last executing test programs:

1.300747024s ago: executing program 2 (id=600):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.300448337s ago: executing program 1 (id=601):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r2, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20)
recvmmsg(r0, &(0x7f0000000980)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000840)=""/232, 0xe8}], 0x1}, 0x7}], 0x2, 0x40011102, 0x0)

1.228353209s ago: executing program 2 (id=602):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000008c00000095"], &(0x7f0000000080)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.228027913s ago: executing program 1 (id=603):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01000000000000000000010000000900010073797a3000000000a40000001f0a01000000000000000000010000000900010073797a3000030000090002003f20000000000000780003"], 0x11c}}, 0x0)

1.149021548s ago: executing program 2 (id=604):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc)

1.148726379s ago: executing program 1 (id=605):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x1, 0x3})

1.10044132s ago: executing program 2 (id=606):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0x3}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, &(0x7f0000000280)="1e0eeb1c", 0x0}, 0x20)

1.100330002s ago: executing program 1 (id=607):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000040)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r1, 0x786b6295d7f1977, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x18001}, 0x40040)

1.018953367s ago: executing program 2 (id=608):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x128, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @lifetime_val={0x24, 0x9, {0xb4, 0x8000000000000001, 0xb4, 0x5}}]}, 0x128}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0xb400, 0x2, 0x0, 0x0, 0x0, 0xffffffffffffd9e5}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

1.018752506s ago: executing program 1 (id=609):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040001}, 0x0)
recvmsg$unix(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)

947.295923ms ago: executing program 1 (id=611):
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xb, 0x37, 0x4, 0x10, 0x1bcf, 0xb40, 0xa0f1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xfc, 0x10, 0x0, [{{0x9, 0x4, 0x8e, 0x0, 0x0, 0xe, 0x1}}]}}]}}, 0x0)

945.779133ms ago: executing program 0 (id=612):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d380987f70e06d038e7ff7fc6e5539b0d650e8b089b3f363b6e090890e0878f0e1ac6e7049b3b45959b609a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07470936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

894.879559ms ago: executing program 2 (id=613):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
pwrite64(r1, &(0x7f0000000680)='b', 0x1, 0x9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8090}, 0x4)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa0000000000000000000000000000000004"], 0xa8}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x82c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r7, 0x4148, 0x0)
lsetxattr$security_capability(0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000040)={0xa, 0x1, 0x1, 0x0, 0x1})
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405668, &(0x7f00000000c0)={0x1bdc, 0x3, 0x1, "0000087aba10fdfffffb05001400", 0x59565955})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)

690.934594ms ago: executing program 0 (id=614):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x101042, 0x100)

366.101876ms ago: executing program 0 (id=615):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r1 = syz_io_uring_setup(0x4ba5, &(0x7f0000000080)={0x0, 0x0, 0x13100, 0x0, 0xfffffffc}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
write$P9_RSTATu(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f0000000000000000000000000000000000000000000000000000000000000000000000000000000001f00206e6f6465767b6376666f7892ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f7"], 0x232)

220.642806ms ago: executing program 0 (id=616):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700260a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

133.160634ms ago: executing program 0 (id=617):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000003e000701feffffff00000000017c0000040042800c00018006000600800a000008000280040012"], 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

0s ago: executing program 0 (id=618):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="80020000160001000000001000000000fe8000000000000000000000000000aaff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8800000000000000000000000000010000000033000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000a0000000000000000000000000000000000000008001f00010000000c0015005c0735"], 0x280}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff010000000000000000000000000001ff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000100000000000000003300000000000000000000000000ffffac14142900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000820000000000000000000000000000000000000000000000000000000000000000000000000a"], 0xf8}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:61818' (ED25519) to the list of known hosts.
syzkaller login: [   56.368992][ T5831] cgroup: Unknown subsys name 'net'
[   56.462060][ T5831] cgroup: Unknown subsys name 'cpuset'
[   56.468951][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.436804][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.233092][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.237950][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.240713][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.243638][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.247069][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.250726][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.257393][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.266971][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.270301][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.273569][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.334255][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.338171][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.341518][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.346416][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.349970][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.561372][ T5847] chnl_net:caif_netlink_parms(): no params data found
[   63.597156][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   63.744621][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.748916][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.752054][ T5847] bridge_slave_0: entered allmulticast mode
[   63.756630][ T5847] bridge_slave_0: entered promiscuous mode
[   63.764207][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.767558][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.770427][ T5847] bridge_slave_1: entered allmulticast mode
[   63.774226][ T5847] bridge_slave_1: entered promiscuous mode
[   63.789556][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   63.826046][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.829154][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.832140][ T5851] bridge_slave_0: entered allmulticast mode
[   63.837171][ T5851] bridge_slave_0: entered promiscuous mode
[   63.849928][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.863217][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.866815][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.869153][ T5851] bridge_slave_1: entered allmulticast mode
[   63.871897][ T5851] bridge_slave_1: entered promiscuous mode
[   63.886393][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.924867][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.943766][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.949574][ T5847] team0: Port device team_slave_0 added
[   63.968313][ T5847] team0: Port device team_slave_1 added
[   64.010378][ T5851] team0: Port device team_slave_0 added
[   64.012486][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.015572][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.017849][ T5854] bridge_slave_0: entered allmulticast mode
[   64.020499][ T5854] bridge_slave_0: entered promiscuous mode
[   64.023717][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.026783][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.029306][ T5854] bridge_slave_1: entered allmulticast mode
[   64.032027][ T5854] bridge_slave_1: entered promiscuous mode
[   64.045563][ T5851] team0: Port device team_slave_1 added
[   64.063810][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.067132][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.076857][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.097294][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.099827][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.110110][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.122872][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.125226][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.133160][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.140726][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.144464][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.147226][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.158166][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.170073][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.231507][ T5851] hsr_slave_0: entered promiscuous mode
[   64.234010][ T5851] hsr_slave_1: entered promiscuous mode
[   64.247678][ T5854] team0: Port device team_slave_0 added
[   64.264143][ T5854] team0: Port device team_slave_1 added
[   64.284307][ T5847] hsr_slave_0: entered promiscuous mode
[   64.287553][ T5847] hsr_slave_1: entered promiscuous mode
[   64.290405][ T5847] debugfs: 'hsr0' already exists in 'hsr'
[   64.292771][ T5847] Cannot create hsr debugfs directory
[   64.319780][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.322006][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.331325][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.367971][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.370114][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.378072][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.462659][ T5854] hsr_slave_0: entered promiscuous mode
[   64.465095][ T5854] hsr_slave_1: entered promiscuous mode
[   64.467308][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   64.469140][ T5854] Cannot create hsr debugfs directory
[   64.598694][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.624092][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.656068][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.679713][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.703127][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.715424][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.732554][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.742367][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.776117][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.787330][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   64.794254][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   64.800094][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.908442][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.930778][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.934723][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.942435][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   64.955161][ T3901] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.957511][ T3901] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.970945][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   64.974164][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   64.986315][ T3901] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.988558][ T3901] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.992456][ T3901] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.994714][ T3901] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.999180][ T3901] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.001483][ T3901] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.008576][ T3901] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.010844][ T3901] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.023711][ T3901] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.026066][ T3901] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.094648][ T5847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.253721][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.265664][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.271967][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.276551][   T54] Bluetooth: hci0: command tx timeout
[   65.314559][ T5854] veth0_vlan: entered promiscuous mode
[   65.339011][ T5847] veth0_vlan: entered promiscuous mode
[   65.342789][ T5854] veth1_vlan: entered promiscuous mode
[   65.354266][ T5851] veth0_vlan: entered promiscuous mode
[   65.357274][   T54] Bluetooth: hci1: command tx timeout
[   65.363352][ T5847] veth1_vlan: entered promiscuous mode
[   65.371427][ T5851] veth1_vlan: entered promiscuous mode
[   65.400072][ T5854] veth0_macvtap: entered promiscuous mode
[   65.411246][ T5854] veth1_macvtap: entered promiscuous mode
[   65.418619][ T5847] veth0_macvtap: entered promiscuous mode
[   65.423020][ T5851] veth0_macvtap: entered promiscuous mode
[   65.430900][ T5851] veth1_macvtap: entered promiscuous mode
[   65.433665][ T5847] veth1_macvtap: entered promiscuous mode
[   65.435953][   T54] Bluetooth: hci2: command tx timeout
[   65.444545][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.463932][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.492369][ T5873] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.503054][ T5873] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.509323][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.515653][ T5873] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.522027][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.526944][ T5873] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.534810][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.550415][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.585071][ T5873] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.591190][ T5873] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.607470][ T5873] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.610327][ T5873] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.613149][ T5873] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.627588][ T5873] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.640770][ T5873] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.653303][ T5873] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.687217][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.691995][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.719675][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.722084][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.743312][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.750925][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.756771][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.759151][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.790393][ T3901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.792749][ T3901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.818063][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.821709][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.853200][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.041400][ T5928] netlink: 830 bytes leftover after parsing attributes in process `syz.0.7'.
[   66.273613][ T5922] loop1: detected capacity change from 0 to 40427
[   66.289073][ T5922] F2FS-fs (loop1): build fault injection rate: 690
[   66.296629][ T5922] F2FS-fs (loop1): invalid crc value
[   66.342006][ T5922] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   66.350238][ T5922] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   66.483552][ T5921] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   66.895897][ T5884] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   67.047698][ T5884] usb 3-1: Using ep0 maxpacket: 8
[   67.055510][ T5884] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[   67.058942][ T5884] usb 3-1: config 179 has no interface number 0
[   67.061497][ T5884] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[   67.066626][ T5884] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[   67.071080][ T5884] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[   67.076486][ T5884] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   67.081923][ T5884] usb 3-1: config 179 interface 65 has no altsetting 0
[   67.084778][ T5884] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[   67.089186][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.314550][ T5884] usb 3-1: USB disconnect, device number 2
[   67.355314][   T54] Bluetooth: hci0: command tx timeout
[   67.445325][   T54] Bluetooth: hci1: command tx timeout
[   67.515405][   T54] Bluetooth: hci2: command tx timeout
[   67.629563][ T5964] loop0: detected capacity change from 0 to 4096
[   67.663615][ T5964] ntfs3(loop0): Failed to load $MFT (-22).
[   67.881585][ T5973] loop1: detected capacity change from 0 to 4096
[   67.884769][ T5973] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[   67.890173][ T5973] ntfs3(loop1): Failed to load $MFT.
[   68.073842][ T5981] loop0: detected capacity change from 0 to 32768
[   68.136244][ T5981] XFS (loop0): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[   68.179919][ T5981] XFS (loop0): Starting recovery (logdev: internal)
[   68.200477][ T5981] XFS (loop0): Ending recovery (logdev: internal)
[   68.205046][ T5884] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   68.234328][ T5981] XFS (loop0): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[   68.240465][ T5997] loop1: detected capacity change from 0 to 512
[   68.243355][ T5981] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 
[   68.248112][ T5981] XFS (loop0): Unmount and run xfs_repair
[   68.250404][ T5981] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[   68.253172][ T5981] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[   68.256913][ T5981] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[   68.257498][ T5997] EXT4-fs (loop1): can't read group descriptor 0
[   68.260091][ T5981] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[   68.260115][ T5981] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[   68.260127][ T5981] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[   68.260138][ T5981] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   68.260149][ T5981] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   68.279287][ T5981] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   68.282929][ T5981] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x4 len 4 error 74
[   68.294415][ T5981] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[   68.300119][ T5981] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[   68.337701][ T5847] XFS (loop0): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[   68.378136][ T5884] usb 3-1: unable to get BOS descriptor or descriptor too short
[   68.395048][ T5884] usb 3-1: not running at top speed; connect to a high speed hub
[   68.405694][ T5884] usb 3-1: config 2 has an invalid interface number: 226 but max is 1
[   68.408869][ T5884] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[   68.412661][ T5884] usb 3-1: config 2 has 1 interface, different from the descriptor's value: 2
[   68.422256][ T5884] usb 3-1: config 2 has no interface number 0
[   68.439227][ T5884] usb 3-1: config 2 interface 226 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64
[   68.443569][ T5884] usb 3-1: config 2 interface 226 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[   68.448724][ T5884] usb 3-1: config 2 interface 226 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[   68.457063][ T5884] usb 3-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce
[   68.460606][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.463727][ T5884] usb 3-1: Product: syz
[   68.467782][ T5884] usb 3-1: Manufacturer: syz
[   68.469692][ T5884] usb 3-1: SerialNumber: syz
[   68.641117][   T33] audit: type=1400 audit(1755568108.155:2): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=6004 comm="syz.1.34"
[   68.700033][ T6007] ip6gre1: entered promiscuous mode
[   68.704041][ T5884] usb 3-1: USB disconnect, device number 3
[   69.324532][ T6025] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   69.436270][   T54] Bluetooth: hci0: command tx timeout
[   69.615022][   T54] Bluetooth: hci2: command tx timeout
[   69.782078][ T6029] netlink: 192 bytes leftover after parsing attributes in process `syz.1.43'.
[   70.672745][   T54] Bluetooth: hci1: command tx timeout
[   70.755951][ T6060] fuse: Unknown parameter '0x0000000000000006'
[   71.100350][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.107912][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.526425][   T54] Bluetooth: hci0: command tx timeout
[   71.763031][   T54] Bluetooth: hci2: command tx timeout
[   71.958924][ T6070] ieee802154 phy0 wpan0: encryption failed: -22
[   72.751190][ T6087] loop2: detected capacity change from 0 to 32768
[   72.762372][ T6093] loop0: detected capacity change from 0 to 128
[   73.746073][ T6104] loop0: detected capacity change from 0 to 2048
[   73.780594][ T6108] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   74.212693][ T6117] loop0: detected capacity change from 0 to 32768
[   74.216307][ T6117] =======================================================
[   74.216307][ T6117] WARNING: The mand mount option has been deprecated and
[   74.216307][ T6117]          and is ignored by this kernel. Remove the mand
[   74.216307][ T6117]          option from the mount to silence this warning.
[   74.216307][ T6117] =======================================================
[   74.249734][ T6117] JBD2: Ignoring recovery information on journal
[   74.275822][ T6117] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   74.325219][  T123] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   74.340327][ T5847] ocfs2: Unmounting device (7,0) on (node local)
[   74.486149][  T123] usb 2-1: Using ep0 maxpacket: 16
[   74.491975][  T123] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.504952][  T123] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.510265][  T123] usb 2-1: config 0 interface 0 has no altsetting 0
[   74.512779][  T123] usb 2-1: New USB device found, idVendor=046d, idProduct=c117, bcdDevice= 0.00
[   74.524837][  T123] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.531110][  T123] usb 2-1: config 0 descriptor??
[   74.672429][ T6133] loop0: detected capacity change from 0 to 4096
[   74.678306][ T6133] ntfs3(loop0): ino=3, Correct links count -> 2.
[   74.696846][ T6133] ntfs3(loop0): ino=1a, mi_enum_attr
[   74.699100][ T6133] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   74.713382][ T6133] ntfs3(loop0): failed to convert "0080" to cp864
[   74.717588][ T6133] ntfs3(loop0): failed to convert name for inode 1e.
[   74.720381][ T6133] ntfs3(loop0): ino=1f, mi_enum_attr
[   74.744273][  T123] usb 2-1: USB disconnect, device number 2
[   75.000041][ T6148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.87'.
[   75.023612][ T6148] team1: entered promiscuous mode
[   75.025624][ T6148] team1: entered allmulticast mode
[   75.027825][ T6148] Zero length message leads to an empty skb
[   75.495269][ T5315] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   75.929325][ T5315] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   75.934698][ T5315] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.966004][ T5315] usb 1-1: Product: syz
[   75.967726][ T5315] usb 1-1: Manufacturer: syz
[   75.969552][ T5315] usb 1-1: SerialNumber: syz
[   75.984685][ T5315] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   76.047417][ T5315] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   76.550625][   T10] usb 1-1: USB disconnect, device number 2
[   76.998189][ T6183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.98'.
[   77.001950][ T6183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.98'.
[   77.010701][ T6183] netlink: 5 bytes leftover after parsing attributes in process `syz.2.98'.
[   77.119494][ T5315] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   77.122775][ T5315] ath9k_htc: Failed to initialize the device
[   77.132222][   T10] usb 1-1: ath9k_htc: USB layer deinitialized
[   77.164356][ T6189] process 'syz.2.101' launched './file0' with NULL argv: empty string added
[   77.529491][ T6205] syz.1.108 uses obsolete (PF_INET,SOCK_PACKET)
[   77.996028][ T6214] loop1: detected capacity change from 0 to 8
[   78.037168][ T6214] SQUASHFS error: Unable to read inode 0x11f
[   78.302005][ T6224] loop0: detected capacity change from 0 to 1024
[   78.316045][ T5884] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   78.328013][ T6226] sock: sock_set_timeout: `syz.1.112' (pid 6226) tries to set negative timeout
[   78.362158][ T6224] hfsplus: request for non-existent node 62977 in B*Tree
[   78.364467][ T6224] hfsplus: request for non-existent node 62977 in B*Tree
[   78.402992][   T32] hfsplus: b-tree write err: -5, ino 3
[   78.471506][ T5884] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   78.478856][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[   78.496936][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[   78.503290][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   78.519828][ T5884] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[   78.525271][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.542084][ T5884] usb 3-1: Product: syz
[   78.543761][ T5884] usb 3-1: Manufacturer: syz
[   78.546843][ T5884] usb 3-1: SerialNumber: syz
[   78.562160][ T5884] usb 3-1: config 0 descriptor??
[   78.570761][ T6234] loop0: detected capacity change from 0 to 2048
[   78.576269][ T5884] port100 3-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[   78.606315][ T6237] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   78.648759][ T6237] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[   78.652920][ T6237] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4)
[   78.664488][ T6237] Remounting filesystem read-only
[   78.690555][ T5847] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[   78.795644][ T5884] usb 3-1: USB disconnect, device number 4
[   79.727451][ T6258] netlink: 'syz.2.126': attribute type 3 has an invalid length.
[   79.868830][ T6263] loop0: detected capacity change from 0 to 256
[   79.892370][ T6263] exfat: Deprecated parameter 'namecase'
[   79.924164][ T6263] exfat: Deprecated parameter 'utf8'
[   79.944416][ T6263] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[   80.127285][ T6271] binder: BINDER_SET_CONTEXT_MGR already set
[   80.130555][ T6271] binder: 6270:6271 ioctl 4018620d 2000000002c0 returned -16
[   80.222319][ T6262] loop2: detected capacity change from 0 to 32768
[   80.227265][ T6262] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.128 (6262)
[   80.260926][ T6262] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.265017][ T6262] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   80.268864][ T6262] BTRFS info (device loop2): using free-space-tree
[   80.275399][   T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   80.381283][ T6262] BTRFS info (device loop2): rebuilding free space tree
[   80.425996][   T10] usb 2-1: Using ep0 maxpacket: 32
[   80.438957][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[   80.443014][   T10] usb 2-1: config 7 has an invalid interface number: 187 but max is 0
[   80.446914][   T10] usb 2-1: config 7 has no interface number 0
[   80.450020][   T10] usb 2-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0
[   80.453852][   T10] usb 2-1: config 7 interface 187 has no altsetting 0
[   80.468712][   T10] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[   80.472176][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.485081][   T10] usb 2-1: Product: syz
[   80.486802][   T10] usb 2-1: Manufacturer: syz
[   80.490237][   T10] usb 2-1: SerialNumber: syz
[   80.540872][ T5854] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.723429][   T10] usb 2-1: Unknown endpoint type found, address 0x07
[   80.730652][   T10] usb 2-1: Unknown endpoint type found, address 0x03
[   80.733325][   T10] usb 2-1: Not enough endpoints found in device, aborting!
[   80.931201][   T10] usb 2-1: USB disconnect, device number 3
[   81.114319][ T6299] loop2: detected capacity change from 0 to 32768
[   81.126601][ T6299] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[   81.159811][ T6299] XFS (loop2): Ending clean mount
[   81.217914][ T5854] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[   81.286226][   T51] cfg80211: failed to load regulatory.db
[   81.286391][   T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   81.344773][ T6315] sock: sock_set_timeout: `syz.2.141' (pid 6315) tries to set negative timeout
[   81.386534][ T6317] loop2: detected capacity change from 0 to 64
[   81.447521][   T10] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[   81.450759][   T10] usb 1-1: config 0 has no interface number 0
[   81.478473][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[   81.484031][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.493285][   T10] usb 1-1: Product: syz
[   81.505239][   T10] usb 1-1: Manufacturer: syz
[   81.507117][   T10] usb 1-1: SerialNumber: syz
[   81.517346][   T10] usb 1-1: config 0 descriptor??
[   81.732230][   T10] usb 1-1: Found UVC 0.08 device syz (046d:0823)
[   81.736081][   T10] usb 1-1: No valid video chain found.
[   81.749722][   T10] usb 1-1: USB disconnect, device number 3
[   81.764213][ T6322] loop1: detected capacity change from 0 to 40427
[   81.766926][ T6322] F2FS-fs: heap/no_heap options were deprecated
[   81.774358][ T6322] F2FS-fs (loop1): invalid crc value
[   81.830303][ T6322] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   81.836887][ T6322] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   81.876934][ T5851] syz-executor: attempt to access beyond end of device
[   81.876934][ T5851] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.882336][ T5851] CPU: 1 UID: 0 PID: 5851 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   81.882351][ T5851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   81.882357][ T5851] Call Trace:
[   81.882361][ T5851]  <TASK>
[   81.882376][ T5851]  dump_stack_lvl+0x189/0x250
[   81.882390][ T5851]  ? preempt_schedule_thunk+0x16/0x30
[   81.882404][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.882414][ T5851]  ? __pfx_queue_work_on+0x10/0x10
[   81.882423][ T5851]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   81.882434][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.882450][ T5851]  f2fs_handle_critical_error+0x37c/0x540
[   81.882466][ T5851]  f2fs_write_end_io+0x886/0xb60
[   81.882484][ T5851]  __submit_merged_bio+0x27a/0x6a0
[   81.882499][ T5851]  __submit_merged_write_cond+0x255/0x530
[   81.882513][ T5851]  f2fs_write_data_pages+0x261d/0x3000
[   81.882543][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.882591][ T5851]  ? __lock_acquire+0xab9/0xd20
[   81.882608][ T5851]  ? do_raw_spin_lock+0x121/0x290
[   81.882623][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   81.882658][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.882672][ T5851]  do_writepages+0x32e/0x550
[   81.882690][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   81.882702][ T5851]  filemap_fdatawrite+0x199/0x240
[   81.882713][ T5851]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   81.882749][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   81.882761][ T5851]  f2fs_sync_dirty_inodes+0x31f/0x830
[   81.882777][ T5851]  f2fs_write_checkpoint+0x95a/0x1df0
[   81.882798][ T5851]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   81.882827][ T5851]  ? f2fs_stop_gc_thread+0x7f/0xb0
[   81.882835][ T5851]  ? kfree+0x18e/0x440
[   81.882846][ T5851]  ? kill_f2fs_super+0x298/0x6c0
[   81.882857][ T5851]  kill_f2fs_super+0x2c3/0x6c0
[   81.882869][ T5851]  ? __pfx_kill_f2fs_super+0x10/0x10
[   81.882876][ T5851]  ? radix_tree_delete_item+0x2b6/0x400
[   81.882890][ T5851]  ? shrinker_free+0x2ce/0x3e0
[   81.882901][ T5851]  deactivate_locked_super+0xbc/0x130
[   81.882913][ T5851]  cleanup_mnt+0x425/0x4c0
[   81.882922][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.882934][ T5851]  task_work_run+0x1d4/0x260
[   81.882947][ T5851]  ? __pfx_task_work_run+0x10/0x10
[   81.882956][ T5851]  ? __x64_sys_umount+0x122/0x160
[   81.882970][ T5851]  ? exit_to_user_mode_loop+0x40/0x110
[   81.882983][ T5851]  exit_to_user_mode_loop+0xec/0x110
[   81.882995][ T5851]  do_syscall_64+0x2bd/0x3b0
[   81.883005][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.883015][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.883024][ T5851]  ? exc_page_fault+0x9f/0xf0
[   81.883041][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.883052][ T5851] RIP: 0033:0x7f492178ff17
[   81.883065][ T5851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   81.883075][ T5851] RSP: 002b:00007ffe23600a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   81.883088][ T5851] RAX: 0000000000000000 RBX: 00007f4921811c05 RCX: 00007f492178ff17
[   81.883095][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe23600b40
[   81.883110][ T5851] RBP: 00007ffe23600b40 R08: 0000000000000000 R09: 0000000000000000
[   81.883117][ T5851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe23601bd0
[   81.883124][ T5851] R13: 00007f4921811c05 R14: 0000000000013f5d R15: 00007ffe23601c10
[   81.883148][ T5851]  </TASK>
[   81.883154][ T5851] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   82.274509][ T6339] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.151' resets device
[   82.280854][ T6341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.152'.
[   82.322007][ T6343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.154'.
[   82.361703][ T6347] syz.0.155 uses old SIOCAX25GETINFO
[   83.045623][ T6390] netlink: 'syz.0.175': attribute type 21 has an invalid length.
[   83.053203][ T6390] netlink: 132 bytes leftover after parsing attributes in process `syz.0.175'.
[   83.605292][ T6406] loop0: detected capacity change from 0 to 1024
[   83.619609][ T6406] hfsplus: failed to load root directory
[   83.760732][ T6412] netlink: 4 bytes leftover after parsing attributes in process `syz.2.184'.
[   83.864788][ T6418] loop0: detected capacity change from 0 to 4096
[   83.921375][ T6418] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   83.933125][ T6418] ntfs3(loop0): $Secure::$SDH is corrupted.
[   83.942364][ T6418] ntfs3(loop0): Failed to initialize $Secure (-22).
[   84.072565][ T6436] netlink: 76 bytes leftover after parsing attributes in process `syz.1.196'.
[   84.206215][ T6442] trusted_key: syz.0.195 sent an empty control message without MSG_MORE.
[   84.353411][ T6432] loop2: detected capacity change from 0 to 32768
[   84.371853][ T6432] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.194 (6432)
[   84.421602][ T6446] Illegal XDP return value 96 on prog  (id 22) dev syz_tun, expect packet loss!
[   84.483852][ T6448] netlink: 256 bytes leftover after parsing attributes in process `syz.1.201'.
[   84.542692][ T6432] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   84.546848][ T6432] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   84.550120][ T6432] BTRFS info (device loop2): disk space caching is enabled
[   84.553051][ T6432] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   84.592879][ T6432] BTRFS info (device loop2): rebuilding free space tree
[   84.601555][ T6432] BTRFS info (device loop2): disabling free space tree
[   84.604203][ T6432] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   84.608908][ T6432] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   84.672798][ T5854] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   84.785401][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   84.958381][   T24] usb 2-1: Using ep0 maxpacket: 32
[   84.962658][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[   84.966690][   T24] usb 2-1: config 4 has an invalid interface number: 91 but max is 0
[   84.970067][   T24] usb 2-1: config 4 has no interface number 0
[   84.975486][   T24] usb 2-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=6c.05
[   84.977159][  T123] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   84.978686][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.984584][   T24] usb 2-1: Product: syz
[   84.986541][   T24] usb 2-1: Manufacturer: syz
[   84.988255][   T24] usb 2-1: SerialNumber: syz
[   85.125032][  T123] usb 3-1: Using ep0 maxpacket: 16
[   85.136898][  T123] usb 3-1: unable to get BOS descriptor or descriptor too short
[   85.140888][  T123] usb 3-1: config 218 has an invalid interface number: 135 but max is 0
[   85.143924][  T123] usb 3-1: config 218 has no interface number 0
[   85.155129][  T123] usb 3-1: config 218 interface 135 has no altsetting 0
[   85.159973][  T123] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=38.d9
[   85.163317][  T123] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.166381][  T123] usb 3-1: Product: syz
[   85.174997][  T123] usb 3-1: Manufacturer: syz
[   85.176708][  T123] usb 3-1: SerialNumber: syz
[   85.214136][   T24] empeg 2-1:4.91: empeg converter detected
[   85.216910][   T24] usb 2-1: active config #4 != 1 ??
[   85.227956][   T24] usb 2-1: USB disconnect, device number 4
[   85.234801][ T6471] loop0: detected capacity change from 0 to 32768
[   85.249926][ T6471] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.204 (6471)
[   85.269548][ T6471] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   85.273577][ T6471] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[   85.278144][ T6471] BTRFS info (device loop0): using free-space-tree
[   85.387353][   T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   85.419665][  T123] usb 3-1: USB disconnect, device number 5
[   85.809997][ T6490] loop1: detected capacity change from 0 to 2048
[   85.814293][ T6490] EXT4-fs: Ignoring removed bh option
[   85.840844][ T6490] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.865014][   T33] audit: type=1800 audit(1755568125.365:3): pid=6490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.205" name="file1" dev="loop1" ino=15 res=0 errno=0
[   85.890504][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.323360][ T5847] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   86.448545][ T6499] loop1: detected capacity change from 0 to 32768
[   86.516442][ T6499] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[   86.757230][   T51] libceph: connect (1)[c::]:6789 error -101
[   86.806320][   T51] libceph: mon0 (1)[c::]:6789 connect error
[   86.852987][ T6499] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   86.902332][ T6499] (syz.1.209,6499,1):ocfs2_read_blocks:239 ERROR: status = -12
[   86.916764][ T6499] (syz.1.209,6499,1):ocfs2_xattr_block_find:2831 ERROR: status = -12
[   86.923076][ T6514] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   86.984108][ T5851] ocfs2: Unmounting device (7,1) on (node local)
[   87.085618][ T6518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.214'.
[   87.102368][   T51] libceph: connect (1)[c::]:6789 error -101
[   87.105030][   T51] libceph: mon0 (1)[c::]:6789 connect error
[   87.149729][ T6506] ceph: No mds server is up or the cluster is laggy
[   87.176697][ T6520] netlink: 277 bytes leftover after parsing attributes in process `syz.1.213'.
[   87.373199][ T6532] loop1: detected capacity change from 0 to 164
[   87.463788][ T6537] loop0: detected capacity change from 0 to 1024
[   87.498962][ T6537] hfsplus: bad catalog entry type
[   87.509479][ T6538] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   87.706747][   T26] hfsplus: b-tree write err: -5, ino 4
[   88.664307][ T6568] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   88.715617][ T5852] Bluetooth: hci2: command 0x0405 tx timeout
[   89.358116][ T5315] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   89.516174][ T5315] usb 3-1: Using ep0 maxpacket: 32
[   89.523217][ T5315] usb 3-1: config 2 has an invalid interface number: 194 but max is 0
[   89.527610][ T5315] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[   89.531093][ T5315] usb 3-1: config 2 has no interface number 0
[   89.543419][ T5315] usb 3-1: config 2 interface 194 altsetting 0 bulk endpoint 0xA has invalid maxpacket 7
[   89.552189][ T5315] usb 3-1: config 2 interface 194 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[   89.560327][ T5315] usb 3-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[   89.568774][ T5315] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.583064][ T6581] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   89.807969][ T6607] netlink: 20 bytes leftover after parsing attributes in process `syz.1.239'.
[   89.819622][ T5315] usb 3-1: string descriptor 0 read error: -71
[   89.841980][ T5315] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   90.116436][ T5315] usb 3-1: USB disconnect, device number 6
[   90.385054][ T2289] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   90.410203][ T6619] netlink: 'syz.2.244': attribute type 2 has an invalid length.
[   90.450698][ T6619] bridge: entered promiscuous mode
[   90.546866][ T2289] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[   90.554294][ T2289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.576451][ T2289] usb 1-1: config 0 descriptor??
[   90.593203][ T2289] gspca_main: sunplus-2.14.0 probing 055f:c420
[   90.669271][ T6627] netlink: 48 bytes leftover after parsing attributes in process `syz.1.248'.
[   90.974588][ T6634] netlink: 84 bytes leftover after parsing attributes in process `syz.2.251'.
[   91.415561][ T2289] gspca_sunplus: reg_w_riv err -71
[   91.417768][ T2289] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[   91.445392][ T2289] usb 1-1: USB disconnect, device number 4
[   91.546303][ T6642] loop2: detected capacity change from 0 to 40427
[   91.549667][ T6646] loop1: detected capacity change from 0 to 128
[   91.571350][ T6646] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   91.577722][ T6642] F2FS-fs (loop2): invalid crc value
[   91.596668][ T6646] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   91.689647][ T6642] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   91.694738][ T6642] F2FS-fs (loop2): Start checkpoint disabled!
[   91.703784][ T6642] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   91.774044][   T26] kworker/u9:0: attempt to access beyond end of device
[   91.774044][   T26] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   91.783813][   T26] CPU: 0 UID: 0 PID: 26 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[   91.783834][   T26] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   91.783843][   T26] Workqueue: writeback wb_workfn (flush-7:2)
[   91.783866][   T26] Call Trace:
[   91.783873][   T26]  <TASK>
[   91.783879][   T26]  dump_stack_lvl+0x189/0x250
[   91.783902][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.783951][   T26]  ? __pfx_queue_work_on+0x10/0x10
[   91.783965][   T26]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   91.783983][   T26]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   91.784011][   T26]  f2fs_handle_critical_error+0x37c/0x540
[   91.784039][   T26]  f2fs_write_end_io+0x886/0xb60
[   91.784069][   T26]  __submit_merged_bio+0x27a/0x6a0
[   91.784094][   T26]  __submit_merged_write_cond+0x255/0x530
[   91.784121][   T26]  f2fs_write_data_pages+0x261d/0x3000
[   91.784174][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   91.784208][   T26]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   91.784253][   T26]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   91.784273][   T26]  ? look_up_lock_class+0x74/0x170
[   91.784301][   T26]  ? trace_f2fs_writepages+0x7f/0x200
[   91.784321][   T26]  ? f2fs_write_node_pages+0x478/0x6e0
[   91.784344][   T26]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   91.784375][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   91.784395][   T26]  do_writepages+0x32e/0x550
[   91.784419][   T26]  ? reacquire_held_locks+0x127/0x1d0
[   91.784432][   T26]  ? writeback_sb_inodes+0x384/0x1010
[   91.784456][   T26]  __writeback_single_inode+0x145/0xff0
[   91.784473][   T26]  ? do_raw_spin_unlock+0x4d/0x240
[   91.784492][   T26]  writeback_sb_inodes+0x6c7/0x1010
[   91.784533][   T26]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   91.784586][   T26]  ? rcu_is_watching+0x15/0xb0
[   91.784620][   T26]  wb_writeback+0x43b/0xaf0
[   91.784645][   T26]  ? queue_io+0x351/0x590
[   91.784666][   T26]  ? __pfx_wb_writeback+0x10/0x10
[   91.784691][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.784713][   T26]  wb_workfn+0x409/0xef0
[   91.784744][   T26]  ? __pfx_wb_workfn+0x10/0x10
[   91.784764][   T26]  ? __lock_acquire+0xab9/0xd20
[   91.784795][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[   91.784816][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.784832][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[   91.784845][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[   91.784861][   T26]  process_scheduled_works+0xae1/0x17b0
[   91.784943][   T26]  ? __pfx_process_scheduled_works+0x10/0x10
[   91.784976][   T26]  worker_thread+0x8a0/0xda0
[   91.785017][   T26]  kthread+0x711/0x8a0
[   91.785037][   T26]  ? __pfx_worker_thread+0x10/0x10
[   91.785051][   T26]  ? __pfx_kthread+0x10/0x10
[   91.785070][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.785087][   T26]  ? lockdep_hardirqs_on+0x9c/0x150
[   91.785103][   T26]  ? __pfx_kthread+0x10/0x10
[   91.785122][   T26]  ret_from_fork+0x3fc/0x770
[   91.785140][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[   91.785161][   T26]  ? __switch_to_asm+0x39/0x70
[   91.785177][   T26]  ? __switch_to_asm+0x33/0x70
[   91.785194][   T26]  ? __pfx_kthread+0x10/0x10
[   91.785212][   T26]  ret_from_fork_asm+0x1a/0x30
[   91.785246][   T26]  </TASK>
[   91.901962][   T26] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   91.905423][   T26] CPU: 1 UID: 0 PID: 26 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[   91.905442][   T26] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   91.905450][   T26] Workqueue: writeback wb_workfn (flush-7:2)
[   91.905472][   T26] Call Trace:
[   91.905477][   T26]  <TASK>
[   91.905483][   T26]  dump_stack_lvl+0x189/0x250
[   91.905504][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.905520][   T26]  ? __pfx_queue_work_on+0x10/0x10
[   91.905534][   T26]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   91.905552][   T26]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   91.905578][   T26]  f2fs_handle_critical_error+0x37c/0x540
[   91.905603][   T26]  f2fs_write_end_io+0x886/0xb60
[   91.905631][   T26]  __submit_merged_bio+0x27a/0x6a0
[   91.905654][   T26]  __submit_merged_write_cond+0x255/0x530
[   91.905679][   T26]  f2fs_write_data_pages+0x261d/0x3000
[   91.905726][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   91.905757][   T26]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   91.905800][   T26]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   91.905819][   T26]  ? look_up_lock_class+0x74/0x170
[   91.905844][   T26]  ? trace_f2fs_writepages+0x7f/0x200
[   91.905864][   T26]  ? f2fs_write_node_pages+0x478/0x6e0
[   91.905886][   T26]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   91.905944][   T26]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   91.905966][   T26]  do_writepages+0x32e/0x550
[   91.905989][   T26]  ? reacquire_held_locks+0x127/0x1d0
[   91.906003][   T26]  ? writeback_sb_inodes+0x384/0x1010
[   91.906028][   T26]  __writeback_single_inode+0x145/0xff0
[   91.906046][   T26]  ? do_raw_spin_unlock+0x4d/0x240
[   91.906066][   T26]  writeback_sb_inodes+0x6c7/0x1010
[   91.906105][   T26]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   91.906156][   T26]  ? rcu_is_watching+0x15/0xb0
[   91.906178][   T26]  wb_writeback+0x43b/0xaf0
[   91.906202][   T26]  ? queue_io+0x351/0x590
[   91.906222][   T26]  ? __pfx_wb_writeback+0x10/0x10
[   91.906246][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.906267][   T26]  wb_workfn+0x409/0xef0
[   91.906295][   T26]  ? __pfx_wb_workfn+0x10/0x10
[   91.906314][   T26]  ? __lock_acquire+0xab9/0xd20
[   91.906348][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[   91.906368][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.906383][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[   91.906396][   T26]  ? process_scheduled_works+0x9ef/0x17b0
[   91.906411][   T26]  process_scheduled_works+0xae1/0x17b0
[   91.906449][   T26]  ? __pfx_process_scheduled_works+0x10/0x10
[   91.906477][   T26]  worker_thread+0x8a0/0xda0
[   91.906513][   T26]  kthread+0x711/0x8a0
[   91.906533][   T26]  ? __pfx_worker_thread+0x10/0x10
[   91.906546][   T26]  ? __pfx_kthread+0x10/0x10
[   91.906565][   T26]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.906581][   T26]  ? lockdep_hardirqs_on+0x9c/0x150
[   91.906596][   T26]  ? __pfx_kthread+0x10/0x10
[   91.906614][   T26]  ret_from_fork+0x3fc/0x770
[   91.906631][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[   91.906651][   T26]  ? __switch_to_asm+0x39/0x70
[   91.906667][   T26]  ? __switch_to_asm+0x33/0x70
[   91.906682][   T26]  ? __pfx_kthread+0x10/0x10
[   91.906700][   T26]  ret_from_fork_asm+0x1a/0x30
[   91.906731][   T26]  </TASK>
[   91.906737][   T26] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   92.249610][ T5315] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   92.408126][ T5315] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[   92.411488][ T5315] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[   92.415502][ T5315] usb 2-1: config 220 has no interface number 2
[   92.418753][ T5315] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   92.436583][ T5315] usb 2-1: config 220 interface 0 has no altsetting 0
[   92.444004][ T5315] usb 2-1: config 220 interface 76 has no altsetting 0
[   92.452506][ T5315] usb 2-1: config 220 interface 1 has no altsetting 0
[   92.503731][ T5315] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   92.519085][ T5315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.537174][ T5315] usb 2-1: Product: syz
[   92.544381][ T5315] usb 2-1: Manufacturer: syz
[   92.555675][ T5315] usb 2-1: SerialNumber: syz
[   92.814482][ T5315] usb 2-1: selecting invalid altsetting 0
[   92.826566][ T5315] usb 2-1: selecting invalid altsetting 0
[   92.829252][ T5315] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[   92.831579][ T5315] usb 2-1: No valid video chain found.
[   92.840598][ T5315] usb 2-1: selecting invalid altsetting 0
[   92.842778][ T5315] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[   92.850277][ T5315] usb 2-1: USB disconnect, device number 5
[   93.077021][ T6681] loop2: detected capacity change from 0 to 2048
[   93.086151][ T6681] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   93.090696][ T6681] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[   93.097931][ T6681] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   93.299701][ T6691] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[   93.465248][ T6697] team_slave_0: entered promiscuous mode
[   93.467637][ T6697] team_slave_1: entered promiscuous mode
[   93.637718][ T6681] udf: Unknown parameter 'nobarrier'
[   93.650807][   T33] audit: type=1800 audit(1755568133.165:4): pid=6681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.269" name="file1" dev="loop2" ino=1346 res=0 errno=0
[   93.693272][ T6707] netlink: 'syz.1.282': attribute type 8 has an invalid length.
[   93.834976][   T10] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   93.979958][ T5852] Bluetooth: hci2: unexpected event for opcode 0x0c46
[   93.996835][   T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   94.000954][   T10] usb 1-1: too many endpoints for config 1 interface 0 altsetting 7: 255, using maximum allowed: 30
[   94.034975][   T10] usb 1-1: config 1 interface 0 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[   94.040425][   T10] usb 1-1: config 1 interface 0 has no altsetting 0
[   94.048138][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   94.051803][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   94.055568][ T6720] loop1: detected capacity change from 0 to 1024
[   94.063307][   T10] usb 1-1: SerialNumber: syz
[   94.072776][   T10] cdc_acm 1-1:1.0: invalid descriptor buffer length
[   94.084962][   T10] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[   94.095155][   T10] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[   94.097916][   T10] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[   94.137345][ T6720] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.170870][ T6720] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #12: block 7: comm syz.1.287: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0
[   94.193078][ T6720] EXT4-fs (loop1): Remounting filesystem read-only
[   94.199233][ T6729] vivid-000: =================  START STATUS  =================
[   94.201994][ T6729] vivid-000: Test Pattern: 75% Colorbar
[   94.203833][ T6729] vivid-000: Fill Percentage of Frame: 100
[   94.207146][ T6729] vivid-000: Horizontal Movement: No Movement
[   94.209537][ T6729] vivid-000: Vertical Movement: No Movement
[   94.211410][ T6729] vivid-000: OSD Text Mode: All
[   94.218847][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.219644][ T6729] vivid-000: Show Border: false
[   94.224276][ T6729] vivid-000: Show Square: false
[   94.226071][ T6729] vivid-000: Sensor Flipped Horizontally: false
[   94.228377][ T6729] vivid-000: Sensor Flipped Vertically: false
[   94.230833][ T6729] vivid-000: Insert SAV Code in Image: false
[   94.233286][ T6729] vivid-000: Insert EAV Code in Image: false
[   94.235493][ T6729] vivid-000: Insert Video Guard Band: false
[   94.237905][ T6729] vivid-000: Reduced Framerate: false
[   94.240578][ T6729] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[   94.255765][ T6729] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[   94.261561][ T6729] vivid-000: Enable Capture Cropping: true
[   94.269867][ T6729] vivid-000: Enable Capture Composing: true
[   94.277827][ T6729] vivid-000: Enable Capture Scaler: true
[   94.280202][ T6729] vivid-000: Timestamp Source: End of Frame
[   94.282794][ T6729] vivid-000: Colorspace: sRGB
[   94.284857][ T6729] vivid-000: Transfer Function: Default
[   94.286940][   T10] usb 1-1: USB disconnect, device number 5
[   94.287596][ T6729] vivid-000: Y'CbCr Encoding: Default
[   94.293202][ T6729] vivid-000: HSV Encoding: Hue 0-179
[   94.295817][ T6729] vivid-000: Quantization: Default
[   94.298015][ T6729] vivid-000: Apply Alpha To Red Only: false
[   94.303202][ T6729] vivid-000: Standard Aspect Ratio: 4x3
[   94.309017][ T6729] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[   94.312842][ T6729] vivid-000: DV Timings: 640x480p59 inactive
[   94.316291][ T6729] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[   94.319219][ T6729] vivid-000: Maximum EDID Blocks: 2
[   94.321344][ T6729] vivid-000: Limited RGB Range (16-235): false
[   94.323801][ T6729] vivid-000: Rx RGB Quantization Range: Automatic
[   94.327896][ T6729] vivid-000: Power Present: 0x00000001
[   94.330279][ T6729] tpg source WxH: 320x180 (R'G'B)
[   94.332287][ T6729] tpg field: 1
[   94.333603][ T6729] tpg crop: (0,0)/320x180
[   94.335653][ T6729] tpg compose: (0,0)/320x180
[   94.338543][ T6729] tpg colorspace: 8
[   94.340201][ T6729] tpg transfer function: 0/0
[   94.342144][ T6729] tpg quantization: 0/0
[   94.343889][ T6729] tpg RGB range: 0/2
[   94.347853][ T6729] vivid-000: ==================  END STATUS  ==================
[   94.378700][ T6731] sd 0:0:0:0: PR command failed: 1026
[   94.380883][ T6731] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[   94.383497][ T6731] sd 0:0:0:0: Add. Sense: Invalid command operation code
[   94.463061][ T6734] loop1: detected capacity change from 0 to 8192
[   94.508920][ T6734]  loop1: AHDI p1 p2
[   94.510983][ T6734] loop1: p1 size 65535 extends beyond EOD, truncated
[   94.561684][ T5979] udevd[5979]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   94.592773][ T5979] udevd[5979]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   94.679232][ T6742] netlink: 'syz.1.296': attribute type 2 has an invalid length.
[   94.681515][ T6742] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.296'.
[   94.684450][ T6742] nbd: must specify a device to reconfigure
[   95.461459][ T6789] loop1: detected capacity change from 0 to 512
[   95.469931][ T6789] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   95.481079][ T6789] EXT4-fs (loop1): orphan cleanup on readonly fs
[   95.483771][ T6789] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.317: bad orphan inode 15
[   95.490261][ T6789] ext4_test_bit(bit=14, block=18) = 1
[   95.492405][ T6789] is_bad_inode(inode)=0
[   95.493849][ T6789] NEXT_ORPHAN(inode)=1023
[   95.495624][ T6789] max_ino=32
[   95.496700][ T6789] i_nlink=0
[   95.500147][ T6789] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2962: inode #15: comm syz.1.317: corrupted xattr block 19: e_value size too large
[   95.506546][ T6789] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   95.511047][ T6789] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   95.605100][   T51] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   95.785406][   T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.790504][   T51] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[   95.793929][   T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.804393][   T51] usb 1-1: config 0 descriptor??
[   96.098854][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.246736][   T51] prodikeys 0003:041E:2801.0001: item fetching failed at offset 3/7
[   96.250517][   T51] prodikeys 0003:041E:2801.0001: hid parse failed
[   96.253095][   T51] prodikeys 0003:041E:2801.0001: probe with driver prodikeys failed with error -22
[   96.447595][   T51] usb 1-1: USB disconnect, device number 6
[   96.591715][ T6818] loop1: detected capacity change from 0 to 40427
[   96.594616][ T6818] F2FS-fs: heap/no_heap options were deprecated
[   96.600450][ T6818] F2FS-fs (loop1): Image doesn't support compression
[   96.602726][ T6818] F2FS-fs (loop1): build fault injection rate: 690
[   96.606881][ T6818] F2FS-fs (loop1): invalid crc value
[   96.643850][ T6818] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   96.653221][ T6818] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   96.692855][ T5851] syz-executor: attempt to access beyond end of device
[   96.692855][ T5851] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   96.698187][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   96.698202][ T5851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   96.698208][ T5851] Call Trace:
[   96.698213][ T5851]  <TASK>
[   96.698217][ T5851]  dump_stack_lvl+0x189/0x250
[   96.698244][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.698256][ T5851]  ? __pfx_queue_work_on+0x10/0x10
[   96.698267][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   96.698280][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   96.698299][ T5851]  f2fs_handle_critical_error+0x37c/0x540
[   96.698318][ T5851]  f2fs_write_end_io+0x886/0xb60
[   96.698343][ T5851]  __submit_merged_bio+0x27a/0x6a0
[   96.698367][ T5851]  __submit_merged_write_cond+0x255/0x530
[   96.698390][ T5851]  f2fs_write_data_pages+0x261d/0x3000
[   96.698438][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   96.698492][ T5851]  ? __mod_zone_page_state+0xd7/0x140
[   96.698518][ T5851]  ? folios_put_refs+0x560/0x640
[   96.698533][ T5851]  ? __pfx_folios_put_refs+0x10/0x10
[   96.698541][ T5851]  ? rcu_is_watching+0x15/0xb0
[   96.698580][ T5851]  ? __lock_acquire+0xab9/0xd20
[   96.698602][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   96.698614][ T5851]  do_writepages+0x32e/0x550
[   96.698630][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   96.698642][ T5851]  filemap_fdatawrite+0x199/0x240
[   96.698653][ T5851]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   96.698689][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[   96.698700][ T5851]  f2fs_sync_dirty_inodes+0x31f/0x830
[   96.698717][ T5851]  f2fs_write_checkpoint+0x95a/0x1df0
[   96.698737][ T5851]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   96.698771][ T5851]  ? kill_f2fs_super+0x298/0x6c0
[   96.698782][ T5851]  kill_f2fs_super+0x2c3/0x6c0
[   96.698793][ T5851]  ? __pfx_kill_f2fs_super+0x10/0x10
[   96.698800][ T5851]  ? radix_tree_delete_item+0x2b6/0x400
[   96.698814][ T5851]  ? shrinker_free+0x2ce/0x3e0
[   96.698824][ T5851]  deactivate_locked_super+0xbc/0x130
[   96.698836][ T5851]  cleanup_mnt+0x425/0x4c0
[   96.698846][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.698858][ T5851]  task_work_run+0x1d4/0x260
[   96.698870][ T5851]  ? __pfx_task_work_run+0x10/0x10
[   96.698879][ T5851]  ? __x64_sys_umount+0x122/0x160
[   96.698892][ T5851]  ? exit_to_user_mode_loop+0x40/0x110
[   96.698906][ T5851]  exit_to_user_mode_loop+0xec/0x110
[   96.698917][ T5851]  do_syscall_64+0x2bd/0x3b0
[   96.698928][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.698937][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.698945][ T5851]  ? exc_page_fault+0x9f/0xf0
[   96.698956][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.698964][ T5851] RIP: 0033:0x7f492178ff17
[   96.698973][ T5851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   96.698981][ T5851] RSP: 002b:00007ffe23600a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   96.698992][ T5851] RAX: 0000000000000000 RBX: 00007f4921811c05 RCX: 00007f492178ff17
[   96.698997][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe23600b40
[   96.699002][ T5851] RBP: 00007ffe23600b40 R08: 0000000000000000 R09: 0000000000000000
[   96.699006][ T5851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe23601bd0
[   96.699012][ T5851] R13: 00007f4921811c05 R14: 0000000000017940 R15: 00007ffe23601c10
[   96.699026][ T5851]  </TASK>
[   96.699030][ T5851] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   97.058947][ T6831] netlink: 392 bytes leftover after parsing attributes in process `syz.0.334'.
[   97.285119][ T2289] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   97.447426][ T2289] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   97.450696][ T2289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[   97.453953][ T2289] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[   97.457167][ T2289] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   97.461162][ T2289] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[   97.463949][ T2289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.469023][ T2289] usb 3-1: config 0 descriptor??
[   97.474175][ T2289] hdpvr 3-1:0.0: Could not find bulk-in endpoint
[   97.477092][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   97.479677][ T2289] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[   97.628090][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[   97.632685][   T10] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[   97.636538][   T10] usb 1-1: config 1 has an invalid descriptor of length 81, skipping remainder of the config
[   97.640639][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   97.647651][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   97.651264][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.654562][   T10] usb 1-1: Product: syz
[   97.656923][   T10] usb 1-1: Manufacturer: syz
[   97.658789][   T10] usb 1-1: SerialNumber: syz
[   97.684764][ T2289] usb 3-1: USB disconnect, device number 7
[   97.933614][   T10] usb 1-1: 0:2 : does not exist
[   97.944106][   T10] usb 1-1: USB disconnect, device number 7
[   97.966369][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   98.023837][ T6850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.343'.
[   98.230349][   T33] audit: type=1800 audit(1755568137.745:5): pid=6854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.345" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[   98.309408][ T2289] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   98.461549][ T2289] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[   98.475054][ T2289] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[   98.479501][ T2289] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[   98.487315][ T6858] loop2: detected capacity change from 0 to 32768
[   98.493219][ T2289] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[   98.495450][ T6858] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.347 (6858)
[   98.499972][ T2289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.508988][ T2289] usb 2-1: Product: syz
[   98.510798][ T2289] usb 2-1: Manufacturer: syz
[   98.512600][ T2289] usb 2-1: SerialNumber: syz
[   98.518154][ T2289] usb 2-1: config 0 descriptor??
[   98.530153][ T6858] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   98.536452][ T6858] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   98.539131][ T6858] BTRFS info (device loop2): using free-space-tree
[   98.567001][ T6858] BTRFS info (device loop2): rebuilding free space tree
[   98.666305][ T5854] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   98.733562][   T51] usb 2-1: USB disconnect, device number 6
[   98.833370][ T6861] loop0: detected capacity change from 0 to 32768
[   98.853973][ T6861] (syz.0.348,6861,1):ocfs2_sb_probe:759 ERROR: incompatible version: 2.33686018
[   98.860963][ T6861] (syz.0.348,6861,1):ocfs2_sb_probe:772 ERROR: This is an ocfs v1 filesystem which must be upgraded before mounting with ocfs v2
[   98.866229][ T6861] (syz.0.348,6861,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[   98.869284][ T6861] (syz.0.348,6861,1):ocfs2_fill_super:1177 ERROR: status = -22
[   98.879836][ T6879] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   99.036472][ T6885] capability: warning: `syz.0.352' uses deprecated v2 capabilities in a way that may be insecure
[   99.766399][ T6903] loop0: detected capacity change from 0 to 128
[  100.263342][ T6915] loop0: detected capacity change from 0 to 512
[  100.306208][ T6915] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  100.335443][ T6915] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  100.356256][ T6915] EXT4-fs (loop0): 1 truncate cleaned up
[  100.359885][ T6915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.372379][ T6915] EXT4-fs error (device loop0): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.0.365: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  100.389342][ T6915] EXT4-fs error (device loop0) in ext4_delete_entry:2739: Corrupt filesystem
[  100.408413][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.463712][ T6921] netlink: 212388 bytes leftover after parsing attributes in process `syz.1.368'.
[  100.467806][ T6921] openvswitch: netlink: Message has 5 unknown bytes.
[  100.527338][ T6923] loop1: detected capacity change from 0 to 1024
[  100.537175][ T6923] EXT4-fs: Ignoring removed nobh option
[  100.539450][ T6923] EXT4-fs: inline encryption not supported
[  100.568786][ T6923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.581739][ T6923] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.369: Allocating blocks 385-513 which overlap fs metadata
[  100.592236][ T6923] EXT4-fs (loop1): pa ffff88802bce4570: logic 16, phys. 129, len 24
[  100.595063][ T6923] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  100.603397][ T6923] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  100.611499][ T6923] EXT4-fs (loop1): This should not happen!! Data will be lost
[  100.611499][ T6923] 
[  100.616029][ T6923] EXT4-fs (loop1): Total free blocks count 0
[  100.618453][ T6923] EXT4-fs (loop1): Free/Dirty block details
[  100.620976][ T6923] EXT4-fs (loop1): free_blocks=128
[  100.622904][ T6923] EXT4-fs (loop1): dirty_blocks=0
[  100.624527][ T6923] EXT4-fs (loop1): Block reservation details
[  100.628808][ T6923] EXT4-fs (loop1): i_reserved_data_blocks=0
[  101.442885][ T6917] loop2: detected capacity change from 0 to 262144
[  101.446703][ T6917] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.366 (6917)
[  101.526111][ T6917] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  101.529969][ T6917] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  101.533544][ T6917] BTRFS info (device loop2): using free-space-tree
[  101.590635][ T6935] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  102.133269][ T5854] BTRFS info (device loop2): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  102.306164][   T33] audit: type=1326 audit(1755568141.815:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6952 comm="syz.0.373" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15cdb8ebe9 code=0x0
[  102.682743][ T6961] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000004
[  103.116353][ T6965] loop2: detected capacity change from 0 to 40427
[  103.131295][ T6965] F2FS-fs (loop2): build fault injection rate: 690
[  103.145070][ T6965] F2FS-fs (loop2): invalid crc value
[  103.153452][ T6972] loop0: detected capacity change from 0 to 256
[  103.209693][ T6965] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  103.213047][ T6965] F2FS-fs (loop2): Start checkpoint disabled!
[  103.218120][ T6965] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  103.246321][   T68] kworker/u10:2: attempt to access beyond end of device
[  103.246321][   T68] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  103.251956][   T68] CPU: 1 UID: 0 PID: 68 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[  103.251970][   T68] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  103.251976][   T68] Workqueue: writeback wb_workfn (flush-7:2)
[  103.251992][   T68] Call Trace:
[  103.251996][   T68]  <TASK>
[  103.252000][   T68]  dump_stack_lvl+0x189/0x250
[  103.252015][   T68]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.252025][   T68]  ? __pfx_queue_work_on+0x10/0x10
[  103.252033][   T68]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  103.252045][   T68]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  103.252060][   T68]  f2fs_handle_critical_error+0x37c/0x540
[  103.252107][   T68]  f2fs_write_end_io+0x886/0xb60
[  103.252126][   T68]  __submit_merged_bio+0x27a/0x6a0
[  103.252141][   T68]  __submit_merged_write_cond+0x255/0x530
[  103.252155][   T68]  f2fs_write_data_pages+0x261d/0x3000
[  103.252184][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.252221][   T68]  ? __lock_acquire+0xab9/0xd20
[  103.252235][   T68]  ? look_up_lock_class+0x74/0x170
[  103.252252][   T68]  ? __lock_acquire+0xab9/0xd20
[  103.252266][   T68]  ? __lock_acquire+0xab9/0xd20
[  103.252287][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.252299][   T68]  do_writepages+0x32e/0x550
[  103.252313][   T68]  ? reacquire_held_locks+0x127/0x1d0
[  103.252320][   T68]  ? writeback_sb_inodes+0x384/0x1010
[  103.252335][   T68]  __writeback_single_inode+0x145/0xff0
[  103.252346][   T68]  ? do_raw_spin_unlock+0x4d/0x240
[  103.252358][   T68]  writeback_sb_inodes+0x6c7/0x1010
[  103.252382][   T68]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  103.252414][   T68]  ? rcu_is_watching+0x15/0xb0
[  103.252427][   T68]  wb_writeback+0x43b/0xaf0
[  103.252447][   T68]  ? queue_io+0x351/0x590
[  103.252459][   T68]  ? __pfx_wb_writeback+0x10/0x10
[  103.252474][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  103.252486][   T68]  wb_workfn+0x409/0xef0
[  103.252503][   T68]  ? __pfx_wb_workfn+0x10/0x10
[  103.252514][   T68]  ? __lock_acquire+0xab9/0xd20
[  103.252530][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  103.252542][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  103.252551][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  103.252558][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  103.252567][   T68]  process_scheduled_works+0xae1/0x17b0
[  103.252590][   T68]  ? __pfx_process_scheduled_works+0x10/0x10
[  103.252608][   T68]  worker_thread+0x8a0/0xda0
[  103.252618][   T68]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  103.252632][   T68]  ? __kthread_parkme+0x7b/0x200
[  103.252646][   T68]  kthread+0x711/0x8a0
[  103.252657][   T68]  ? __pfx_worker_thread+0x10/0x10
[  103.252665][   T68]  ? __pfx_kthread+0x10/0x10
[  103.252675][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  103.252684][   T68]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.252693][   T68]  ? __pfx_kthread+0x10/0x10
[  103.252703][   T68]  ret_from_fork+0x3fc/0x770
[  103.252714][   T68]  ? __pfx_ret_from_fork+0x10/0x10
[  103.252726][   T68]  ? __switch_to_asm+0x39/0x70
[  103.252735][   T68]  ? __switch_to_asm+0x33/0x70
[  103.252744][   T68]  ? __pfx_kthread+0x10/0x10
[  103.252754][   T68]  ret_from_fork_asm+0x1a/0x30
[  103.252773][   T68]  </TASK>
[  103.252776][   T68] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  104.187252][ T6985] loop1: detected capacity change from 0 to 4096
[  104.197854][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  104.203834][ T6985] ntfs3(loop1): ino=18, mi_enum_attr
[  104.205664][ T6985] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  104.208438][ T6985] ntfs3(loop1): ino=1a, mi_enum_attr
[  104.655738][   T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  104.658297][   T10] usb 1-1: config 0 has no interface number 0
[  104.663261][   T10] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  104.684778][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.688203][   T10] usb 1-1: Product: syz
[  104.689656][   T10] usb 1-1: Manufacturer: syz
[  104.696920][   T10] usb 1-1: SerialNumber: syz
[  104.704753][   T10] usb 1-1: config 0 descriptor??
[  104.911665][   T10] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  104.920269][   T10] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  104.923859][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  104.929110][   T10] usb 1-1: media controller created
[  104.948203][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  105.049841][ T7002] netlink: 12 bytes leftover after parsing attributes in process `syz.1.391'.
[  105.118425][   T10] i2c i2c-2: ec100: i2c rd failed=-71 reg=33
[  105.158208][   T10] usb 1-1: USB disconnect, device number 8
[  105.354478][ T7018] loop2: detected capacity change from 0 to 2048
[  105.361694][ T7018] EXT4-fs: Ignoring removed mblk_io_submit option
[  105.384261][ T7018] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.471551][ T7025] warning: `syz.1.400' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  105.481669][ T7025] netlink: 'syz.1.400': attribute type 10 has an invalid length.
[  105.485731][ T7025] bond0: (slave wlan1): Opening slave failed
[  105.504535][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.659678][ T7032] loop0: detected capacity change from 0 to 1024
[  105.664511][ T7032] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  105.678785][ T7032] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  105.682177][ T7032] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  105.697368][ T7032] EXT4-fs (loop0): invalid journal inode
[  105.926658][   T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  106.075567][   T10] usb 3-1: Using ep0 maxpacket: 32
[  106.079484][   T10] usb 3-1: config 0 has an invalid interface number: 126 but max is 0
[  106.082228][   T10] usb 3-1: config 0 has no interface number 0
[  106.085076][ T5910] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  106.096232][   T10] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  106.100364][   T10] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  106.104398][   T10] usb 3-1: config 0 interface 126 has no altsetting 0
[  106.112428][   T10] usb 3-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  106.117156][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.123906][   T10] usb 3-1: Product: syz
[  106.125828][   T10] usb 3-1: Manufacturer: syz
[  106.127342][   T10] usb 3-1: SerialNumber: syz
[  106.130182][   T10] usb 3-1: config 0 descriptor??
[  106.132332][ T7034] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  106.135417][ T7034] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  106.146378][ T7048] loop1: detected capacity change from 0 to 2048
[  106.157171][ T7048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.161174][ T7048] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.179262][ T7048] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.411: bg 0: block 345: padding at end of block bitmap is not set
[  106.208564][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.257501][ T5910] usb 1-1: Using ep0 maxpacket: 8
[  106.262246][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  106.270561][ T5910] usb 1-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  106.274230][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.283989][ T5910] usb 1-1: Product: syz
[  106.285996][ T5910] usb 1-1: Manufacturer: syz
[  106.287780][ T5910] usb 1-1: SerialNumber: syz
[  106.291751][ T5910] usb 1-1: config 0 descriptor??
[  106.347691][   T10] ir_usb 3-1:0.126: IR Dongle converter detected
[  106.350330][   T10] usb 3-1: IRDA class descriptor not found, device not bound
[  106.355759][   T10] usb 3-1: USB disconnect, device number 8
[  106.505446][   T51] usb 1-1: USB disconnect, device number 9
[  106.931102][ T7058] netlink: 'syz.2.414': attribute type 1 has an invalid length.
[  106.934265][ T7058] netlink: 144 bytes leftover after parsing attributes in process `syz.2.414'.
[  106.939845][ T7058] netlink: 28 bytes leftover after parsing attributes in process `syz.2.414'.
[  106.987030][ T7060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.415'.
[  107.383919][ T7078] netlink: 96 bytes leftover after parsing attributes in process `syz.0.423'.
[  107.485086][ T5910] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  107.635043][ T5910] usb 2-1: Using ep0 maxpacket: 16
[  107.641379][ T5910] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  107.647282][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.650564][ T5910] usb 2-1: Product: syz
[  107.652250][ T5910] usb 2-1: Manufacturer: syz
[  107.654188][ T5910] usb 2-1: SerialNumber: syz
[  107.661280][ T5910] usb 2-1: config 0 descriptor??
[  107.667148][ T5910] appledisplay 2-1:0.0: Could not find int-in endpoint
[  107.671466][ T5910] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  107.853857][ T7092] loop0: detected capacity change from 0 to 32768
[  107.859158][ T7092] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.430 (7092)
[  107.867460][ T7092] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  107.873498][ T7092] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  107.879755][ T5910] usb 2-1: USB disconnect, device number 7
[  107.882090][ T7092] BTRFS info (device loop0): using free-space-tree
[  107.960688][ T7106] netlink: 'syz.2.431': attribute type 1 has an invalid length.
[  107.963368][ T7106] netlink: 4 bytes leftover after parsing attributes in process `syz.2.431'.
[  107.990393][ T7092] BTRFS info (device loop0): rebuilding free space tree
[  108.093597][ T5847] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  108.315123][   T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  108.344336][ T7119] mmap: syz.0.435 (7119) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  108.475298][   T24] usb 3-1: Using ep0 maxpacket: 32
[  108.504377][   T24] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  108.509120][   T24] usb 3-1: config 0 has no interface number 0
[  108.537973][   T24] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  108.541706][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.553089][   T24] usb 3-1: Product: syz
[  108.554807][   T24] usb 3-1: Manufacturer: syz
[  108.556841][   T24] usb 3-1: SerialNumber: syz
[  108.570508][   T24] usb 3-1: config 0 descriptor??
[  108.587734][   T24] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  108.606768][   T33] audit: type=1326 audit(1755568148.125:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7121 comm="syz.1.436" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f492178ebe9 code=0x0
[  108.851049][   T24] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  108.895791][   T24] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  108.975363][ T7130] loop1: detected capacity change from 0 to 2048
[  109.000130][ T7130] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  109.289355][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  109.299800][   T24] usb 3-1: USB disconnect, device number 9
[  109.359512][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  109.392279][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  109.404448][   T24] quatech2 3-1:0.51: device disconnected
[  109.717352][ T7135] loop1: detected capacity change from 0 to 1024
[  109.721439][ T7135] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  109.754628][ T7135] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.777453][ T7135] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.443: missing EA_INODE flag
[  109.786235][ T7135] EXT4-fs (loop1): Remounting filesystem read-only
[  109.788936][ T7135] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  109.813078][ T7142] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only
[  109.822612][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.826392][ T7142] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  109.888649][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.445'.
[  109.891536][ T7146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.445'.
[  110.077714][ T7151] loop1: detected capacity change from 0 to 4096
[  110.113912][ T7151] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  110.123205][ T7151] ntfs3(loop1): Failed to load $Extend (-22).
[  110.132222][ T7151] ntfs3(loop1): Failed to initialize $Extend.
[  110.163815][ T7151] ntfs3(loop1): ino=1b, "file0" ntfs_readdir
[  110.485118][   T51] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  110.537460][ T2289] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  110.635179][   T51] usb 2-1: Using ep0 maxpacket: 16
[  110.639647][   T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.644063][   T51] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  110.647731][   T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.654607][   T51] usb 2-1: config 0 descriptor??
[  110.687743][ T2289] usb 1-1: config index 0 descriptor too short (expected 32786, got 18)
[  110.692208][ T2289] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  110.696149][ T2289] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=0
[  110.699265][ T2289] usb 1-1: Manufacturer: syz
[  110.704028][ T2289] usb 1-1: config 0 descriptor??
[  110.710059][ T2289] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  110.715608][ T2289] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  110.916167][ T2289] usb 1-1: USB disconnect, device number 10
[  110.920017][ T2289] ftdi_sio 1-1:0.0: device disconnected
[  111.073903][   T51] mcp2221 0003:04D8:00DD.0002: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  111.365049][   T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  111.467718][ T2289] usb 2-1: USB disconnect, device number 8
[  111.521661][   T24] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  111.524397][   T24] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  111.535233][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  111.538085][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  111.543895][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  111.557677][   T24] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  111.560493][   T24] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  111.563404][   T24] usb 3-1: Product: syz
[  111.565183][   T24] usb 3-1: Manufacturer: syz
[  111.572630][   T24] cdc_wdm 3-1:1.0: skipping garbage
[  111.574827][   T24] cdc_wdm 3-1:1.0: skipping garbage
[  111.581573][   T24] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  111.583447][   T24] cdc_wdm 3-1:1.0: Unknown control protocol
[  111.751821][ T7176] loop0: detected capacity change from 0 to 32768
[  111.771532][ T7176] bcachefs (/dev/loop0): error validating superblock: Invalid time precision: 0 (min 1, max 1000000000)
[  111.781210][ T7176] bcachefs: bch2_fs_get_tree() error: invalid_sb_time_precision
[  111.841584][ T7178] loop6: detected capacity change from 0 to 63
[  111.844763][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.849082][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.852015][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.854964][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.858003][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.861006][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.863934][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.866954][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.869850][ T7178] ldm_validate_partition_table(): Disk read failed.
[  111.872387][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.874881][ T7178] Buffer I/O error on dev loop6, logical block 0, async page read
[  111.878818][ T7178] Dev loop6: unable to read RDB block 0
[  111.880968][ T7178]  loop6: unable to read partition table
[  111.884010][ T7178] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  112.668332][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -EPIPE
[  112.881925][ T5315] usb 3-1: USB disconnect, device number 10
[  113.150554][ T7210] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  113.416680][   T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  113.460850][ T7226] loop2: detected capacity change from 0 to 512
[  113.474196][ T7226] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  113.525406][ T7230] Bluetooth: MGMT ver 1.23
[  113.567787][   T10] usb 2-1: Using ep0 maxpacket: 32
[  113.577927][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.582127][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  113.594852][ T7234] No source specified
[  113.596664][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  113.600469][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.625067][   T10] usb 2-1: config 0 descriptor??
[  113.630749][   T10] hub 2-1:0.0: USB hub found
[  113.703333][ T7240] loop0: detected capacity change from 0 to 16
[  113.713577][ T7240] erofs (device loop0): mounted with root inode @ nid 36.
[  113.722217][ T7240] erofs (device loop0): unknown HEAD2 format 8 for nid 36, please upgrade kernel
[  113.728569][ T7240] erofs (device loop0): unknown HEAD2 format 8 for nid 36, please upgrade kernel
[  113.731760][ T7240] erofs (device loop0): read error -95 @ 8200 of nid 36
[  113.856206][   T10] hub 2-1:0.0: config failed, can't read hub descriptor (err -90)
[  114.059673][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  114.075068][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  114.118043][   T10] usb 2-1: USB disconnect, device number 9
[  114.733430][ T7261] loop1: detected capacity change from 0 to 512
[  114.740217][ T7261] EXT4-fs: Ignoring removed oldalloc option
[  114.766077][ T7261] EXT4-fs (loop1): 1 truncate cleaned up
[  114.780183][ T7261] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.079587][ T7268] loop0: detected capacity change from 0 to 8
[  115.270090][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.402042][ T7284] loop0: detected capacity change from 0 to 1024
[  115.435059][ T7284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  115.439737][ T7284] ext4 filesystem being mounted at /196/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  115.455450][ T5315] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  115.468206][ T7284] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.507: lblock 3 mapped to illegal pblock 3 (length 3)
[  115.477700][ T7290] netlink: 'syz.1.510': attribute type 1 has an invalid length.
[  115.478552][ T7284] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  115.480530][ T7290] netlink: 'syz.1.510': attribute type 4 has an invalid length.
[  115.486102][ T7284] EXT4-fs (loop0): This should not happen!! Data will be lost
[  115.486102][ T7284] 
[  115.488244][ T7290] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.510'.
[  115.503990][ T7290] netlink: 'syz.1.510': attribute type 1 has an invalid length.
[  115.507696][ T7290] netlink: 'syz.1.510': attribute type 4 has an invalid length.
[  115.510302][ T7290] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.510'.
[  115.546800][ T1088] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 8: comm kworker/u9:4: lblock 8 mapped to illegal pblock 8 (length 8)
[  115.557366][ T1088] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  115.561736][ T1088] EXT4-fs (loop0): This should not happen!! Data will be lost
[  115.561736][ T1088] 
[  115.576511][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  115.605008][ T5315] usb 3-1: Using ep0 maxpacket: 16
[  115.609697][ T5315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.619852][ T5315] usb 3-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  115.635195][ T5315] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.640936][ T5315] usb 3-1: config 0 descriptor??
[  115.731660][ T7300] loop1: detected capacity change from 0 to 8192
[  115.759355][ T5979]  loop1: p4 < >
[  115.769680][ T7300]  loop1: p4 < >
[  115.822198][ T5979] udevd[5979]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  115.834080][ T5979] udevd[5979]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  115.985032][   T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  116.237240][ T5315] greenasia 0003:0E8F:0012.0003: hidraw0: USB HID v0.05 Device [HID 0e8f:0012] on usb-dummy_hcd.2-1/input0
[  116.241107][ T5315] greenasia 0003:0E8F:0012.0003: no inputs found
[  116.275180][   T24] usb 1-1: Using ep0 maxpacket: 8
[  116.279815][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  116.283186][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  116.286895][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  116.293416][   T24] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01
[  116.296735][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.299865][   T24] usb 1-1: Product: syz
[  116.301592][   T24] usb 1-1: Manufacturer: syz
[  116.303393][   T24] usb 1-1: SerialNumber: syz
[  116.307536][   T24] usb 1-1: config 0 descriptor??
[  116.311837][   T24] radioshark 1-1:0.0: Invalid radioSHARK device
[  116.313975][   T24] radioshark 1-1:0.0: probe with driver radioshark failed with error -22
[  116.317051][   T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  116.435386][   T10] usb 3-1: USB disconnect, device number 11
[  116.526026][ T2289] usb 1-1: USB disconnect, device number 11
[  116.996382][ T2289] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  117.157799][   T33] audit: type=1326 audit(1755568156.675:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7316 comm="syz.0.522" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15cdb8ebe9 code=0x0
[  117.160195][ T2289] usb 2-1: unable to get BOS descriptor or descriptor too short
[  117.171083][ T2289] usb 2-1: config 13 has an invalid interface number: 50 but max is 3
[  117.174305][ T2289] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  117.179301][ T2289] usb 2-1: config 13 has 1 interface, different from the descriptor's value: 4
[  117.182645][ T2289] usb 2-1: config 13 has no interface number 0
[  117.185158][ T2289] usb 2-1: config 13 interface 50 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  117.190012][ T2289] usb 2-1: config 13 interface 50 has no altsetting 0
[  117.195534][ T2289] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=a9.e8
[  117.198937][ T2289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.201941][ T2289] usb 2-1: Product: syz
[  117.203641][ T2289] usb 2-1: Manufacturer: syz
[  117.207600][ T2289] usb 2-1: SerialNumber: syz
[  117.434185][ T2289] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  117.435999][   T13] usb 2-1: Failed to submit usb control message: -71
[  117.442450][ T2289] usb 2-1: USB disconnect, device number 10
[  117.445674][   T13] usb 2-1: unable to send the bmi data to the device: -71
[  117.448525][   T13] usb 2-1: unable to get target info from device
[  117.455285][   T13] usb 2-1: could not get target info (-71)
[  117.457870][   T13] usb 2-1: could not probe fw (-71)
[  117.650287][ T7320] loop2: detected capacity change from 0 to 32768
[  117.655626][ T7320] btrfs: Deprecated parameter 'usebackuproot'
[  117.657976][ T7320] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  117.663244][ T7320] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.523 (7320)
[  117.678679][ T7320] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  117.682689][ T7320] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  117.687212][ T7320] BTRFS info (device loop2): using free-space-tree
[  117.759622][   T68] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  117.766827][ T7320] BTRFS error (device loop2): failed to load root extent
[  117.769988][ T7320] BTRFS warning (device loop2): try to load backup roots slot 1
[  117.773433][ T2922] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  117.781934][ T7320] BTRFS warning (device loop2): couldn't read tree root
[  117.785389][ T7320] BTRFS warning (device loop2): try to load backup roots slot 2
[  117.788695][   T68] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  117.792284][ T7320] BTRFS warning (device loop2): couldn't read tree root
[  117.798777][ T7320] BTRFS warning (device loop2): try to load backup roots slot 3
[  117.812498][ T7320] BTRFS info (device loop2): rebuilding free space tree
[  117.830815][ T7320] BTRFS info (device loop2): checking UUID tree
[  117.893273][ T5854] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.058970][ T7342] netlink: 'syz.1.525': attribute type 39 has an invalid length.
[  118.229888][ T7349] loop0: detected capacity change from 0 to 4096
[  118.293169][ T7349] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  118.319520][ T7349] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.337418][ T7349] EXT4-fs (loop0): shut down requested (2)
[  118.360818][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.535089][ T2289] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  118.562167][ T7360] loop1: detected capacity change from 0 to 32768
[  118.571310][ T7360] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section members_v2: device 0: not enough buckets (got 0, max 64)
[  118.571310][ T7360] members_v2 (size 152):
[  118.571310][ T7360] nr_devices mismatch: have 17 entries, should be 1Device:0
[  118.571310][ T7360]   Label:                       (none)
[  118.571310][ T7360]   UUID:                        7af6772b-00de-4159-0000-000000000000
[  118.571310][ T7360]   Size:                        0
[  118.571310][ T7360]   read errors:                 0
[  118.571310][ T7360]   write errors:                0
[  118.571310][ T7360]   checksum errors:             0
[  118.571310][ T7360]   seqread iops:                0
[  118.571310][ T7360]   seqwrite iops:               0
[  118.571310][ T7360]   randread iops:               0
[  118.571310][ T7360]   randwrite iops:              0
[  118.571310][ T7360]   Bucket size:                 0
[  118.571310][ T7360]   First bucket:                0
[  118.571310][ T7360]   Buckets:                     0
[  118.571310][ T7360]   Last mount:                  (never)
[  118.571310][ T7360]   Last superblock write:       0
[  118.571310][ T7360]   State:                       rw
[  118.571310][ T7360]   Data allowed:                (none)
[  118.571310][ T7360]   Has data:                    (none)
[  118.571310][ T7360]   Btree allocated bitmap blocksize:1
[  118.571310][ T7360]   Btree allocated bitmap:      0000000000000000000000000000000000000000000000000000000000000000
[  118.571310][ T7360]   Durability:       
[  118.571411][ T7360] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  118.697072][ T2289] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  118.700926][ T2289] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  118.722395][ T2289] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  118.726113][ T2289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  118.735769][ T2289] usb 3-1: SerialNumber: syz
[  118.977447][ T2289] usb 3-1: USB disconnect, device number 12
[  120.939407][ T5910] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  121.105156][ T5910] usb 2-1: Using ep0 maxpacket: 16
[  121.109255][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.113451][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.121616][ T5910] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  121.130812][ T7421] loop2: detected capacity change from 0 to 32768
[  121.134655][ T5910] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  121.138526][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.153026][ T5910] usb 2-1: config 0 descriptor??
[  121.238728][ T7421] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  121.238743][ T7421]   allowing incompatible features above 0.0: (unknown version)
[  121.238749][ T7421]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  121.257305][ T7421] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  121.259993][ T7421] bcachefs (loop2): initializing new filesystem
[  121.269161][ T7421] bcachefs (loop2): going read-write
[  121.280263][ T7421] bcachefs (loop2): marking superblocks
[  121.304224][ T7421] bcachefs (loop2): initializing freespace
[  121.311521][ T7421] bcachefs (loop2): done initializing freespace
[  121.320316][ T7421] bcachefs (loop2): reading snapshots table
[  121.322270][ T7421] bcachefs (loop2): reading snapshots done
[  121.357471][ T7421] bcachefs (loop2): done starting filesystem
[  121.406074][ T7421] syz.2.561 (7421) used greatest stack depth: 17448 bytes left
[  121.418189][ T5854] bcachefs (loop2): shutting down
[  121.419943][ T5854] bcachefs (loop2): going read-only
[  121.422185][ T5854] bcachefs (loop2): finished waiting for writes to stop
[  121.425247][   T10] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  121.432422][ T5854] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  121.482898][ T5854] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  121.490370][ T5854] bcachefs (loop2): clean shutdown complete, journal seq 4
[  121.494072][ T5854] bcachefs (loop2): marking filesystem clean
[  121.524839][ T5854] bcachefs (loop2): shutdown complete
[  121.569817][ T5910] microsoft 0003:045E:07DA.0004: unbalanced delimiter at end of report description
[  121.574557][ T5910] microsoft 0003:045E:07DA.0004: parse failed
[  121.579869][ T5910] microsoft 0003:045E:07DA.0004: probe with driver microsoft failed with error -22
[  121.601385][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  121.606263][   T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  121.609615][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.615343][   T10] usb 1-1: config 0 descriptor??
[  121.621001][ T7430] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  121.773925][  T792] usb 2-1: USB disconnect, device number 11
[  121.829644][   T10] ath6kl: Failed to submit usb control message: -71
[  121.832419][   T10] ath6kl: unable to send the bmi data to the device: -71
[  121.835462][   T10] ath6kl: Unable to send get target info: -71
[  121.847934][   T10] ath6kl: Failed to init ath6kl core: -71
[  121.851266][   T10] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  121.860647][   T10] usb 1-1: USB disconnect, device number 12
[  122.238609][   T10] TC_ACT_REPEAT abuse ?
[  122.555206][   T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  123.079406][  T123] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  123.084383][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.089912][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.093723][   T10] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  123.098028][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.104410][   T10] usb 2-1: config 0 descriptor??
[  123.251101][  T123] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  123.255394][  T123] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.258499][  T123] usb 1-1: Product: syz
[  123.260165][  T123] usb 1-1: Manufacturer: syz
[  123.262017][  T123] usb 1-1: SerialNumber: syz
[  123.270043][  T123] usb 1-1: config 0 descriptor??
[  123.548483][   T10] sony 0003:054C:0268.0005: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.1-1/input0
[  123.559786][   T10] sony 0003:054C:0268.0005: failed to claim input
[  123.679873][  T123] usb 1-1: f81604_write: reg: 105 data: 8a failed: -EPROTO
[  123.682733][  T123] f81604 1-1:0.0: Setting termination of CH#0 failed: -EPROTO
[  123.687011][  T123] f81604 1-1:0.0: probe with driver f81604 failed with error -71
[  123.693272][  T123] usb 1-1: USB disconnect, device number 13
[  123.728866][ T5315] usb 2-1: USB disconnect, device number 12
[  124.083311][ T7460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.573'.
[  124.087872][ T7460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.573'.
[  124.155675][    C0] TC_ACT_REPEAT abuse ?
[  124.214644][ T7466] netlink: 16 bytes leftover after parsing attributes in process `syz.2.576'.
[  124.398602][ T7472] loop1: detected capacity change from 0 to 4096
[  124.402300][ T5852] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  124.407196][ T5852] Bluetooth: hci0: Injecting HCI hardware error event
[  124.411048][ T5852] Bluetooth: hci0: hardware error 0x00
[  124.425953][ T7477] loop2: detected capacity change from 0 to 512
[  124.437990][ T7477] EXT4-fs: Ignoring removed bh option
[  124.474787][ T7477] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  124.496911][ T7477] EXT4-fs (loop2): invalid journal inode
[  124.499563][ T7477] EXT4-fs (loop2): can't get journal size
[  124.508017][ T7472] ntfs3(loop1): ino=1e, "file1" fallocate(0x10) is not supported
[  124.517429][ T7477] EXT4-fs (loop2): 1 truncate cleaned up
[  124.521177][ T7477] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.533657][ T7477] Device name not specified.
[  124.533657][ T7477] 
[  124.631251][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.642694][ T7485] loop1: detected capacity change from 0 to 256
[  124.677133][ T7485] FAT-fs (loop1): Directory bread(block 64) failed
[  124.679930][ T7485] FAT-fs (loop1): Directory bread(block 65) failed
[  124.700306][ T7485] FAT-fs (loop1): Directory bread(block 66) failed
[  124.702850][ T7485] FAT-fs (loop1): Directory bread(block 67) failed
[  124.722762][ T7485] FAT-fs (loop1): Directory bread(block 68) failed
[  124.735541][ T7485] FAT-fs (loop1): Directory bread(block 69) failed
[  124.772037][ T7485] FAT-fs (loop1): Directory bread(block 70) failed
[  124.774569][ T7485] FAT-fs (loop1): Directory bread(block 71) failed
[  124.782747][ T7485] FAT-fs (loop1): Directory bread(block 72) failed
[  124.787866][ T7485] FAT-fs (loop1): Directory bread(block 73) failed
[  124.929587][ T7493] loop2: detected capacity change from 0 to 256
[  124.963738][ T7493] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011d93, chksum : 0x4501cc6b, utbl_chksum : 0xe619d30d)
[  125.255051][   T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  125.797648][   T10] usb 1-1: config 0 has an invalid interface number: 83 but max is 0
[  125.801093][   T10] usb 1-1: config 0 has no interface number 0
[  125.803077][   T10] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  125.806855][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.810935][   T10] usb 1-1: config 0 descriptor??
[  125.816714][   T10] ttusbir 1-1:0.83: cannot find expected altsetting
[  126.040689][   T10] usb 1-1: USB disconnect, device number 14
[  126.143780][ T7514] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  126.387832][ T7526] netlink: 'syz.1.603': attribute type 3 has an invalid length.
[  126.475717][ T5852] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  126.745396][  T123] TC_ACT_REPEAT abuse ?
[  126.895371][ T5315] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  127.025112][ T7552] loop0: detected capacity change from 0 to 128
[  127.075251][ T5315] usb 2-1: Using ep0 maxpacket: 16
[  127.086922][ T5315] usb 2-1: config 0 has an invalid interface number: 142 but max is 0
[  127.091510][ T7552] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  127.094783][ T7552] FAT-fs (loop0): Filesystem has been set read-only
[  127.097554][ T5315] usb 2-1: config 0 has no interface number 0
[  127.106035][ T7552] syz.0.614: attempt to access beyond end of device
[  127.106035][ T7552] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  127.114070][ T7552] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  127.118716][ T7552] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  127.118831][ T5315] usb 2-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=a0.f1
[  127.127687][ T5315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.129234][ T7552] syz.0.614: attempt to access beyond end of device
[  127.129234][ T7552] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  127.130528][ T5315] usb 2-1: Product: syz
[  127.137316][   T33] audit: type=1800 audit(1755568166.655:9): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.614" name="file2" dev="loop0" ino=1048599 res=0 errno=0
[  127.137409][ T5315] usb 2-1: Manufacturer: syz
[  127.147067][ T5315] usb 2-1: SerialNumber: syz
[  127.158123][ T5315] usb 2-1: config 0 descriptor??
[  127.388438][ T7557] netlink: 12 bytes leftover after parsing attributes in process `syz.0.616'.
[  127.402599][ T5315] usb 2-1: Found UVC 0.00 device syz (1bcf:0b40)
[  127.412135][ T5315] usb 2-1: Forcing UVC version to 1.0a
[  127.414072][ T5315] usb 2-1: No valid video chain found.
[  127.430658][ T5315] usb 2-1: USB disconnect, device number 13
[  127.483523][ T7559] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  127.648950][ T7561] netlink: 372 bytes leftover after parsing attributes in process `syz.0.618'.
[  127.652001][ T7561] ==================================================================
[  127.654433][ T7561] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  127.657044][ T7561] Read of size 4 at addr ffff8880381c00c4 by task syz.0.618/7561
[  127.660573][ T7561] 
[  127.661606][ T7561] CPU: 0 UID: 0 PID: 7561 Comm: syz.0.618 Not tainted syzkaller #0 PREEMPT(full) 
[  127.661618][ T7561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  127.661624][ T7561] Call Trace:
[  127.661629][ T7561]  <TASK>
[  127.661633][ T7561]  dump_stack_lvl+0x189/0x250
[  127.661647][ T7561]  ? __kasan_check_byte+0x12/0x40
[  127.661660][ T7561]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.661672][ T7561]  ? lock_release+0x4b/0x3e0
[  127.661686][ T7561]  ? __virt_addr_valid+0x4a5/0x5c0
[  127.661697][ T7561]  print_report+0xca/0x240
[  127.661705][ T7561]  ? xfrm_alloc_spi+0x570/0xf30
[  127.661715][ T7561]  kasan_report+0x118/0x150
[  127.661726][ T7561]  ? xfrm_alloc_spi+0x570/0xf30
[  127.661736][ T7561]  xfrm_alloc_spi+0x570/0xf30
[  127.661745][ T7561]  ? xfrm_alloc_spi+0x2a0/0xf30
[  127.661761][ T7561]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  127.661776][ T7561]  ? xfrm_find_acq+0x87/0xa0
[  127.661791][ T7561]  xfrm_alloc_userspi+0x70b/0xc90
[  127.661804][ T7561]  ? apparmor_capable+0x137/0x1b0
[  127.661814][ T7561]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  127.661823][ T7561]  ? __nla_parse+0x40/0x60
[  127.661836][ T7561]  xfrm_user_rcv_msg+0x7a3/0xab0
[  127.661847][ T7561]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  127.661872][ T7561]  ? __pfx___mutex_trylock_common+0x10/0x10
[  127.661889][ T7561]  ? rcu_is_watching+0x15/0xb0
[  127.661897][ T7561]  ? trace_contention_end+0x39/0x120
[  127.661905][ T7561]  ? __mutex_lock+0x335/0x1360
[  127.661924][ T7561]  netlink_rcv_skb+0x208/0x470
[  127.661936][ T7561]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  127.661950][ T7561]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  127.661975][ T7561]  ? netlink_deliver_tap+0x2e/0x1b0
[  127.661994][ T7561]  ? netlink_deliver_tap+0x2e/0x1b0
[  127.662005][ T7561]  xfrm_netlink_rcv+0x79/0x90
[  127.662015][ T7561]  netlink_unicast+0x82f/0x9e0
[  127.662036][ T7561]  ? __pfx_netlink_unicast+0x10/0x10
[  127.662054][ T7561]  ? netlink_sendmsg+0x642/0xb30
[  127.662073][ T7561]  ? skb_put+0x11b/0x210
[  127.662083][ T7561]  netlink_sendmsg+0x805/0xb30
[  127.662095][ T7561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  127.662113][ T7561]  ? aa_sock_msg_perm+0xf1/0x1d0
[  127.662133][ T7561]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  127.662147][ T7561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  127.662166][ T7561]  __sock_sendmsg+0x21c/0x270
[  127.662185][ T7561]  ____sys_sendmsg+0x505/0x830
[  127.662201][ T7561]  ? __pfx_____sys_sendmsg+0x10/0x10
[  127.662217][ T7561]  ? import_iovec+0x74/0xa0
[  127.662234][ T7561]  ___sys_sendmsg+0x21f/0x2a0
[  127.662245][ T7561]  ? __pfx____sys_sendmsg+0x10/0x10
[  127.662266][ T7561]  ? __fget_files+0x2a/0x420
[  127.662277][ T7561]  ? __fget_files+0x3a0/0x420
[  127.662323][ T7561]  __x64_sys_sendmsg+0x19b/0x260
[  127.662339][ T7561]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  127.662364][ T7561]  ? rcu_is_watching+0x15/0xb0
[  127.662378][ T7561]  ? do_syscall_64+0xbe/0x3b0
[  127.662399][ T7561]  do_syscall_64+0xfa/0x3b0
[  127.662417][ T7561]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.662434][ T7561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.662448][ T7561]  ? exc_page_fault+0x9f/0xf0
[  127.662467][ T7561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.662480][ T7561] RIP: 0033:0x7f15cdb8ebe9
[  127.662490][ T7561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.662498][ T7561] RSP: 002b:00007f15ceaac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  127.662508][ T7561] RAX: ffffffffffffffda RBX: 00007f15cddb5fa0 RCX: 00007f15cdb8ebe9
[  127.662514][ T7561] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  127.662520][ T7561] RBP: 00007f15cdc11e19 R08: 0000000000000000 R09: 0000000000000000
[  127.662525][ T7561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  127.662531][ T7561] R13: 00007f15cddb6038 R14: 00007f15cddb5fa0 R15: 00007fffaa0a7428
[  127.662540][ T7561]  </TASK>
[  127.662544][ T7561] 
[  127.796062][ T7561] Allocated by task 6831:
[  127.797408][ T7561]  kasan_save_track+0x3e/0x80
[  127.798858][ T7561]  __kasan_slab_alloc+0x6c/0x80
[  127.800339][ T7561]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  127.802371][ T7561]  xfrm_state_alloc+0x24/0x2f0
[  127.803884][ T7561]  __find_acq_core+0x8a7/0x1c00
[  127.805587][ T7561]  xfrm_find_acq+0x78/0xa0
[  127.807082][ T7561]  xfrm_alloc_userspi+0x6b3/0xc90
[  127.808702][ T7561]  xfrm_user_rcv_msg+0x7a3/0xab0
[  127.810592][ T7561]  netlink_rcv_skb+0x208/0x470
[  127.812340][ T7561]  xfrm_netlink_rcv+0x79/0x90
[  127.814021][ T7561]  netlink_unicast+0x82f/0x9e0
[  127.815700][ T7561]  netlink_sendmsg+0x805/0xb30
[  127.817139][ T7561]  __sock_sendmsg+0x21c/0x270
[  127.818633][ T7561]  ____sys_sendmsg+0x505/0x830
[  127.820344][ T7561]  ___sys_sendmsg+0x21f/0x2a0
[  127.821814][ T7561]  __x64_sys_sendmsg+0x19b/0x260
[  127.823378][ T7561]  do_syscall_64+0xfa/0x3b0
[  127.824741][ T7561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.826498][ T7561] 
[  127.827208][ T7561] Freed by task 123:
[  127.828390][ T7561]  kasan_save_track+0x3e/0x80
[  127.829855][ T7561]  kasan_save_free_info+0x46/0x50
[  127.831656][ T7561]  __kasan_slab_free+0x5b/0x80
[  127.833131][ T7561]  kmem_cache_free+0x18f/0x400
[  127.834683][ T7561]  xfrm_state_gc_task+0x52d/0x6b0
[  127.836310][ T7561]  process_scheduled_works+0xae1/0x17b0
[  127.838155][ T7561]  worker_thread+0x8a0/0xda0
[  127.839580][ T7561]  kthread+0x711/0x8a0
[  127.841079][ T7561]  ret_from_fork+0x3fc/0x770
[  127.842772][ T7561]  ret_from_fork_asm+0x1a/0x30
[  127.844608][ T7561] 
[  127.845380][ T7561] The buggy address belongs to the object at ffff8880381c0000
[  127.845380][ T7561]  which belongs to the cache xfrm_state of size 928
[  127.849751][ T7561] The buggy address is located 196 bytes inside of
[  127.849751][ T7561]  freed 928-byte region [ffff8880381c0000, ffff8880381c03a0)
[  127.853772][ T7561] 
[  127.854489][ T7561] The buggy address belongs to the physical page:
[  127.856444][ T7561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x381c0
[  127.859366][ T7561] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  127.862171][ T7561] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  127.864851][ T7561] page_type: f5(slab)
[  127.866397][ T7561] raw: 00fff00000000040 ffff888104b3cc80 dead000000000122 0000000000000000
[  127.869034][ T7561] raw: 0000000000000000 00000000800e000e 00000000f5000000 0000000000000000
[  127.871960][ T7561] head: 00fff00000000040 ffff888104b3cc80 dead000000000122 0000000000000000
[  127.875040][ T7561] head: 0000000000000000 00000000800e000e 00000000f5000000 0000000000000000
[  127.877864][ T7561] head: 00fff00000000002 ffffea0000e07001 00000000ffffffff 00000000ffffffff
[  127.880434][ T7561] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  127.883167][ T7561] page dumped because: kasan: bad access detected
[  127.885316][ T7561] page_owner tracks the page as allocated
[  127.887308][ T7561] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6831, tgid 6830 (syz.0.334), ts 97062759861, free_ts 96853489696
[  127.893575][ T7561]  post_alloc_hook+0x240/0x2a0
[  127.895320][ T7561]  get_page_from_freelist+0x21e4/0x22c0
[  127.897583][ T7561]  __alloc_frozen_pages_noprof+0x181/0x370
[  127.899405][ T7561]  alloc_pages_mpol+0x232/0x4a0
[  127.900897][ T7561]  allocate_slab+0x8a/0x370
[  127.902256][ T7561]  ___slab_alloc+0xbeb/0x1410
[  127.903727][ T7561]  kmem_cache_alloc_noprof+0x283/0x3c0
[  127.905369][ T7561]  xfrm_state_alloc+0x24/0x2f0
[  127.907023][ T7561]  __find_acq_core+0x8a7/0x1c00
[  127.908853][ T7561]  xfrm_find_acq+0x78/0xa0
[  127.910228][ T7561]  xfrm_alloc_userspi+0x6b3/0xc90
[  127.911891][ T7561]  xfrm_user_rcv_msg+0x7a3/0xab0
[  127.913519][ T7561]  netlink_rcv_skb+0x208/0x470
[  127.915013][ T7561]  xfrm_netlink_rcv+0x79/0x90
[  127.916487][ T7561]  netlink_unicast+0x82f/0x9e0
[  127.918036][ T7561]  netlink_sendmsg+0x805/0xb30
[  127.919734][ T7561] page last free pid 5851 tgid 5851 stack trace:
[  127.921778][ T7561]  __free_frozen_pages+0xbc4/0xd30
[  127.923529][ T7561]  free_large_kmalloc+0x13a/0x1f0
[  127.925104][ T7561]  f2fs_destroy_segment_manager+0x1c0/0xe30
[  127.927029][ T7561]  f2fs_put_super+0xb1d/0x1170
[  127.928685][ T7561]  generic_shutdown_super+0x135/0x2c0
[  127.930388][ T7561]  kill_block_super+0x44/0x90
[  127.932126][ T7561]  kill_f2fs_super+0x390/0x6c0
[  127.934016][ T7561]  deactivate_locked_super+0xbc/0x130
[  127.936132][ T7561]  cleanup_mnt+0x425/0x4c0
[  127.937831][ T7561]  task_work_run+0x1d4/0x260
[  127.939306][ T7561]  exit_to_user_mode_loop+0xec/0x110
[  127.941290][ T7561]  do_syscall_64+0x2bd/0x3b0
[  127.943219][ T7561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.945290][ T7561] 
[  127.946066][ T7561] Memory state around the buggy address:
[  127.947927][ T7561]  ffff8880381bff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  127.950308][ T7561]  ffff8880381c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.953035][ T7561] >ffff8880381c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.955887][ T7561]                                            ^
[  127.958226][ T7561]  ffff8880381c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.960972][ T7561]  ffff8880381c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.963644][ T7561] ==================================================================
[  127.966231][    C0] vkms_vblank_simulate: vblank timer overrun
[  127.968735][ T7561] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  127.971112][ T7561] CPU: 0 UID: 0 PID: 7561 Comm: syz.0.618 Not tainted syzkaller #0 PREEMPT(full) 
[  127.974538][ T7561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  127.978402][ T7561] Call Trace:
[  127.979832][ T7561]  <TASK>
[  127.980793][ T7561]  dump_stack_lvl+0x99/0x250
[  127.982362][ T7561]  ? __asan_memcpy+0x40/0x70
[  127.983999][ T7561]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.985809][ T7561]  ? __pfx__printk+0x10/0x10
[  127.987562][ T7561]  vpanic+0x281/0x750
[  127.988799][ T7561]  ? __pfx_vpanic+0x10/0x10
[  127.990255][ T7561]  ? irqentry_exit+0x74/0x90
[  127.991855][ T7561]  panic+0xb9/0xc0
[  127.993050][ T7561]  ? __pfx_panic+0x10/0x10
[  127.994440][ T7561]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  127.996510][ T7561]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  127.998430][ T7561]  ? xfrm_alloc_spi+0x570/0xf30
[  128.000358][ T7561]  check_panic_on_warn+0x89/0xb0
[  128.002346][ T7561]  ? xfrm_alloc_spi+0x570/0xf30
[  128.004318][ T7561]  end_report+0x78/0x160
[  128.005755][ T7561]  kasan_report+0x129/0x150
[  128.007367][ T7561]  ? xfrm_alloc_spi+0x570/0xf30
[  128.009102][ T7561]  xfrm_alloc_spi+0x570/0xf30
[  128.011028][ T7561]  ? xfrm_alloc_spi+0x2a0/0xf30
[  128.012967][ T7561]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  128.015110][ T7561]  ? xfrm_find_acq+0x87/0xa0
[  128.016955][ T7561]  xfrm_alloc_userspi+0x70b/0xc90
[  128.018830][ T7561]  ? apparmor_capable+0x137/0x1b0
[  128.020629][ T7561]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  128.022567][ T7561]  ? __nla_parse+0x40/0x60
[  128.024353][ T7561]  xfrm_user_rcv_msg+0x7a3/0xab0
[  128.026306][ T7561]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  128.028441][ T7561]  ? __pfx___mutex_trylock_common+0x10/0x10
[  128.030424][ T7561]  ? rcu_is_watching+0x15/0xb0
[  128.032071][ T7561]  ? trace_contention_end+0x39/0x120
[  128.034128][ T7561]  ? __mutex_lock+0x335/0x1360
[  128.036107][ T7561]  netlink_rcv_skb+0x208/0x470
[  128.038018][ T7561]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  128.040466][ T7561]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  128.042606][ T7561]  ? netlink_deliver_tap+0x2e/0x1b0
[  128.044602][ T7561]  ? netlink_deliver_tap+0x2e/0x1b0
[  128.046543][ T7561]  xfrm_netlink_rcv+0x79/0x90
[  128.047902][ T7561]  netlink_unicast+0x82f/0x9e0
[  128.049470][ T7561]  ? __pfx_netlink_unicast+0x10/0x10
[  128.051380][ T7561]  ? netlink_sendmsg+0x642/0xb30
[  128.053205][ T7561]  ? skb_put+0x11b/0x210
[  128.054663][ T7561]  netlink_sendmsg+0x805/0xb30
[  128.056189][ T7561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  128.057840][ T7561]  ? aa_sock_msg_perm+0xf1/0x1d0
[  128.059374][ T7561]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  128.060922][ T7561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  128.062438][ T7561]  __sock_sendmsg+0x21c/0x270
[  128.063945][ T7561]  ____sys_sendmsg+0x505/0x830
[  128.065335][ T7561]  ? __pfx_____sys_sendmsg+0x10/0x10
[  128.066953][ T7561]  ? import_iovec+0x74/0xa0
[  128.068333][ T7561]  ___sys_sendmsg+0x21f/0x2a0
[  128.069930][ T7561]  ? __pfx____sys_sendmsg+0x10/0x10
[  128.071589][ T7561]  ? __fget_files+0x2a/0x420
[  128.073026][ T7561]  ? __fget_files+0x3a0/0x420
[  128.074361][ T7561]  __x64_sys_sendmsg+0x19b/0x260
[  128.075817][ T7561]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  128.077776][ T7561]  ? rcu_is_watching+0x15/0xb0
[  128.079448][ T7561]  ? do_syscall_64+0xbe/0x3b0
[  128.080908][ T7561]  do_syscall_64+0xfa/0x3b0
[  128.082354][ T7561]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.083982][ T7561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.085840][ T7561]  ? exc_page_fault+0x9f/0xf0
[  128.087444][ T7561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.089400][ T7561] RIP: 0033:0x7f15cdb8ebe9
[  128.090805][ T7561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.096739][ T7561] RSP: 002b:00007f15ceaac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  128.099352][ T7561] RAX: ffffffffffffffda RBX: 00007f15cddb5fa0 RCX: 00007f15cdb8ebe9
[  128.102177][ T7561] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  128.104892][ T7561] RBP: 00007f15cdc11e19 R08: 0000000000000000 R09: 0000000000000000
[  128.107419][ T7561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.109933][ T7561] R13: 00007f15cddb6038 R14: 00007f15cddb5fa0 R15: 00007fffaa0a7428
[  128.112647][ T7561]  </TASK>
[  128.114320][ T7561] Kernel Offset: disabled
[  128.115729][ T7561] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:49:27  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002e RBX=000000000000002e RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001573 RDI=0000000000001574 RBP=00000000000003f8 RSP=ffffc900084a69f0
R8 =ffff8880202f8237 R9 =1ffff1100405f046 R10=dffffc0000000000 R11=ffffffff854f0230
R12=dffffc0000000000 R13=ffffffff99af990b R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854f02ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f15ceaac6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000540 CR3=000000010ad8c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f15cdd87498 00007f15cdd87470 XMM03=00007f15cdd874a8 00007f15cdd874a0
XMM04=00007f15ce8ed100 00007f15cdd87460 XMM05=00007f15cdd87478 00007f15cdd874c0
XMM06=00007f15cdd874b8 00007f15cdd874b0 XMM07=00007f15cdd874a8 00007f15cdd874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f15cdc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000148b RBX=0000000000000000 RCX=00000000000007e0 RDX=dffffc0000000000
RSI=ffff88813663fd40 RDI=ffff88813663fd44 RBP=1ffff11026cc7fa8 RSP=ffffc90008307a48
R8 =ffff88813663fd00 R9 =000000000000003f R10=000000000000148b R11=fffff52001060f44
R12=0000000000003117 R13=ffff88813663fd58 R14=000000000000148b R15=0000000000000cbc
RIP=ffffffff8215970c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556fdb0500 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f15cdb25de0 CR3=000000010b572000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=0000000000000000 00007f4921812ee7 XMM09=0000000000000000 00007f4921812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
