6e09278c6457a92a84d2fd23f7a753120758e5ca80582848d537d2704315ee55374ca8204c427c8f1138c901a29f83c0b63fb00dca30a90aa0b81d09fad2bf556100a3f762dcafd44d89936f8d5e037bff746a3d7f769ef8045ca50b1f7e8b24b723f06b5582564133e8d6b9f78c0e0d19c6808b65aa19e0dbd18527e5cf4f1c2a7e9b9dcf996d781b0851b925a02a02a9ec2887fa049d10bf8e3cf99157df4f6708c9b3673e565ad47f3518d45c69e4c18f511a9973938279a0c607d4d5b010b83b7edf9dc91ac7b9dabcabf45f4abf863c87c9671b22421600e6358ab3798afeabb0021b587e125b4f599271228944365b1333e3a9f5cc7211fde35179bc2237a26d11b9ed5387644e34efbffb54c615c7e52efc06b425d43d85227f73d7d7a7435c4bf35c76be6e5daf24785f197710503a7cf3c6bde5d5f9ac3312f50af0bcd4e05313bf02e8737761c47957cdb07f1efe8468502e58e1ef9d02582fdfe2db9c1300d99d97b2b339b73a78ef91206a8f08a21988076987ca3b6e361bdd86fb74a9184789586a1815935d837fa7590ec4ae4aa838bcc5cc94c9193b4f3084f9854f21223bc2d8fb4cb4f888ebf6dc9daed2b5f36a964955daf5fac1e69e40952b09e3124491d9d6db5eb2529c0d0a6d7a9329a05a9d4d05a9fb55711786daca3519573d1a19c9200561e9e08d74190583fc4127d99ec251cc2597ddfc77562ebcb0c4107ed839e8d4e39cf048f7c3bf4d3af99d32b419f7e46cb70d23039bf965874be68923e7947fcc8f6182f620576221209a1781eb0e490d53831a01e5c3bb406b8004534c5f5c631a6a46a06bbd56c4d309f8e7f1de903dc9561cd23cb9a7ab63db127ab22adf1294aaab41e73bc067935901e66de985aafb506744c96d12af55e5961718a250ccde0db9dc94c5ab817448f193f922361f8d3043d4095ab1bb1126580c094f5f0356773fca30f963c2cf97c033c634a057d376140faeff8e19273749acc9322c94ec87d0f4b70615b76f8e2b256daa5c034382a1b93889081862c20dd2b956566321f69b192fc7f2bc135bdb2bd9575cfff340bfdddc21ce37647f7e34724286e5faf447e039e67fd64938a40151d9aedbb772a059b0ff3d2dd8c2b7f96df3b48f611758e28ad8812fee6708cc39e77bb55743db0df4cc08653c78182adc3a67db7e760d5f3741d6ee241576d0c55d5c40b5932769d80e2a687ec05c7f4c3f137ffdc5abe3e7039fd5a86990374ff0b00192088182e82b970c5bf0cfc054ca99aa225a69df5519a78fa31ca37ced124e84ded418aa9868a5ff95334ada067084fa98e5fdf353285836246154b0eef9ec625c855721a6cd0c649b6d2f72e600ebdbcfc207347a3d083033b03fb233946e9aca086456ef2bb02efff8e7953d833eb986c22afac7fd3753c19a7fd39e4d1f709e70272013b41614df4f1db326250b5588de369c7a8bf3842acf15c78a4d3881a6e092877665ef63e88dc97dd72d38612d5380abc72b9266cd325f05fe16ef0a01799e33adbff1d86d0980d2ed3f496495e5b7f41278c9498d1616db7ba860ffb87aee648df3f19bffa2edafb89940f930fd8beb2825492305b074757730accb8d20c847dd4d8beabc318c78cccfbc406314fea2da4b4cb8a67371bbce9dd7ec2d3c5b4ea21059130fa76fefdb4a7669ee25748468ef2d78088d1b3bb997ae4d51b5b739acfbd3bb1236db07dbcd0c810c07c73e5c6735a0be9d539d5c6caae62b3707d1a18cec5e16cac8575484604ca884e4f91c9bad2476f18be0b873a2cbe9c997335479b8487919a78922fd5175e8dd3b571a7677e6ac9f82e4e7c67cdfcb9ceee59b08a51bbc737bdff9b6e2250877d44a8d8c1d5ef113b2372833307be3cf0db834d043f529db04185b557910009d92cdfaa07c0533483459294a3e3da555c29416e1af2ec90b4b891e028e5af3ff5b274a0dc93ad4a3a33f886675f86bd1573bea665221e6bda9e2682bc00de3e603531f5e7d7a52c5fec65f478414833e22f36fe2b18930be9e4ef6367955623a9b938f79ff7e288678344c378b2bfd168e4c929357ab39640d677bcc17ac12fd999f3d4cd17b25a26e2bf78bcf9f898e89af6af47390908d5ea767f516cd4194165cea481c8f7ab946b66aa3083f21c02e7d61c19a4358c1cc92503c6e3bb1e7bdeb5badafdda9cec995830f5fadfb3fffe12426db1253db1268e4d3a24ca1d3d06822a439d8ccfb26af736751ac2d6dcec3763eba1c56d8a9f0bb66edb73e0dc9d5b56b23058fa9afa3667ac6188027bda68211b45b5451fb5a7e359fc61cdcf13d1f0965d9fddfd3d5d75684353a8687d18c3970b1c89e217b6cc1c7a34cec7c1e667dcd205346c2a8f85835c186811ab1121136ea83d297eb05a9ac1afa3b33346b392c3e9f479a19f7563531d0519f29868015ff20163530ce8d31bb298801b772dbb65d5caeda85982798a5ccdb4576ecc9378dadb21b3bfbb4cc33b3883164fbb6ac1a0401492c453fe2430a9de3b96d445b2c36e9a82200e00df7649544966c8f39a2d173fd8529ff8ac0f068216ae62f68c21485d6a5638f916cb5c27e5b4859c799b0a6786fd48fbacd83a9a472f50e024fa394537b33d3b4f9301266ea5e2462310ee2b862635d32d780d6411e4e6eb49d1e3732d1a0b8f0aef5bb7fd71cf9f861fad635e321fa146a630ac18d45c425214d79becc8cb97b8cac0ed0155daa9861c57ad549ae9d3cab7259a4b1eeaa72f7fb575f1dfd7268365e194e15518e176a32b82cc13544e75170bccf49161b67f649ebd1b81c85b128312b78e93750bbe9a2c456be9743859c8d80c4ec1dc4fd9d1a059042b058347b8bd02e65d469448953ac787b827fc95071d67ba047ac40ddd8a2503f62bf94457ea53073336cc284b2af1ef5598b0c0a0df3e2d729c43a7307dedb785240ab9cbe89075fb6b7ab8e6482b1ce31332e1bfa3f72e850bcea57260e4ee064ea5cfb629a058fba119e7d09ea4abd1f3b13d5ba5f8fc8abf967baf2da74099fd298e3bf3dc19ccbfe4c5e6be8cdb5e10066eceef59da3fef70c4b3d0d3f1ab7c347b63e3373e3327f9df11c73283234de66a9fa7bd2465318c6ef3a6f6a90b09c547bb93c2e5a1d12af02a0abfbc697c38ae95e1cbfd12706e96bbb2e12aaf6d40b032d61f9ee527bf464d51cc1a80ea0baebaeb8fd0523a7028387c43fc27f5fe6d2880a9f2b69eae550e3dcad889ae61abbfca58140760b53c85cea987e242f9ac38ba50ae7da73", 0xfffffe95}, {&(0x7f0000000a00)=',', 0x1}, {&(0x7f00000022c0)='Z', 0x1}, {&(0x7f00000005c0)="f5364e548c550000000000000000000000009c20aa8f88f2a2e98330e3799522896ebfddd4848b9deeecae27e7d77317facda9ee98b10c68444b7c094658bed24fd6766444ba58941c4d2a2cea03546fa8d215c3547d076a9543f841b2add236c19bdcf172a69ab70a7df1ad7ebc55e947f2c7a7a356fd68dbce155d2e22d72a5a65dbc16f7103ee6d06748b2ddf2799d94bfbcf1140285facb31bce2fba7fe3617478337692b1236f", 0x11}, {&(0x7f0000003240)="d4570847b1937948b7111dd96d83d8a455529f100357457d4f0f5c91105a3c58131bf10de83dc9ee9d239e5e89e59edb35abbf64c1a92109f8eb01bf689b90055bd51506423f4e456274a778c228aeb5d65e191f1bbb21f0f6dd25edc276f1264580344fed0ee32709a73a160c7578465757b87291dcefc84e58ae39e56fb10d42fd5a34aa4fca42ff53e3c9467d8dc1278a34d406df142092ed6661092ce85816f8e6a119860c3314d0e13f5d50a266f738b71fd531396d768c35bc45c042ee7d69b0b7b90da2aab111667ef006593c99c27c67bc3812dbc9f1994b4830ed54ed1f0bdf4966c1d20bddeb83972b15a86ed5fdef279ce58447059a2ba491d21120dc7e0a1d8cc5eff2deedec41057e178eb95ff00fed1e7095decea9cfd52c0a7438dbfc135c796bfa2bb290ab03f35ea2f2d72b8b0503f4972d6d7c60bf5a80981c4f9826007fdcaad959e1c90cace1664480e98069a86f1c059d112e9da27fa71716f530c2a5bf2296d09e5fcc726a8e5287499f563089bdcb6bf3779298dc9b6f739190f434983651f5f29857cbf62faac8c20bc7ac69334fe99e70c29a1294d0ee89dd6c9cd57845e64b289f84220b6e1fe9e81381cf688fa945a68eed3ebc0e8c1efa403b5a4cde68a24a863c17c9f8ad6d24a09e60d83fcf2beb51e6faac173ac98bb2269d7523f8654417ffe70ab87b477045715ad6aa3db39d3f32760fe25bdc0f3e083232ea6a55da3986cbdbd654ed71a4780f7dc3edb628e14287963c3b5f7f177a35071d7f1169351863516fc96f8cce8781439de06c9f76d6e303518493676b3b135900b89eeac40d994936e3a5a6bbc2f2cf6a2a8ed0ad2f81386f8c327cf9b15f8039df0a950641f7d14728194d7640f4cf7e28e1f89b2485857f5f70866844cead5b29f5d9166dce885bd4343bb1fd2c8437105e8e295c27cb44b10a01590c0fdddbc8abc71f777171adef0a45fe5c92b39e32a9c119c6c9a340be0df8cb3b8b77a2a6b5ba1ed4449674811dfae90889b3fb174e11fb947e15232d57bdeee29db4bc0816a878120e84e0ec40a99fd2b88bdb8502922d7015dff05a94ce7c79852bb7ea9a043fa629afc702300d49ac7fbe67a7b0161d2703348b8d0efb144f2920e341debd821ddc4a12a3f89891f24427a169c741568a06825d4f12d64da0935f2f217798b41f44b90140ac2f4cf08219f42b5d30bdd52e76c74100326babb4d1bc576c944fc5bd3a985f9b209a6a473e4fe3afe0c110b630ac443b75c6e13b20810fd3e5ecf9c6785dabeb758a5ddcfb1ad889b5349606ead8f3fa34ba8ea706de19da6b3a0bc36c4c2e3173a9c929157aedf649699f1f8887a31fccebbd7f28843c91753483541b2b895e642855f856e3951e4853fb70b4090512112e813edaa8edb0a5ddf2c329dde5381e6a5716ec9d5a79d9438ba6de736ac9ad45754bfe7227ada116507c84ffd942a84f4ce115d4fd9029f17e62383ce5fc7048a3f85d2709f2375334f1fce2f8b1af99742869f00f2d2fa37ccaf385dc2eaabe2f67671f06addf403d94bffda4bf5747a8773e9ce3beb7ca2b2e2714dd50eb387e226d834a0696b689b004cbb5b3a5aa7a2878be737f4dd7d65bf976f8deb39ad07265be604ce4f9246225f91cd10afd4725d800eeae4abcd0fd17fdf11257b19db7dcb4b9c34dc3cee03dce7d9ab6f7ac5e12316ce9879abb4432f87faa2b25094963f48582fc8a617067b1a0f0960ddf8cfd5065352d9aba09d37b9b10c7a8f702547fd86f34b62183cc883e41c40f5b0676eb077bda0204bd08dae7e7922b7934f2b449229950b4fc54cd7dafc709d828e9301be8c767e0f3bc420cd10ee3dac383bb8ab8aefe3515d6b959dfe578d256f375751beecbd24a152939b59f913728e47207b8a642b100aadfc685cd7d77ba43ec2298db4f551d851991723cd1cdd42f2837e7fd5df3dbf52945ea9a97b73d8915336023beb9bd3c91d9b1c7f5d49b0cba9c30016bb3216e9d6e9070a5dff813ce85a2a36fffa6bf750cf21eaa91a754f9788663690189fe58a9205e4733b6ac0711e98123f145a87eceb00561ac7d1a699d00384c57f6dc92939f45956d489946a365440d40911dabed15b67748000e0d244b21276032667f66119a2485f31d2c098da4cbbd0c5bbf8373fb53b662e48fc572b6e6c5700a360c5b905b548eaee0aa928b38703c84f7ed4a9a858801ad26c2911d4bbbfc1f46a070fa64db31a619dad30ba96eea1edccc6b0e67b7acffe1261af8e08ffb27fb625820f7a823c63febe0fb32e8907415a973cb42c8752d6a9ac3af2bcbd91d5e5c3ac288b2e2a92cb860d97cbf2b17da25b5333d90156493076ab457afb59f3443894a3c1d3d8b1ce7cbd47d36a7a64bcb194ea00d46181a7b65e3e104bea46434643ac722d04437b72f518e98289edba99559dd6aa03af60da7a00ad4f6105d31745b808a243c8ee9ebd70fa8516cd471473a1608d206fa93885e696f668a397cf713fe9c2001fdbb6e07f124782f5891bdc238db61a7d7f0575072abfadad9593a6ba8b1c89351784d0c722af86989e137809aa5b7833462a71ceca8d7ee24e883577a128652125bef2bd7558f77bb566719f2672fb07f890f892d2d3a725d1d907a696d2d97065c001cfd9e97d60fe2f584992b9bd80f618531af2f3d5df2c5717da36bb2a64853612b8f1f881c2a306b1e9c4c369e33e5675e0f9195e570ba0b2e0594838ad9aef53686a2c4dfd9eae21a826501af92d48e0d857ee0876cd09996c65b50333ab256b439fe89d836d77135079c51f87b1fb58c446a8d52e3c6432c111af4b66d57306659c81088ea0ef96a2f1b97dfd8beeb578b3016eedb65e2ec190e1ba08c9c37f85e102fdc972c9ba2a4a6f11a79831ed8087a22d1d978f005f6ee8869b8c1717a42b75378a98a5f9b1725cc323151b1996468068afd2827ccede23ffe279aa7b45d7dc683db3a9efb9f7b2093765d7c178c09bc0edeccf18c9ee5845cba0c2dda463989faf6d018e330cb52bc5d7913e6e26ea8cde26b7251d828da7b83a1ecbda1ecb3344b3c60f606a419d868da70ade78c3ecebd9b2bcff9cef2507907f011cdf9b072b1dcc872e5b29365b0f4a7d6c581c9bf42320ad9c3a52b419b73d0c0f616f2f630df9bdb5f3b88bbcdfe618180131be8357099f9e8ea457eb1dcf9324c7081687899fa81bc267e87bdd80b88150f6745cb735936876ca6b3c7a492698d32d762baf5b482fa5f26351cf18018fc1cb49411fb6663c474ea29d2a9d4ad703119fe7a6ed2ce6f97287e7660617c4e38c7b1aa1ee5df253c625a1b1d29c042b6d5dbfb44633dd4c0e93992aff81024c408ff00d24d9c98c07c1d4fe5656e3b053914a09b8f2968008c5c4c115d9f8640136254303cc095f95fa335aa858510dad731af19eb0df690ab0edd2bbed96679dad71ccf94da088cf62b34580548027703f92525b41d36297e71d988901e3e086c0d8f425732e0134a9ac2b111a5745c57d9a138b6a4055e7e3ba220a47fef3474e5bba15d3f4711e1d00f2e29f1a1082f4518a08e36451e887963193b08c3e255f22383c7001540b05836b30e912adaef4130ae8edb9c891c398855b218e76eb94332538b7add4b9261e873a6b91785f5ea6c82306dff166d654987361917fe83fcc5be9be3e8644d96d5a7c7bb445fc1b2c0a48814fabc1b3a190674b5f159a5b041dd317c4cf06076d6c9a7572054a09f2b9b74f14289daf5a16dbe6de85ed6128c91a18518f069451dbe8b9f57dab9bcecb4cc53e6612b90f5e644eaed1765d45ad6e6d9f0358fd3a885df1c572cfdb511bbca345628206d89b16f9251be85e1c617b15302bb86397e0763d757c70362dea82688fe32d0a714d598f3131c2a3a4414898fccdfd901dc8fde466ca269bf211b9863e360ea4aab7fdc107ddfd7ede043708804386e0180542a0802745407ceecf6adb2a9a5614cde89d413f49a32733b875281c8cab7ac5815a92fda65ea23ce2feab66606605f49f526cc336d2a5a067c185845941e4142ba82899966fc95bf40570967ec0a6fe130dccbaca48d251adb0f81a170e3dfac6f02e7c8bb5fa6f5602bdc73267c6756e1a374d5e8b19a92ff39662db3ac9f761b2e9e015c51815e5f111d416ee0a67f3adad81f8c64dad193f19048bb46ad1fa786a0c3f36119bd14bb9ad96f2182a19504e15f2cfd885e5862f4d2467053ee1faa978bd2267d56401a548f17d34adba7e9186a2a58931a69bb815dd50552995aa8ceeb4eda5330227f2078eeb72c9b6845c04679868eb5f6a0f0da8c1ea2b0c7de8781d9fc129561a7b283aa488a117269116f81e44a261ed6c0fc4467125d83fd306bce3c6a29df8db000036cd851d805dda3bf218c800d77fc9837158f883b962efc7886cbe93cc137e0bff8387c4b7d64df8b89805dbf5698babf22be7d735bb7baedd43bb3f577989ddaf83892c55771a10beeb2326f3e766fd40eef0d0ff82969bf5534cbffff4fd493fc34d58f322d22fe21101c4248756ad844876d3a7f3999d14c0962e68eaeac83d44d22d498e04673343f4a3a60abfa4f45ea2af9b65982ff5899fd509beccfc8e7dd125c08096e9e5fb71edc590abdd53592d67afec4d227170c5f6e4f1daceecaec968448c033c0a9b0390a12b5af4b973c0cb7c072bdfc8b4158ea4cc9114816cf1242199d0d62a013c4e9646338bd284fede8c93114d2608c71ae1d0891a3583daa51971a5ba51251f3b9ac6d8a02e0fcb69744a74762e13c24e3f1d8e6e3e2956b99b97506e959ca3c7141faa5e2404c62854ef2b9e75a75760a71003e1b0c004752864f51ed600fc306773f635587504e3cf432d68c2fbce21c26a47dcf3358e434dc2b97941a5bb0e35744e4f3d53fee5719cc931f93e150744baf61754726b84a052bde27f666e472672f1f8f6381bd25bc619ba51a", 0xdc1}, {&(0x7f0000002380)='L', 0x1}], 0x7}}], 0x4, 0xf000000)
setsockopt$sock_int(r3, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)

0s ago: executing program 7 (id=2374):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0xffffffc6}, './file0\x00'})

kernel console output (not intermixed with test programs):

s2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  137.331835][ T8970] loop5: detected capacity change from 0 to 8
[  137.344838][ T8970] SQUASHFS error: lzo decompression failed, data probably corrupt
[  137.347658][ T8970] SQUASHFS error: Failed to read block 0x91: -5
[  137.352819][ T8970] SQUASHFS error: Unable to read metadata cache entry [8f]
[  137.361757][ T8970] SQUASHFS error: Unable to read inode 0x11f
[  137.458526][ T8973] loop5: detected capacity change from 0 to 4096
[  137.462000][ T8973] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  137.508416][ T8973] ntfs3(loop5): ino=19, mi_enum_attr
[  137.529034][ T8973] ntfs3(loop5): failed to convert "c46c" to cp850
[  137.534320][ T8973] ntfs3(loop5): ino=20, mi_enum_attr
[  137.598997][ T5848] ocfs2: Unmounting device (7,2) on (node local)
[  137.615221][  T793] asix 7-1:0.191 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  137.618637][  T793] asix 7-1:0.191: probe with driver asix failed with error -71
[  137.622803][  T793] usb 7-1: USB disconnect, device number 3
[  137.670813][ T8977] sd 0:0:0:0: PR command failed: 1026
[  137.672860][ T8977] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  137.675489][ T8977] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  137.932123][ T8995] loop2: detected capacity change from 0 to 32768
[  137.943168][ T8995] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  137.948637][ T8995] (syz.2.1093,8995,0):ocfs2_reflink_ioctl:4417 ERROR: status = -14
[  137.961489][ T5848] (syz-executor,5848,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  137.966853][ T5848] ocfs2: Unmounting device (7,2) on (node local)
[  137.983883][ T7725] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  138.155406][ T7725] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  138.158753][ T7725] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  138.161601][ T7725] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  138.164535][ T7725] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.168390][ T7725] usb 6-1: config 0 descriptor??
[  138.395381][ T5890] usb 6-1: USB disconnect, device number 6
[  139.017571][ T9022] fuse: Unknown parameter '0xffffffffffffffff0000000000000000000000000000000000000000'
[  139.025379][ T9024] Bluetooth: hci0: invalid length 0, exp 2 for type 1
[  139.633263][ T9042] loop6: detected capacity change from 0 to 256
[  139.636512][ T9042] exfat: Deprecated parameter 'namecase'
[  139.644950][ T9042] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  139.677237][ T9031] loop5: detected capacity change from 0 to 131072
[  139.697126][ T9031] F2FS-fs (loop5): Test dummy encryption mode enabled
[  139.701612][ T9031] F2FS-fs (loop5): invalid crc value
[  139.817380][ T9031] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  139.827129][ T9031] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  139.971603][ T9031] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  141.067015][ T9087] loop6: detected capacity change from 0 to 128
[  141.070100][ T9087] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  141.074737][ T9087] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  141.633065][ T9103] loop2: detected capacity change from 0 to 512
[  141.641672][ T9103] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  141.657851][ T9103] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  141.661283][ T9103] EXT4-fs (loop2): group descriptors corrupted!
[  142.363566][ T9122] loop6: detected capacity change from 0 to 1024
[  142.891288][ T9148] serio: Serial port ptm0
[  143.280115][   T33] audit: type=1326 audit(1754928036.119:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9124 comm="syz.5.1140" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7fc00000
[  143.544164][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  143.693999][   T10] usb 6-1: Using ep0 maxpacket: 16
[  143.708980][   T10] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  143.714247][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.716972][   T10] usb 6-1: Product: syz
[  143.718625][   T10] usb 6-1: Manufacturer: syz
[  143.720344][   T10] usb 6-1: SerialNumber: syz
[  143.728144][   T10] usb 6-1: config 0 descriptor??
[  144.280484][   T10] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  144.297385][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  144.304133][   T10] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  144.313999][   T10] usb 6-1: media controller created
[  145.153009][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  145.236619][ T5844] Bluetooth: hci0: unexpected event for opcode 0x2012
[  145.244428][ T9191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1168'.
[  145.251978][ T9191] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1168'.
[  145.306172][   T10] zl10353_read_register: readreg error (reg=127, ret==0)
[  145.313896][   T10] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  145.316404][   T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  145.334382][   T10] usb 6-1: USB disconnect, device number 7
[  145.430841][   T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  145.723897][ T5876] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  145.869476][ T9210] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1176'.
[  145.878102][ T5876] usb 3-1: config index 0 descriptor too short (expected 1051, got 27)
[  145.882142][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  145.886950][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  145.894116][ T9210] netlink: 'syz.6.1176': attribute type 2 has an invalid length.
[  145.895584][ T5876] usb 3-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9
[  145.900438][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.903048][ T5876] usb 3-1: Product: syz
[  145.904610][ T5876] usb 3-1: Manufacturer: syz
[  145.906222][ T5876] usb 3-1: SerialNumber: syz
[  145.911941][ T5876] usb 3-1: config 0 descriptor??
[  146.216635][ T5876] usb 3-1: USB disconnect, device number 18
[  146.255551][ T9227] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  146.282576][ T9233] loop5: detected capacity change from 0 to 512
[  146.299157][ T9233] EXT4-fs: Ignoring removed oldalloc option
[  146.319709][ T9233] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.324986][ T9233] ext4 filesystem being mounted at /114/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  146.342430][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.675338][   T33] audit: type=1326 audit(1754928039.519:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.683332][   T33] audit: type=1326 audit(1754928039.519:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.690289][   T33] audit: type=1326 audit(1754928039.519:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.700440][   T33] audit: type=1326 audit(1754928039.519:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.709220][   T33] audit: type=1326 audit(1754928039.519:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.718149][   T33] audit: type=1326 audit(1754928039.519:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.725733][   T33] audit: type=1326 audit(1754928039.519:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  146.732631][   T33] audit: type=1326 audit(1754928039.519:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9246 comm="syz.5.1189" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa471d8ebe9 code=0x7ffc0000
[  147.148294][ T9273] loop5: detected capacity change from 0 to 40427
[  147.203261][ T9273] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  147.208831][ T9273] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  147.467463][ T9297] syz.5.1201: attempt to access beyond end of device
[  147.467463][ T9297] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  147.974343][ T8068] syz-executor: attempt to access beyond end of device
[  147.974343][ T8068] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  147.978691][ T8068] CPU: 1 UID: 0 PID: 8068 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  147.978703][ T8068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  147.978708][ T8068] Call Trace:
[  147.978712][ T8068]  <TASK>
[  147.978715][ T8068]  dump_stack_lvl+0x189/0x250
[  147.978732][ T8068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.978741][ T8068]  ? __pfx_queue_work_on+0x10/0x10
[  147.978750][ T8068]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  147.978760][ T8068]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.978773][ T8068]  f2fs_handle_critical_error+0x37c/0x540
[  147.978787][ T8068]  f2fs_write_end_io+0x886/0xb60
[  147.978807][ T8068]  __submit_merged_bio+0x27a/0x6a0
[  147.978819][ T8068]  __submit_merged_write_cond+0x255/0x530
[  147.978831][ T8068]  f2fs_write_data_pages+0x261d/0x3000
[  147.978878][ T8068]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  147.978908][ T8068]  ? __mod_zone_page_state+0xd7/0x140
[  147.978924][ T8068]  ? folios_put_refs+0x560/0x640
[  147.978937][ T8068]  ? __pfx_folios_put_refs+0x10/0x10
[  147.978944][ T8068]  ? rcu_is_watching+0x15/0xb0
[  147.978957][ T8068]  ? __lock_acquire+0xab9/0xd20
[  147.978976][ T8068]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  147.978986][ T8068]  do_writepages+0x32e/0x550
[  147.979002][ T8068]  ? do_raw_spin_unlock+0x4d/0x240
[  147.979013][ T8068]  filemap_fdatawrite+0x199/0x240
[  147.979025][ T8068]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  147.979056][ T8068]  ? do_raw_spin_unlock+0x4d/0x240
[  147.979067][ T8068]  f2fs_sync_dirty_inodes+0x31f/0x830
[  147.979087][ T8068]  f2fs_write_checkpoint+0x95a/0x1df0
[  147.979109][ T8068]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  147.979141][ T8068]  ? kill_f2fs_super+0x298/0x6c0
[  147.979154][ T8068]  kill_f2fs_super+0x2c3/0x6c0
[  147.979167][ T8068]  ? __pfx_kill_f2fs_super+0x10/0x10
[  147.979176][ T8068]  ? radix_tree_delete_item+0x2b6/0x400
[  147.979189][ T8068]  ? shrinker_free+0x2ce/0x3e0
[  147.979199][ T8068]  deactivate_locked_super+0xbc/0x130
[  147.979209][ T8068]  cleanup_mnt+0x425/0x4c0
[  147.979218][ T8068]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.979229][ T8068]  task_work_run+0x1d4/0x260
[  147.979241][ T8068]  ? __pfx_task_work_run+0x10/0x10
[  147.979250][ T8068]  ? __x64_sys_umount+0x122/0x160
[  147.979262][ T8068]  ? exit_to_user_mode_loop+0x40/0x110
[  147.979274][ T8068]  exit_to_user_mode_loop+0xec/0x110
[  147.979284][ T8068]  do_syscall_64+0x2bd/0x3b0
[  147.979293][ T8068]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.979301][ T8068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.979308][ T8068]  ? exc_page_fault+0x9f/0xf0
[  147.979318][ T8068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.979325][ T8068] RIP: 0033:0x7fa471d8ff17
[  147.979338][ T8068] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  147.979345][ T8068] RSP: 002b:00007ffdd5895948 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  147.979353][ T8068] RAX: 0000000000000000 RBX: 00007fa471e11c05 RCX: 00007fa471d8ff17
[  147.979358][ T8068] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd5895a00
[  147.979363][ T8068] RBP: 00007ffdd5895a00 R08: 0000000000000000 R09: 0000000000000000
[  147.979367][ T8068] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd5896a90
[  147.979372][ T8068] R13: 00007fa471e11c05 R14: 000000000002403b R15: 00007ffdd5896ad0
[  147.979385][ T8068]  </TASK>
[  147.979388][ T8068] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  148.070360][ T9306] loop2: detected capacity change from 0 to 512
[  148.099184][ T9306] EXT4-fs: Ignoring removed oldalloc option
[  148.101328][ T9306] EXT4-fs: Ignoring removed mblk_io_submit option
[  148.105472][ T9306] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  148.122989][ T9306] EXT4-fs (loop2): orphan cleanup on readonly fs
[  148.129578][ T9306] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5
[  148.133495][ T9306] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1213: Failed to acquire dquot type 1
[  148.140759][ T9306] EXT4-fs (loop2): 1 truncate cleaned up
[  148.146760][ T9306] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  148.160758][ T9306] EXT4-fs: Ignoring removed orlov option
[  148.162820][ T9306] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[  148.166111][ T9306] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  148.170643][ T9306] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  148.185964][ T9306] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.1213: Abort forced by user
[  148.189446][ T9306] EXT4-fs (loop2): Remounting filesystem read-only
[  148.191598][ T9306] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  148.194419][ T9306] ext4 filesystem being remounted at /419/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  148.211427][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.244583][ T9310] loop5: detected capacity change from 0 to 4096
[  148.262606][ T9313] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  148.516149][ T9330] netlink: 'syz.2.1222': attribute type 2 has an invalid length.
[  148.518592][ T9330] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1222'.
[  148.522553][ T9330] nbd: must specify at least one socket
[  148.607063][ T9335] netlink: 'syz.6.1224': attribute type 3 has an invalid length.
[  148.690447][ T9337] unknown channel width for channel at 909000KHz?
[  148.692704][ T9337] unknown channel width for channel at 909000KHz?
[  148.716474][ T9337] unknown channel width for channel at 909000KHz?
[  149.467219][ T5609] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  149.582191][ T9357] openvswitch: netlink: IP tunnel dst address not specified
[  149.626012][ T5609] usb 3-1: Using ep0 maxpacket: 32
[  149.631062][ T5609] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  149.634388][ T5609] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.648595][ T5609] usb 3-1: config 0 descriptor??
[  149.657136][ T5609] gspca_main: nw80x-2.14.0 probing 055f:d001
[  149.862963][ T9359] loop6: detected capacity change from 0 to 32768
[  149.888910][ T9359] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  149.940823][ T9359] XFS (loop6): Ending clean mount
[  149.949447][ T9359] XFS (loop6): Quotacheck needed: Please wait.
[  149.988365][ T9359] XFS (loop6): Quotacheck: Done.
[  150.004791][   T33] kauditd_printk_skb: 1 callbacks suppressed
[  150.004801][   T33] audit: type=1800 audit(1754928042.849:50): pid=9359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1235" name="file1" dev="loop6" ino=9286 res=0 errno=0
[  150.056974][ T8113] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  150.082815][ T9371] loop5: detected capacity change from 0 to 32768
[  150.116316][ T9371] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  150.163577][ T9371] XFS (loop5): Ending clean mount
[  150.169461][ T9371] XFS (loop5): Quotacheck needed: Please wait.
[  150.182034][ T9371] XFS (loop5): Quotacheck: Done.
[  150.219000][ T8068] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  150.269714][ T5609] gspca_nw80x: reg_w err -71
[  150.271548][ T5609] nw80x 3-1:0.0: probe with driver nw80x failed with error -71
[  150.283925][ T5609] usb 3-1: USB disconnect, device number 19
[  150.454088][ T9391] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1243'.
[  150.674064][ T9401] loop6: detected capacity change from 0 to 256
[  150.681093][ T9401] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  150.687348][ T9401] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  150.713989][ T5876] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  150.803665][ T9406] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  150.864093][ T5876] usb 6-1: Using ep0 maxpacket: 32
[  150.867229][ T5876] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  150.869874][ T5876] usb 6-1: config 0 has no interface number 0
[  150.873921][ T5876] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  150.876744][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.879813][ T5876] usb 6-1: Product: syz
[  150.881267][ T5876] usb 6-1: Manufacturer: syz
[  150.882739][ T5876] usb 6-1: SerialNumber: syz
[  150.885533][ T5876] usb 6-1: config 0 descriptor??
[  150.888523][ T5876] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  151.097982][ T5876] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  151.108019][ T5876] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  151.295223][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 115
[  151.498543][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  151.501962][ T5876] usb 6-1: USB disconnect, device number 8
[  151.509229][ T5876] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  151.514452][ T5876] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  151.518295][ T5876] quatech2 6-1:0.51: device disconnected
[  152.023059][ T9434] loop2: detected capacity change from 0 to 32768
[  152.032289][ T9434] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  152.051343][ T9434] XFS (loop2): Corruption warning: Metadata has LSN (1024:16) ahead of current LSN (1:80). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  152.056509][ T9434] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xe0, xfs_inobt block 0xc 
[  152.060102][ T9434] XFS (loop2): Unmount and run xfs_repair
[  152.062033][ T9434] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  152.064983][ T9434] 00000000: 49 41 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  IAB3............
[  152.067913][ T9434] 00000010: 00 00 00 00 00 00 00 0c 00 00 04 00 00 00 00 10  ................
[  152.070840][ T9434] 00000020: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ..BNy.B..... ...
[  152.073807][ T9434] 00000030: 00 00 00 00 4a d4 d4 6c 00 00 18 00 00 00 40 37  ....J..l......@7
[  152.076742][ T9434] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  152.079699][ T9434] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  152.082643][ T9434] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  152.085701][ T9434] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  152.089491][ T9434] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0xc len 4 error 74
[  152.093249][ T9434] XFS (loop2): Failed to read root inode 0x1800, error 117
[  152.096047][ T9434] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair.
[  152.167536][ T8346] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  152.221947][ T9451] loop2: detected capacity change from 0 to 256
[  152.234989][ T9451] FAT-fs (loop2): Directory bread(block 64) failed
[  152.237224][ T9451] FAT-fs (loop2): Directory bread(block 65) failed
[  152.239398][ T9451] FAT-fs (loop2): Directory bread(block 66) failed
[  152.250574][ T9451] FAT-fs (loop2): Directory bread(block 67) failed
[  152.253274][ T9451] FAT-fs (loop2): Directory bread(block 68) failed
[  152.257736][ T9451] FAT-fs (loop2): Directory bread(block 69) failed
[  152.259924][ T9451] FAT-fs (loop2): Directory bread(block 70) failed
[  152.262176][ T9451] FAT-fs (loop2): Directory bread(block 71) failed
[  152.265412][ T9451] FAT-fs (loop2): Directory bread(block 72) failed
[  152.267595][ T9451] FAT-fs (loop2): Directory bread(block 73) failed
[  152.398859][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.402307][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.405633][ T8346] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  152.409843][ T8346] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  152.412774][ T8346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.424709][ T8346] usb 7-1: config 0 descriptor??
[  152.430100][ T8346] hub 7-1:0.0: USB hub found
[  152.469189][ T9469] loop5: detected capacity change from 0 to 256
[  152.762539][ T8346] hub 7-1:0.0: 14 ports detected
[  152.764898][ T8346] hub 7-1:0.0: insufficient power available to use all downstream ports
[  152.809097][ T9478] cgroup: Invalid name
[  152.955662][ T8346] hub 7-1:0.0: hub_hub_status failed (err = -71)
[  152.958033][ T8346] hub 7-1:0.0: config failed, can't get hub status (err -71)
[  152.978119][ T8346] usb 7-1: USB disconnect, device number 4
[  153.497482][ T9515] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1296'.
[  153.588456][ T9517] sock: sock_timestamping_bind_phc: sock not bind to device
[  153.639477][ T9513] loop2: detected capacity change from 0 to 40427
[  153.645101][ T9513] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  153.647576][ T9513] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  153.656983][ T9513] F2FS-fs (loop2): invalid crc_offset: 33558524
[  153.692876][ T9513] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  153.701760][ T9513] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  153.705224][ T9513] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  153.736470][ T9513] F2FS-fs (loop2): Stopped filesystem due to reason: 0
[  153.997547][ T9552] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  154.000928][ T9550] loop5: detected capacity change from 0 to 2048
[  154.016971][ T9550] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  155.053960][  T793] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  155.227154][  T793] usb 7-1: unable to get BOS descriptor or descriptor too short
[  155.230002][  T793] usb 7-1: not running at top speed; connect to a high speed hub
[  155.233410][  T793] usb 7-1: config 1 has an invalid interface number: 65 but max is 0
[  155.237338][  T793] usb 7-1: config 1 has no interface number 0
[  155.239334][  T793] usb 7-1: config 1 interface 65 has no altsetting 0
[  155.243196][  T793] usb 7-1: New USB device found, idVendor=62f6, idProduct=17bf, bcdDevice=10.d3
[  155.246329][  T793] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.248990][  T793] usb 7-1: Product: syz
[  155.250437][  T793] usb 7-1: Manufacturer: syz
[  155.252172][  T793] usb 7-1: SerialNumber: syz
[  155.477325][  T793] usbtmc 7-1:1.65: bulk endpoints not found
[  155.485836][  T793] usb 7-1: USB disconnect, device number 5
[  157.312717][  T793] IPVS: starting estimator thread 0...
[  157.333829][ T7725] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  157.403868][ T9628] IPVS: using max 52 ests per chain, 124800 per kthread
[  157.631691][ T7725] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  157.642013][ T7725] usb 7-1: config 0 has no interface number 0
[  157.658506][ T7725] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  157.685577][ T7725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.688216][ T7725] usb 7-1: Product: syz
[  157.689681][ T7725] usb 7-1: Manufacturer: syz
[  157.692399][ T7725] usb 7-1: SerialNumber: syz
[  157.696639][ T7725] usb 7-1: config 0 descriptor??
[  157.724635][ T9640] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1350'.
[  157.905877][ T7725] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  157.910145][ T7725] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  157.913634][ T7725] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  157.916394][ T7725] usb 7-1: media controller created
[  157.928285][ T7725] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  158.093909][ T5876] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  158.107130][ T7725] i2c i2c-2: ec100: i2c rd failed=-71 reg=33
[  158.124404][ T7725] usb 7-1: USB disconnect, device number 6
[  158.243888][ T5876] usb 3-1: Using ep0 maxpacket: 8
[  158.280474][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  158.284568][ T5876] usb 3-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  158.287828][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.293365][ T5876] usb 3-1: config 0 descriptor??
[  158.297657][ T5876] uvcvideo 3-1:0.0: probe with driver uvcvideo failed with error -22
[  158.509041][ T7725] usb 3-1: USB disconnect, device number 20
[  158.535988][ T5609] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  158.684602][ T5609] usb 6-1: Using ep0 maxpacket: 16
[  158.694593][ T5609] usb 6-1: config 7 has an invalid interface number: 247 but max is 0
[  158.697904][ T5609] usb 6-1: config 7 has no interface number 0
[  158.700392][ T5609] usb 6-1: config 7 interface 247 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  158.713892][ T5609] usb 6-1: config 7 interface 247 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  158.725379][ T5609] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=6c.22
[  158.728992][ T5609] usb 6-1: New USB device strings: Mfr=1, Product=74, SerialNumber=147
[  158.732266][ T5609] usb 6-1: Product: syz
[  158.734155][ T5609] usb 6-1: Manufacturer: syz
[  158.736046][ T5609] usb 6-1: SerialNumber: syz
[  158.750099][ T5609] ni6501 6-1:7.247: driver 'ni6501' failed to auto-configure device.
[  158.949483][ T5609] usb 6-1: USB disconnect, device number 9
[  159.051019][ T9656] loop2: detected capacity change from 0 to 512
[  159.066658][ T9656] EXT4-fs (loop2): required journal recovery suppressed and not mounted read-only
[  160.014393][ T9676] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.284077][ T9682] ip6gre1: entered allmulticast mode
[  160.740390][ T9691] loop2: detected capacity change from 0 to 512
[  160.757575][ T9691] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.1369: casefold flag without casefold feature
[  160.762114][ T9691] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1369: couldn't read orphan inode 15 (err -117)
[  160.767028][ T9691] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.965084][ T9699] loop6: detected capacity change from 0 to 256
[  160.987032][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.989381][ T9699] FAT-fs (loop6): Directory bread(block 64) failed
[  160.992063][ T9699] FAT-fs (loop6): Directory bread(block 65) failed
[  161.001979][ T9699] FAT-fs (loop6): Directory bread(block 66) failed
[  161.004344][ T9699] FAT-fs (loop6): Directory bread(block 67) failed
[  161.006480][ T9699] FAT-fs (loop6): Directory bread(block 68) failed
[  161.008582][ T9699] FAT-fs (loop6): Directory bread(block 69) failed
[  161.010650][ T9699] FAT-fs (loop6): Directory bread(block 70) failed
[  161.012670][ T9699] FAT-fs (loop6): Directory bread(block 71) failed
[  161.015805][ T9699] FAT-fs (loop6): Directory bread(block 72) failed
[  161.018219][ T9699] FAT-fs (loop6): Directory bread(block 73) failed
[  161.185993][ T9714] loop2: detected capacity change from 0 to 2048
[  161.188528][ T9714] EXT4-fs: Ignoring removed mblk_io_submit option
[  161.190828][ T9714] EXT4-fs: Ignoring removed nobh option
[  161.198027][ T9714] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.218450][ T9714] EXT4-fs (loop2): shut down requested (0)
[  161.229022][ T9706] loop6: detected capacity change from 0 to 40427
[  161.233178][ T9706] F2FS-fs (loop6): invalid crc value
[  161.271389][ T9706] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  161.272297][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.275290][ T9706] F2FS-fs (loop6): Start checkpoint disabled!
[  161.290530][ T9706] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  161.319133][ T9706] syz.6.1374: attempt to access beyond end of device
[  161.319133][ T9706] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  161.348542][   T29] kworker/u9:1: attempt to access beyond end of device
[  161.348542][   T29] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  161.353493][   T29] CPU: 0 UID: 0 PID: 29 Comm: kworker/u9:1 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  161.353507][   T29] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  161.353512][   T29] Workqueue: writeback wb_workfn (flush-7:6)
[  161.353528][   T29] Call Trace:
[  161.353532][   T29]  <TASK>
[  161.353537][   T29]  dump_stack_lvl+0x189/0x250
[  161.353550][   T29]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.353558][   T29]  ? __pfx_queue_work_on+0x10/0x10
[  161.353566][   T29]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  161.353576][   T29]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  161.353589][   T29]  f2fs_handle_critical_error+0x37c/0x540
[  161.353602][   T29]  f2fs_write_end_io+0x886/0xb60
[  161.353630][   T29]  __submit_merged_bio+0x27a/0x6a0
[  161.353642][   T29]  __submit_merged_write_cond+0x255/0x530
[  161.353655][   T29]  f2fs_write_data_pages+0x261d/0x3000
[  161.353680][   T29]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  161.353731][   T29]  ? ktime_get+0x3e/0x1f0
[  161.353742][   T29]  ? ktime_get+0x3e/0x1f0
[  161.353792][   T29]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  161.353805][   T29]  do_writepages+0x32e/0x550
[  161.353821][   T29]  ? reacquire_held_locks+0x127/0x1d0
[  161.353829][   T29]  ? writeback_sb_inodes+0x384/0x1010
[  161.353843][   T29]  __writeback_single_inode+0x145/0xff0
[  161.353853][   T29]  ? do_raw_spin_unlock+0x4d/0x240
[  161.353863][   T29]  writeback_sb_inodes+0x6c7/0x1010
[  161.353873][   T29]  ? __lock_acquire+0xab9/0xd20
[  161.353895][   T29]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  161.353924][   T29]  ? rcu_is_watching+0x15/0xb0
[  161.353936][   T29]  wb_writeback+0x43b/0xaf0
[  161.353949][   T29]  ? queue_io+0x391/0x590
[  161.353960][   T29]  ? __pfx_wb_writeback+0x10/0x10
[  161.353973][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.353983][   T29]  wb_workfn+0x409/0xef0
[  161.353998][   T29]  ? __pfx_wb_workfn+0x10/0x10
[  161.354008][   T29]  ? __lock_acquire+0xab9/0xd20
[  161.354023][   T29]  ? process_scheduled_works+0x9ef/0x17b0
[  161.354034][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.354041][   T29]  ? process_scheduled_works+0x9ef/0x17b0
[  161.354047][   T29]  ? process_scheduled_works+0x9ef/0x17b0
[  161.354055][   T29]  process_scheduled_works+0xae1/0x17b0
[  161.354076][   T29]  ? __pfx_process_scheduled_works+0x10/0x10
[  161.354097][   T29]  worker_thread+0x8a0/0xda0
[  161.354132][   T29]  kthread+0x711/0x8a0
[  161.354146][   T29]  ? __pfx_worker_thread+0x10/0x10
[  161.354153][   T29]  ? __pfx_kthread+0x10/0x10
[  161.354163][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.354170][   T29]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.354178][   T29]  ? __pfx_kthread+0x10/0x10
[  161.354187][   T29]  ret_from_fork+0x3fc/0x770
[  161.354197][   T29]  ? __pfx_ret_from_fork+0x10/0x10
[  161.354207][   T29]  ? __switch_to_asm+0x39/0x70
[  161.354215][   T29]  ? __switch_to_asm+0x33/0x70
[  161.354223][   T29]  ? __pfx_kthread+0x10/0x10
[  161.354233][   T29]  ret_from_fork_asm+0x1a/0x30
[  161.354250][   T29]  </TASK>
[  161.445612][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.452960][   T29] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  161.837835][ T9738] vxfs: WRONG superblock magic 00000000 at 1
[  161.840418][ T9738] vxfs: WRONG superblock magic 00000000 at 8
[  161.842356][ T9738] vxfs: can't find superblock.
[  161.876793][ T9740] loop6: detected capacity change from 0 to 128
[  161.895543][ T9736] ceph: No mds server is up or the cluster is laggy
[  161.899031][ T5609] libceph: connect (1)[c::]:6789 error -101
[  161.901741][ T5609] libceph: mon0 (1)[c::]:6789 connect error
[  161.935339][ T8346] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  162.086119][ T8346] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  162.090948][ T8346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  162.095507][ T8346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  162.099562][ T8346] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  162.105071][ T8346] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  162.108888][ T8346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.114436][ T8346] usb 3-1: config 0 descriptor??
[  162.532737][ T8346] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  163.003330][ T9767] loop7: detected capacity change from 0 to 16384
[  163.225711][ T9767] loop7: detected capacity change from 16384 to 0
[  163.297346][ T9773] loop6: detected capacity change from 0 to 1024
[  163.300279][ T9773] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  163.306919][ T9773] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  163.309556][ T9773] EXT4-fs (loop6): orphan cleanup on readonly fs
[  163.312182][ T9773] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.1400: Freeing blocks not in datazone - block = 0, count = 4096
[  163.320134][ T9773] EXT4-fs (loop6): 1 orphan inode deleted
[  163.322585][ T9773] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  163.346964][ T8113] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.359699][ T8346] usb 3-1: USB disconnect, device number 21
[  163.388926][ T9782] loop6: detected capacity change from 0 to 256
[  163.402341][ T9782] FAT-fs (loop6): Directory bread(block 64) failed
[  163.411915][ T9782] FAT-fs (loop6): Directory bread(block 65) failed
[  163.416094][ T9784] loop5: detected capacity change from 0 to 256
[  163.419846][ T9782] FAT-fs (loop6): Directory bread(block 66) failed
[  163.423462][ T9784] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xecfd5def, utbl_chksum : 0xe619d30d)
[  163.425006][ T9782] FAT-fs (loop6): Directory bread(block 67) failed
[  163.435150][ T9782] FAT-fs (loop6): Directory bread(block 68) failed
[  163.437690][ T9782] FAT-fs (loop6): Directory bread(block 69) failed
[  163.440425][ T9782] FAT-fs (loop6): Directory bread(block 70) failed
[  163.442957][ T9782] FAT-fs (loop6): Directory bread(block 71) failed
[  163.445739][ T9782] FAT-fs (loop6): Directory bread(block 72) failed
[  163.448398][ T9782] FAT-fs (loop6): Directory bread(block 73) failed
[  163.451146][   T33] audit: type=1800 audit(1754928056.289:51): pid=9784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1405" name="file1" dev="loop5" ino=1048636 res=0 errno=0
[  163.495240][ T9782] syz.6.1402: attempt to access beyond end of device
[  163.495240][ T9782] loop6: rw=0, sector=1160, nr_sectors = 4 limit=256
[  163.603264][ T9796] netlink: 'syz.5.1410': attribute type 3 has an invalid length.
[  163.724381][ T9805] loop5: detected capacity change from 0 to 64
[  163.728843][ T9805] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
[  163.951183][ T9820] overlay: filesystem on ./bus not supported
[  164.132816][ T9841] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1431'.
[  164.136604][ T9841] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1431'.
[  164.324321][ T7725] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  164.494160][ T7725] usb 7-1: Using ep0 maxpacket: 32
[  164.505527][ T7725] usb 7-1: config 0 has an invalid interface number: 58 but max is 27
[  164.510151][ T7725] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  164.515548][ T9852] loop5: detected capacity change from 0 to 2048
[  164.516323][ T7725] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 28
[  164.519356][ T9852] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  164.520949][ T7725] usb 7-1: config 0 has no interface number 0
[  164.527734][ T7725] usb 7-1: config 0 interface 58 altsetting 0 endpoint 0x6 has invalid maxpacket 56166, setting to 64
[  164.527879][ T9852] NILFS (loop5): too large checkpoint size: 1741 bytes
[  164.532241][ T7725] usb 7-1: config 0 interface 58 altsetting 0 endpoint 0x7 has invalid maxpacket 64800, setting to 64
[  164.534821][ T9852] NILFS (loop5): error -22 while loading super root
[  164.539342][ T7725] usb 7-1: config 0 interface 58 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  164.549042][ T7725] usb 7-1: config 0 interface 58 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[  164.553624][ T7725] usb 7-1: config 0 interface 58 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  164.558613][ T7725] usb 7-1: config 0 interface 58 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  164.567672][ T7725] usb 7-1: New USB device found, idVendor=05ac, idProduct=021c, bcdDevice=5c.24
[  164.571595][ T7725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.575306][ T7725] usb 7-1: Product: syz
[  164.576998][ T7725] usb 7-1: Manufacturer: syz
[  164.578684][ T7725] usb 7-1: SerialNumber: syz
[  164.581620][ T7725] usb 7-1: config 0 descriptor??
[  164.689970][ T9859] ubi31: attaching mtd0
[  164.702043][ T9859] ubi31: scanning is finished
[  164.704272][ T9859] ubi31: empty MTD device detected
[  164.796749][ T7725] appletouch 7-1:0.58: Could not find int-in endpoint
[  164.798968][ T7725] appletouch 7-1:0.58: probe with driver appletouch failed with error -5
[  164.801967][ T9859] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  164.802344][ T7725] usbhid 7-1:0.58: couldn't find an input interrupt endpoint
[  164.806059][ T9859] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  164.809579][ T9859] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  164.810423][ T7725] usb 7-1: USB disconnect, device number 7
[  164.811907][ T9859] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  164.817162][ T9859] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  164.820279][ T9859] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  164.823453][ T9859] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1245094660
[  164.867385][ T9859] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  164.872783][ T9860] ubi31: background thread "ubi_bgt31d" started, PID 9860
[  165.431265][ T9867] loop6: detected capacity change from 0 to 2560
[  165.434642][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.437851][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.440823][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.441409][ T9865] loop2: detected capacity change from 0 to 32768
[  165.443532][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.447442][ T9865] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section replicas: bad nr_required in entry (unknown data_type 155): 239/36 [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 8 26 41 44 51 70 73 87 93 102 106 112 120 128 144 184 203 237 245]
[  165.447442][ T9865] replicas (size 64):
[  165.447442][ T9865] (unknown data_type 155): 239/36 [237 106 112 73 203 144 87 44 70 41 26 120 93 128 0 0 0 0 0 0 0 0 0 0 1 8 0 0 0 184 245 51 102 0 0 0]
[  165.447442][ T9865] 
[  165.463611][ T9865] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  165.472534][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.481586][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.492209][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.501097][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.506596][ T9867] ldm_validate_partition_table(): Disk read failed.
[  165.508903][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.511478][ T9867] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.511768][ T9867] Dev loop6: unable to read RDB block 0
[  165.512398][ T9867]  loop6: unable to read partition table
[  165.512608][ T9867] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  165.702259][ T9871] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1444'.
[  165.705435][ T9873] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  165.709312][ T9873] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  165.709464][ T9871] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1444'.
[  166.144092][ T7725] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  166.281103][ T9892] loop2: detected capacity change from 0 to 32768
[  166.285863][ T9892] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1452 (9892)
[  166.294404][ T9892] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  166.297708][ T9892] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  166.300507][ T9892] BTRFS info (device loop2): using free-space-tree
[  166.307592][ T7725] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  166.310638][ T7725] usb 6-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3
[  166.313322][ T7725] usb 6-1: Product: syz
[  166.314858][ T7725] usb 6-1: Manufacturer: syz
[  166.316384][ T7725] usb 6-1: SerialNumber: syz
[  166.319086][ T7725] usb 6-1: config 0 descriptor??
[  166.379152][ T5848] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  166.528058][ T7725] usb-storage 6-1:0.0: USB Mass Storage device detected
[  166.530554][ T9911] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1454'.
[  166.738020][ T5876] usb 6-1: USB disconnect, device number 10
[  166.864184][ T8346] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  167.023972][ T8346] usb 3-1: Using ep0 maxpacket: 32
[  167.030631][ T8346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.034423][ T8346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  167.037606][ T8346] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  167.040661][ T8346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.043878][ T7725] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  167.049574][ T8346] usb 3-1: config 0 descriptor??
[  167.193908][ T7725] usb 7-1: Using ep0 maxpacket: 8
[  167.197896][ T7725] usb 7-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=b0.23
[  167.200937][ T7725] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.206076][ T7725] usb 7-1: config 0 descriptor??
[  167.210594][ T7725] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input12
[  167.419314][ T5278] bcm5974 7-1:0.0: could not read from device
[  167.428577][ T7725] usb 7-1: USB disconnect, device number 8
[  167.430768][ T5278] bcm5974 7-1:0.0: could not read from device
[  167.536973][ T8346] koneplus 0003:1E7D:2D51.000E: unknown main item tag 0x0
[  167.547405][ T8346] koneplus 0003:1E7D:2D51.000E: unknown main item tag 0x0
[  167.550624][ T8346] koneplus 0003:1E7D:2D51.000E: unknown main item tag 0x0
[  167.552969][ T8346] koneplus 0003:1E7D:2D51.000E: unknown main item tag 0x0
[  167.555372][ T8346] koneplus 0003:1E7D:2D51.000E: unknown main item tag 0x0
[  167.561171][ T8346] koneplus 0003:1E7D:2D51.000E: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.2-1/input0
[  167.803879][ T5876] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  167.857936][ T7725] usb 3-1: USB disconnect, device number 22
[  167.953930][ T5876] usb 6-1: Using ep0 maxpacket: 32
[  167.958460][ T5876] usb 6-1: unable to get BOS descriptor or descriptor too short
[  167.961848][ T5876] usb 6-1: config 4 has an invalid interface number: 91 but max is 0
[  167.965067][ T5876] usb 6-1: config 4 has no interface number 0
[  167.969075][ T5876] usb 6-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=6c.05
[  167.972016][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.976054][ T5876] usb 6-1: Product: syz
[  167.977600][ T5876] usb 6-1: Manufacturer: syz
[  167.979914][ T5876] usb 6-1: SerialNumber: syz
[  168.184198][ T8346] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  168.190678][ T5876] empeg 6-1:4.91: empeg converter detected
[  168.192658][ T5876] usb 6-1: active config #4 != 1 ??
[  168.196168][ T5876] usb 6-1: USB disconnect, device number 11
[  168.345309][ T8346] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  168.348014][ T8346] usb 7-1: config 0 has no interface number 0
[  168.350029][ T8346] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.353473][ T8346] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.357525][ T8346] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  168.360813][ T8346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.365949][ T8346] usb 7-1: config 0 descriptor??
[  168.774696][ T8346] uclogic 0003:256C:006D.000F: unknown main item tag 0x0
[  168.777273][ T8346] uclogic 0003:256C:006D.000F: unknown main item tag 0x0
[  168.779685][ T8346] uclogic 0003:256C:006D.000F: unknown main item tag 0x0
[  168.781882][ T8346] uclogic 0003:256C:006D.000F: unknown main item tag 0x0
[  168.784463][ T8346] uclogic 0003:256C:006D.000F: unknown main item tag 0x0
[  168.788227][ T8346] uclogic 0003:256C:006D.000F: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.6-1/input1
[  168.974113][ T7725] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  168.977787][ T5609] usb 7-1: USB disconnect, device number 9
[  169.133849][ T7725] usb 6-1: Using ep0 maxpacket: 8
[  169.138651][ T7725] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  169.143470][ T7725] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  169.148829][ T7725] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.155062][ T7725] usb 6-1: config 0 descriptor??
[  169.364713][ T7725] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  169.559936][ T9963] loop2: detected capacity change from 0 to 32768
[  169.569767][ T9963] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.571553][ T8346] usb 6-1: USB disconnect, device number 12
[  169.596392][ T9963] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  169.603500][ T9963] XFS (loop2): Starting recovery (logdev: internal)
[  169.610348][ T9963] XFS (loop2): Ending recovery (logdev: internal)
[  169.613534][ T9963] XFS (loop2): Quotacheck needed: Please wait.
[  169.635220][ T9963] XFS (loop2): Quotacheck: Done.
[  169.672107][ T5848] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.841679][ T9989] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1486'.
[  169.917789][ T9997] loop6: detected capacity change from 0 to 22
[  169.920138][ T9997] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  169.924106][ T9999] loop2: detected capacity change from 0 to 128
[  169.926774][ T9997] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  170.011889][T10009] loop6: detected capacity change from 0 to 8
[  170.016307][T10009] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  170.030246][T10009] cramfs: Error -3 while decompressing!
[  170.032298][T10009] cramfs: ffffffff99be35b8(16)->ffff888034808000(4096)
[  170.034147][T10007] loop2: detected capacity change from 0 to 4096
[  170.038144][T10009] cramfs: Error -3 while decompressing!
[  170.041342][T10009] cramfs: ffffffff99be35b8(16)->ffff888034808000(4096)
[  170.043920][   T33] audit: type=1800 audit(1754928062.879:52): pid=10009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1496" name="file0" dev="loop6" ino=244 res=0 errno=0
[  170.131512][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1499'.
[  170.171012][T10018] loop6: detected capacity change from 0 to 256
[  170.177317][T10018] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  170.181144][T10018] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=512, location=512
[  170.184353][T10018] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  170.186808][T10018] UDF-fs: Scanning with blocksize 512 failed
[  170.190115][T10018] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  170.194234][T10018] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  170.440488][T10025] loop6: detected capacity change from 0 to 1024
[  170.487810][ T8114] Bluetooth: hci0: unexpected event for opcode 0x2062
[  170.653856][ T8346] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  170.805388][ T8346] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  170.808589][ T8346] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.812580][ T8346] usb 6-1: config 0 descriptor??
[  171.119061][T10039] loop6: detected capacity change from 0 to 64
[  171.280216][T10041] loop6: detected capacity change from 0 to 32768
[  171.283272][T10041] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1511 (10041)
[  171.289966][T10041] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  171.293386][T10041] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  171.296224][T10041] BTRFS info (device loop6): using free-space-tree
[  171.329193][ T8113] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  171.853094][T10076] loop6: detected capacity change from 0 to 512
[  171.855675][T10076] journal_path: Non-blockdev passed as './bus'
[  171.857791][T10076] EXT4-fs: error: could not find journal device path
[  171.887687][T10079] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1521'.
[  172.023087][T10086] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  172.023087][T10086] The task syz.6.1524 (10086) triggered the difference, watch for misbehavior.
[  172.023670][ T8346] usb 6-1: Cannot set autoneg
[  172.032680][ T8346] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  172.038704][ T8346] usb 6-1: USB disconnect, device number 13
[  172.774786][T10094] loop5: detected capacity change from 0 to 32768
[  172.777673][T10094] (syz.5.1528,10094,1):ocfs2_verify_volume:2316 ERROR: bad system_dir_blkno: 0
[  172.780611][T10094] (syz.5.1528,10094,1):ocfs2_verify_volume:2331 ERROR: status = -22
[  172.783191][T10094] (syz.5.1528,10094,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  172.786138][T10094] (syz.5.1528,10094,1):ocfs2_fill_super:1177 ERROR: status = -22
[  172.825224][T10096] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1529'.
[  172.827998][T10096] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1529'.
[  172.861464][T10098] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1531'.
[  172.865224][T10098] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1531'.
[  172.957648][T10110] loop6: detected capacity change from 0 to 1764
[  172.961539][T10110] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  172.973339][T10110] iso9660: Corrupted directory entry in block 2 of inode 1920
[  173.193811][ T5876] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  173.253840][ T8346] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  173.347225][ T5876] usb 6-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=a5.ed
[  173.350239][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.352978][ T5876] usb 6-1: Product: syz
[  173.354507][ T5876] usb 6-1: Manufacturer: syz
[  173.356045][ T5876] usb 6-1: SerialNumber: syz
[  173.358806][ T5876] usb 6-1: config 0 descriptor??
[  173.361969][ T5876] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  173.365029][ T5876] ftdi_sio ttyUSB0: unknown device type: 0xa5ed
[  173.403948][ T8346] usb 7-1: Using ep0 maxpacket: 32
[  173.408728][ T8346] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  173.411619][ T8346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.415627][ T8346] usb 7-1: config 0 descriptor??
[  173.418941][ T8346] gspca_main: sunplus-2.14.0 probing 041e:400b
[  173.565481][ T5904] usb 6-1: USB disconnect, device number 14
[  173.567995][ T5904] ftdi_sio 6-1:0.0: device disconnected
[  174.348136][T10126] loop5: detected capacity change from 0 to 2048
[  174.360567][T10126] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.376728][T10129] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set
[  174.387189][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.547089][ T8114] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  174.550519][ T8114] Bluetooth: hci0: Injecting HCI hardware error event
[  174.562298][ T5844] Bluetooth: hci0: hardware error 0x00
[  174.637176][T10147] netlink: 'syz.5.1552': attribute type 79 has an invalid length.
[  174.754974][T10158] loop2: detected capacity change from 0 to 1024
[  174.773515][T10158] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.778290][T10158] ext4 filesystem being mounted at /531/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.802562][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.831792][ T8346] gspca_sunplus: reg_w_riv err -71
[  174.833643][ T8346] sunplus 7-1:0.0: probe with driver sunplus failed with error -71
[  174.839317][ T8346] usb 7-1: USB disconnect, device number 10
[  174.874432][T10160] loop5: detected capacity change from 0 to 32768
[  174.893022][T10160] JBD2: Ignoring recovery information on journal
[  174.914270][T10160] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  175.000268][ T8068] ocfs2: Unmounting device (7,5) on (node local)
[  175.000897][T10176] loop2: detected capacity change from 0 to 512
[  175.019520][T10176] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.1563: invalid block
[  175.025048][T10176] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1563: invalid indirect mapped block 4294967295 (level 1)
[  175.030323][T10176] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1563: invalid indirect mapped block 4294967295 (level 1)
[  175.035728][T10176] EXT4-fs (loop2): 2 truncates cleaned up
[  175.041382][T10176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.051665][T10176] EXT4-fs error (device loop2): empty_inline_dir:1760: inode #12: block 7: comm syz.2.1563: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0
[  175.061658][T10176] EXT4-fs warning (device loop2): empty_inline_dir:1767: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60
[  175.532918][T10191] bond0: entered promiscuous mode
[  175.534915][T10191] bond_slave_0: entered promiscuous mode
[  175.537254][T10191] bond_slave_1: entered promiscuous mode
[  176.399245][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.519120][T10208] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  176.626480][ T5844] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  176.715402][T10221] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'.
[  176.722502][T10219] loop5: detected capacity change from 0 to 2048
[  176.746204][T10219] EXT4-fs: Ignoring removed bh option
[  176.800520][T10219] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.835981][   T33] audit: type=1800 audit(1754928069.679:53): pid=10217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1580" name="file1" dev="loop5" ino=15 res=0 errno=0
[  176.860922][T10217] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  176.871397][T10217] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28
[  176.876723][T10217] EXT4-fs (loop5): This should not happen!! Data will be lost
[  176.876723][T10217] 
[  176.881980][T10217] EXT4-fs (loop5): Total free blocks count 0
[  176.887264][T10217] EXT4-fs (loop5): Free/Dirty block details
[  176.889726][T10217] EXT4-fs (loop5): free_blocks=2415919104
[  176.891958][T10217] EXT4-fs (loop5): dirty_blocks=656
[  176.893646][T10217] EXT4-fs (loop5): Block reservation details
[  176.904113][T10217] EXT4-fs (loop5): i_reserved_data_blocks=41
[  176.940029][ T1091] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  177.047245][T10253] loop6: detected capacity change from 0 to 256
[  177.058487][T10253] FAT-fs (loop6): Directory bread(block 64) failed
[  177.060633][T10253] FAT-fs (loop6): Directory bread(block 65) failed
[  177.062858][T10253] FAT-fs (loop6): Directory bread(block 66) failed
[  177.065159][T10253] FAT-fs (loop6): Directory bread(block 67) failed
[  177.067324][T10253] FAT-fs (loop6): Directory bread(block 68) failed
[  177.069455][T10253] FAT-fs (loop6): Directory bread(block 69) failed
[  177.071719][T10253] FAT-fs (loop6): Directory bread(block 70) failed
[  177.075571][T10253] FAT-fs (loop6): Directory bread(block 71) failed
[  177.078034][T10253] FAT-fs (loop6): Directory bread(block 72) failed
[  177.080044][T10253] FAT-fs (loop6): Directory bread(block 73) failed
[  177.098464][   T33] audit: type=1800 audit(1754928069.939:54): pid=10253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1596" name="file2" dev="loop6" ino=1048638 res=0 errno=0
[  177.108271][T10247] loop5: detected capacity change from 0 to 40427
[  177.112734][T10247] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  177.115360][T10247] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  177.119088][T10247] F2FS-fs (loop5): invalid crc value
[  177.143433][T10258] loop6: detected capacity change from 0 to 16
[  177.149451][T10247] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  177.151808][T10258] erofs (device loop6): mounted with root inode @ nid 36.
[  177.153082][T10247] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  177.156985][T10247] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  177.303836][ T5904] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  177.504382][ T5904] usb 3-1: Using ep0 maxpacket: 32
[  177.522456][ T5904] usb 3-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice= c.62
[  177.526786][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.573147][ T5904] usb 3-1: config 0 descriptor??
[  177.585849][ T5904] gspca_main: sunplus-2.14.0 probing 052b:1803
[  177.786481][ T5904] gspca_sunplus: reg_r err -71
[  177.788449][ T5904] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  177.795150][ T5904] usb 3-1: USB disconnect, device number 23
[  177.909718][T10267] loop6: detected capacity change from 0 to 512
[  177.917010][T10267] EXT4-fs: Mount option(s) incompatible with ext3
[  178.000398][T10268] kAFS: No cell specified
[  178.583848][ T5904] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  178.739263][ T5904] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  178.748631][ T5904] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  178.751991][ T5904] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  178.759958][ T5904] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.779162][T10272] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  178.796359][ T5904] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  179.024655][ T5876] usb 6-1: USB disconnect, device number 15
[  179.414948][T10287] loop6: detected capacity change from 0 to 2048
[  179.421287][T10287] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  179.472331][T10287] syz.6.1607: attempt to access beyond end of device
[  179.472331][T10287] loop6: rw=2049, sector=2114, nr_sectors = 128 limit=2048
[  180.181851][T10301] loop2: detected capacity change from 0 to 4096
[  180.252111][T10303] cgroup: Unknown subsys name 'cpuset'
[  180.296428][T10301] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  180.436500][T10301] ntfs3(loop2): Inode r=19 is not in use!
[  180.438553][T10301] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  180.443029][T10301] ntfs3(loop2): Failed to initialize $Extend/$Reparse.
[  182.113497][T10346] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  182.512894][T10364] binder: 10363:10364 ioctl c018620c 200000000040 returned -22
[  182.625689][T10373] loop2: detected capacity change from 0 to 512
[  182.630626][T10373] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  182.644613][T10373] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  182.653054][T10373] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.1645: corrupted in-inode xattr: e_value size too large
[  182.669747][T10373] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1645: couldn't read orphan inode 15 (err -117)
[  182.678816][T10373] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.683104][T10383] loop5: detected capacity change from 0 to 256
[  182.688600][T10383] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  182.691419][   T33] audit: type=1800 audit(1754928075.529:55): pid=10373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1645" name="bus" dev="loop2" ino=18 res=0 errno=0
[  182.692042][T10383] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  182.712978][T10383] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  182.736979][T10373] loop2: detected capacity change from 512 to 64
[  182.745799][T10373] syz.2.1645: attempt to access beyond end of device
[  182.745799][T10373] loop2: rw=34817, sector=120, nr_sectors = 236 limit=64
[  182.764542][ T5848] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=201326592, rec_len=256, size=1024 fake=0
[  182.775551][T10389] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1653'.
[  182.828999][ T5848] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.095757][ T8346] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  183.101375][ T5856] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.200154][ T5856] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.264802][ T8346] usb 7-1: Using ep0 maxpacket: 8
[  183.266771][ T5856] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.269773][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  183.274064][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  183.277209][ T8346] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  183.280307][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  183.283441][ T8346] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  183.287328][ T8346] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  183.289654][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  183.290204][ T8346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.292701][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  183.296532][ T8346] usb 7-1: config 0 descriptor??
[  183.314623][ T5844] Bluetooth: hci2: urb ffff888038025900 submission failed (90)
[  183.335971][ T5856] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.386777][ T8114] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  183.396949][ T8114] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  183.401694][ T8114] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  183.406479][ T8114] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  183.410177][ T8114] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  183.534031][ T5856] bridge_slave_1: left allmulticast mode
[  183.536214][ T5856] bridge_slave_1: left promiscuous mode
[  183.539357][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.553554][   T10] usb 7-1: USB disconnect, device number 11
[  183.557395][ T5856] bridge_slave_0: left allmulticast mode
[  183.559197][ T5856] bridge_slave_0: left promiscuous mode
[  183.561192][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.902028][ T5856] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.906204][ T5856] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.914196][ T5856] bond0 (unregistering): Released all slaves
[  185.014078][ T5856] tipc: Left network mode
[  185.035969][T10411] chnl_net:caif_netlink_parms(): no params data found
[  185.109808][T10428] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1668'.
[  185.200566][T10411] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.202908][T10411] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.210107][T10411] bridge_slave_0: entered allmulticast mode
[  185.213955][T10411] bridge_slave_0: entered promiscuous mode
[  185.270223][T10411] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.273135][T10411] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.276697][T10411] bridge_slave_1: entered allmulticast mode
[  185.279926][T10411] bridge_slave_1: entered promiscuous mode
[  185.321875][T10411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.328998][T10411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.336165][ T5856] hsr_slave_0: left promiscuous mode
[  185.344595][ T5856] hsr_slave_1: left promiscuous mode
[  185.347002][ T5856] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.350049][ T5856] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.352483][ T5856] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.362250][ T5856] veth1_macvtap: left promiscuous mode
[  185.365092][ T5856] veth0_macvtap: left promiscuous mode
[  185.366962][ T5856] veth1_vlan: left promiscuous mode
[  185.368886][ T5856] veth0_vlan: left promiscuous mode
[  185.418121][   T33] audit: type=1326 audit(1754928078.259:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10449 comm="syz.5.1676" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa471d8ebe9 code=0x0
[  185.513984][ T5844] Bluetooth: hci3: command tx timeout
[  185.678101][ T5856] team0 (unregistering): Port device team_slave_1 removed
[  185.705572][ T5856] team0 (unregistering): Port device team_slave_0 removed
[  186.014173][T10411] team0: Port device team_slave_0 added
[  186.017335][T10411] team0: Port device team_slave_1 added
[  186.035361][T10411] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.037556][T10411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.047519][T10411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  186.053631][T10411] batman_adv: batadv0: Adding interface: batadv_slave_1
[  186.060618][T10411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.081748][T10411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  186.144563][T10411] hsr_slave_0: entered promiscuous mode
[  186.149233][T10411] hsr_slave_1: entered promiscuous mode
[  186.288386][T10461] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.1681'.
[  186.318232][T10411] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  186.323471][T10411] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  186.333173][T10411] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  186.340435][T10411] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  186.382857][T10473] netlink: 'syz.5.1684': attribute type 1 has an invalid length.
[  186.401611][T10411] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.419475][T10411] 8021q: adding VLAN 0 to HW filter on device team0
[  186.432861][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.435284][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.441841][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.444246][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.563049][T10476] loop5: detected capacity change from 0 to 32768
[  186.567083][T10476] bcachefs (/dev/loop5): error validating superblock: Invalid superblock section replicas_v0: invalid device 1 in entry user: 1/255 [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 3 3 4 5 5 5 5 5 5 6 6 6 6 8 8 10 11 32 33 83 108]
[  186.567083][T10476] replicas_v0 (size 24):
[  186.567083][T10476] btree: 1 [0] journal: 1 [0] user: 255 [0 0 0 0 0 0 0 0 108 1 0 0 6 0 0 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 1 0 1 0 5 0 0 0 8 0 0 0 0 0 0 0 1 0 2 0 5 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 3 5 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 6 0 0 0 0 11 0 0 0 0 0 0 3 1 1 0 0 0 0 0 2 
[  186.567209][T10476] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  186.568794][T10411] 8021q: adding VLAN 0 to HW filter on device batadv0
[  186.706172][T10488] loop5: detected capacity change from 0 to 2048
[  186.710567][T10488] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  186.731169][T10411] veth0_vlan: entered promiscuous mode
[  186.737058][T10411] veth1_vlan: entered promiscuous mode
[  186.755984][T10490] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  186.758291][T10490] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  186.763163][T10411] veth0_macvtap: entered promiscuous mode
[  186.770986][T10411] veth1_macvtap: entered promiscuous mode
[  186.781993][T10411] batman_adv: batadv0: Interface activated: batadv_slave_0
[  186.786465][T10490] vhci_hcd vhci_hcd.0: Device attached
[  186.797670][T10491] vhci_hcd: connection closed
[  186.797772][T10411] batman_adv: batadv0: Interface activated: batadv_slave_1
[  186.802688][ T5856] vhci_hcd: stop threads
[  186.806139][ T5856] vhci_hcd: release socket
[  186.810664][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.813960][ T5856] vhci_hcd: disconnect device
[  186.815751][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.819703][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.829940][ T5856] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.876855][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.879401][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.896630][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.899147][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.584056][ T5844] Bluetooth: hci3: command tx timeout
[  187.692299][T10543] loop5: detected capacity change from 0 to 512
[  187.697755][T10543] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.1710: casefold flag without casefold feature
[  187.701731][T10543] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.1710: couldn't read orphan inode 15 (err -117)
[  187.706498][T10543] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.732612][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.891424][T10560] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1718'.
[  187.896140][T10560] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1718'.
[  187.900041][T10561] tipc: Invalid UDP bearer configuration
[  187.900075][T10561] tipc: Enabling of bearer <udp:3> rejected, failed to enable media
[  188.294626][  T793] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  188.443827][  T793] usb 8-1: Using ep0 maxpacket: 16
[  188.447022][  T793] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  188.449717][  T793] usb 8-1: config 0 has no interface number 0
[  188.454095][  T793] usb 8-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  188.457254][  T793] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.460480][  T793] usb 8-1: Product: syz
[  188.461994][  T793] usb 8-1: Manufacturer: syz
[  188.463595][  T793] usb 8-1: SerialNumber: syz
[  188.467211][  T793] usb 8-1: config 0 descriptor??
[  188.470755][  T793] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  188.882414][T10585] kernel read not supported for file /cpuacct.usage_percpu (pid: 10585 comm: syz.5.1728)
[  188.886393][   T33] audit: type=1800 audit(1754928081.729:57): pid=10585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1728" name="cpuacct.usage_percpu" dev="mqueue" ino=24193 res=0 errno=0
[  189.037712][T10597] sch_tbf: burst 19872 is lower than device lo mtu (39799) !
[  189.087864][T10599] loop5: detected capacity change from 0 to 1024
[  189.090622][T10599] EXT4-fs: Ignoring removed orlov option
[  189.107213][T10599] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.140544][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.663863][ T5844] Bluetooth: hci3: command tx timeout
[  189.915549][  T793] gspca_spca1528: reg_w err -71
[  189.917607][  T793] spca1528 8-1:0.1: probe with driver spca1528 failed with error -71
[  189.921130][  T793] usb 8-1: USB disconnect, device number 2
[  190.143959][ T5904] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  190.305725][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.309569][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.320778][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  190.325765][ T5904] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  190.329899][ T5904] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.385086][ T5904] usb 7-1: config 0 descriptor??
[  190.412525][T10638] bridge0: port 3(ipvlan2) entered blocking state
[  190.415586][T10638] bridge0: port 3(ipvlan2) entered disabled state
[  190.418513][T10638] ipvlan2: entered allmulticast mode
[  190.420769][T10638] bridge0: entered allmulticast mode
[  190.425110][T10638] ipvlan2: left allmulticast mode
[  190.427479][T10638] bridge0: left allmulticast mode
[  190.692889][T10652] loop7: detected capacity change from 0 to 32768
[  190.703681][T10652] JBD2: Ignoring recovery information on journal
[  190.721279][T10652] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  190.760162][T10411] ocfs2: Unmounting device (7,7) on (node local)
[  190.795342][ T5904] plantronics 0003:047F:FFFF.0010: reserved main item tag 0xd
[  190.800460][ T5904] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  190.837535][ T5890] IPVS: starting estimator thread 0...
[  190.923890][T10659] IPVS: using max 79 ests per chain, 189600 per kthread
[  190.967088][T10673] netlink: 392 bytes leftover after parsing attributes in process `syz.5.1768'.
[  190.997143][ T5876] usb 7-1: USB disconnect, device number 12
[  191.123862][ T5890] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[  191.224170][ T5904] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  191.276165][ T5890] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  191.280015][ T5890] usb 8-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00
[  191.283371][ T5890] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.287314][ T5890] usb 8-1: config 0 descriptor??
[  191.373878][ T5904] usb 6-1: Using ep0 maxpacket: 32
[  191.377083][ T5904] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.380327][ T5904] usb 6-1: config 0 interface 0 altsetting 16 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  191.384172][ T5904] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  191.387753][ T5904] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x8F has invalid wMaxPacketSize 0
[  191.390964][ T5904] usb 6-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  191.395106][ T5904] usb 6-1: config 0 interface 0 has no altsetting 0
[  191.397229][ T5904] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  191.400181][ T5904] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.405047][ T5904] usb 6-1: config 0 descriptor??
[  191.695467][ T5890] sigmamicro 0003:1C4F:0059.0011: unknown main item tag 0x3
[  191.699039][ T5890] sigmamicro 0003:1C4F:0059.0011: hidraw0: USB HID v0.05 Device [HID 1c4f:0059] on usb-dummy_hcd.7-1/input0
[  191.744165][ T5844] Bluetooth: hci3: command tx timeout
[  191.814338][ T5904] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  191.817152][ T5904] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  191.819974][ T5904] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  191.822876][ T5904] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  191.825842][ T5904] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  191.829651][ T5904] hid-thrustmaster 0003:044F:B65D.0012: hidraw1: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.5-1/input0
[  191.833784][ T5904] hid-thrustmaster 0003:044F:B65D.0012: setup data couldn't be sent
[  191.895254][ T5890] usb 8-1: USB disconnect, device number 3
[  192.017695][    C1] hid-thrustmaster 0003:044F:B65D.0012: URB to get model id failed with error -71
[  192.018159][ T5876] usb 6-1: USB disconnect, device number 16
[  192.546677][T10690] loop5: detected capacity change from 0 to 1024
[  192.693869][ T5876] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  192.963860][ T5876] usb 8-1: Using ep0 maxpacket: 16
[  192.968000][ T5876] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  192.971892][ T5876] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  192.975246][ T5876] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.979803][ T5876] usb 8-1: config 0 descriptor??
[  193.013876][ T5890] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  193.163770][ T5890] usb 7-1: Using ep0 maxpacket: 32
[  193.167386][ T5890] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[  193.170534][ T5890] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  193.173471][ T5890] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  193.176835][ T5890] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[  193.179825][ T5890] usb 7-1: config 1 has no interface number 0
[  193.181939][ T5890] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  193.185150][ T5890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.193116][ T5890] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[  193.398167][ T5876] mcp2221 0003:04D8:00DD.0013: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0
[  193.410140][ T5890] snd_usb_pod 7-1:1.1: set_interface failed
[  193.412344][ T5890] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[  193.414864][ T5890] snd_usb_pod 7-1:1.1: probe with driver snd_usb_pod failed with error -71
[  193.418787][ T5890] usb 7-1: USB disconnect, device number 13
[  193.434251][ T1091] hfsplus: b-tree write err: -5, ino 4
[  193.754680][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  193.756704][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  193.849512][ T5904] usb 8-1: USB disconnect, device number 4
[  193.966625][T10709] loop6: detected capacity change from 0 to 256
[  193.975560][T10709] FAT-fs (loop6): Directory bread(block 64) failed
[  193.977839][T10709] FAT-fs (loop6): Directory bread(block 65) failed
[  193.980003][T10709] FAT-fs (loop6): Directory bread(block 66) failed
[  193.982185][T10709] FAT-fs (loop6): Directory bread(block 67) failed
[  193.984826][T10709] FAT-fs (loop6): Directory bread(block 68) failed
[  193.986982][T10709] FAT-fs (loop6): Directory bread(block 69) failed
[  193.989859][T10709] FAT-fs (loop6): Directory bread(block 70) failed
[  193.992037][T10709] FAT-fs (loop6): Directory bread(block 71) failed
[  193.996262][T10709] FAT-fs (loop6): Directory bread(block 72) failed
[  193.998375][T10709] FAT-fs (loop6): Directory bread(block 73) failed
[  194.061713][   T33] audit: type=1326 audit(1754928086.899:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.074571][   T33] audit: type=1326 audit(1754928086.899:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.083207][   T33] audit: type=1326 audit(1754928086.909:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.091731][   T33] audit: type=1326 audit(1754928086.909:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.100027][   T33] audit: type=1326 audit(1754928086.909:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.107672][   T33] audit: type=1326 audit(1754928086.909:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.116232][   T33] audit: type=1326 audit(1754928086.909:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.123314][   T33] audit: type=1326 audit(1754928086.909:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10712 comm="syz.6.1784" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78b7b8ebe9 code=0x7ffc0000
[  194.451469][T10734] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  194.470295][T10736] loop7: detected capacity change from 0 to 128
[  194.487016][ T7725] Process accounting resumed
[  194.489580][ T7725] FAT-fs (loop7): error, corrupted file size (i_pos 548, 512)
[  194.494834][ T7725] FAT-fs (loop7): Filesystem has been set read-only
[  194.542200][T10742] loop5: detected capacity change from 0 to 256
[  194.547259][T10742] exfat: Deprecated parameter 'utf8'
[  194.551504][T10742] exfat: Deprecated parameter 'namecase'
[  194.553346][T10742] exfat: Deprecated parameter 'namecase'
[  194.556315][T10742] exfat: Deprecated parameter 'utf8'
[  194.567756][T10742] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012153, chksum : 0x8212fc2e, utbl_chksum : 0xe619d30d)
[  194.662179][T10746] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1800'.
[  194.756308][T10759] dummy0: entered allmulticast mode
[  194.974535][ T7725] usb 7-1: new low-speed USB device number 14 using dummy_hcd
[  195.152795][ T7725] usb 7-1: config index 0 descriptor too short (expected 36, got 30)
[  195.158505][ T7725] usb 7-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[  195.162256][ T7725] usb 7-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  195.167483][ T7725] usb 7-1: config 0 interface 0 has no altsetting 0
[  195.171886][ T7725] usb 7-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00
[  195.176229][ T7725] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.182996][ T7725] usb 7-1: config 0 descriptor??
[  195.189343][ T7725] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  195.389914][ T5876] usb 7-1: USB disconnect, device number 14
[  195.493889][ T7725] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  195.664083][ T7725] usb 6-1: Using ep0 maxpacket: 8
[  195.667361][ T7725] usb 6-1: config 0 has an invalid interface number: 94 but max is 0
[  195.673767][ T7725] usb 6-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config
[  195.677082][ T7725] usb 6-1: config 0 has no interface number 0
[  195.679623][ T7725] usb 6-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= e.fd
[  195.682512][ T7725] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.687287][ T7725] usb 6-1: config 0 descriptor??
[  195.693139][ T7725] bfusb 6-1:0.94: probe with driver bfusb failed with error -5
[  195.967576][ T5876] usb 6-1: USB disconnect, device number 17
[  196.116227][T10794] No buffer was provided with the request
[  196.153972][T10796] loop6: detected capacity change from 0 to 4096
[  196.165501][T10797] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  196.461005][T10806] loop6: detected capacity change from 0 to 40427
[  196.465905][T10806] F2FS-fs (loop6): invalid crc value
[  196.499231][T10806] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  196.502553][T10806] F2FS-fs (loop6): Start checkpoint disabled!
[  196.509883][T10806] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  196.521655][T10806] syz.6.1827: attempt to access beyond end of device
[  196.521655][T10806] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  196.541853][ T8421] kworker/u9:5: attempt to access beyond end of device
[  196.541853][ T8421] loop6: rw=1, sector=45104, nr_sectors = 8 limit=40427
[  196.549685][ T8421] kworker/u9:5: attempt to access beyond end of device
[  196.549685][ T8421] loop6: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  196.556141][ T8421] CPU: 0 UID: 0 PID: 8421 Comm: kworker/u9:5 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  196.556153][ T8421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  196.556159][ T8421] Workqueue: writeback wb_workfn (flush-7:6)
[  196.556175][ T8421] Call Trace:
[  196.556178][ T8421]  <TASK>
[  196.556182][ T8421]  dump_stack_lvl+0x189/0x250
[  196.556197][ T8421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  196.556206][ T8421]  ? __pfx_queue_work_on+0x10/0x10
[  196.556214][ T8421]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  196.556224][ T8421]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  196.556238][ T8421]  f2fs_handle_critical_error+0x37c/0x540
[  196.556254][ T8421]  f2fs_write_end_io+0x886/0xb60
[  196.556283][ T8421]  __submit_merged_bio+0x27a/0x6a0
[  196.556302][ T8421]  __submit_merged_write_cond+0x255/0x530
[  196.556318][ T8421]  f2fs_write_data_pages+0x261d/0x3000
[  196.556358][ T8421]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  196.556380][ T8421]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  196.556423][ T8421]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  196.556448][ T8421]  ? trace_f2fs_writepages+0x7f/0x200
[  196.556463][ T8421]  ? f2fs_write_node_pages+0x478/0x6e0
[  196.556489][ T8421]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  196.556506][ T8421]  do_writepages+0x32e/0x550
[  196.556525][ T8421]  ? reacquire_held_locks+0x127/0x1d0
[  196.556537][ T8421]  ? writeback_sb_inodes+0x384/0x1010
[  196.556559][ T8421]  __writeback_single_inode+0x145/0xff0
[  196.556573][ T8421]  ? do_raw_spin_unlock+0x4d/0x240
[  196.556611][ T8421]  writeback_sb_inodes+0x6c7/0x1010
[  196.556623][ T8421]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.556658][ T8421]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  196.556705][ T8421]  ? rcu_is_watching+0x15/0xb0
[  196.556726][ T8421]  wb_writeback+0x43b/0xaf0
[  196.556744][ T8421]  ? queue_io+0x391/0x590
[  196.556755][ T8421]  ? __pfx_wb_writeback+0x10/0x10
[  196.556768][ T8421]  ? _raw_spin_unlock_irq+0x23/0x50
[  196.556778][ T8421]  wb_workfn+0x409/0xef0
[  196.556793][ T8421]  ? __pfx_wb_workfn+0x10/0x10
[  196.556809][ T8421]  ? __lock_acquire+0xab9/0xd20
[  196.556835][ T8421]  ? process_scheduled_works+0x9ef/0x17b0
[  196.556851][ T8421]  ? _raw_spin_unlock_irq+0x23/0x50
[  196.556862][ T8421]  ? process_scheduled_works+0x9ef/0x17b0
[  196.556873][ T8421]  ? process_scheduled_works+0x9ef/0x17b0
[  196.556885][ T8421]  process_scheduled_works+0xae1/0x17b0
[  196.556914][ T8421]  ? __pfx_process_scheduled_works+0x10/0x10
[  196.556935][ T8421]  worker_thread+0x8a0/0xda0
[  196.556945][ T8421]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  196.556963][ T8421]  ? __kthread_parkme+0x7b/0x200
[  196.556984][ T8421]  kthread+0x711/0x8a0
[  196.557001][ T8421]  ? __pfx_worker_thread+0x10/0x10
[  196.557012][ T8421]  ? __pfx_kthread+0x10/0x10
[  196.557033][ T8421]  ? _raw_spin_unlock_irq+0x23/0x50
[  196.557045][ T8421]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.557057][ T8421]  ? __pfx_kthread+0x10/0x10
[  196.557071][ T8421]  ret_from_fork+0x3fc/0x770
[  196.557086][ T8421]  ? __pfx_ret_from_fork+0x10/0x10
[  196.557121][ T8421]  ? __switch_to_asm+0x39/0x70
[  196.557137][ T8421]  ? __switch_to_asm+0x33/0x70
[  196.557149][ T8421]  ? __pfx_kthread+0x10/0x10
[  196.557164][ T8421]  ret_from_fork_asm+0x1a/0x30
[  196.557182][ T8421]  </TASK>
[  196.558740][ T8421] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  197.039188][T10826] netlink: 'syz.7.1836': attribute type 64 has an invalid length.
[  197.186022][T10844] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  197.228114][T10849] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993
[  197.838950][   T33] audit: type=1400 audit(1754928090.679:66): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A30206B420A4C617A79467265653A202020202020202020202020202030206B420A416E6F6E4875676550616765733A20202020202020202030206B420A53686D656D506D644D61707065643A202020202020202030206B420A46696C65506D644D61707065643A20202020202020202030206B420A5368617265645F48756765746C623A202020202020202030206B420A507269766174 pid=10883 comm="syz.6.1860"
[  197.942669][T10890] loop6: detected capacity change from 0 to 4096
[  197.955287][T10890] ntfs3(loop6): ino=19, mi_enum_attr
[  197.957189][T10890] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  198.080726][T10893] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1864'.
[  198.373458][T10913] loop5: detected capacity change from 0 to 1024
[  198.697250][T10932] delete_channel: no stack
[  198.765907][T10938] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1884'.
[  198.771358][T10938] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  199.166818][T10962] loop5: detected capacity change from 0 to 32768
[  199.182895][T10962] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.205445][T10962] XFS (loop5): Ending clean mount
[  199.262001][ T8068] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.613874][ T7725] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  199.773799][ T7725] usb 6-1: Using ep0 maxpacket: 32
[  199.778441][ T7725] usb 6-1: config 8 has an invalid interface number: 203 but max is 0
[  199.787435][ T7725] usb 6-1: config 8 has no interface number 0
[  199.791979][ T7725] usb 6-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  199.799061][ T7725] usb 6-1: config 8 interface 203 has no altsetting 0
[  199.807467][ T7725] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  199.810378][ T7725] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.813010][ T7725] usb 6-1: Product: syz
[  199.814501][ T7725] usb 6-1: Manufacturer: syz
[  199.816177][ T7725] usb 6-1: SerialNumber: syz
[  199.829804][T10982] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  200.045661][ T7725] port100 6-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint
[  200.054399][ T7725] usb 6-1: USB disconnect, device number 18
[  200.993991][   T33] audit: type=1400 audit(1754928093.729:67): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=11018 comm="syz.5.1920"
[  201.489594][T11042] loop5: detected capacity change from 0 to 256
[  201.723922][ T8346] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  201.892761][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.899156][ T8346] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.902253][ T8346] usb 7-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  201.907713][ T8346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.915464][ T8346] usb 7-1: config 0 descriptor??
[  202.535220][ T8346] hid-led 0003:27B8:01ED.0014: probe with driver hid-led failed with error -71
[  202.549941][ T8346] usb 7-1: USB disconnect, device number 15
[  202.973796][ T5904] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  203.076466][T11067] loop6: detected capacity change from 0 to 16
[  203.081767][T11067] erofs (device loop6): mounted with root inode @ nid 36.
[  203.133798][ T5904] usb 6-1: Using ep0 maxpacket: 16
[  203.137376][ T5904] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  203.140466][ T5904] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  203.144372][ T5904] usb 6-1: config 0 has no interface number 0
[  203.148970][ T5904] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  203.161986][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.165142][ T5904] usb 6-1: Product: syz
[  203.166705][ T5904] usb 6-1: Manufacturer: syz
[  203.168527][ T5904] usb 6-1: SerialNumber: syz
[  203.172211][ T5904] usb 6-1: config 0 descriptor??
[  203.179154][ T5904] usb 6-1: Found UVC 0.00 device syz (046d:08f3)
[  203.181279][ T5904] usb 6-1: No valid video chain found.
[  203.228209][T11077] loop6: detected capacity change from 0 to 128
[  203.235025][T11077] FAT-fs (loop6): Directory bread(block 32) failed
[  203.237320][T11077] FAT-fs (loop6): Directory bread(block 33) failed
[  203.243854][T11077] FAT-fs (loop6): Directory bread(block 34) failed
[  203.246174][T11077] FAT-fs (loop6): Directory bread(block 35) failed
[  203.254458][T11077] FAT-fs (loop6): Directory bread(block 36) failed
[  203.256738][T11077] FAT-fs (loop6): Directory bread(block 37) failed
[  203.258950][T11077] FAT-fs (loop6): Directory bread(block 38) failed
[  203.261100][T11077] FAT-fs (loop6): Directory bread(block 39) failed
[  203.263633][T11077] FAT-fs (loop6): Directory bread(block 40) failed
[  203.266292][T11077] FAT-fs (loop6): Directory bread(block 41) failed
[  203.385392][ T5904] usb 6-1: USB disconnect, device number 19
[  203.783858][ T8346] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  203.916238][T11094] geneve2: entered promiscuous mode
[  203.918023][T11094] geneve2: entered allmulticast mode
[  203.934770][ T8346] usb 7-1: Using ep0 maxpacket: 16
[  203.939632][ T8346] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  203.942384][ T8346] usb 7-1: config 0 has no interface number 0
[  203.946102][ T8346] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.949959][ T8346] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.953659][ T8346] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  203.956786][ T8346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.962047][ T8346] usb 7-1: config 0 descriptor??
[  204.009815][T11098] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1955'.
[  204.570173][ T8346] uclogic 0003:28BD:0071.0015: pen parameters not found
[  204.572956][ T8346] uclogic 0003:28BD:0071.0015: interface is invalid, ignoring
[  204.777797][ T5904] usb 7-1: USB disconnect, device number 16
[  204.909775][T11126] sctp: [Deprecated]: syz.7.1969 (pid 11126) Use of int in maxseg socket option.
[  204.909775][T11126] Use struct sctp_assoc_value instead
[  205.305037][T11150] netlink: 51 bytes leftover after parsing attributes in process `syz.6.1980'.
[  205.435037][T11160] netlink: 'syz.6.1985': attribute type 2 has an invalid length.
[  206.708903][T11202] loop6: detected capacity change from 0 to 8192
[  207.473851][ T5876] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  207.643883][ T5876] usb 6-1: Using ep0 maxpacket: 8
[  207.648600][ T5876] usb 6-1: config 127 has an invalid interface number: 171 but max is 1
[  207.651412][ T5876] usb 6-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  207.661518][ T5876] usb 6-1: config 127 has no interface number 1
[  207.663680][ T5876] usb 6-1: config 127 interface 171 has no altsetting 0
[  207.673296][ T5876] usb 6-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  207.676399][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.679347][ T5876] usb 6-1: Product: syz
[  207.680887][ T5876] usb 6-1: Manufacturer: syz
[  207.682626][ T5876] usb 6-1: SerialNumber: syz
[  207.900800][ T5876] xr_serial 6-1:127.171: xr_serial converter detected
[  207.906713][ T5876] xr_serial ttyUSB0: Failed to set reg 0x1a: -71
[  207.908756][ T5876] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  207.912759][ T5876] usb 6-1: USB disconnect, device number 20
[  207.917470][ T5876] xr_serial 6-1:127.171: device disconnected
[  208.181584][T11280] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2040'.
[  208.210853][T11284] loop6: detected capacity change from 0 to 2048
[  208.216466][T11284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  208.429698][T11299] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2049'.
[  208.457427][T11303] loop5: detected capacity change from 0 to 512
[  208.460798][T11303] EXT4-fs (loop5): Invalid default hash set in the superblock
[  208.508635][T11299] nbd: socks must be embedded in a SOCK_ITEM attr
[  210.855877][T11381] 9pnet_virtio: no channels available for device syz
[  211.958839][T11402] loop5: detected capacity change from 0 to 32768
[  211.979045][T11402] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  212.008503][T11402] XFS (loop5): Ending clean mount
[  212.013624][T11402] XFS (loop5): Quotacheck needed: Please wait.
[  212.037327][T11402] XFS (loop5): Quotacheck: Done.
[  212.039396][T11434] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2101'.
[  212.045667][T11434] netlink: 43 bytes leftover after parsing attributes in process `syz.7.2101'.
[  212.048470][T11434] netlink: 'syz.7.2101': attribute type 5 has an invalid length.
[  212.063892][T11434] netlink: 43 bytes leftover after parsing attributes in process `syz.7.2101'.
[  212.142041][   T33] audit: type=1800 audit(1754928104.909:68): pid=11402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2089" name="file1" dev="loop5" ino=9286 res=0 errno=0
[  212.149198][   T33] audit: type=1800 audit(1754928104.929:69): pid=11402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2089" name="file1" dev="loop5" ino=9286 res=0 errno=0
[  212.515285][ T8068] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  213.215443][   T10] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  213.365967][   T10] usb 6-1: config 0 has an invalid interface number: 39 but max is 0
[  213.369430][   T10] usb 6-1: config 0 has no interface number 0
[  213.371970][   T10] usb 6-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid maxpacket 2047, setting to 64
[  213.381116][   T10] usb 6-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  213.385064][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.388367][   T10] usb 6-1: Product: syz
[  213.390089][   T10] usb 6-1: Manufacturer: syz
[  213.392032][   T10] usb 6-1: SerialNumber: syz
[  213.398729][   T10] usb 6-1: config 0 descriptor??
[  213.401613][T11460] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  213.423063][T11476] loop6: detected capacity change from 0 to 4096
[  213.427427][T11476] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  213.430975][T11476] EXT4-fs (loop6): group descriptors corrupted!
[  213.623373][   T10] usb 6-1: USB disconnect, device number 21
[  213.635282][T11484] loop6: detected capacity change from 0 to 2048
[  213.639575][T11484] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  213.651929][T11484] overlayfs: upper fs needs to support d_type.
[  213.657159][T11484] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  213.659401][T11484] overlayfs: failed to set xattr on upper
[  213.661202][T11484] overlayfs: ...falling back to redirect_dir=nofollow.
[  213.663316][T11484] overlayfs: ...falling back to index=off.
[  213.681434][ T8113] UDF-fs: error (device loop6): udf_read_inode: (ino 1317) failed !bh
[  213.685229][ T8113] UDF-fs: error (device loop6): udf_read_inode: (ino 1317) failed !bh
[  213.805086][T11488] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000000005
[  214.184742][T11494] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2129'.
[  214.187755][T11493] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2129'.
[  214.190685][T11493] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2129'.
[  214.196053][T11493] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2129'.
[  214.224200][ T8114] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  214.228637][ T8114] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  214.231447][ T8114] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  214.236161][ T8114] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  214.239233][ T8114] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  214.342388][    T9] libceph: connect (1)[c::]:6789 error -101
[  214.344821][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  214.352634][T11495] chnl_net:caif_netlink_parms(): no params data found
[  214.405332][T11495] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.407665][T11495] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.410071][T11495] bridge_slave_0: entered allmulticast mode
[  214.412737][T11495] bridge_slave_0: entered promiscuous mode
[  214.417437][T11495] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.421409][T11495] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.423839][T11495] bridge_slave_1: entered allmulticast mode
[  214.426619][T11495] bridge_slave_1: entered promiscuous mode
[  214.457370][T11495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.461830][T11495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.485475][T11503] ceph: No mds server is up or the cluster is laggy
[  214.493549][T11495] team0: Port device team_slave_0 added
[  214.507654][T11495] team0: Port device team_slave_1 added
[  214.541735][T11495] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.545897][T11495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.555168][T11495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.559856][T11495] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.561976][T11495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.572136][T11495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  214.599406][T11495] hsr_slave_0: entered promiscuous mode
[  214.601795][T11495] hsr_slave_1: entered promiscuous mode
[  214.605327][T11495] debugfs: 'hsr0' already exists in 'hsr'
[  214.607205][T11495] Cannot create hsr debugfs directory
[  214.703876][ T8114] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  214.746086][ T8114] Bluetooth: hci1: Injecting HCI hardware error event
[  214.752766][ T8114] Bluetooth: hci1: hardware error 0x00
[  214.862853][T11495] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  214.868806][T11495] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  214.876045][T11495] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  214.882852][T11495] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  214.967251][T11495] 8021q: adding VLAN 0 to HW filter on device bond0
[  214.977041][T11495] 8021q: adding VLAN 0 to HW filter on device team0
[  214.982847][ T1010] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.985315][ T1010] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.995010][ T1010] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.997265][ T1010] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.117685][T11495] 8021q: adding VLAN 0 to HW filter on device batadv0
[  215.241763][T11495] veth0_vlan: entered promiscuous mode
[  215.246798][T11495] veth1_vlan: entered promiscuous mode
[  215.263052][T11495] veth0_macvtap: entered promiscuous mode
[  215.267723][T11495] veth1_macvtap: entered promiscuous mode
[  215.276628][T11495] batman_adv: batadv0: Interface activated: batadv_slave_0
[  215.282972][T11495] batman_adv: batadv0: Interface activated: batadv_slave_1
[  215.290413][ T5856] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  215.294996][ T5856] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.297872][ T5856] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.301290][ T5856] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.357989][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.361493][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.375447][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.378276][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.570346][T11570] loop8: detected capacity change from 0 to 256
[  215.572730][T11570] exfat: Deprecated parameter 'namecase'
[  215.574895][T11570] exfat: Deprecated parameter 'utf8'
[  215.580979][T11570] exFAT-fs (loop8): bogus fat length
[  215.582964][T11570] exFAT-fs (loop8): failed to read boot sector
[  215.586842][T11570] exFAT-fs (loop8): failed to recognize exfat type
[  215.613072][T11572] loop8: detected capacity change from 0 to 79
[  215.655981][T11572] loop8: detected capacity change from 79 to 78
[  215.838293][T11583] loop8: detected capacity change from 0 to 512
[  215.861911][T11583] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.867200][T11583] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.874853][T11583] EXT4-fs warning (device loop8): ext4_group_add:1716: Can't resize non-sparse filesystem further
[  215.890902][T11495] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.303870][ T5844] Bluetooth: hci0: command tx timeout
[  216.449315][T11608] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2164'.
[  216.452760][T11608] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2164'.
[  216.658897][T11623] loop5: detected capacity change from 0 to 512
[  216.668143][T11623] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  216.699723][T11623] EXT4-fs (loop5): 1 truncate cleaned up
[  216.705273][T11623] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.759620][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.864074][ T8114] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  217.020330][T11650] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2183'.
[  217.324711][ T7725] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  217.346345][T11682] loop5: detected capacity change from 0 to 32768
[  217.363806][T11682] ERROR: (device loop5): dbAlloc: the hint is outside the map
[  217.363806][T11682] 
[  217.367925][T11682] ialloc: diAlloc returned -5!
[  217.475338][ T7725] usb 9-1: Using ep0 maxpacket: 16
[  217.478775][ T7725] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.482470][ T7725] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  217.486667][ T7725] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.490584][ T7725] usb 9-1: config 0 descriptor??
[  217.571357][T11704] loop5: detected capacity change from 0 to 2048
[  217.575951][T11704] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  217.584570][T11706] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  217.588152][T11704] syz.5.2208: attempt to access beyond end of device
[  217.588152][T11704] loop5: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  217.613184][T11704] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  217.621685][T11704] Remounting filesystem read-only
[  217.625453][T11704] NILFS error (device loop5): nilfs_bmap_last_key: broken bmap (inode number=16)
[  217.629058][T11704] NILFS (loop5): error -5 truncating bmap (ino=16)
[  217.643474][ T8068] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer
[  217.701575][T11717] __nla_validate_parse: 1 callbacks suppressed
[  217.701586][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2214'.
[  217.707386][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2214'.
[  217.720063][T11719] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2215'.
[  217.906930][ T7725] mcp2221 0003:04D8:00DD.0016: item fetching failed at offset 2/5
[  217.909747][ T7725] mcp2221 0003:04D8:00DD.0016: can't parse reports
[  217.911918][ T7725] mcp2221 0003:04D8:00DD.0016: probe with driver mcp2221 failed with error -22
[  218.013820][ T5609] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  218.109381][ T7725] usb 9-1: USB disconnect, device number 2
[  218.163798][ T5609] usb 6-1: Using ep0 maxpacket: 8
[  218.167069][ T5609] usb 6-1: config index 0 descriptor too short (expected 30, got 18)
[  218.171787][ T5609] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  218.174694][ T5609] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.177202][ T5609] usb 6-1: Product: syz
[  218.178524][ T5609] usb 6-1: Manufacturer: syz
[  218.180029][ T5609] usb 6-1: SerialNumber: syz
[  218.182893][ T5609] usb 6-1: config 0 descriptor??
[  218.186331][ T5609] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  218.188956][ T5609] usb 6-1: setting power ON
[  218.190691][ T5609] dvb-usb: bulk message failed: -22 (2/0)
[  218.194191][ T5609] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  218.197658][ T5609] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  218.200294][ T5609] usb 6-1: media controller created
[  218.211640][ T5609] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  218.220513][ T5609] usb 6-1: selecting invalid altsetting 6
[  218.222612][ T5609] usb 6-1: digital interface selection failed (-22)
[  218.224778][ T5609] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  218.228294][ T5609] usb 6-1: setting power OFF
[  218.230012][ T5609] dvb-usb: bulk message failed: -22 (2/0)
[  218.231893][ T5609] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  218.234894][ T5609] (NULL device *): no alternate interface
[  218.247343][ T5609] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  218.293284][T11730] sctp: [Deprecated]: syz.7.2220 (pid 11730) Use of struct sctp_assoc_value in delayed_ack socket option.
[  218.293284][T11730] Use struct sctp_sack_info instead
[  218.341915][T11734] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2222'.
[  218.346058][T11734] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2222'.
[  218.348960][T11734] netlink: 'syz.7.2222': attribute type 6 has an invalid length.
[  218.384095][ T8114] Bluetooth: hci0: command tx timeout
[  218.389468][   T10] usb 6-1: USB disconnect, device number 22
[  218.656258][T11758] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2234'.
[  218.663883][T11758] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.741768][T11761] loop8: detected capacity change from 0 to 4096
[  218.750228][T11763] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  219.444347][ T5609] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  219.603944][ T5609] usb 6-1: Using ep0 maxpacket: 32
[  219.608722][T11824] netlink: 'syz.7.2258': attribute type 4 has an invalid length.
[  219.611040][ T5609] usb 6-1: config 2 has an invalid interface number: 1 but max is 0
[  219.619895][ T5609] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  219.621937][T11824] netlink: 'syz.7.2258': attribute type 4 has an invalid length.
[  219.626267][ T5609] usb 6-1: config 2 has 2 interfaces, different from the descriptor's value: 1
[  219.636888][ T5609] usb 6-1: New USB device found, idVendor=22b8, idProduct=2d97, bcdDevice=51.64
[  219.639780][ T5609] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.653771][ T5609] usb 6-1: Product: syz
[  219.655143][ T5609] usb 6-1: Manufacturer: syz
[  219.656661][ T5609] usb 6-1: SerialNumber: syz
[  219.672199][ T5609] cdc_acm 6-1:2.1: probe with driver cdc_acm failed with error -22
[  219.675980][ T5609] cdc_acm 6-1:2.0: probe with driver cdc_acm failed with error -22
[  219.719373][T11816] loop8: detected capacity change from 0 to 32768
[  219.722373][T11816] XFS (loop8): Invalid device [./file0], error=-16
[  219.743256][T11834] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2262'.
[  219.888676][ T5609] usb 6-1: USB disconnect, device number 23
[  219.995188][T11842] loop8: detected capacity change from 0 to 32768
[  220.003577][T11842] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[  220.017091][T11842] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  220.129543][T11495] ocfs2: Unmounting device (7,8) on (node local)
[  220.366550][T11879] loop8: detected capacity change from 0 to 4096
[  220.412251][T11879] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[  220.415084][T11879] ntfs3(loop8): Failed to load $Extend (-22).
[  220.417503][T11879] ntfs3(loop8): Failed to initialize $Extend.
[  220.464249][ T8114] Bluetooth: hci0: command tx timeout
[  220.467448][T11879] ntfs3(loop8): ino=1b, "file0" ntfs_readdir
[  220.558246][T11886] 9p: Unknown access argument 18446744073709551615: -34
[  221.115666][T11906] loop5: detected capacity change from 0 to 512
[  221.127817][T11906] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.131785][T11906] ext4 filesystem being mounted at /472/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  221.236289][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.468935][T11928] bridge1: entered promiscuous mode
[  221.537418][T11933] loop5: detected capacity change from 0 to 4096
[  221.578219][T11936] loop8: detected capacity change from 0 to 512
[  221.581043][T11936] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem
[  221.585970][T11936] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c11c, mo2=0102]
[  221.588807][T11936] EXT4-fs error (device loop8): ext4_iget_extra_inode:5104: inode #15: comm syz.8.2307: corrupted in-inode xattr: e_value size too large
[  221.597759][T11936] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.2307: couldn't read orphan inode 15 (err -117)
[  221.602388][T11936] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.059090][T11957] loop5: detected capacity change from 0 to 512
[  222.116289][T11961] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2318'.
[  222.119237][T11961] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2318'.
[  222.642560][ T8114] Bluetooth: hci0: command tx timeout
[  222.662113][T11495] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.715494][   T10] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  222.717774][T11977] netlink: 14 bytes leftover after parsing attributes in process `syz.8.2325'.
[  222.721194][T11977] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  222.723676][T11977] batman_adv: batadv0: Removing interface: batadv_slave_0
[  222.726765][T11977] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  222.729284][T11977] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.865837][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  222.869665][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  222.869794][T11981] netlink: 'syz.8.2327': attribute type 5 has an invalid length.
[  222.876869][   T10] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  222.882489][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  222.885618][   T10] usb 6-1: SerialNumber: syz
[  223.096115][   T10] usb 6-1: 0:2 : does not exist
[  223.097758][   T10] usb 6-1: unit 5: unexpected type 0x03
[  223.107090][   T10] usb 6-1: USB disconnect, device number 24
[  223.196717][T11995] netlink: 168 bytes leftover after parsing attributes in process `syz.7.2334'.
[  223.658919][T12001] loop5: detected capacity change from 0 to 2048
[  223.666970][T12001] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  223.670778][T12001] ext4 filesystem being mounted at /496/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.056165][   T33] audit: type=1800 audit(1754928116.739:70): pid=12011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2337" name="file0" dev="loop5" ino=13 res=0 errno=0
[  224.289182][T12020] loop8: detected capacity change from 0 to 32768
[  224.300347][T12020] ocfs2: Mounting device (7,8) on (node local, slot 0) with writeback data mode.
[  224.358405][T11495] ocfs2: Unmounting device (7,8) on (node local)
[  224.545694][ T8068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.579573][T12043] loop8: detected capacity change from 0 to 128
[  224.585791][T12043] vxfs: WRONG superblock magic 7b3185b5 at 1
[  224.588502][T12043] vxfs: unsupported VxFS version (-1232326277)
[  224.743373][   T33] audit: type=1326 audit(1754928117.579:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.8.2362" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6d2138ebe9 code=0x0
[  224.871506][   T33] audit: type=1326 audit(1754928117.709:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12061 comm="syz.7.2363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40bd8ebe9 code=0x7ffc0000
[  224.881916][   T33] audit: type=1326 audit(1754928117.709:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12061 comm="syz.7.2363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40bd8ebe9 code=0x7ffc0000
[  224.892232][   T33] audit: type=1326 audit(1754928117.719:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12061 comm="syz.7.2363" exe="/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7fa40bd8ebe9 code=0x7ffc0000
[  224.902628][   T33] audit: type=1326 audit(1754928117.719:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12061 comm="syz.7.2363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40bd8ebe9 code=0x7ffc0000
[  224.956770][T12068] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2366'.
[  225.201110][    C0] ==================================================================
[  225.203756][    C0] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0
[  225.206399][    C0] Write of size 8 at addr ffff888034154030 by task syz.7.2375/12085
[  225.209598][    C0] 
[  225.210369][    C0] CPU: 0 UID: 0 PID: 12085 Comm: syz.7.2375 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  225.210380][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  225.210385][    C0] Call Trace:
[  225.210389][    C0]  <IRQ>
[  225.210393][    C0]  dump_stack_lvl+0x189/0x250
[  225.210405][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  225.210415][    C0]  ? rcu_is_watching+0x15/0xb0
[  225.210423][    C0]  ? __kasan_check_byte+0x12/0x40
[  225.210433][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.210440][    C0]  ? rcu_is_watching+0x15/0xb0
[  225.210470][    C0]  ? lock_release+0x4b/0x3e0
[  225.210481][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  225.210489][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  225.210497][    C0]  print_report+0xca/0x240
[  225.210504][    C0]  ? __xfrm_state_delete+0x696/0xca0
[  225.210514][    C0]  kasan_report+0x118/0x150
[  225.210523][    C0]  ? __xfrm_state_delete+0x696/0xca0
[  225.210532][    C0]  __xfrm_state_delete+0x696/0xca0
[  225.210542][    C0]  xfrm_timer_handler+0x18f/0xa00
[  225.210552][    C0]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  225.210559][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  225.210568][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.210577][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  225.210584][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  225.210591][    C0]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  225.210599][    C0]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  225.210606][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  225.210616][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  225.210623][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  225.210631][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  225.210638][    C0]  handle_softirqs+0x286/0x870
[  225.210645][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  225.210652][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  225.210659][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  225.210668][    C0]  __irq_exit_rcu+0xca/0x1f0
[  225.210674][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  225.210681][    C0]  irq_exit_rcu+0x9/0x30
[  225.210687][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  225.210694][    C0]  </IRQ>
[  225.210697][    C0]  <TASK>
[  225.210699][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  225.210708][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  225.210718][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb 63 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  225.210724][    C0] RSP: 0018:ffffc900044af4b8 EFLAGS: 00000206
[  225.210732][    C0] RAX: 190150bac9477700 RBX: 0000000000000000 RCX: 190150bac9477700
[  225.210737][    C0] RDX: 0000000000000000 RSI: ffffffff8dba33cb RDI: ffffffff8be32600
[  225.210741][    C0] RBP: ffffffff822e5b0a R08: 0000000000000000 R09: ffffffff822e5b0a
[  225.210746][    C0] R10: dffffc0000000000 R11: fffff940001630b1 R12: 0000000000000002
[  225.210750][    C0] R13: ffffffff8e139fa0 R14: 0000000000000000 R15: 0000000000000246
[  225.210755][    C0]  ? pfn_valid+0xba/0x490
[  225.210765][    C0]  ? pfn_valid+0xba/0x490
[  225.210775][    C0]  ? __folio_rmap_sanity_checks+0x411/0x7d0
[  225.210784][    C0]  ? pfn_valid+0xba/0x490
[  225.210791][    C0]  pfn_valid+0xd6/0x490
[  225.210799][    C0]  ? pfn_valid+0xba/0x490
[  225.210807][    C0]  page_table_check_clear+0x21/0x700
[  225.210816][    C0]  ? vm_normal_page+0xb7/0x210
[  225.210824][    C0]  unmap_page_range+0x3445/0x4370
[  225.210830][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  225.210848][    C0]  ? __pfx_unmap_page_range+0x10/0x10
[  225.210855][    C0]  ? mas_find+0xb0e/0xd30
[  225.210862][    C0]  ? unmap_vmas+0x144/0x580
[  225.210869][    C0]  unmap_vmas+0x399/0x580
[  225.210876][    C0]  ? __pfx_unmap_vmas+0x10/0x10
[  225.210891][    C0]  exit_mmap+0x248/0xb50
[  225.210900][    C0]  ? uprobe_clear_state+0x20f/0x290
[  225.210909][    C0]  ? __pfx_exit_mmap+0x10/0x10
[  225.210917][    C0]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  225.210927][    C0]  ? __pfx_exit_aio+0x10/0x10
[  225.210938][    C0]  ? uprobe_clear_state+0x274/0x290
[  225.210946][    C0]  __mmput+0x118/0x430
[  225.210953][    C0]  exit_mm+0x1da/0x2c0
[  225.210963][    C0]  ? __pfx_exit_mm+0x10/0x10
[  225.210971][    C0]  ? rcu_is_watching+0x15/0xb0
[  225.210977][    C0]  do_exit+0x648/0x2300
[  225.210986][    C0]  ? preempt_schedule_common+0x83/0xd0
[  225.210993][    C0]  ? preempt_schedule+0xae/0xc0
[  225.210999][    C0]  ? __pfx_do_exit+0x10/0x10
[  225.211007][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  225.211019][    C0]  do_group_exit+0x21c/0x2d0
[  225.211028][    C0]  __x64_sys_exit_group+0x3f/0x40
[  225.211035][    C0]  x64_sys_call+0x21f7/0x2200
[  225.211044][    C0]  do_syscall_64+0xfa/0x3b0
[  225.211053][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.211060][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.211066][    C0]  ? exc_page_fault+0x9f/0xf0
[  225.211073][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.211079][    C0] RIP: 0033:0x7fa40bd8ebe9
[  225.211085][    C0] Code: Unable to access opcode bytes at 0x7fa40bd8ebbf.
[  225.211088][    C0] RSP: 002b:00007ffc4bac99f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  225.211095][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa40bd8ebe9
[  225.211099][    C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  225.211103][    C0] RBP: 00007ffc4bac9a5c R08: 000000054bac9aef R09: 00000000000927c0
[  225.211108][    C0] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000010b
[  225.211111][    C0] R13: 00000000000927c0 R14: 0000000000036f25 R15: 00007ffc4bac9ab0
[  225.211118][    C0]  </TASK>
[  225.211121][    C0] 
[  225.382139][    C0] Allocated by task 10673:
[  225.383614][    C0]  kasan_save_track+0x3e/0x80
[  225.385161][    C0]  __kasan_slab_alloc+0x6c/0x80
[  225.386744][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  225.388508][    C0]  xfrm_state_alloc+0x24/0x2f0
[  225.390130][    C0]  __find_acq_core+0x8a7/0x1c00
[  225.391673][    C0]  xfrm_find_acq+0x78/0xa0
[  225.393123][    C0]  xfrm_alloc_userspi+0x6b3/0xc90
[  225.394786][    C0]  xfrm_user_rcv_msg+0x7a3/0xab0
[  225.396410][    C0]  netlink_rcv_skb+0x208/0x470
[  225.398010][    C0]  xfrm_netlink_rcv+0x79/0x90
[  225.399549][    C0]  netlink_unicast+0x82f/0x9e0
[  225.401108][    C0]  netlink_sendmsg+0x805/0xb30
[  225.402686][    C0]  __sock_sendmsg+0x21c/0x270
[  225.404214][    C0]  ____sys_sendmsg+0x505/0x830
[  225.405777][    C0]  ___sys_sendmsg+0x21f/0x2a0
[  225.407269][    C0]  __x64_sys_sendmsg+0x19b/0x260
[  225.408832][    C0]  do_syscall_64+0xfa/0x3b0
[  225.410247][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.412113][    C0] 
[  225.412898][    C0] Freed by task 10:
[  225.414099][    C0]  kasan_save_track+0x3e/0x80
[  225.415575][    C0]  kasan_save_free_info+0x46/0x50
[  225.417168][    C0]  __kasan_slab_free+0x5b/0x80
[  225.418675][    C0]  kmem_cache_free+0x18f/0x400
[  225.420217][    C0]  xfrm_state_gc_task+0x52d/0x6b0
[  225.421853][    C0]  process_scheduled_works+0xae1/0x17b0
[  225.423657][    C0]  worker_thread+0x8a0/0xda0
[  225.425161][    C0]  kthread+0x711/0x8a0
[  225.426510][    C0]  ret_from_fork+0x3fc/0x770
[  225.428030][    C0]  ret_from_fork_asm+0x1a/0x30
[  225.429600][    C0] 
[  225.430389][    C0] The buggy address belongs to the object at ffff888034154000
[  225.430389][    C0]  which belongs to the cache xfrm_state of size 928
[  225.434829][    C0] The buggy address is located 48 bytes inside of
[  225.434829][    C0]  freed 928-byte region [ffff888034154000, ffff8880341543a0)
[  225.439046][    C0] 
[  225.439798][    C0] The buggy address belongs to the physical page:
[  225.441805][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034155200 pfn:0x34154
[  225.444889][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  225.447508][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  225.449946][    C0] page_type: f5(slab)
[  225.451199][    C0] raw: 00fff00000000040 ffff88801c752c80 dead000000000122 0000000000000000
[  225.453838][    C0] raw: ffff888034155200 00000000800e000d 00000000f5000000 0000000000000000
[  225.456576][    C0] head: 00fff00000000040 ffff88801c752c80 dead000000000122 0000000000000000
[  225.459321][    C0] head: ffff888034155200 00000000800e000d 00000000f5000000 0000000000000000
[  225.462066][    C0] head: 00fff00000000002 ffffea0000d05501 00000000ffffffff 00000000ffffffff
[  225.464782][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  225.467565][    C0] page dumped because: kasan: bad access detected
[  225.469583][    C0] page_owner tracks the page as allocated
[  225.471374][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6674, tgid 6673 (syz.1.318), ts 74306633183, free_ts 74176944590
[  225.477430][    C0]  post_alloc_hook+0x240/0x2a0
[  225.479018][    C0]  get_page_from_freelist+0x21e4/0x22c0
[  225.480827][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  225.482652][    C0]  alloc_pages_mpol+0x232/0x4a0
[  225.484244][    C0]  allocate_slab+0x8a/0x370
[  225.485710][    C0]  ___slab_alloc+0xbeb/0x1410
[  225.487235][    C0]  kmem_cache_alloc_noprof+0x283/0x3c0
[  225.489032][    C0]  xfrm_state_alloc+0x24/0x2f0
[  225.490599][    C0]  xfrm_add_acquire+0xf7/0xb20
[  225.492177][    C0]  xfrm_user_rcv_msg+0x7a3/0xab0
[  225.493822][    C0]  netlink_rcv_skb+0x208/0x470
[  225.495432][    C0]  xfrm_netlink_rcv+0x79/0x90
[  225.497008][    C0]  netlink_unicast+0x82f/0x9e0
[  225.498585][    C0]  netlink_sendmsg+0x805/0xb30
[  225.500158][    C0]  __sock_sendmsg+0x21c/0x270
[  225.501710][    C0]  ____sys_sendmsg+0x505/0x830
[  225.503280][    C0] page last free pid 6635 tgid 6634 stack trace:
[  225.505341][    C0]  __free_frozen_pages+0xbc4/0xd30
[  225.507039][    C0]  stack_depot_save_flags+0x436/0x860
[  225.508814][    C0]  ref_tracker_free+0xfe/0x7d0
[  225.510381][    C0]  __sk_destruct+0x3c3/0x660
[  225.511871][    C0]  __mptcp_close_ssk+0x768/0xfd0
[  225.513498][    C0]  mptcp_destroy_common+0x152/0x320
[  225.515196][    C0]  mptcp_destroy+0x84/0x120
[  225.516670][    C0]  __mptcp_destroy_sock+0x156/0x350
[  225.518342][    C0]  __mptcp_close+0x76a/0xb00
[  225.519816][    C0]  mptcp_close+0x28/0x1a0
[  225.521184][    C0]  inet_release+0x144/0x190
[  225.522679][    C0]  sock_close+0xc3/0x240
[  225.524069][    C0]  __fput+0x44c/0xa70
[  225.525392][    C0]  task_work_run+0x1d4/0x260
[  225.526938][    C0]  get_signal+0x11ed/0x1340
[  225.528427][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  225.530198][    C0] 
[  225.530968][    C0] Memory state around the buggy address:
[  225.532764][    C0]  ffff888034153f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  225.535236][    C0]  ffff888034153f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  225.537704][    C0] >ffff888034154000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  225.540189][    C0]                                      ^
[  225.541937][    C0]  ffff888034154080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  225.544413][    C0]  ffff888034154100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  225.546934][    C0] ==================================================================
[  225.549568][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  225.551829][    C0] CPU: 0 UID: 0 PID: 12085 Comm: syz.7.2375 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  225.555696][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  225.558911][    C0] Call Trace:
[  225.560021][    C0]  <IRQ>
[  225.560972][    C0]  dump_stack_lvl+0x99/0x250
[  225.562471][    C0]  ? __asan_memcpy+0x40/0x70
[  225.563934][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.565557][    C0]  ? __pfx__printk+0x10/0x10
[  225.567018][    C0]  vpanic+0x281/0x750
[  225.568293][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  225.569989][    C0]  ? __pfx_vpanic+0x10/0x10
[  225.571468][    C0]  ? irqentry_exit+0x74/0x90
[  225.572917][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.574554][    C0]  panic+0xb9/0xc0
[  225.575749][    C0]  ? __pfx_panic+0x10/0x10
[  225.577150][    C0]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  225.579003][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  225.580982][    C0]  ? __xfrm_state_delete+0x696/0xca0
[  225.582625][    C0]  check_panic_on_warn+0x89/0xb0
[  225.584178][    C0]  ? __xfrm_state_delete+0x696/0xca0
[  225.585893][    C0]  end_report+0x78/0x160
[  225.587259][    C0]  kasan_report+0x129/0x150
[  225.588711][    C0]  ? __xfrm_state_delete+0x696/0xca0
[  225.590417][    C0]  __xfrm_state_delete+0x696/0xca0
[  225.591996][    C0]  xfrm_timer_handler+0x18f/0xa00
[  225.593596][    C0]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  225.595323][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  225.597165][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.598785][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  225.600603][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  225.602562][    C0]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  225.604368][    C0]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  225.606130][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  225.607751][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  225.609533][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  225.611350][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  225.612956][    C0]  handle_softirqs+0x286/0x870
[  225.614474][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  225.615959][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  225.617610][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  225.619228][    C0]  __irq_exit_rcu+0xca/0x1f0
[  225.620762][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  225.622491][    C0]  irq_exit_rcu+0x9/0x30
[  225.623886][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  225.625714][    C0]  </IRQ>
[  225.626706][    C0]  <TASK>
[  225.627688][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  225.629657][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  225.631370][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb 63 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  225.637570][    C0] RSP: 0018:ffffc900044af4b8 EFLAGS: 00000206
[  225.639547][    C0] RAX: 190150bac9477700 RBX: 0000000000000000 RCX: 190150bac9477700
[  225.642114][    C0] RDX: 0000000000000000 RSI: ffffffff8dba33cb RDI: ffffffff8be32600
[  225.644697][    C0] RBP: ffffffff822e5b0a R08: 0000000000000000 R09: ffffffff822e5b0a
[  225.647258][    C0] R10: dffffc0000000000 R11: fffff940001630b1 R12: 0000000000000002
[  225.649835][    C0] R13: ffffffff8e139fa0 R14: 0000000000000000 R15: 0000000000000246
[  225.652394][    C0]  ? pfn_valid+0xba/0x490
[  225.653829][    C0]  ? pfn_valid+0xba/0x490
[  225.655250][    C0]  ? __folio_rmap_sanity_checks+0x411/0x7d0
[  225.657165][    C0]  ? pfn_valid+0xba/0x490
[  225.658601][    C0]  pfn_valid+0xd6/0x490
[  225.659970][    C0]  ? pfn_valid+0xba/0x490
[  225.661391][    C0]  page_table_check_clear+0x21/0x700
[  225.663141][    C0]  ? vm_normal_page+0xb7/0x210
[  225.664731][    C0]  unmap_page_range+0x3445/0x4370
[  225.666375][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  225.668129][    C0]  ? __pfx_unmap_page_range+0x10/0x10
[  225.669884][    C0]  ? mas_find+0xb0e/0xd30
[  225.671295][    C0]  ? unmap_vmas+0x144/0x580
[  225.672749][    C0]  unmap_vmas+0x399/0x580
[  225.674173][    C0]  ? __pfx_unmap_vmas+0x10/0x10
[  225.675770][    C0]  exit_mmap+0x248/0xb50
[  225.677132][    C0]  ? uprobe_clear_state+0x20f/0x290
[  225.678746][    C0]  ? __pfx_exit_mmap+0x10/0x10
[  225.680294][    C0]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  225.682125][    C0]  ? __pfx_exit_aio+0x10/0x10
[  225.683682][    C0]  ? uprobe_clear_state+0x274/0x290
[  225.685362][    C0]  __mmput+0x118/0x430
[  225.686649][    C0]  exit_mm+0x1da/0x2c0
[  225.687916][    C0]  ? __pfx_exit_mm+0x10/0x10
[  225.689346][    C0]  ? rcu_is_watching+0x15/0xb0
[  225.690910][    C0]  do_exit+0x648/0x2300
[  225.692242][    C0]  ? preempt_schedule_common+0x83/0xd0
[  225.693963][    C0]  ? preempt_schedule+0xae/0xc0
[  225.695535][    C0]  ? __pfx_do_exit+0x10/0x10
[  225.696994][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  225.698699][    C0]  do_group_exit+0x21c/0x2d0
[  225.700172][    C0]  __x64_sys_exit_group+0x3f/0x40
[  225.701797][    C0]  x64_sys_call+0x21f7/0x2200
[  225.703260][    C0]  do_syscall_64+0xfa/0x3b0
[  225.704694][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.706314][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.708233][    C0]  ? exc_page_fault+0x9f/0xf0
[  225.709756][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.711674][    C0] RIP: 0033:0x7fa40bd8ebe9
[  225.713086][    C0] Code: Unable to access opcode bytes at 0x7fa40bd8ebbf.
[  225.715324][    C0] RSP: 002b:00007ffc4bac99f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  225.718032][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa40bd8ebe9
[  225.720602][    C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  225.723163][    C0] RBP: 00007ffc4bac9a5c R08: 000000054bac9aef R09: 00000000000927c0
[  225.725643][    C0] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000010b
[  225.728106][    C0] R13: 00000000000927c0 R14: 0000000000036f25 R15: 00007ffc4bac9ab0
[  225.730553][    C0]  </TASK>
[  225.732194][    C0] Kernel Offset: disabled
[  225.733555][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:01:58  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000007a RBX=000000000000007a RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900000073b0
R8 =ffff888106ea8237 R9 =1ffff11020dd5046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af190b R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555557081500 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3179f3 CR3=00000001246e2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f6d21587498 00007f6d21587470 XMM03=00007f6d215874a8 00007f6d215874a0
XMM04=00007f6d220ed100 00007f6d21587460 XMM05=00007f6d21587478 00007f6d215874c0
XMM06=00007f6d215874b8 00007f6d215874b0 XMM07=00007f6d215874a8 00007f6d215874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f6d21412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff8b766b2f RBX=dffffc0000000000 RCX=0000000000000002 RDX=ffff888106578000
RSI=00000000ffffffff RDI=ffff8881223d65b8 RBP=ffffc90003ddf638 RSP=ffffc90003ddf528
R8 =0000000000000000 R9 =ffffffff81f69bdd R10=ffffc90003ddf640 R11=fffff520007bbecb
R12=ffff8881223d65b8 R13=0000000000000001 R14=ffff888123217c82 R15=0000000000000028
RIP=ffffffff8b789b02 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa472b6c6c0 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa471fa4b00 CR3=00000001201da000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fa471f87498 00007fa471f87470 XMM03=00007fa471f874a8 00007fa471f874a0
XMM04=00007fa472aed100 00007fa471f87460 XMM05=00007fa471f87478 00007fa471f874c0
XMM06=00007fa471f874b8 00007fa471f874b0 XMM07=00007fa471f874a8 00007fa471f874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fa471e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
