last executing test programs:

7m5.786621907s ago: executing program 2 (id=169):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000006c0)={0x14, 0x3, 0x2, 0x201, 0x0, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x40014}, 0x810)
sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x15, 0xa, 0x101, 0x0, 0x0, {0x9, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x24040080}, 0x30004804)

7m5.786203147s ago: executing program 2 (id=170):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_io_uring_setup(0xc, &(0x7f00000002c0)={0x0, 0x29, 0x8, 0x0, 0x20b}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
r8 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r8, 0xffff)
fcntl$addseals(r8, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x0, 0x8000})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000180))
close_range(r2, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)

7m5.206069084s ago: executing program 2 (id=172):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

7m4.858424247s ago: executing program 2 (id=174):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x120584c, 0x0)

7m4.775419872s ago: executing program 2 (id=176):
r0 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20003)
pause()
fcntl$setsig(r1, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8)
futex(&(0x7f00000006c0)=0x2, 0x0, 0x2, &(0x7f0000000140)={0x77359400}, 0x0, 0x80000002)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6d}, 0x94)
dup2(r1, r2)
fcntl$setown(r1, 0x8, r0)
tkill(r0, 0x13)

7m4.462513611s ago: executing program 2 (id=183):
r0 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9}})

7m4.033845996s ago: executing program 32 (id=183):
r0 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9}})

6m49.260752487s ago: executing program 0 (id=267):
r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
readv(r0, &(0x7f0000000400)=[{0x0}, {&(0x7f0000004900)=""/4083, 0x88}], 0x2)

6m49.175194233s ago: executing program 0 (id=268):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="60010000", @ANYRES16=r0, @ANYBLOB="010028bd7000fbdbdf250c0000004c0105802c00028008000200da0800000800040003000000080001001d000000080002000000000008000300580f00003400028008002400f9ffffff080002000400000008000300dc0000000800040040000000080002000008000008000200080000003c000280080003000c00000008000200e303000008000300ff07000008000200faffffff080003000400000008000100060000000800020000100000080001007564700008000100756470004c000280080001001f00000008000200020000000800040010000000080004000400000008000200000000000800010001000000080002004aa7b0786f28e0e700080000080004002ea5be7d08000400fe0f00002c000280080004"], 0x160}, 0x1, 0x0, 0x0, 0x28000021}, 0x0)

6m49.05530528s ago: executing program 0 (id=269):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
close(r0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff})
write$binfmt_elf64(r2, &(0x7f00000006c0)=ANY=[], 0x10132)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000040), 0x208000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

6m48.120890833s ago: executing program 0 (id=286):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='./file0/../file0/../file0\x00')

6m47.814377708s ago: executing program 0 (id=289):
msgsnd(0x0, &(0x7f00000006c0), 0x8, 0x800)

6m47.084826605s ago: executing program 0 (id=294):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1400000004000000040000000200020000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002"], 0x50)

6m46.719256652s ago: executing program 33 (id=294):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1400000004000000040000000200020000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002"], 0x50)

3m27.306649286s ago: executing program 4 (id=2739):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x3200c00, &(0x7f0000002680)=ANY=[], 0x6, 0xa9b, &(0x7f0000000c00)="$eJzs3U2MG1fhAPBn73qTTdJ/nP4TuiRpm/DVFuhus1lCIYKmai5ETcUtUsUlStMSkQZEKkGrSvk4cYJWVbhCEadyqAAhtRcU9cSlEo3EpeJQOHAgClIlDlBIjNb7nnf8Ynfs7Ift9e8nvX1+88bz3syOx+OZee8FYGxVm38XFmYqIVx5+7Wjf//c36YXpzzWmqPe/DtZSNVCCJWYnsyW98HEUnzzw5dPdYorYb75N6XDUzda790aQrgY9oWroR52X7n26rvzTx6/dOzy/vfeOHy9WMaJVd0CAAAwPr559fDCrr/8cc+Oj96870jY1Jqezs/rMb0tnvcfiSf+6fy/GtrTlUIomsrmm4yhms030WG+Yjm1bL7JLuVPZcuttfL3tM23qaT8icK0TusNoyztx/VQqc62pavV2dml3+Sh+bt+qjJ77szZZ88PqKLAqvvn/SGEfUK/odFoXGhuwCGoiyDcaWhsH/QRCBhnre/SDvcLb3Mxv7KwMq2lTfZW/o3Hq53fD6tgvff/svJ//OfBln+bMS//l5cccVg9G3VvSuuVPkfbYjq/j5A/v9Tv5z8tL78fUeuxnt3uI4zK/YVu9ZxY53rcqW71z/eLjeprMU7b4etZfvHzk/9PR+V/DHT2r/W6/v/69MCvdS6GfUNQhw0dakNQB6Hn0Bj0AQgYWsvPzS1pRCk/f64vz99Ukr+5JH+6JH9LSf7WknwYZ7994Sfhlcry7/z8N32/18PSdba7Yvx/fdYnvx7Zb/n5c7/9Wmn5+fPEix5dYZ1grbx18sTpR595+trS8/+V1v5/K+7v+2K6Hj9bV+MM6Xphfl299ex/vb2capf57s7qc9dt8zeWStzZPl9l5/JyQuE4s7z8ex9q5s20v297t/rubZ+vns03HcPmrL75+cmW7H3p/CMdV9P2mszWt5atx1RWj3Rc2RHjvB5wJ9L+2O35/7R/zoRa5dkzZ08/EtNpP/3DRG3T4vQDxYX+an3qDqxMr+1/ZkJ7+59trem1auG40Dr9TseLA63ltU+fX0rW8vkPxnT6nvv2xHRz+uyp7559ZrVXHsbc+Rdf+s7Js2dPf9+L9GLaZvHCi7Ijx0Z9chDGx9wLz39v7vyLLz185vmTz51+7vS5g4cOHZyfP/SVgwtzzfP6ueKvfmAjWf7SH3RNAAAAAAAAAAAAgF794NjRa39658vvL7X/X27/l9r/pyd/U/v/H2Xt//N28qlVQGpnv6NDfnPcvbfa6zGVzVeL4f+z+u7MytmVve8TMW6N4xfb/6f29nm/rqk+92TT8/5703xZdwK39ZcylfVB0hovMDbY/1RMX47xLwIMUGW68+QYl/Vvnfb1Zv8UF9aqkqy11J9I2htSPyap/Xe3fp3S8X/HOtSR1bcezQkHvY5AZ/8YxvE/q8V04Ux80PX6+NBoDL4OKw/Dv52FVQyNhlE8gOEw6PE/03XPFJ/7/Tc2L4Y0243H24+Xef+lsBLDPv6k8jfW+J+t8e96Ov516F29rZ/n3kdX+PfPrr9fKDbs7vX4m69/6gd6Z3mZRR/F8tP6PxB6K7/xelZ+fkOoR//Jyt/SY/m3rf/eOyv/v7H8tNke/HSv5S/VuFJtr0d+3Tjd/8uvGyc3s/VPfXv2vf5xv+l3XI9bsXwYZ93Hme11BNvhNCrj/3aTP4fxpZhOB8L0nEP+jdxv/dPzFel7YFe2/ErJ99uojFPczbiP//vVGJd9HtL4v2l/rHdIVwvpWodtO+r7Cmw0Hwzj/b9RDheHoA7CkIbhGAO7GBqNxkA78taL+GANevsP+u7zoMsf9PYvk4//m5/D5+P/VrMfEPn4v/n78/F/8/x8fL08Px//N9+e+fi/ef492XLz64gzJfmfLMnfXZK/Zzl/ulP+3pL331uSv78k/76S/PtL8u8uyZ8oyf9Me37anVr5ny15f+PCx+c/WPL+h0ryN7pme5TCh2rc1h/GWd4+z+cfxke6/9Pt87+zJB8YXT9988ATT//mW/Wl9v9Trd9r6T7ekZiuxd/OP4zp/L53KKQX896J6b9m+cN+vQPGSd5/Rv79/kBJPjC60nNePt8whiqbO0+OcToudOu3qtt5PqPl8zH+Qoy/GOOHYzwb47kYH4jx/DrVj7XxxK9/d/iVyvLv/e1Zfq/Pk+ftgfJ+og72WJ/8+kC/z7Pn/fj1a6Xl32FzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIGpNv8uLMxUQrjy9mtHTxw/M7c45bHWHPXm38lCqtZ6XwiPxHgixj+PL25++PKpYnwrxpUwHyqh0poenrrRKmlrCOFi2BeuhnrYfeXaq+/OP3n80rHL+9974/D1tdsCAAAAsPH9LwAA//8SciNw")
r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x72)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f00000004c0)={0x0, 0xffffffffffffffff, 0x400000, 0x2, 0x0, 0x0, 0x2401})

3m27.218296193s ago: executing program 4 (id=2740):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000005000000095"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r2, r1, 0x7}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000100)="db", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000001800)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)="4a0e33acd5", 0x5}], 0x1}}], 0x1, 0x10)

3m27.17960494s ago: executing program 4 (id=2741):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b1c, 0xc10, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x406, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x9, 0x9, 0x9}}]}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000040)='\x00')
syz_open_dev$hidraw(0x0, 0x0, 0x81)

3m25.325663945s ago: executing program 4 (id=2768):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x11, &(0x7f0000000040)={[{@norecovery}, {@grpquota}, {@debug}, {@discard}]}, 0xee, 0x498, &(0x7f0000001b40)="$eJzs3E1sFFUcAPD/bL/5kIr4AYJW8YOotLR8yMGLRhMPmpjoAeOplkKQQg2tiZBG0QMeDYl349HEu4knvRj1YEy86t2QENML6GnMzM4s23a3n0sX3N8v2e17M7N97z9vXuf1vd0NoGMNZU9JxLaI+CMidlSzCw8Yqv64OT838c/83EQSafrm30l+3I35uYny0PJ1W6uZNI3oy5J9Dcq98k7E+NTU5IUiPzJ77v2RmYuXDp45N3568vTk+bHjx48c3td7bOxovj9dZ3yV4mcW1409H03v3f3q21dfnzhx9d2fv8nqu63YXx/HuqRLazhUPbuLPZo9Pbmhwu4ov2ZP2+s2JN3NDx7ehAqxel0RkTVXT55LoisGavt2xCuftrFqwG2Wpmna6P4cdfftFPifSvRv6FDlvT77/7d8bM7I485w/cWIOFhk5ucmbtbi767NHfQs+v+2lYYi4sTlf7/MHtGKeQgAgBV8n41/nms0/qvEA3XH3VOsoQxGxL0RsTMi7ouIXRFxf0R+7IMR5x5aY/mLV0iWjn8q19YV2Cpl478XirWtmwvGf+XoLwa7itz2PP6e5NSZqclDxTk5ED19WX50mTJ+ePn3z8t0/6J99eO/7JGVX44Fi3pc6140QXdyfHY8T6Rp+vHGwo/rn0Ts6W4UfxLlMk4SEbsjYs86yzjzzNd7m+1bOf5lLLPOtFrpVxFPV9v/8sLx/62mSurXJwciorY+Ofr8sbGjI/0xNXlopLwqlvrltytvNCt/Q/G3QNb+Wxpe/7VV4MGkP2Lm4qWz+XrtzNrLuPLnZ3V9esHqchZ/5duINV//vclbebq32Pbh+OzshdGI3uS1pdvHbr22zJfHZ/Ef2N+4/++sq/HDEZFdxPsi4pFiETdru8ci4vGI2L9M/D+99MR7zfY1b/9ms/Ktdb04Ucu2f9S3/9oTXWd//K5Z+UPFGmQU56Fx+x/JUweKLbW/f8tYbQXXddIAAADgLlPJ3wOfVIZr6UpleLj6Hv5dsaUyNT0z++yp6Q/On6y+V34weirlTNeOuvnQ0WJuuMyPLcofLuaNv+gayPPDE9NTJ9sdPHS4rU36f+avrnbXDrjtWrCOBtyl9H/oXPo/dC79HzqX/g+dq1H/3+gHC4C7g/s/dK68/z91ud3VANrA/R86l/4PHanpZ+MrG/rIf9NE0upf2DBRfnfCZpS1cqL8LopNL31g3S/vX/nURaW9Z7VjEt1L2iK6W1pEX8NdbfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EL/BQAA///5etKr")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000080)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000200)=""/179, 0xb3)

3m25.071273595s ago: executing program 4 (id=2770):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000140)={0x0, 0x9, 0x1, "eb"}, 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x23, &(0x7f0000000340)={0x0, 0x5}, 0x8)

3m24.648073494s ago: executing program 4 (id=2771):
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
memfd_secret(0x0)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

3m24.449014393s ago: executing program 34 (id=2771):
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
memfd_secret(0x0)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

8.574866244s ago: executing program 5 (id=5304):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x8}, 0x20)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x105000, 0x0, 0x8, 0x9c9cb4de96036a06}, 0x20)

8.502732092s ago: executing program 5 (id=5305):
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000280)={{0x12, 0x1, 0x201, 0xcb, 0xa3, 0x70, 0x10, 0x525, 0xa4a0, 0x5cf5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4, 0xd0, 0x5, [{{0x9, 0x4, 0xe7, 0xe6, 0x1, 0xfd, 0xae, 0x43, 0xaf, [], [{{0x9, 0x5, 0x9, 0x3, 0x20, 0x5, 0x5, 0xf4}}]}}]}}]}}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io$printer(r0, 0x0, 0x0)

6.944590145s ago: executing program 5 (id=5315):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x6, 0x4, 0x6, 0x900}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000240), 0xa7c, r3}, 0x38)

6.014043777s ago: executing program 5 (id=5320):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2, &(0x7f0000000740), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x9, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)

5.781678813s ago: executing program 5 (id=5321):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c0012801400018009"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c01000013000500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300766c616e3000"/28], 0x11c}}, 0x0)

5.454337865s ago: executing program 5 (id=5329):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000000))

5.150364153s ago: executing program 35 (id=5329):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000000))

3.190454164s ago: executing program 1 (id=5351):
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x3c}, {0x6, 0x0, 0x2}]})

1.807499711s ago: executing program 3 (id=5353):
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1a284c3, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
write$evdev(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000054000000030a01010000000000000000010000000900030073797a3000000000280004800800024000000000080001400000000504000400766574683000000000000000000000000900010073797a300000000014000000000001"], 0x9c}}, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x39ee, 0xcac0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x40880}, 0x44000)
socket$inet_udplite(0x2, 0x2, 0x88)
write(0xffffffffffffffff, &(0x7f0000000980)="8556fd0f2b977c03f2abb4bac61684c7fe41cfa5e6550a12006b699abc59ff2fc98eea2e8484b65ae83067c924a19a1d692410f9d41c561109502f191aabb62999a2818969bf7499be4a9b5179cfa237a018fb6639a2867a553e698321729dc5b1f310afb7b250f94b3f3bae17ff1116bfd5c968a72181d9a0a5f407f965029fce601d59c9ff97b715104b3206839d3612ac4304f3e71e46d36793081caff7aea2e0b966", 0xa4)
kexec_load(0x0, 0x0, &(0x7f00000002c0), 0x0)

1.572110004s ago: executing program 1 (id=5354):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x8000000, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000014006b05c84e21000ab16d6e230675f802000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x8000000, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.414533194s ago: executing program 3 (id=5355):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000006c0)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x0, 0x6c}, @in, {}, {}, {}, 0x0, 0x0, 0x2, 0x4}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

1.413509368s ago: executing program 1 (id=5356):
r0 = socket$netlink(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)

1.284344309s ago: executing program 3 (id=5357):
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000200)={0x0, 'batadv_slave_0\x00', 0x1}, 0x18)

1.233905614s ago: executing program 3 (id=5358):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'bridge_slave_1\x00', &(0x7f0000001f80)=@ethtool_perm_addr={0x4b, 0x25, "5d7200c9464a7e700000d000000017de01702247f2110a03d46c4000"/37}})

214.287225ms ago: executing program 1 (id=5359):
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000040))

214.078706ms ago: executing program 3 (id=5360):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56561, 0x4000, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008810}, 0x4000810)
r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xd3, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

114.089134ms ago: executing program 1 (id=5361):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@delsa={0x48, 0x12, 0x1, 0x0, 0x0, {@in=@dev}, [@srcaddr={0x14, 0xd, @in6=@rand_addr=' \x01\x00'}, @mark={0xc}]}, 0x48}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x190, 0x5230}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_SELECT={0x5, 0x16, 0x1}]}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0)

93.588853ms ago: executing program 3 (id=5362):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000440)=0x80000000, 0x4)

0s ago: executing program 1 (id=5363):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000580)="81", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

file ./file0
[  358.572196][   T10] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  358.993616][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  359.012921][   T10] usb 6-1: not running at top speed; connect to a high speed hub
[  359.020224][   T10] usb 6-1: config 188 has an invalid interface number: 3 but max is 1
[  359.029500][   T10] usb 6-1: config 188 has an invalid interface number: 9 but max is 1
[  359.032553][   T10] usb 6-1: config 188 has no interface number 0
[  359.034910][   T10] usb 6-1: config 188 has no interface number 1
[  359.037193][   T10] usb 6-1: config 188 interface 3 has no altsetting 0
[  359.046785][   T10] usb 6-1: config 188 interface 9 has no altsetting 0
[  359.053283][   T10] usb 6-1: New USB device found, idVendor=1410, idProduct=a002, bcdDevice=86.a0
[  359.056618][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.059190][T14627] loop1: detected capacity change from 0 to 8
[  359.060399][   T10] usb 6-1: Product: syz
[  359.064257][   T10] usb 6-1: Manufacturer: syz
[  359.066061][   T10] usb 6-1: SerialNumber: syz
[  359.289084][   T10] usb 6-1: unknown number of interfaces: 2
[  359.295620][   T10] usb 6-1: USB disconnect, device number 5
[  359.411123][ T5910] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  359.415866][T14631] netlink: 'syz.3.3408': attribute type 12 has an invalid length.
[  359.569373][ T5910] usb 2-1: Using ep0 maxpacket: 8
[  359.573667][ T5910] usb 2-1: config 0 has an invalid interface number: 122 but max is 0
[  359.576294][ T5910] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  359.582473][ T5910] usb 2-1: config 0 has no interface number 0
[  359.584970][ T5910] usb 2-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 8
[  359.588901][ T5910] usb 2-1: config 0 interface 122 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 8
[  359.596685][ T5910] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[  359.601855][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.604487][ T5910] usb 2-1: Product: syz
[  359.605979][ T5910] usb 2-1: Manufacturer: syz
[  359.607610][ T5910] usb 2-1: SerialNumber: syz
[  359.612427][ T5910] usb 2-1: config 0 descriptor??
[  359.617397][T14629] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  359.842316][ T5910] usb 2-1: NFC: intf ffff888121b1d000 id ffffffff8eb53c20
[  359.853630][ T5910] usb 2-1: USB disconnect, device number 39
[  360.521552][T14692] loop1: detected capacity change from 0 to 1024
[  360.634380][T14700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3435'.
[  361.301251][T14720] loop5: detected capacity change from 0 to 1024
[  361.332953][T14720] hfsplus: catalog name length corrupted
[  361.379693][   T26] hfsplus: b-tree write err: -5, ino 4
[  362.186181][T14738] netlink: 212940 bytes leftover after parsing attributes in process `syz.3.3451'.
[  362.480458][   T48] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  362.501576][T14764] loop1: detected capacity change from 0 to 4096
[  362.536310][T14765] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  362.643814][   T48] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.647661][   T48] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  362.662192][   T48] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  362.665054][T14767] loop1: detected capacity change from 0 to 512
[  362.665295][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.680984][   T48] usb 6-1: Product: syz
[  362.682415][   T48] usb 6-1: Manufacturer: syz
[  362.684268][   T48] usb 6-1: SerialNumber: syz
[  362.902242][   T48] usb 6-1: 0:2 : does not exist
[  362.911243][   T48] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  362.930516][   T48] usb 6-1: USB disconnect, device number 6
[  362.960246][T11048] udevd[11048]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  362.989954][T14775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3469'.
[  363.892993][T14798] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3479'.
[  364.250527][ T5315] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  364.334646][T14822] loop5: detected capacity change from 0 to 2048
[  364.368994][T14823] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  364.378261][T14822] NILFS (loop5): corrupt root inode
[  364.408299][ T5315] usb 2-1: Using ep0 maxpacket: 16
[  364.420088][ T5315] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.424914][ T5315] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  364.440983][ T5315] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  364.445881][ T5315] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  364.471423][ T5315] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  364.475440][ T5315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.479211][ T5315] usb 2-1: Product: syz
[  364.487289][ T5315] usb 2-1: Manufacturer: syz
[  364.489678][ T5315] usb 2-1: SerialNumber: syz
[  364.501285][ T5315] usb 2-1: config 0 descriptor??
[  364.581966][ T5315] rc_core: IR keymap rc-xbox-dvd not found
[  364.584752][ T5315] Registered IR keymap rc-empty
[  364.594489][ T5315] rc rc0: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  364.603097][ T5315] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input13
[  364.727899][ T5315] usb 2-1: USB disconnect, device number 40
[  364.731149][    C0] xbox_remote 2-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[  364.814772][T14839] __vm_enough_memory: pid: 14839, comm: syz.3.3497, bytes: 21200029470720 not enough memory for the allocation
[  366.245631][T14889] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3518'.
[  366.933321][T14924] loop1: detected capacity change from 0 to 1024
[  366.944366][T14924] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  366.953781][T14924] EXT4-fs (loop1): group descriptors corrupted!
[  367.028694][T14929] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551614)
[  367.115994][T14935] loop1: detected capacity change from 0 to 1024
[  367.207425][T14934] Process accounting resumed
[  367.218968][T14934] syz.1.3541: attempt to access beyond end of device
[  367.218968][T14934] loop1: rw=0, sector=8556385938, nr_sectors = 2 limit=1024
[  367.238913][   T10] kworker/0:1: attempt to access beyond end of device
[  367.238913][   T10] loop1: rw=0, sector=8556385938, nr_sectors = 2 limit=1024
[  367.239454][   T48] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  367.420342][   T48] usb 6-1: Using ep0 maxpacket: 32
[  367.428963][   T48] usb 6-1: unable to get BOS descriptor or descriptor too short
[  367.434231][   T48] usb 6-1: config 9 has an invalid interface number: 55 but max is 0
[  367.438035][   T48] usb 6-1: config 9 has no interface number 0
[  367.444648][   T48] usb 6-1: config 9 interface 55 has no altsetting 0
[  367.451926][   T48] usb 6-1: New USB device found, idVendor=2fc1, idProduct=f4e0, bcdDevice=5a.b5
[  367.455878][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.465753][   T48] usb 6-1: Product: syz
[  367.467675][   T48] usb 6-1: Manufacturer: syz
[  367.469960][   T48] usb 6-1: SerialNumber: syz
[  367.470726][T14939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3543'.
[  367.734700][   T48] usb 6-1: USB disconnect, device number 7
[  368.477483][T14985] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3565'.
[  368.859450][   T10] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  369.024625][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  369.030818][   T10] usb 2-1: not running at top speed; connect to a high speed hub
[  369.037034][   T10] usb 2-1: config 253 has an invalid interface number: 153 but max is 0
[  369.041785][   T10] usb 2-1: config 253 has no interface number 0
[  369.048165][   T10] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=56.96
[  369.053460][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.057188][   T10] usb 2-1: Product: syz
[  369.060154][   T10] usb 2-1: Manufacturer: syz
[  369.062791][   T10] usb 2-1: SerialNumber: syz
[  369.259450][T15011] loop5: detected capacity change from 0 to 2048
[  369.285200][T15011] NILFS (loop5): ifile inode (checkpoint number=2) corrupted
[  369.293420][T15011] NILFS (loop5): error -5 while loading last checkpoint (checkpoint number=2)
[  369.307817][   T10] usbhid 2-1:253.153: couldn't find an input interrupt endpoint
[  369.321548][   T10] usb 2-1: USB disconnect, device number 41
[  370.185032][T15043] loop1: detected capacity change from 0 to 128
[  370.256568][T15043] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: writeback.
[  370.774001][ T5851] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  372.836127][T15100] loop1: detected capacity change from 0 to 32768
[  372.878780][T15100] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  372.956938][T15100] XFS (loop1): Ending clean mount
[  372.976814][T15100] XFS (loop1): Quotacheck needed: Please wait.
[  373.044271][T15100] XFS (loop1): Quotacheck: Done.
[  373.105872][ T5851] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  373.682717][T15139] loop1: detected capacity change from 0 to 4096
[  373.702268][T15139] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  373.718893][T15139] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096)
[  373.728089][T15139] NILFS (loop1): mounting unchecked fs
[  373.735786][T15139] NILFS (loop1): invalid segment: Checksum error in segment payload
[  373.742961][T15139] NILFS (loop1): unable to fall back to spare super block
[  373.751497][T15139] NILFS (loop1): error -22 while searching super root
[  373.846231][T15146] netlink: 'syz.5.3634': attribute type 6 has an invalid length.
[  374.222999][T15150] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3636'.
[  375.769558][   T48] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  375.998096][ T5238] Bluetooth: hci1: adv larger than maximum supported
[  375.998310][ T5238] Bluetooth: hci1: Malformed LE Event: 0x0d
[  376.011998][   T48] usb 2-1: unable to get BOS descriptor or descriptor too short
[  376.020130][   T48] usb 2-1: unable to read config index 0 descriptor/start: -71
[  376.030634][   T48] usb 2-1: can't read configurations, error -71
[  377.343880][T15200] loop5: detected capacity change from 0 to 256
[  377.347464][T15200] vfat: Bad value for 'nonumtail'
[  377.610248][   T48] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  377.779504][   T48] usb 6-1: Using ep0 maxpacket: 8
[  377.787720][   T48] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89
[  377.792806][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 99, changing to 10
[  377.797748][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 34391, setting to 1024
[  377.803135][   T48] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  377.806904][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.823695][   T48] usb 6-1: config 0 descriptor??
[  377.834527][T15200] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  378.047995][ T5238] Bluetooth: hci0: link tx timeout
[  378.055890][ T5238] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  378.068551][ T5238] Bluetooth: hci0: link tx timeout
[  378.071951][ T5238] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  378.151433][   T48] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  378.174099][   T48] usb 6-1: USB disconnect, device number 8
[  378.245117][T15219] macvlan4: entered promiscuous mode
[  378.620310][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  378.623419][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  379.249388][ T5238] Bluetooth: hci0: link tx timeout
[  379.251600][ T5238] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  379.254751][ T5238] Bluetooth: hci0: link tx timeout
[  379.258115][ T5238] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  379.261836][ T5238] Bluetooth: hci0: link tx timeout
[  379.263864][ T5238] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  379.266993][ T5238] Bluetooth: hci0: link tx timeout
[  379.276866][ T5238] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  379.289103][ T5238] Bluetooth: hci0: link tx timeout
[  379.291478][ T5238] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  379.294979][ T5238] Bluetooth: hci0: link tx timeout
[  379.297248][ T5238] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  379.311048][ T5238] Bluetooth: hci0: link tx timeout
[  379.314644][ T5238] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  379.317753][ T5238] Bluetooth: hci0: link tx timeout
[  379.320581][ T5238] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  379.324691][ T5238] Bluetooth: hci0: link tx timeout
[  379.327324][ T5238] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  379.330617][ T5238] Bluetooth: hci0: link tx timeout
[  379.333041][ T5238] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  379.896867][   T33] audit: type=1326 audit(379.756:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.5.3677" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36bdb8ebe9 code=0x7ffc0000
[  379.906995][   T33] audit: type=1326 audit(379.756:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.5.3677" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36bdb8ebe9 code=0x7ffc0000
[  379.919563][   T33] audit: type=1326 audit(379.766:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.5.3677" exe="/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f36bdb8ebe9 code=0x7ffc0000
[  379.929847][   T33] audit: type=1326 audit(379.766:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.5.3677" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36bdb8ebe9 code=0x7ffc0000
[  380.031403][   T33] audit: type=1326 audit(379.766:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.5.3677" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36bdb8ebe9 code=0x7ffc0000
[  380.171857][ T5238] Bluetooth: hci0: command 0x0406 tx timeout
[  380.175966][T15254] loop5: detected capacity change from 0 to 32768
[  380.183858][T15254] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3678 (15254)
[  380.276133][T15254] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  380.282414][T15254] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  380.285978][T15254] BTRFS info (device loop5): using free-space-tree
[  380.600488][T12917] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  381.571753][T15289] loop1: detected capacity change from 0 to 32768
[  381.614363][T15289] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  381.656490][T15289] XFS (loop1): Ending clean mount
[  381.689204][T15289] XFS (loop1): Quotacheck needed: Please wait.
[  381.903389][T15321] loop5: detected capacity change from 0 to 128
[  381.926124][T15289] XFS (loop1): Quotacheck: Done.
[  381.926602][T15321] befs: (loop5): No write support. Marking filesystem read-only
[  381.958395][T15321] befs: (loop5): invalid blocksize: 2066842815
[  382.015080][ T5851] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  382.350220][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  382.362723][ T5238] Bluetooth: hci0: command 0x0406 tx timeout
[  382.498436][T15339] loop1: detected capacity change from 0 to 256
[  382.503124][    T9] usb 6-1: Using ep0 maxpacket: 8
[  382.525247][    T9] usb 6-1: config 0 has an invalid interface number: 150 but max is 0
[  382.529021][    T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  382.543026][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.555368][    T9] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  382.567182][    T9] usb 6-1: config 0 has no interface number 0
[  382.575647][    T9] usb 6-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  382.590489][    T9] usb 6-1: config 0 interface 150 has no altsetting 0
[  382.606110][    T9] usb 6-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  382.618248][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.642411][    T9] usb 6-1: config 0 descriptor??
[  383.858236][    T9] usb 6-1: USB disconnect, device number 9
[  385.759650][T15386] loop5: detected capacity change from 0 to 32768
[  385.788349][T15386] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  385.815929][T15386] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  386.203450][T12917] ocfs2: Unmounting device (7,5) on (node local)
[  386.912739][T15406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3716'.
[  386.960466][ T5910] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  387.121949][ T5910] usb 6-1: Using ep0 maxpacket: 16
[  387.138748][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  387.145010][T15418] tipc: Started in network mode
[  387.145424][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  387.147553][T15418] tipc: Node identity 000000002e0000000000000000000001, cluster identity 4711
[  387.152682][ T5910] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  387.156130][T15418] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  387.163159][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.171295][ T5910] usb 6-1: config 0 descriptor??
[  387.451401][T15420] netlink: 'syz.5.3714': attribute type 1 has an invalid length.
[  388.892046][T15440] loop1: detected capacity change from 0 to 1764
[  389.110431][T15440] iso9660: Corrupted directory entry in block 2 of inode 1920
[  389.314222][T15442] loop1: detected capacity change from 0 to 512
[  389.329835][ T5910] usbhid 6-1:0.0: can't add hid device: -71
[  389.341359][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  389.350846][T15442] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  389.382707][ T5910] usb 6-1: USB disconnect, device number 10
[  389.420638][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  389.773376][T15446] loop1: detected capacity change from 0 to 32768
[  389.835208][T15446] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  389.912076][ T5851] ocfs2: Unmounting device (7,1) on (node local)
[  391.620004][T15471] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3741'.
[  391.677081][T15471] loop5: detected capacity change from 0 to 256
[  391.718765][T15471] FAT-fs (loop5): Directory bread(block 64) failed
[  391.724968][T15471] FAT-fs (loop5): Directory bread(block 65) failed
[  391.727332][T15471] FAT-fs (loop5): Directory bread(block 66) failed
[  391.733534][T15471] FAT-fs (loop5): Directory bread(block 67) failed
[  391.735739][T15471] FAT-fs (loop5): Directory bread(block 68) failed
[  391.738017][T15471] FAT-fs (loop5): Directory bread(block 69) failed
[  391.742212][T15471] FAT-fs (loop5): Directory bread(block 70) failed
[  391.744575][T15471] FAT-fs (loop5): Directory bread(block 71) failed
[  391.746691][T15471] FAT-fs (loop5): Directory bread(block 72) failed
[  391.748712][T15471] FAT-fs (loop5): Directory bread(block 73) failed
[  391.886157][T15469] loop1: detected capacity change from 0 to 40427
[  391.928342][T15469] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288)
[  391.956484][T15469] F2FS-fs (loop1): invalid crc value
[  392.032427][T15469] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  392.036464][T15469] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  392.070648][T15469] F2FS-fs (loop1): Try to recover all the superblocks, ret: 0
[  392.186853][T15497] netlink: 'syz.3.3753': attribute type 15 has an invalid length.
[  392.193315][T15497] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3753'.
[  392.273080][T15501] netlink: 'syz.3.3755': attribute type 1 has an invalid length.
[  392.349755][  T794] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  392.418252][T15509] netlink: 268 bytes leftover after parsing attributes in process `syz.1.3759'.
[  392.422499][T15509] unsupported nla_type 65024
[  392.502312][  T794] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  392.508795][  T794] usb 6-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00
[  392.517089][  T794] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.540111][  T794] usb 6-1: config 0 descriptor??
[  392.851999][T15525] loop1: detected capacity change from 0 to 4096
[  392.856055][T15525] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  392.990476][  T794] nintendo 0003:057E:2019.000C: ignoring exceeding usage max
[  393.035596][  T794] nintendo 0003:057E:2019.000C: hidraw0: USB HID v90.00 Device [HID 057e:2019] on usb-dummy_hcd.5-1/input0
[  393.550468][  T794] nintendo 0003:057E:2019.000C: Failed to get joycon info; ret=-38
[  393.555419][  T794] nintendo 0003:057E:2019.000C: Failed to retrieve controller info; ret=-38
[  393.564830][  T794] nintendo 0003:057E:2019.000C: Failed to initialize controller; ret=-38
[  393.571652][  T794] nintendo 0003:057E:2019.000C: probe - fail = -38
[  393.574986][  T794] nintendo 0003:057E:2019.000C: probe with driver nintendo failed with error -38
[  393.583112][  T794] usb 6-1: USB disconnect, device number 11
[  393.897338][T15539] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3771'.
[  394.076251][T15547] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3775'.
[  394.159682][   T48] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  394.329981][   T48] usb 2-1: Using ep0 maxpacket: 16
[  394.337468][   T48] usb 2-1: config 1 interface 0 has no altsetting 0
[  394.344987][   T48] usb 2-1: New USB device found, idVendor=0738, idProduct=1709, bcdDevice= 0.40
[  394.348737][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.364654][   T48] usb 2-1: Product: syz
[  394.368442][   T48] usb 2-1: Manufacturer: syz
[  394.376539][   T48] usb 2-1: SerialNumber: syz
[  394.914770][   T48] usbhid 2-1:1.0: can't add hid device: -71
[  394.917981][   T48] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  394.925276][   T48] usb 2-1: USB disconnect, device number 44
[  395.503136][  T794] usb 6-1: new low-speed USB device number 12 using dummy_hcd
[  395.577206][T15588] netlink: 'syz.1.3792': attribute type 1 has an invalid length.
[  395.586339][T15588] netlink: 'syz.1.3792': attribute type 2 has an invalid length.
[  395.655452][  T794] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  395.659605][  T794] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  395.665024][  T794] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  395.670777][  T794] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  395.674479][  T794] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.703582][  T794] hub 6-1:1.0: bad descriptor, ignoring hub
[  395.706067][  T794] hub 6-1:1.0: probe with driver hub failed with error -5
[  395.708771][  T794] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  396.031019][  T794] usb 6-1: USB disconnect, device number 12
[  396.332849][T15619] loop1: detected capacity change from 0 to 16
[  396.340352][T15619] erofs (device loop1): mounted with root inode @ nid 36.
[  398.065341][T15690] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3841'.
[  398.385072][T15702] loop1: detected capacity change from 0 to 40427
[  398.393188][T15702] F2FS-fs (loop1): invalid crc value
[  398.428211][T15702] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  398.435242][T15702] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  398.468890][   T33] audit: type=1800 audit(398.326:80): pid=15702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3847" name="file1" dev="loop1" ino=10 res=0 errno=0
[  398.513369][T15702] syz.1.3847: attempt to access beyond end of device
[  398.513369][T15702] loop1: rw=2049, sector=77824, nr_sectors = 2568 limit=40427
[  398.546703][T15702] syz.1.3847: attempt to access beyond end of device
[  398.546703][T15702] loop1: rw=34817, sector=80392, nr_sectors = 8 limit=40427
[  398.581566][ T5851] syz-executor: attempt to access beyond end of device
[  398.581566][ T5851] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  398.598563][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  398.598584][ T5851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  398.598592][ T5851] Call Trace:
[  398.598598][ T5851]  <TASK>
[  398.598605][ T5851]  dump_stack_lvl+0x189/0x250
[  398.598628][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.598643][ T5851]  ? __pfx_queue_work_on+0x10/0x10
[  398.598656][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  398.598674][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  398.598698][ T5851]  f2fs_handle_critical_error+0x37c/0x540
[  398.598721][ T5851]  f2fs_write_end_io+0x886/0xb60
[  398.598773][ T5851]  __submit_merged_bio+0x27a/0x6a0
[  398.598797][ T5851]  __submit_merged_write_cond+0x255/0x530
[  398.598820][ T5851]  f2fs_write_data_pages+0x261d/0x3000
[  398.598864][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  398.598926][ T5851]  ? folios_put_refs+0x559/0x640
[  398.598949][ T5851]  ? __pfx_folios_put_refs+0x10/0x10
[  398.598961][ T5851]  ? rcu_is_watching+0x15/0xb0
[  398.598981][ T5851]  ? __lock_acquire+0xab9/0xd20
[  398.599011][ T5851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  398.599029][ T5851]  do_writepages+0x32e/0x550
[  398.599054][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[  398.599073][ T5851]  filemap_fdatawrite+0x199/0x240
[  398.599090][ T5851]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  398.599162][ T5851]  ? do_raw_spin_unlock+0x4d/0x240
[  398.599182][ T5851]  f2fs_sync_dirty_inodes+0x31f/0x830
[  398.599207][ T5851]  f2fs_write_checkpoint+0x95a/0x1df0
[  398.599253][ T5851]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  398.599303][ T5851]  ? kill_f2fs_super+0x298/0x6c0
[  398.599320][ T5851]  kill_f2fs_super+0x2c3/0x6c0
[  398.599337][ T5851]  ? __pfx_kill_f2fs_super+0x10/0x10
[  398.599347][ T5851]  ? radix_tree_delete_item+0x2b6/0x400
[  398.599369][ T5851]  ? shrinker_free+0x2ce/0x3e0
[  398.599384][ T5851]  deactivate_locked_super+0xbc/0x130
[  398.599402][ T5851]  cleanup_mnt+0x425/0x4c0
[  398.599416][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.599435][ T5851]  task_work_run+0x1d4/0x260
[  398.599454][ T5851]  ? __pfx_task_work_run+0x10/0x10
[  398.599468][ T5851]  ? __x64_sys_umount+0x122/0x160
[  398.599488][ T5851]  ? exit_to_user_mode_loop+0x40/0x110
[  398.599508][ T5851]  exit_to_user_mode_loop+0xec/0x110
[  398.599526][ T5851]  do_syscall_64+0x2bd/0x3b0
[  398.599543][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.599558][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.599570][ T5851]  ? exc_page_fault+0x9f/0xf0
[  398.599587][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.599600][ T5851] RIP: 0033:0x7f7b1ab8ff17
[  398.599612][ T5851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  398.599623][ T5851] RSP: 002b:00007ffce521e838 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  398.599637][ T5851] RAX: 0000000000000000 RBX: 00007f7b1ac11c05 RCX: 00007f7b1ab8ff17
[  398.599645][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce521e8f0
[  398.599653][ T5851] RBP: 00007ffce521e8f0 R08: 0000000000000000 R09: 0000000000000000
[  398.599660][ T5851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffce521f980
[  398.599668][ T5851] R13: 00007f7b1ac11c05 R14: 000000000006145c R15: 00007ffce521f9c0
[  398.599690][ T5851]  </TASK>
[  398.733135][    C0] vkms_vblank_simulate: vblank timer overrun
[  398.740917][ T5851] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  399.113108][T15729] netlink: 112 bytes leftover after parsing attributes in process `syz.5.3858'.
[  399.116645][T15729] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  399.395221][T15747] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3866'.
[  399.862901][T15776] netlink: 'syz.3.3879': attribute type 14 has an invalid length.
[  399.925503][T15778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3880'.
[  399.939386][    T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  400.023043][T15782] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3882'.
[  400.146272][T15784] tipc: Failed to remove unknown binding: 66,1,1/12:4041132888/4041132890
[  400.149537][T15784] tipc: Failed to remove unknown binding: 66,1,1/12:4041132888/4041132890
[  400.152958][    T9] usb 6-1: Using ep0 maxpacket: 32
[  400.168680][    T9] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  400.173024][    T9] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  400.179065][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  400.182730][    T9] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  400.185835][    T9] usb 6-1: Product: syz
[  400.187377][    T9] usb 6-1: Manufacturer: syz
[  400.203971][    T9] hub 6-1:4.0: USB hub found
[  400.419418][    T9] hub 6-1:4.0: 2 ports detected
[  401.037253][    T9] usb 6-1: USB disconnect, device number 13
[  401.359349][T15824] loop1: detected capacity change from 0 to 32768
[  401.411460][T15824] (syz.1.3903,15824,0):ocfs2_read_journal_inode:1659 ERROR: status = -13
[  401.414929][T15824] (syz.1.3903,15824,0):ocfs2_mark_dead_nodes:1942 ERROR: status = -13
[  401.418190][T15824] (syz.1.3903,15824,0):ocfs2_check_volume:2420 ERROR: status = -13
[  401.425651][T15824] (syz.1.3903,15824,0):ocfs2_check_volume:2432 ERROR: status = -13
[  401.428815][T15824] (syz.1.3903,15824,0):ocfs2_mount_volume:1764 ERROR: status = -13
[  401.444992][T15824] (syz.1.3903,15824,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 77
[  401.464635][T15824] (syz.1.3903,15824,0):ocfs2_fill_super:1177 ERROR: status = -13
[  401.703619][T15840] loop5: detected capacity change from 0 to 256
[  401.712013][T15840] exfat: Deprecated parameter 'utf8'
[  401.720794][T15840] exfat: Deprecated parameter 'utf8'
[  401.729423][T15840] exfat: Deprecated parameter 'utf8'
[  401.734872][T15840] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  402.493998][T15879] netlink: 'syz.3.3927': attribute type 46 has an invalid length.
[  402.497406][T15879] netlink: 55 bytes leftover after parsing attributes in process `syz.3.3927'.
[  402.675218][T15889] dvmrp0: tun_chr_ioctl cmd 1074025677
[  402.677270][T15889] dvmrp0: linktype set to 768
[  402.783493][T15901] xt_limit: Overflow, try lower: 604147548/4200216962
[  403.200475][ T5848] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  403.258808][T15925] loop1: detected capacity change from 0 to 4096
[  403.348043][T15925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.360883][ T5848] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  403.408982][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.590017][T15955] loop1: detected capacity change from 0 to 16
[  404.606380][T15955] erofs (device loop1): mounted with root inode @ nid 36.
[  404.885544][T15976] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3968'.
[  405.026140][T15965] loop1: detected capacity change from 0 to 32768
[  405.039441][T15965] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3963 (15965)
[  405.055557][T15965] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  405.064396][T15965] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  405.073366][T15965] BTRFS info (device loop1): disk space caching is enabled
[  405.076209][T15965] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  405.120076][T15965] BTRFS info (device loop1): rebuilding free space tree
[  405.135632][T15965] BTRFS info (device loop1): disabling free space tree
[  405.138478][T15965] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  405.143592][T15965] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  405.254317][ T5851] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  405.829539][    T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  405.979480][    T9] usb 6-1: Using ep0 maxpacket: 8
[  405.983432][    T9] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  405.986708][    T9] usb 6-1: config 179 has no interface number 0
[  405.989154][    T9] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  405.993506][    T9] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  405.998029][    T9] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  406.002631][    T9] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  406.007046][    T9] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  406.012461][    T9] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  406.016066][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.023725][T16018] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  406.431400][ T5910] usb 6-1: USB disconnect, device number 14
[  406.431406][    C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  406.834411][T16043] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3991'.
[  406.838534][T16043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3991'.
[  407.927976][T16047] loop5: detected capacity change from 0 to 40427
[  407.963209][T16047] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  407.966461][T16047] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  408.027933][T16047] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  408.155747][T16047] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  408.205054][T16047] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  408.214608][T16047] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  409.011433][T16092] : left promiscuous mode
[  409.021592][T16094] loop5: detected capacity change from 0 to 512
[  409.043836][T16094] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.717043][T16105] overlayfs: failed to clone upperpath
[  410.174456][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.256237][T16113] loop1: detected capacity change from 0 to 1024
[  410.271598][T16115] netlink: 'syz.5.4020': attribute type 1 has an invalid length.
[  410.277880][T16113] EXT4-fs: Ignoring removed orlov option
[  410.283640][T16113] EXT4-fs (loop1): stripe (1570) is not aligned with cluster size (16), stripe is disabled
[  410.297296][T16113] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  410.357607][T16115] bond1: (slave veth7): Enslaving as an active interface with a down link
[  410.771518][T16132] loop5: detected capacity change from 0 to 32768
[  410.785359][T16132] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  410.884032][T16132] OCFS2: ERROR (device loop5): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature 
[  410.911605][T16132] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  410.929894][T16132] OCFS2: File system is now read-only.
[  410.938179][T16132] (syz.5.4025,16132,1):ocfs2_find_entry_dx:1037 ERROR: status = -30
[  410.976141][T16132] OCFS2: ERROR (device loop5): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature 
[  410.987868][T16132] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  410.992695][T16132] (syz.5.4025,16132,1):ocfs2_find_entry_dx:1037 ERROR: status = -30
[  411.015773][T12917] ocfs2: Unmounting device (7,5) on (node local)
[  411.202453][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  411.376266][T16146] loop1: detected capacity change from 0 to 64
[  411.389839][ T5910] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  411.563784][ T5910] usb 6-1: config 16 has an invalid interface number: 19 but max is 0
[  411.566510][ T5910] usb 6-1: config 16 has no interface number 0
[  411.571277][ T5910] usb 6-1: New USB device found, idVendor=0499, idProduct=cdf4, bcdDevice=78.ee
[  411.574351][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.577444][ T5910] usb 6-1: Product: syz
[  411.578932][ T5910] usb 6-1: Manufacturer: syz
[  411.583069][ T5910] usb 6-1: SerialNumber: syz
[  411.739617][  T794] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  411.810942][ T5910] usb 6-1: USB disconnect, device number 15
[  411.822197][T11048] udevd[11048]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:16.19/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  411.890141][  T794] usb 2-1: Using ep0 maxpacket: 16
[  411.893992][  T794] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  411.902848][  T794] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  411.906634][  T794] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  411.910622][  T794] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.916265][  T794] usb 2-1: config 0 descriptor??
[  412.134979][T16157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4036'.
[  412.355194][  T794] hid-multitouch 0003:1FD2:6007.000D: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0
[  412.384588][T16164] loop5: detected capacity change from 0 to 2048
[  412.390148][T16164] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found!
[  412.403067][T16164] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  412.582609][T16171] overlayfs: failed to clone upperpath
[  412.884242][    T9] usb 2-1: USB disconnect, device number 45
[  413.690114][T16205] ieee802154 phy0 wpan0: encryption failed: -22
[  413.937059][T16208] loop1: detected capacity change from 0 to 4096
[  414.005738][T16208] ntfs3(loop1): ino=18, mi_enum_attr
[  414.011489][T16208] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  414.530217][T16229] loop1: detected capacity change from 0 to 32768
[  414.533646][T16229] XFS: ikeep mount option is deprecated.
[  414.535945][T16229] XFS: ikeep mount option is deprecated.
[  414.538183][T16229] XFS: noikeep mount option is deprecated.
[  414.551784][T16229] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  414.577672][T16229] XFS (loop1): Ending clean mount
[  414.615823][ T5851] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  414.980273][T16250] loop1: detected capacity change from 0 to 32768
[  415.078451][T16250] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  415.078475][T16250]   allowing incompatible features above 0.0: (unknown version)
[  415.078484][T16250]   features: 
[  415.098599][T16250] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  415.102363][T16250] bcachefs (loop1): initializing new filesystem
[  415.123258][T16250] bcachefs (loop1): going read-write
[  415.133979][T16250] bcachefs (loop1): marking superblocks
[  415.166023][T16250] bcachefs (loop1): initializing freespace
[  415.176776][T16250] bcachefs (loop1): done initializing freespace
[  415.182899][T16250] bcachefs (loop1): reading snapshots table
[  415.185300][T16250] bcachefs (loop1): reading snapshots done
[  415.209069][T16250] bcachefs (loop1): done starting filesystem
[  415.272000][ T5851] bcachefs (loop1): shutting down
[  415.273972][ T5851] bcachefs (loop1): going read-only
[  415.275751][ T5851] bcachefs (loop1): finished waiting for writes to stop
[  415.294574][ T5851] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[  415.342969][ T5851] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  415.349746][ T5851] bcachefs (loop1): clean shutdown complete, journal seq 4
[  415.352536][ T5851] bcachefs (loop1): marking filesystem clean
[  415.371109][ T5851] bcachefs (loop1): shutdown complete
[  416.682532][T16309] netlink: 'syz.1.4094': attribute type 21 has an invalid length.
[  416.685296][T16309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4094'.
[  416.865928][T16315] loop1: detected capacity change from 0 to 2048
[  416.872293][T16315] EXT4-fs: Ignoring removed nobh option
[  416.921608][T16315] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.926850][T16305] loop5: detected capacity change from 0 to 131072
[  416.937568][T16305] F2FS-fs (loop5): invalid crc value
[  417.001284][T16305] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  417.014499][T16305] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  417.047634][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.197422][   T33] audit: type=1326 audit(417.056:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16328 comm="syz.1.4101" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x0
[  417.305788][T16335] netlink: 340 bytes leftover after parsing attributes in process `syz.3.4103'.
[  417.601833][T16344] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  418.269433][ T5910] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  418.429505][ T5910] usb 2-1: Using ep0 maxpacket: 16
[  418.433909][ T5910] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  418.440679][ T5910] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  418.444047][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.446558][ T5910] usb 2-1: Product: syz
[  418.448032][ T5910] usb 2-1: Manufacturer: syz
[  418.449769][ T5910] usb 2-1: SerialNumber: syz
[  418.453497][ T5910] usb 2-1: config 0 descriptor??
[  418.461503][ T5910] pegasus_notetaker 2-1:0.0: Invalid number of endpoints
[  418.463781][ T5910] pegasus_notetaker 2-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  418.520043][   T48] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  418.665154][  T794] usb 2-1: USB disconnect, device number 46
[  418.673156][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  418.676891][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.680439][   T48] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  418.683175][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.688439][   T48] usb 6-1: config 0 descriptor??
[  419.452935][T16396] nftables ruleset with unbound chain
[  419.501335][   T48] usb 6-1: string descriptor 0 read error: -71
[  419.506013][   T48] uclogic 0003:256C:006D.000E: failed retrieving string descriptor #200: -71
[  419.508896][   T48] uclogic 0003:256C:006D.000E: failed retrieving pen parameters: -71
[  419.512003][   T48] uclogic 0003:256C:006D.000E: failed probing pen v2 parameters: -71
[  419.515267][   T48] uclogic 0003:256C:006D.000E: failed probing parameters: -71
[  419.518435][   T48] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71
[  419.526543][   T48] usb 6-1: USB disconnect, device number 16
[  419.753413][ T5910] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  419.901071][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.904405][ T5910] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  419.908412][ T5910] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00
[  419.912112][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.916011][ T5910] usb 2-1: config 0 descriptor??
[  420.309516][   T48] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  420.335711][ T5910] ortek 0003:1223:3F07.000F: unknown main item tag 0x6
[  420.338477][ T5910] ortek 0003:1223:3F07.000F: report_id 29495 is invalid
[  420.349656][ T5910] ortek 0003:1223:3F07.000F: item 0 2 1 8 parsing failed
[  420.353888][ T5910] ortek 0003:1223:3F07.000F: probe with driver ortek failed with error -22
[  420.463124][   T48] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  420.467070][   T48] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  420.474050][   T48] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  420.477656][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.481622][   T48] usb 6-1: Product: syz
[  420.487854][   T48] usb 6-1: Manufacturer: syz
[  420.490454][   T48] usb 6-1: SerialNumber: syz
[  420.540984][    T9] usb 2-1: USB disconnect, device number 47
[  420.710397][   T48] usb 6-1: Audio class v2/v3 interfaces need an interface association
[  420.731647][   T48] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22
[  420.739938][   T48] usb 6-1: USB disconnect, device number 17
[  420.753404][T11048] udevd[11048]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  421.405997][T16451] openvswitch: netlink: Message has 1 unknown bytes.
[  421.427351][T16452] loop5: detected capacity change from 0 to 2048
[  421.431801][T16452] EXT4-fs: Ignoring removed mblk_io_submit option
[  421.462490][   T33] audit: type=1326 audit(421.316:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16431 comm="syz.3.4148" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f016c98ebe9 code=0x7fc00000
[  421.499923][T16452] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  421.556806][T16452] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.4156: bg 0: block 234: padding at end of block bitmap is not set
[  421.590229][T16452] EXT4-fs (loop5): Remounting filesystem read-only
[  421.638887][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.963464][T16477] loop5: detected capacity change from 0 to 512
[  422.000210][T16479] loop1: detected capacity change from 0 to 512
[  422.004343][T16479] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  422.028349][T16479] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c11c, mo2=0102]
[  422.032694][T16479] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.4169: corrupted in-inode xattr: e_value size too large
[  422.039168][T16479] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.4169: couldn't read orphan inode 15 (err -117)
[  422.043226][T16477] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.4168: bg 0: block 5: invalid block bitmap
[  422.048097][T16479] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  422.049660][T16477] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  422.057115][T16477] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.4168: invalid indirect mapped block 3 (level 2)
[  422.073555][T16477] EXT4-fs (loop5): 2 truncates cleaned up
[  422.077333][T16477] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  422.250706][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.803172][T16502] ref_ctr_offset mismatch. inode: 0x21bf offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  422.901641][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.373596][T16511] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4180'.
[  423.672446][T16530] overlayfs: failed to clone upperpath
[  423.760273][T16533] 9pnet_fd: Insufficient options for proto=fd
[  424.285212][T16565] loop1: detected capacity change from 0 to 8
[  424.310738][T16568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4206'.
[  424.314258][T16565] unable to read xattr id index table
[  424.545246][T16576] loop1: detected capacity change from 0 to 4096
[  425.559062][T16615] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.4227'.
[  426.125867][T16636] loop5: detected capacity change from 0 to 256
[  426.144387][T16636] exfat: Unknown parameter ''
[  426.278934][T16641] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4237'.
[  426.943335][T16656] netlink: 'syz.3.4243': attribute type 9 has an invalid length.
[  427.075777][T16658] loop5: detected capacity change from 0 to 2048
[  427.103873][T11048] udevd[11048]: incorrect nilfs2 checksum on /dev/loop5
[  427.108717][T16658] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  427.136202][T11048] udevd[11048]: incorrect nilfs2 checksum on /dev/loop5
[  427.167770][T16665] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  427.168095][T16658] syz.5.4244: attempt to access beyond end of device
[  427.168095][T16658] loop5: rw=524288, sector=65534, nr_sectors = 2 limit=2048
[  427.607893][T16675] loop5: detected capacity change from 0 to 1024
[  427.638503][T16677] netlink: 'syz.1.4252': attribute type 21 has an invalid length.
[  427.703501][T16675] hfsplus: xattr searching failed
[  427.757033][ T4292] hfsplus: b-tree write err: -5, ino 3
[  427.976312][T16692] loop5: detected capacity change from 0 to 256
[  427.986065][T16692] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  427.993187][T16692] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  428.003553][T16692] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  428.362922][T16714] bridge0: entered promiscuous mode
[  428.374579][T16714] bridge0: left promiscuous mode
[  428.504780][T16720] loop5: detected capacity change from 0 to 512
[  428.555759][T16720] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  428.570569][T16720] EXT4-fs (loop5): 1 truncate cleaned up
[  428.575411][T16720] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  428.634651][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.637881][T16728] bond0: Removing last ns target with arp_interval on
[  428.641237][   T13] bond0: (slave bond_slave_0): interface is now down
[  428.641288][   T13] bond0: (slave bond_slave_1): interface is now down
[  428.641298][   T13] bond0: (slave bridge0): interface is now down
[  428.747025][T16732] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4278'.
[  428.894950][T16738] loop1: detected capacity change from 0 to 8
[  429.019638][    T9] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  429.203022][    T9] usb 6-1: config 0 has no interfaces?
[  429.252372][    T9] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  429.256275][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.262187][    T9] usb 6-1: Product: syz
[  429.264316][    T9] usb 6-1: Manufacturer: syz
[  429.266393][    T9] usb 6-1: SerialNumber: syz
[  429.271683][    T9] usb 6-1: config 0 descriptor??
[  429.902804][ T5910] usb 6-1: USB disconnect, device number 18
[  430.632445][T16749] loop5: detected capacity change from 0 to 256
[  430.641077][T16749] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  430.644530][T16751] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.4284'.
[  430.655781][T16749] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  430.676558][T16749] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  430.764033][   T33] audit: type=1326 audit(430.626:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16754 comm="syz.5.4286" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f36bdb8ebe9 code=0x0
[  431.791736][T16775] netlink: 'syz.1.4293': attribute type 2 has an invalid length.
[  432.227461][T16785] loop5: detected capacity change from 0 to 32768
[  432.315469][T16785] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  432.315485][T16785]   allowing incompatible features above 0.0: (unknown version)
[  432.315490][T16785]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  432.334896][T16785] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  432.338747][T16785] bcachefs (loop5): initializing new filesystem
[  432.349939][T16785] bcachefs (loop5): going read-write
[  432.355304][T16785] bcachefs (loop5): marking superblocks
[  432.394421][T16785] bcachefs (loop5): initializing freespace
[  432.399637][T16785] bcachefs (loop5): done initializing freespace
[  432.413471][T16785] bcachefs (loop5): reading snapshots table
[  432.415383][T16785] bcachefs (loop5): reading snapshots done
[  432.425615][T16785] bcachefs (loop5): done starting filesystem
[  432.488270][T12917] bcachefs (loop5): shutting down
[  432.494228][T12917] bcachefs (loop5): going read-only
[  432.496004][T12917] bcachefs (loop5): finished waiting for writes to stop
[  432.504125][T12917] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  432.555785][T12917] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 6
[  432.562600][T12917] bcachefs (loop5): clean shutdown complete, journal seq 7
[  432.565781][T12917] bcachefs (loop5): marking filesystem clean
[  432.586648][T12917] bcachefs (loop5): shutdown complete
[  432.764030][   T13] bond0: (slave bond_slave_0): interface is now down
[  432.767278][   T13] bond0: (slave bond_slave_1): interface is now down
[  433.106035][   T13] bond0: (slave bridge0): interface is now down
[  433.114394][   T13] bond0: now running without any active interface!
[  433.488997][T16827] loop1: detected capacity change from 0 to 32768
[  433.523696][T16827] XFS (loop1): Metadata CRC error detected at xfs_sb_read_verify+0x2ec/0x400, xfs_sb block 0x0 
[  433.526895][T16827] XFS (loop1): Unmount and run xfs_repair
[  433.528931][T16827] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  433.535472][T16827] 00000000: 58 46 53 42 00 00 04 00 00 00 00 00 00 00 10 00  XFSB............
[  433.540971][T16827] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  433.548603][T16827] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  433.555702][T16827] 00000030: 00 00 00 00 00 00 00 06 00 00 00 00 00 00 11 40  ...............@
[  433.566574][T16827] 00000040: 00 00 00 00 00 00 11 41 00 00 00 00 00 00 11 42  .......A.......B
[  433.570428][T16827] 00000050: 00 00 00 01 00 00 10 00 00 00 00 01 00 00 00 00  ................
[  433.574070][T16827] 00000060: 00 00 04 3e b4 b5 02 00 04 00 00 04 00 00 00 00  ...>............
[  433.577897][T16827] 00000070: 00 00 00 00 00 00 00 00 0c 09 0a 02 0c 00 00 0a  ................
[  433.585006][T16827] XFS (loop1): SB validate failed with error -74.
[  434.548524][T16880] vti0: entered promiscuous mode
[  434.630243][T16884] loop1: detected capacity change from 0 to 64
[  434.728726][T16889] loop1: detected capacity change from 0 to 8192
[  435.434056][T16905] netlink: 6 bytes leftover after parsing attributes in process `syz.3.4345'.
[  435.437573][T16905] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  435.682208][T16913] loop5: detected capacity change from 0 to 512
[  435.700594][T16913] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.4350: casefold flag without casefold feature
[  435.708343][T16913] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.4350: couldn't read orphan inode 15 (err -117)
[  435.718693][T16913] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.738704][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  435.814049][T16925] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4355'.
[  435.825649][T16925] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4355'.
[  436.585140][T16955] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  438.793225][T16997] usb usb5: usbfs: process 16997 (syz.5.4385) did not claim interface 0 before use
[  438.905389][T17005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4390'.
[  439.049376][T17019] syz_tun: entered allmulticast mode
[  439.074184][T17019] pimreg: left allmulticast mode
[  439.229499][T17017] syz_tun: left allmulticast mode
[  439.562766][T17048] overlay: Unknown parameter 'rootcontext'
[  440.044535][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  440.046672][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  440.241961][T17064] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4418'.
[  440.285653][T17069] loop5: detected capacity change from 0 to 128
[  440.355798][T17071] loop5: detected capacity change from 0 to 128
[  440.410779][T17074] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  440.510103][T17080] loop1: detected capacity change from 0 to 512
[  440.521226][T17080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  440.596847][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  440.677301][T17087] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000003
[  440.795856][T17095] netlink: 'syz.1.4431': attribute type 9 has an invalid length.
[  440.904658][T17103] loop5: detected capacity change from 0 to 512
[  440.917558][T17103] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  440.926854][T17103] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  440.943867][T17103] EXT4-fs (loop5): orphan cleanup on readonly fs
[  440.946925][T17103] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.4435: bad orphan inode 15
[  440.954460][T17103] ext4_test_bit(bit=14, block=18) = 1
[  440.956589][T17103] is_bad_inode(inode)=0
[  440.960432][T17103] NEXT_ORPHAN(inode)=1023
[  440.962294][T17103] max_ino=32
[  440.963345][T17103] i_nlink=0
[  440.970351][T17103] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2962: inode #15: comm syz.5.4435: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled
[  440.977683][T17103] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -117)
[  440.986439][T17103] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  441.026550][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.159145][T17114] loop5: detected capacity change from 0 to 2048
[  441.170815][ T5891] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  441.187561][T17115] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  441.219965][T17114] syz.5.4440: attempt to access beyond end of device
[  441.219965][T17114] loop5: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048
[  441.228375][T17114] NILFS (loop5): I/O error reading b-tree node block (ino=16, blocknr=15)
[  441.234199][T17114] syz.5.4440: attempt to access beyond end of device
[  441.234199][T17114] loop5: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048
[  441.243432][T17114] NILFS (loop5): I/O error reading b-tree node block (ino=16, blocknr=15)
[  441.246944][T17114] NILFS (loop5): error -5 truncating bmap (ino=16)
[  441.341993][T17119] loop5: detected capacity change from 0 to 1024
[  441.345287][T17119] EXT4-fs: Ignoring removed nobh option
[  441.347108][T17119] EXT4-fs: Ignoring removed bh option
[  441.353566][ T5891] usb 2-1: Using ep0 maxpacket: 32
[  441.357924][ T5891] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  441.374789][T17119] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  441.376362][ T5891] usb 2-1: config 0 interface 0 has no altsetting 0
[  441.392020][ T5891] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  441.395732][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.413124][ T5891] usb 2-1: config 0 descriptor??
[  441.454297][   T33] audit: type=1800 audit(441.316:84): pid=17119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4442" name="file2" dev="overlay" ino=16 res=0 errno=0
[  441.496854][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.849502][ T5891] uclogic 0003:5543:0781.0010: ignoring exceeding usage max
[  441.852444][ T5891] uclogic 0003:5543:0781.0010: unbalanced collection at end of report description
[  441.855842][ T5891] uclogic 0003:5543:0781.0010: parse failed
[  441.857992][ T5891] uclogic 0003:5543:0781.0010: probe with driver uclogic failed with error -22
[  442.056120][ T5891] usb 2-1: USB disconnect, device number 48
[  442.691668][T17138] loop5: detected capacity change from 0 to 32768
[  442.758049][T17138] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  442.786214][T17138] XFS (loop5): Ending clean mount
[  442.861294][T12917] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  443.013332][T17162] netlink: 'syz.1.4458': attribute type 12 has an invalid length.
[  443.016580][T17162] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4458'.
[  443.272594][T17171] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4461'.
[  443.484954][T17181] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.4465'.
[  443.590066][  T794] usb 2-1: new full-speed USB device number 49 using dummy_hcd
[  443.741778][  T794] usb 2-1: unable to get BOS descriptor or descriptor too short
[  443.745789][  T794] usb 2-1: not running at top speed; connect to a high speed hub
[  443.761432][  T794] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  443.765760][  T794] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  443.771482][  T794] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  443.782656][  T794] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  443.786339][  T794] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.790429][  T794] usb 2-1: Product: syz
[  443.792175][  T794] usb 2-1: Manufacturer: syz
[  443.794146][  T794] usb 2-1: SerialNumber: syz
[  443.809417][ T5891] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  443.961647][ T5891] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  443.965159][ T5891] usb 6-1: config 0 has no interface number 0
[  443.967753][ T5891] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  443.979519][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.985277][ T5891] usb 6-1: config 0 descriptor??
[  443.991434][ T5891] usb 6-1: selecting invalid altsetting 1
[  444.000143][ T5891] dvb_ttusb_budget: ttusb_init_controller: error
[  444.005686][ T5891] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  444.051356][ T5891] DVB: Unable to find symbol cx22700_attach()
[  444.068470][  T794] usb 2-1: USB disconnect, device number 49
[  444.097780][ T5891] DVB: Unable to find symbol tda10046_attach()
[  444.100789][ T5891] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  444.195455][ T5315] usb 6-1: USB disconnect, device number 19
[  444.577740][T17214] loop1: detected capacity change from 0 to 512
[  444.602906][T17214] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.4480: casefold flag without casefold feature
[  444.608461][T17214] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.4480: couldn't read orphan inode 15 (err -117)
[  444.619026][T17214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  444.654479][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.113876][T17233] loop1: detected capacity change from 0 to 32768
[  445.613062][T17237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4491'.
[  445.616681][T17237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4491'.
[  445.859513][   T48] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  446.009373][   T48] usb 2-1: Using ep0 maxpacket: 32
[  446.013020][   T48] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  446.016405][   T48] usb 2-1: config 0 has no interface number 0
[  446.018577][   T48] usb 2-1: config 0 interface 184 has no altsetting 0
[  446.042930][   T48] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  446.046164][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.049067][   T48] usb 2-1: Product: syz
[  446.068083][   T48] usb 2-1: Manufacturer: syz
[  446.072418][   T48] usb 2-1: SerialNumber: syz
[  446.080401][   T48] usb 2-1: config 0 descriptor??
[  446.086813][   T48] smsc75xx v1.0.0
[  446.270473][T17274] tunl0: entered promiscuous mode
[  446.272455][T17274] tunl0: left allmulticast mode
[  446.274828][T17274] netlink: 'syz.3.4507': attribute type 4 has an invalid length.
[  446.277496][T17274] netlink: 9 bytes leftover after parsing attributes in process `syz.3.4507'.
[  446.538914][T17292] netlink: 148 bytes leftover after parsing attributes in process `syz.5.4517'.
[  446.623703][T17292] netlink: 148 bytes leftover after parsing attributes in process `syz.5.4517'.
[  446.836310][   T48] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  446.851244][   T48] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  446.859403][   T48] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  446.869789][   T48] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  446.877789][   T48] usb 2-1: USB disconnect, device number 50
[  447.246198][T17307] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  447.521080][T17313] loop1: detected capacity change from 0 to 4096
[  448.189375][ T5910] usb 2-1: new full-speed USB device number 51 using dummy_hcd
[  448.459688][ T5910] usb 2-1: config 5 has an invalid interface number: 123 but max is 0
[  448.463569][ T5910] usb 2-1: config 5 has no interface number 0
[  448.465998][ T5910] usb 2-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  448.485818][ T5910] usb 2-1: config 5 interface 123 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  448.492473][ T5910] usb 2-1: config 5 interface 123 has no altsetting 0
[  448.497935][ T5910] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  448.501803][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.504871][ T5910] usb 2-1: Product: syz
[  448.506473][ T5910] usb 2-1: Manufacturer: syz
[  448.508244][ T5910] usb 2-1: SerialNumber: syz
[  448.571528][T17334] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4532'.
[  448.691796][   T48] psmouse serio2: Failed to reset mouse on : -5
[  448.734905][T17340] netlink: 'syz.3.4535': attribute type 4 has an invalid length.
[  448.827669][ T5910] comedi comedi5: Wrong number of endpoints
[  448.830452][ T5910] ni6501 2-1:5.123: driver 'ni6501' failed to auto-configure device.
[  448.839733][ T5910] usb 2-1: USB disconnect, device number 51
[  448.844399][T17344] netlink: 92 bytes leftover after parsing attributes in process `syz.3.4537'.
[  448.848341][T17344] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  450.456149][T17377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4551'.
[  452.966304][   T48] misc userio: Buffer overflowed, userio client isn't keeping up
[  453.168103][T17423] loop1: detected capacity change from 0 to 128
[  453.203362][T17423] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  453.216518][T17423] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:375: inode #2: comm syz.1.4572: No space for directory leaf checksum. Please run e2fsck -D.
[  453.225047][T17423] EXT4-fs error (device loop1): htree_dirblock_to_tree:1051: inode #2: comm syz.1.4572: Directory block failed checksum
[  453.257253][ T5851] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  453.365719][T17431] loop1: detected capacity change from 0 to 1024
[  453.398725][T17431] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  453.411691][T17431] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  453.454090][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.788774][T17445] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4581'.
[  453.883823][T17449] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4583'.
[  454.004252][T17457] loop1: detected capacity change from 0 to 512
[  454.010355][T17457] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  454.016398][T17457] EXT4-fs (loop1): 1 truncate cleaned up
[  454.019147][T17457] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  454.034646][T17457] EXT4-fs error (device loop1): ext4_get_parent:1838: comm syz.1.4587: inode #2: comm syz.1.4587: iget: illegal inode #
[  454.035178][   T48] input: PS/2 Generic Mouse as /devices/serio2/input/input14
[  454.089120][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  454.181411][T17463] loop1: detected capacity change from 0 to 256
[  454.272124][   T48] psmouse serio2: Failed to enable mouse on 
[  454.615432][T17473] loop5: detected capacity change from 0 to 32768
[  454.619516][T17473] bcachefs (/dev/loop5): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  454.619516][T17473] clean (size 2912):
[  454.619516][T17473] flags:          0
[  454.619516][T17473] journal_seq:    8
[  454.619516][T17473] prio_ptrs: 
[  454.619516][T17473] usage: type=key_version v=0
[  454.619516][T17473] usage: type=reserved v=0
[  454.619516][T17473] usage: type=reserved v=0
[  454.619516][T17473] usage: type=reserved v=0
[  454.619516][T17473] usage: type=reserved v=0
[  454.619516][T17473] data_usage: btree: 1/1 [0]=2816
[  454.619516][T17473] data_usage: journal: 1/1 [0]=0
[  454.619516][T17473] data_usage: user: 1/1 [0]=32
[  454.619516][T17473] dev_usage: dev=0  
[  454.619516][T17473]   free: buckets=83 sectors=0 fragmented=0
[  454.619516][T17473]   sb: buckets=25 sectors=6152 fragmented=248
[  454.619516][T17473]   journal: buckets=8 sectors=2048 fragmented=0
[  454.619516][T17473]   btree: buckets=11 sectors=2816 fragmented=0
[  454.619516][T17473]   user: buckets=1 sectors=32 fragmented=224
[  454.619516][T17473]   cached: buckets=0 sectors=0 fragmented=0
[  454.619516][T17473]   parity: buckets=0 sectors=0 fragmented=786432
[  454.619516][T17473]   stripe: buckets=0 sectors=0 fragmented=0
[  454.619516][T17473]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  454.619516][T17473]   need_discard: buckets=0 sectors=0 fragmented=0
[  454.619516][T17473] clock: read=0
[  454.619516][T17473] clock: write=1288
[  454.619516][T17473] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2a
[  454.619637][T17473] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  455.052743][T17489] sctp: [Deprecated]: syz.3.4599 (pid 17489) Use of struct sctp_assoc_value in delayed_ack socket option.
[  455.052743][T17489] Use struct sctp_sack_info instead
[  455.129878][T17482] loop1: detected capacity change from 0 to 32768
[  455.140781][T17482] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4596 (17482)
[  455.166487][T17482] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  455.188220][T17482] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  455.207019][T17482] BTRFS info (device loop1): using free-space-tree
[  455.392785][T17482] BTRFS info (device loop1): rebuilding free space tree
[  456.245717][ T5851] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  456.393002][    C1] vkms_vblank_simulate: vblank timer overrun
[  456.972288][T17537] batman_adv: batadv0: Removing interface: batadv_slave_0
[  456.985845][T17537] batman_adv: batadv0: Removing interface: batadv_slave_1
[  457.217959][T17551] 9pnet_fd: Insufficient options for proto=fd
[  457.334812][T17562] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  457.338549][T17559] loop1: detected capacity change from 0 to 1024
[  457.343772][T17562] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.346537][T17559] EXT4-fs: Ignoring removed orlov option
[  457.349464][T17562] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.363593][T17559] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  457.371568][T17559] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  457.376375][T17559] EXT4-fs (loop1): invalid journal inode
[  457.378337][T17559] EXT4-fs (loop1): can't get journal size
[  457.387568][T17559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  457.604849][T17575] syz_tun: entered allmulticast mode
[  457.682805][T17574] syz_tun: left allmulticast mode
[  458.232243][T17594] loop5: detected capacity change from 0 to 2048
[  458.235713][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.299486][T17594] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  458.573630][T17612] netlink: 'syz.1.4648': attribute type 8 has an invalid length.
[  458.846753][T17632] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4657'.
[  458.941369][T17638] netlink: 'syz.5.4659': attribute type 21 has an invalid length.
[  458.960567][T17638] netlink: 128 bytes leftover after parsing attributes in process `syz.5.4659'.
[  458.964276][T17638] netlink: 'syz.5.4659': attribute type 5 has an invalid length.
[  458.967423][T17638] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4659'.
[  459.155332][T17655] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4668'.
[  459.183999][T17657] overlayfs: failed to clone upperpath
[  459.402071][T17667] loop5: detected capacity change from 0 to 8
[  459.959598][   T48] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  459.966640][T17690] netlink: 6 bytes leftover after parsing attributes in process `syz.1.4683'.
[  459.977886][T17690] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  460.109362][   T48] usb 6-1: Using ep0 maxpacket: 8
[  460.118704][   T48] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  460.122213][   T48] usb 6-1: config 0 has no interface number 0
[  460.124715][   T48] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  460.129028][   T48] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  460.134273][   T48] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  460.139879][   T48] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  460.144919][   T48] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  460.148593][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.171435][   T48] usb 6-1: config 0 descriptor??
[  460.230670][   T48] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  461.583570][T17712] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  461.641423][T17716] loop1: detected capacity change from 0 to 256
[  461.662995][T17716] FAT-fs (loop1): Directory bread(block 64) failed
[  461.665733][T17716] FAT-fs (loop1): Directory bread(block 65) failed
[  461.668706][T17716] FAT-fs (loop1): Directory bread(block 66) failed
[  461.674011][T17716] FAT-fs (loop1): Directory bread(block 67) failed
[  461.676805][T17716] FAT-fs (loop1): Directory bread(block 68) failed
[  461.681402][T17716] FAT-fs (loop1): Directory bread(block 69) failed
[  461.684195][T17716] FAT-fs (loop1): Directory bread(block 70) failed
[  461.686888][T17716] FAT-fs (loop1): Directory bread(block 71) failed
[  461.700096][T17716] FAT-fs (loop1): Directory bread(block 72) failed
[  461.703168][T17716] FAT-fs (loop1): Directory bread(block 73) failed
[  461.742739][   T33] audit: type=1800 audit(461.596:85): pid=17716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4696" name="cpu.stat" dev="loop1" ino=1048709 res=0 errno=0
[  461.926112][T17724] __vm_enough_memory: pid: 17724, comm: syz.1.4700, bytes: 4503599627366400 not enough memory for the allocation
[  461.979480][T17726] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4701'.
[  462.521288][  T793] usb 6-1: USB disconnect, device number 20
[  462.538048][  T793] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  463.025533][T17759] netlink: 'syz.3.4714': attribute type 14 has an invalid length.
[  463.216881][T17773] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4721'.
[  463.527647][T17793] loop5: detected capacity change from 0 to 512
[  463.546093][T17793] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  463.556081][T17793] EXT4-fs (loop5): orphan cleanup on readonly fs
[  463.566011][T17793] EXT4-fs error (device loop5): ext4_quota_enable:7124: inode #15: comm syz.5.4730: iget: bad i_size value: 360287970189639690
[  463.576511][T17793] EXT4-fs error (device loop5): ext4_quota_enable:7127: comm syz.5.4730: Bad quota inode: 15, type: 2
[  463.581270][T17793] EXT4-fs warning (device loop5): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix.
[  463.587983][T17793] EXT4-fs (loop5): Cannot turn on quotas: error -117
[  463.595788][T17793] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  463.621100][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  464.190394][T17800] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  464.284364][T17804] loop1: detected capacity change from 0 to 64
[  464.316556][T17804] Trying to free block not in datazone
[  464.319789][T17804] Trying to free block not in datazone
[  464.324244][T17804] Trying to free block not in datazone
[  464.334252][T17804] Trying to free block not in datazone
[  464.337639][T17804] minix_free_inode: bit 5 already cleared
[  464.647799][T17829] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4745'.
[  464.727029][T17833] loop1: detected capacity change from 0 to 512
[  464.736656][T17833] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  464.777066][T17833] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[  464.781230][T17833] System zones: 1-12
[  464.790033][T17833] EXT4-fs (loop1): 1 truncate cleaned up
[  464.793833][T17833] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  464.848320][ T5848] Bluetooth: hci1: unexpected event for opcode 0x2006
[  464.863652][T17844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4751'.
[  464.896911][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.108851][T17836] loop5: detected capacity change from 0 to 65536
[  465.427555][T17836] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  465.511862][T17836] XFS (loop5): Ending clean mount
[  465.564869][   T33] audit: type=1800 audit(465.426:86): pid=17836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4748" name="file2" dev="loop5" ino=42 res=0 errno=0
[  465.704936][T17863] bfs: Unknown parameter 'ip6_vti0'
[  467.524245][T12917] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  467.862916][T17891] netlink: 277 bytes leftover after parsing attributes in process `syz.3.4768'.
[  468.323077][T17885] loop1: detected capacity change from 0 to 32768
[  468.339648][T17885] ERROR: (device loop1): xtSearch: xt_getpage: xtree page corrupt
[  468.339648][T17885] 
[  468.349821][T17885] ERROR: (device loop1): remounting filesystem as read-only
[  468.352380][T17885] xtLookup: xtSearch returned -5
[  468.357008][T17885] read_mapping_page failed!
[  468.358550][T17885] jfs_mount: diMount(ipaimap2) failed, rc = -5
[  468.362746][T17885] Mount JFS Failure: -5
[  468.364346][T17885] jfs_mount failed w/return code = -5
[  468.676954][T17917] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4778'.
[  468.873573][T17927] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4783'.
[  469.076783][T17936] loop1: detected capacity change from 0 to 512
[  469.089045][T17936] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  469.097349][T17936] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=800ec018, mo2=0082]
[  469.106114][T17936] EXT4-fs (loop1): 1 truncate cleaned up
[  469.108942][T17936] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  469.116224][   T33] audit: type=1800 audit(468.976:87): pid=17936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4787" name="bus" dev="loop1" ino=18 res=0 errno=0
[  469.156440][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  469.354282][T17952] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4794'.
[  469.357093][T17952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4794'.
[  469.445140][T17959] loop1: detected capacity change from 0 to 4096
[  469.486713][T17959] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  469.634798][T17965] loop1: detected capacity change from 0 to 512
[  469.637953][T17965] EXT4-fs (loop1): bad s_min_extra_isize: 32767
[  470.061644][   T48] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  470.197075][T17997] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4815'.
[  470.214886][   T48] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  470.218239][   T48] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  470.225186][   T48] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  470.228451][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  470.231487][   T48] usb 2-1: SerialNumber: syz
[  470.444589][   T48] usb 2-1: 0:2 : does not exist
[  470.489882][   T48] usb 2-1: USB disconnect, device number 52
[  470.511934][T11048] udevd[11048]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  470.530419][  T793] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  470.681639][  T793] usb 6-1: config 0 has an invalid interface number: 130 but max is 0
[  470.685140][  T793] usb 6-1: config 0 has no interface number 0
[  470.687814][  T793] usb 6-1: config 0 interface 130 altsetting 0 endpoint 0x8B has an invalid bInterval 68, changing to 10
[  470.694286][  T793] usb 6-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e2.ca
[  470.698100][  T793] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.705643][  T793] usb 6-1: config 0 descriptor??
[  470.712487][  T793] usb 6-1: Found UVC 0.00 device <unnamed> (8086:0b5b)
[  470.716045][  T793] usb 6-1: No valid video chain found.
[  470.918507][  T793] usb 6-1: USB disconnect, device number 21
[  471.578404][T18034] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4833'.
[  471.662831][T18038] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2)
[  471.671395][T18042] ksmbd: Unknown IPC event: 4, ignore.
[  471.942476][T18058] netlink: 1041 bytes leftover after parsing attributes in process `syz.5.4845'.
[  472.092814][T18065] netlink: 'syz.5.4848': attribute type 5 has an invalid length.
[  472.281469][T18079] gfs2: gfs2 mount does not exist
[  472.581514][T18085] loop5: detected capacity change from 0 to 2048
[  472.642911][T18085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  473.117587][T18092] loop5: detected capacity change from 0 to 2048
[  473.125426][T18092] EXT4-fs (loop5): unsupported inode size: 0
[  473.128040][T18092] EXT4-fs (loop5): blocksize: 2048
[  473.269139][T18094] loop5: detected capacity change from 0 to 128
[  473.282962][T18094] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  473.356378][T18100] loop5: detected capacity change from 0 to 8
[  473.405142][T18096] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  473.487644][T18103] loop1: detected capacity change from 0 to 4096
[  473.511770][T18105] loop5: detected capacity change from 0 to 2048
[  473.527485][T18103] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  473.537123][T18103] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  473.543139][T18103] ntfs3(loop1): mft corrupted
[  473.545187][T18103] ntfs3(loop1): Failed to load root (-22).
[  473.551561][T18103] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22.
[  473.560211][T18106] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  473.693993][T18110] netlink: 51 bytes leftover after parsing attributes in process `syz.1.4868'.
[  473.739917][T18116] loop1: detected capacity change from 0 to 512
[  473.773125][T18116] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
[  473.788724][T18116] EXT4-fs (loop1): mount failed
[  473.798348][T18122] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4871'.
[  473.971348][T18135] syz_tun: entered allmulticast mode
[  473.987279][T18133] syz_tun: left allmulticast mode
[  473.996989][T18138] loop1: detected capacity change from 0 to 1024
[  474.007901][T18138] EXT4-fs: Ignoring removed orlov option
[  474.010034][T18138] EXT4-fs: Ignoring removed nomblk_io_submit option
[  474.032850][T18138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  474.159472][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  474.377144][T18166] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.4888'.
[  474.382158][T18167] loop5: detected capacity change from 0 to 512
[  474.385800][T18167] EXT4-fs: Ignoring removed mblk_io_submit option
[  474.403200][T18167] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  474.438124][T18167] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  474.443138][T18167] System zones: 1-12
[  474.448287][T18167] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.4890: corrupted in-inode xattr: e_value size too large
[  474.454897][T18167] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.4890: couldn't read orphan inode 15 (err -117)
[  474.463707][T18167] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  474.516195][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  474.695442][T18177] loop1: detected capacity change from 0 to 4096
[  474.841056][T18180] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  475.276534][T18194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4900'.
[  475.289059][T18194] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4900'.
[  475.351598][T18198] netlink: 'syz.3.4903': attribute type 3 has an invalid length.
[  475.410997][T18202] loop1: detected capacity change from 0 to 2048
[  475.426718][T18202] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  475.474346][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  476.223924][T18233] CIFS mount error: No usable UNC path provided in device string!
[  476.223924][T18233] 
[  476.227235][T18233] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  477.601590][T18275] loop5: detected capacity change from 0 to 8
[  477.606766][T18275] SQUASHFS error: lzo decompression failed, data probably corrupt
[  477.612633][T18275] SQUASHFS error: Failed to read block 0x91: -5
[  477.615803][T18275] SQUASHFS error: Unable to read metadata cache entry [8f]
[  477.618685][T18275] SQUASHFS error: Unable to read inode 0x11f
[  477.907204][T18286] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4940'.
[  478.275238][   T33] audit: type=1326 audit(478.136:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b1ab85ba7 code=0x7ffc0000
[  478.305097][   T33] audit: type=1326 audit(478.136:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b1ab2add9 code=0x7ffc0000
[  478.318733][ T5297] udevd[5297]: worker [11048] terminated by signal 33 (Unknown signal 33)
[  478.324388][   T33] audit: type=1326 audit(478.136:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b1ab85ba7 code=0x7ffc0000
[  478.333068][ T5297] udevd[5297]: worker [11048] failed while handling '/devices/virtual/block/loop1'
[  478.338003][   T33] audit: type=1326 audit(478.136:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b1ab2add9 code=0x7ffc0000
[  478.339433][  T793] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  478.352058][   T33] audit: type=1326 audit(478.136:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b1ab85ba7 code=0x7ffc0000
[  478.379743][   T33] audit: type=1326 audit(478.136:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b1ab2add9 code=0x7ffc0000
[  478.387809][   T33] audit: type=1326 audit(478.136:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b1ab85ba7 code=0x7ffc0000
[  478.405697][   T33] audit: type=1326 audit(478.136:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b1ab2add9 code=0x7ffc0000
[  478.422988][   T33] audit: type=1326 audit(478.136:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b1ab85ba7 code=0x7ffc0000
[  478.432134][   T33] audit: type=1326 audit(478.136:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18307 comm="syz.1.4951" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b1ab2add9 code=0x7ffc0000
[  478.447703][T18314] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  478.517018][T18320] loop1: detected capacity change from 0 to 512
[  478.521441][T18320] EXT4-fs: Ignoring removed mblk_io_submit option
[  478.529461][  T793] usb 6-1: Using ep0 maxpacket: 32
[  478.539573][T18320] EXT4-fs error (device loop1): ext4_orphan_get:1392: comm syz.1.4956: inode #13: comm syz.1.4956: iget: illegal inode #
[  478.544289][  T793] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  478.545029][T18320] EXT4-fs (loop1): Remounting filesystem read-only
[  478.552540][T18320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  478.554063][  T793] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.582247][  T793] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  478.588976][  T793] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.608982][  T793] usb 6-1: config 0 descriptor??
[  478.622582][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.632411][T18324] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  479.024186][  T793] kone 0003:1E7D:2CED.0011: unknown main item tag 0x1
[  479.026926][  T793] kone 0003:1E7D:2CED.0011: collection stack underflow
[  479.038584][  T793] kone 0003:1E7D:2CED.0011: item 0 1 0 12 parsing failed
[  479.042872][  T793] kone 0003:1E7D:2CED.0011: parse failed
[  479.045199][  T793] kone 0003:1E7D:2CED.0011: probe with driver kone failed with error -22
[  479.227343][ T5315] usb 6-1: USB disconnect, device number 22
[  479.699628][T18361] netlink: 91 bytes leftover after parsing attributes in process `syz.1.4974'.
[  479.703154][T18361] netlink: 91 bytes leftover after parsing attributes in process `syz.1.4974'.
[  480.496415][T18389] netlink: 'syz.5.4986': attribute type 1 has an invalid length.
[  480.792832][T18405] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4994'.
[  480.795705][T18405] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  480.798244][T18405] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  481.529689][  T794] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  481.693379][  T794] usb 6-1: Using ep0 maxpacket: 32
[  481.703728][  T794] usb 6-1: config 2 has an invalid interface number: 86 but max is 0
[  481.706309][  T794] usb 6-1: config 2 has no interface number 0
[  481.708395][  T794] usb 6-1: config 2 interface 86 altsetting 0 endpoint 0xA has invalid maxpacket 1584, setting to 1024
[  481.718529][  T794] usb 6-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=92.aa
[  481.721805][  T794] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.732581][T18417] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  481.762672][T18438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5010'.
[  481.766450][T18438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5010'.
[  481.904081][T18450] netlink: 'syz.3.5016': attribute type 10 has an invalid length.
[  481.909094][T18450] team0: Cannot enslave team device to itself
[  481.957783][  T794] usb 6-1: string descriptor 0 read error: -71
[  481.966276][  T794] ftdi_sio 6-1:2.86: FTDI USB Serial Device converter detected
[  481.981754][  T794] ftdi_sio ttyUSB0: unknown device type: 0x92aa
[  482.009991][  T794] usb 6-1: USB disconnect, device number 23
[  482.018797][  T794] ftdi_sio 6-1:2.86: device disconnected
[  482.682518][T18479] Bluetooth: MGMT ver 1.23
[  483.539151][T18526] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5048'.
[  484.698713][T18535] loop1: detected capacity change from 0 to 32768
[  484.727057][T18535] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  484.757374][T18535] XFS (loop1): Ending clean mount
[  484.767323][T18535] XFS (loop1): Quotacheck needed: Please wait.
[  484.794469][T18570] openvswitch: netlink: IPv6 tunnel dst address is zero
[  484.826360][T18572] loop5: detected capacity change from 0 to 4096
[  484.827855][T18535] XFS (loop1): Quotacheck: Done.
[  484.861513][ T5851] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  484.866111][T18572] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  485.148711][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  485.192634][T18582] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5070'.
[  485.243353][T18584] loop5: detected capacity change from 0 to 512
[  485.279685][T18584] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  485.397435][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  485.452803][T18594] loop5: detected capacity change from 0 to 256
[  485.471953][   T33] kauditd_printk_skb: 38 callbacks suppressed
[  485.471967][   T33] audit: type=1800 audit(485.326:136): pid=18594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.5073" name="file1" dev="loop5" ino=1048710 res=0 errno=0
[  485.499621][T18594] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  485.502364][T18594] FAT-fs (loop5): Filesystem has been set read-only
[  485.969346][  T793] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  486.411926][  T793] usb 6-1: Using ep0 maxpacket: 8
[  486.424667][  T793] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  486.428834][  T793] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.432331][  T793] usb 6-1: Product: syz
[  486.434249][  T793] usb 6-1: Manufacturer: syz
[  486.443235][  T793] usb 6-1: SerialNumber: syz
[  486.447800][  T793] usb 6-1: config 0 descriptor??
[  486.659360][  T793] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  486.780182][T18621] netlink: 'syz.1.5086': attribute type 27 has an invalid length.
[  486.872471][T18621] bridge1: left allmulticast mode
[  486.875942][T18626] Invalid option length (0) for dns_resolver key
[  486.919102][T18624] 8021q: adding VLAN 0 to HW filter on device bond0
[  486.925077][T18624] 8021q: adding VLAN 0 to HW filter on device team0
[  486.932368][T18624] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  486.945687][   T12] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  486.949596][   T12] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  486.958648][T18628] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  486.962993][   T12] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  486.971827][   T12] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  487.067556][  T793] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  487.079969][  T793] usb 6-1: USB disconnect, device number 24
[  487.198839][ T5315] libceph: connect (1)[c::]:6789 error -101
[  487.201332][ T5315] libceph: mon0 (1)[c::]:6789 connect error
[  487.289603][T18641] ceph: No mds server is up or the cluster is laggy
[  487.550068][T18657] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5101'.
[  487.568393][T18659] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  487.681868][T18672] dns_resolver: Unsupported content type (218)
[  487.692779][T18669] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5107'.
[  487.695564][T18669] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5107'.
[  487.698311][T18669] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[  487.945805][T18698] loop5: detected capacity change from 0 to 64
[  488.038395][T18704] loop5: detected capacity change from 0 to 512
[  488.118335][T18704] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  488.172562][T12917] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  488.192504][T18713] loop1: detected capacity change from 0 to 512
[  488.233543][T18713] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.5127: corrupted in-inode xattr: overlapping e_value 
[  488.267507][T18713] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.5127: couldn't read orphan inode 15 (err -117)
[  488.280726][T18713] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  488.318083][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  488.339804][ T5315] kernel write not supported for file /stat (pid: 5315 comm: kworker/0:3)
[  489.137178][T18788] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5161'.
[  489.601227][T18801] loop5: detected capacity change from 0 to 32768
[  489.615424][T18801] read_mapping_page failed!
[  489.792504][T18814] netlink: 136 bytes leftover after parsing attributes in process `syz.5.5174'.
[  490.689399][  T793] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[  490.830044][T18831] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5179'.
[  490.884751][  T793] usb 2-1: config 252 has an invalid interface number: 107 but max is 0
[  490.897593][  T793] usb 2-1: config 252 has no interface number 0
[  490.917189][  T793] usb 2-1: config 252 interface 107 altsetting 0 has an endpoint descriptor with address 0x6B, changing to 0xB
[  490.943281][  T793] usb 2-1: config 252 interface 107 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  490.957334][  T793] usb 2-1: config 252 interface 107 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  490.977240][  T793] usb 2-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=d7.67
[  490.989674][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.000608][  T793] usb 2-1: Product: syz
[  491.004595][  T793] usb 2-1: Manufacturer: syz
[  491.008822][  T793] usb 2-1: SerialNumber: syz
[  491.084992][  T793] usbtouchscreen 2-1:252.107: probe with driver usbtouchscreen failed with error -8
[  491.177807][T18835] netlink: 160 bytes leftover after parsing attributes in process `syz.5.5183'.
[  491.182356][T18835] netlink: 'syz.5.5183': attribute type 1 has an invalid length.
[  491.184930][T18835] netlink: 'syz.5.5183': attribute type 2 has an invalid length.
[  491.187614][T18835] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5183'.
[  491.266536][  T793] usb 2-1: USB disconnect, device number 53
[  491.484947][T18845] vlan4: entered allmulticast mode
[  491.786958][T18856] netlink: 428 bytes leftover after parsing attributes in process `syz.3.5193'.
[  491.793392][T18856] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5193'.
[  493.827196][T18911] loop1: detected capacity change from 0 to 32768
[  493.870721][T18911] 
[  493.870721][T18911]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  493.870721][T18911] 
[  493.968586][   T71] ERROR: (device loop1): diWrite: ixpxd invalid
[  493.968586][   T71] 
[  493.985021][   T71] ERROR: (device loop1): txCommit: 
[  493.985021][   T71] 
[  493.988071][   T71] jfs_write_inode: jfs_commit_inode failed!
[  493.999514][ T5851] 
[  493.999514][ T5851]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  493.999514][ T5851] 
[  494.004737][ T5851] 
[  494.004737][ T5851]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  494.004737][ T5851] 
[  494.207441][T18934] loop5: detected capacity change from 0 to 2048
[  494.221802][T18934] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  494.540233][    T9] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  494.569024][   T33] audit: type=1326 audit(494.426:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18941 comm="syz.5.5232" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f36bdb8ebe9 code=0x0
[  494.689620][    T9] usb 2-1: Using ep0 maxpacket: 8
[  494.694481][    T9] usb 2-1: config 255 has an invalid interface number: 222 but max is 0
[  494.697996][    T9] usb 2-1: config 255 has no interface number 0
[  494.703919][    T9] usb 2-1: New USB device found, idVendor=071d, idProduct=1005, bcdDevice=4d.b4
[  494.707859][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.712678][    T9] usb 2-1: Product: syz
[  494.714587][    T9] usb 2-1: Manufacturer: syz
[  494.716709][    T9] usb 2-1: SerialNumber: syz
[  494.732066][    T9] HFC-S_USB 2-1:255.222: probe with driver HFC-S_USB failed with error -5
[  494.834504][T18950] __nla_validate_parse: 2 callbacks suppressed
[  494.834524][T18950] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5235'.
[  494.841260][T18949] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5235'.
[  494.845004][T18949] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5235'.
[  494.848751][T18949] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5235'.
[  494.929627][ T5315] usb 2-1: USB disconnect, device number 54
[  495.437633][T18955] autofs: Bad value for 'fd'
[  496.275123][T18970] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5243'.
[  496.464667][T18979] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5247'.
[  496.602062][T18985] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5250'.
[  496.826714][T18991] loop5: detected capacity change from 0 to 4096
[  496.861958][T18995] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  497.165841][T19004] loop1: detected capacity change from 0 to 4096
[  497.201449][T19004] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  497.210965][T19004] ntfs3(loop1): Failed to load $Extend (-22).
[  497.213185][T19004] ntfs3(loop1): Failed to initialize $Extend.
[  497.997261][T19026] loop1: detected capacity change from 0 to 2048
[  498.026650][T19026] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  498.072077][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.254032][T19033] loop5: detected capacity change from 0 to 1024
[  499.166391][T19042] trusted_key: encrypted_key: keyword 'updat`fault' not recognized
[  499.791294][   T33] audit: type=1326 audit(499.646:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  499.819072][   T33] audit: type=1326 audit(499.676:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  499.859735][   T33] audit: type=1326 audit(499.676:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  499.889538][   T33] audit: type=1326 audit(499.676:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  499.900754][   T33] audit: type=1326 audit(499.676:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  499.922825][   T33] audit: type=1326 audit(499.676:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  499.953027][   T33] audit: type=1326 audit(499.676:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19043 comm="syz.1.5272" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x7fc00000
[  500.506544][T19055] loop1: detected capacity change from 0 to 736
[  500.721350][T19060] ptrace attach of "/syz-executor exec"[6378] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "[19060]
[  501.229453][ T5910] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  501.380453][ T5910] usb 2-1: Using ep0 maxpacket: 16
[  501.388469][ T5910] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  501.392860][ T5910] usb 2-1: config 0 has no interface number 0
[  501.398594][ T5910] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  501.405380][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  501.409019][ T5910] usb 2-1: Product: syz
[  501.411210][ T5910] usb 2-1: Manufacturer: syz
[  501.413084][ T5910] usb 2-1: SerialNumber: syz
[  501.417376][ T5910] usb 2-1: config 0 descriptor??
[  501.426743][ T5910] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  501.485039][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  501.487558][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  501.723376][T19099] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5297'.
[  501.916283][T19101] overlayfs: failed to clone lowerpath
[  502.041285][T19102] overlayfs: failed to clone upperpath
[  502.252615][T19106] loop5: detected capacity change from 0 to 32768
[  502.266526][T19106] XFS (loop5): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  502.292288][T19106] XFS (loop5): Ending clean mount
[  502.298339][T19106] XFS (loop5): Quotacheck needed: Please wait.
[  502.331767][T19106] XFS (loop5): Quotacheck: Done.
[  502.360387][T12917] XFS (loop5): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  502.567963][T19118] netlink: 'syz.5.5300': attribute type 3 has an invalid length.
[  503.111546][    T9] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  503.180115][ T5910] gspca_spca1528: reg_w err -71
[  503.181867][ T5910] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71
[  503.186271][ T5910] usb 2-1: USB disconnect, device number 55
[  503.259410][    T9] usb 6-1: Using ep0 maxpacket: 16
[  503.263099][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  503.266463][    T9] usb 6-1: config 1 has an invalid interface number: 231 but max is 0
[  503.269080][    T9] usb 6-1: config 1 has no interface number 0
[  503.271176][    T9] usb 6-1: config 1 interface 231 has no altsetting 0
[  503.276270][    T9] usb 6-1: string descriptor 0 read error: -22
[  503.278232][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=5c.f5
[  503.281977][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.495789][    T9] usbtest 6-1:1.231: Linux gadget zero
[  503.497819][    T9] usbtest 6-1:1.231: high-speed {control in/out int-out} tests (+alt)
[  503.710579][    T9] usb 6-1: USB disconnect, device number 25
[  504.490889][    T9] usb 2-1: new low-speed USB device number 56 using dummy_hcd
[  504.873128][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  504.876427][    T9] usb 2-1: config 0 has no interface number 0
[  504.878917][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  504.887982][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  504.894304][    T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  504.898021][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.904746][    T9] usb 2-1: config 0 descriptor??
[  504.916601][    T9] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  505.113287][    T9] usb 2-1: USB disconnect, device number 56
[  505.203200][T19168] loop5: detected capacity change from 0 to 512
[  505.223339][T19168] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  505.238861][   T33] audit: type=1800 audit(505.096:145): pid=19168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.5320" name="file1" dev="loop5" ino=15 res=0 errno=0
[  505.313948][T19168] loop5: detected capacity change from 512 to 0
[  505.319024][    C0] I/O error, dev loop5, sector 64 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[  505.325116][T19172] syz.5.5320: attempt to access beyond end of device
[  505.325116][T19172] loop5: rw=524288, sector=82, nr_sectors = 2 limit=0
[  505.332143][T19172] syz.5.5320: attempt to access beyond end of device
[  505.332143][T19172] loop5: rw=0, sector=82, nr_sectors = 2 limit=0
[  505.338017][T19172] syz.5.5320: attempt to access beyond end of device
[  505.338017][T19172] loop5: rw=524288, sector=70, nr_sectors = 2 limit=0
[  505.347264][T19172] syz.5.5320: attempt to access beyond end of device
[  505.347264][T19172] loop5: rw=524288, sector=74, nr_sectors = 2 limit=0
[  505.352701][T19172] syz.5.5320: attempt to access beyond end of device
[  505.352701][T19172] loop5: rw=524288, sector=76, nr_sectors = 2 limit=0
[  505.357927][T19172] syz.5.5320: attempt to access beyond end of device
[  505.357927][T19172] loop5: rw=524288, sector=78, nr_sectors = 2 limit=0
[  505.363246][T19172] syz.5.5320: attempt to access beyond end of device
[  505.363246][T19172] loop5: rw=12288, sector=72, nr_sectors = 2 limit=0
[  505.368363][T19172] EXT4-fs error (device loop5): ext4_get_inode_loc:4999: inode #15: block 36: comm syz.5.5320: unable to read itable block
[  505.375319][T19172] syz.5.5320: attempt to access beyond end of device
[  505.375319][T19172] loop5: rw=145409, sector=2, nr_sectors = 2 limit=0
[  505.380645][T19172] buffer_io_error: 4294 callbacks suppressed
[  505.380659][T19172] Buffer I/O error on dev loop5, logical block 1, lost sync page write
[  505.386404][T19172] EXT4-fs (loop5): I/O error while writing superblock
[  505.389132][T19172] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: IO failure
[  505.393079][T19172] syz.5.5320: attempt to access beyond end of device
[  505.393079][T19172] loop5: rw=145409, sector=2, nr_sectors = 2 limit=0
[  505.398288][T19172] Buffer I/O error on dev loop5, logical block 1, lost sync page write
[  505.401867][T19172] EXT4-fs (loop5): I/O error while writing superblock
[  505.404592][T19172] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #15: comm syz.5.5320: mark_inode_dirty error
[  505.409171][T19172] syz.5.5320: attempt to access beyond end of device
[  505.409171][T19172] loop5: rw=145409, sector=2, nr_sectors = 2 limit=0
[  505.414870][T19172] Buffer I/O error on dev loop5, logical block 1, lost sync page write
[  505.420445][T19172] EXT4-fs (loop5): I/O error while writing superblock
[  505.423419][   T33] audit: type=1800 audit(505.286:146): pid=19172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.5320" name="file1" dev="loop5" ino=15 res=0 errno=0
[  505.533383][   T32] EXT4-fs error (device loop5): __ext4_get_inode_loc_noinmem:4984: inode #15: block 36: comm kworker/u9:1: unable to read itable block
[  505.542915][   T32] Buffer I/O error on dev loop5, logical block 1, lost sync page write
[  505.546422][   T32] EXT4-fs (loop5): I/O error while writing superblock
[  505.556368][T16537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  505.579131][T16537] Buffer I/O error on dev loop5, logical block 1, lost sync page write
[  505.584639][T16537] EXT4-fs (loop5): I/O error while writing superblock
[  505.592461][T19169] Buffer I/O error on dev loop5, logical block 17, lost sync page write
[  505.904720][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.073512][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.152471][T19187] loop1: detected capacity change from 0 to 32768
[  506.234182][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.371732][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.403928][ T5238] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  506.420826][ T5238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  506.422812][T19198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5334'.
[  506.427424][ T5238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  506.448955][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  506.453846][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  506.688125][   T12] bridge_slave_1: left allmulticast mode
[  506.699447][   T12] bridge_slave_1: left promiscuous mode
[  506.702336][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.713738][   T12] bridge_slave_0: left allmulticast mode
[  506.716033][   T12] bridge_slave_0: left promiscuous mode
[  506.718356][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.304613][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  507.311337][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  507.316387][   T12] bond0 (unregistering): Released all slaves
[  507.329544][   T12] bond1 (unregistering): (slave veth7): Releasing active interface
[  507.334868][   T12] bond1 (unregistering): Released all slaves
[  507.347167][   T12] bond2 (unregistering): Released all slaves
[  507.520799][   T12] tipc: Left network mode
[  507.617066][T19192] chnl_net:caif_netlink_parms(): no params data found
[  507.666838][T19234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5348'.
[  507.672912][T19234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5348'.
[  507.677350][T19234] netlink: 'syz.3.5348': attribute type 30 has an invalid length.
[  507.828282][   T12] hsr_slave_0: left promiscuous mode
[  507.835225][   T12] hsr_slave_1: left promiscuous mode
[  507.837922][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  507.840739][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  507.848239][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  507.853802][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  507.895855][   T12] team_slave_0: left promiscuous mode
[  507.898053][   T12] team_slave_1: left promiscuous mode
[  507.900400][   T12] veth1_macvtap: left promiscuous mode
[  507.902293][   T12] veth0_macvtap: left promiscuous mode
[  507.904203][   T12] veth1_vlan: left promiscuous mode
[  507.905959][   T12] veth0_vlan: left promiscuous mode
[  508.308233][   T33] audit: type=1326 audit(508.166:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19246 comm="syz.1.5351" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b1ab8ebe9 code=0x0
[  508.522409][ T5848] Bluetooth: hci0: command tx timeout
[  509.723588][T19255] netlink: 'syz.1.5354': attribute type 2 has an invalid length.
[  509.735439][T19255] netlink: 'syz.1.5354': attribute type 2 has an invalid length.
[  509.893034][T19259] netlink: 'syz.1.5356': attribute type 10 has an invalid length.
[  510.281998][   T12] team0 (unregistering): Port device team_slave_1 removed
[  510.338798][   T12] team0 (unregistering): Port device team_slave_0 removed
[  510.600195][ T5848] Bluetooth: hci0: command tx timeout
[  510.941330][T19192] bridge0: port 1(bridge_slave_0) entered blocking state
[  510.944290][T19192] bridge0: port 1(bridge_slave_0) entered disabled state
[  510.947077][T19192] bridge_slave_0: entered allmulticast mode
[  510.951494][T19192] bridge_slave_0: entered promiscuous mode
[  510.970146][T19259] team0: Port device netdevsim0 added
[  510.988941][T19192] bridge0: port 2(bridge_slave_1) entered blocking state
[  511.014325][T19192] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.017186][T19192] bridge_slave_1: entered allmulticast mode
[  511.047446][T19192] bridge_slave_1: entered promiscuous mode
[  511.106445][T19271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5361'.
[  511.112644][T19271] netlink: 'syz.1.5361': attribute type 21 has an invalid length.
[  511.125765][T19192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  511.153738][T19192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  511.252553][T19192] team0: Port device team_slave_0 added
[  511.268458][T19192] team0: Port device team_slave_1 added
[  511.332713][T19192] batman_adv: batadv0: Adding interface: batadv_slave_0
[  511.335652][T19192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  511.346550][T19192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  511.354207][T19192] batman_adv: batadv0: Adding interface: batadv_slave_1
[  511.357033][T19192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  511.370298][T19192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  511.444447][T19192] hsr_slave_0: entered promiscuous mode
[  511.447831][T19192] hsr_slave_1: entered promiscuous mode
[  511.452671][T19192] debugfs: 'hsr0' already exists in 'hsr'
[  511.455152][T19192] Cannot create hsr debugfs directory
[  511.534931][   T12] ------------[ cut here ]------------
[  511.537193][   T12] WARNING: CPU: 1 PID: 12 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x270/0x2f0
[  511.541603][   T12] Modules linked in:
[  511.544780][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  511.551073][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  511.556052][   T12] Workqueue: netns cleanup_net
[  511.558044][   T12] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[  511.560496][   T12] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c8 30 01 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 36 ed e1 f7 e8 11 c3 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 03 c3 9d f7 90 0f 0b 90 e9 60 fe ff ff
[  511.568267][   T12] RSP: 0018:ffffc900000f7898 EFLAGS: 00010293
[  511.570823][   T12] RAX: ffffffff8a21e87f RBX: ffff88802a208000 RCX: ffff88801ba85640
[  511.574039][   T12] RDX: 0000000000000000 RSI: ffffffff8dba6073 RDI: ffff88801ba85640
[  511.577258][   T12] RBP: ffffc900000f79b0 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6
[  511.580625][   T12] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffffffff8f630b20
[  511.583917][   T12] R13: 1ffff9200001ef40 R14: ffff88802a209480 R15: dffffc0000000000
[  511.587378][   T12] FS:  0000000000000000(0000) GS:ffff8881a3c1c000(0000) knlGS:0000000000000000
[  511.591176][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  511.593880][   T12] CR2: 00007f016d7a8fc8 CR3: 0000000032da0000 CR4: 00000000000006f0
[  511.597099][   T12] Call Trace:
[  511.598509][   T12]  <TASK>
[  511.599860][   T12]  xfrm_net_exit+0x2d/0x70
[  511.601725][   T12]  ops_undo_list+0x49a/0x990
[  511.603640][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[  511.605730][   T12]  ? do_raw_spin_unlock+0x4d/0x240
[  511.607866][   T12]  cleanup_net+0x4c5/0x800
[  511.609893][   T12]  ? __pfx_cleanup_net+0x10/0x10
[  511.611932][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  511.614009][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  511.616346][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  511.618557][   T12]  process_scheduled_works+0xae1/0x17b0
[  511.620884][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  511.623327][   T12]  worker_thread+0x8a0/0xda0
[  511.625203][   T12]  kthread+0x711/0x8a0
[  511.626869][   T12]  ? __pfx_worker_thread+0x10/0x10
[  511.629032][   T12]  ? __pfx_kthread+0x10/0x10
[  511.631074][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  511.633220][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  511.635353][   T12]  ? __pfx_kthread+0x10/0x10
[  511.637243][   T12]  ret_from_fork+0x3fc/0x770
[  511.639844][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  511.642012][   T12]  ? __switch_to_asm+0x39/0x70
[  511.643899][   T12]  ? __switch_to_asm+0x33/0x70
[  511.645815][   T12]  ? __pfx_kthread+0x10/0x10
[  511.647474][   T12]  ret_from_fork_asm+0x1a/0x30
[  511.649309][   T12]  </TASK>
[  511.650519][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  511.652951][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  511.656838][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  511.659957][   T12] Workqueue: netns cleanup_net
[  511.661455][   T12] Call Trace:
[  511.662675][   T12]  <TASK>
[  511.663931][   T12]  dump_stack_lvl+0x99/0x250
[  511.665858][   T12]  ? __asan_memcpy+0x40/0x70
[  511.667671][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  511.669359][   T12]  ? __pfx__printk+0x10/0x10
[  511.670824][   T12]  vpanic+0x281/0x750
[  511.672065][   T12]  ? __pfx__printk+0x10/0x10
[  511.673619][   T12]  ? __pfx_vpanic+0x10/0x10
[  511.675049][   T12]  ? is_bpf_text_address+0x292/0x2b0
[  511.676697][   T12]  panic+0xb9/0xc0
[  511.678049][   T12]  ? __pfx_panic+0x10/0x10
[  511.679496][   T12]  __warn+0x31b/0x4b0
[  511.680908][   T12]  ? xfrm_state_fini+0x270/0x2f0
[  511.682739][   T12]  ? xfrm_state_fini+0x270/0x2f0
[  511.684327][   T12]  report_bug+0x2be/0x4f0
[  511.685755][   T12]  ? xfrm_state_fini+0x270/0x2f0
[  511.687373][   T12]  ? xfrm_state_fini+0x270/0x2f0
[  511.688991][   T12]  ? xfrm_state_fini+0x272/0x2f0
[  511.690692][   T12]  handle_bug+0x84/0x160
[  511.692018][   T12]  exc_invalid_op+0x1a/0x50
[  511.693691][   T12]  asm_exc_invalid_op+0x1a/0x20
[  511.695654][   T12] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[  511.697741][   T12] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c8 30 01 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 36 ed e1 f7 e8 11 c3 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 03 c3 9d f7 90 0f 0b 90 e9 60 fe ff ff
[  511.703910][   T12] RSP: 0018:ffffc900000f7898 EFLAGS: 00010293
[  511.705831][   T12] RAX: ffffffff8a21e87f RBX: ffff88802a208000 RCX: ffff88801ba85640
[  511.708355][   T12] RDX: 0000000000000000 RSI: ffffffff8dba6073 RDI: ffff88801ba85640
[  511.710829][   T12] RBP: ffffc900000f79b0 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6
[  511.713319][   T12] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffffffff8f630b20
[  511.715749][   T12] R13: 1ffff9200001ef40 R14: ffff88802a209480 R15: dffffc0000000000
[  511.718288][   T12]  ? xfrm_state_fini+0x26f/0x2f0
[  511.720312][   T12]  ? xfrm_state_fini+0x26f/0x2f0
[  511.722316][   T12]  xfrm_net_exit+0x2d/0x70
[  511.723905][   T12]  ops_undo_list+0x49a/0x990
[  511.725358][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[  511.726885][   T12]  ? do_raw_spin_unlock+0x4d/0x240
[  511.728445][   T12]  cleanup_net+0x4c5/0x800
[  511.729846][   T12]  ? __pfx_cleanup_net+0x10/0x10
[  511.731342][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  511.732974][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  511.734742][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  511.736494][   T12]  process_scheduled_works+0xae1/0x17b0
[  511.738233][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  511.740087][   T12]  worker_thread+0x8a0/0xda0
[  511.741565][   T12]  kthread+0x711/0x8a0
[  511.742841][   T12]  ? __pfx_worker_thread+0x10/0x10
[  511.744453][   T12]  ? __pfx_kthread+0x10/0x10
[  511.745909][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  511.747553][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  511.749070][   T12]  ? __pfx_kthread+0x10/0x10
[  511.750444][   T12]  ret_from_fork+0x3fc/0x770
[  511.751832][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  511.753409][   T12]  ? __switch_to_asm+0x39/0x70
[  511.754896][   T12]  ? __switch_to_asm+0x33/0x70
[  511.756392][   T12]  ? __pfx_kthread+0x10/0x10
[  511.757965][   T12]  ret_from_fork_asm+0x1a/0x30
[  511.759936][   T12]  </TASK>
[  511.761874][   T12] Kernel Offset: disabled
[  511.763321][   T12] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:09:00  Registers:
info registers vcpu 0

CPU#0
RAX=00007f1333d3a5a8 RBX=00007ffc9eea63b0 RCX=00007f1333f78120 RDX=0000000000000000
RSI=00007f1333e11c9a RDI=00007ffc9eea64b9 RBP=0000000000000009 RSP=00007ffc9eea5e40
R8 =0000000000000000 R9 =0000000000000000 R10=00000000ffffffff R11=0000000000000000
R12=0000000000000073 R13=00007ffc9eea84f0 R14=0000000000000000 R15=0000000000000000
RIP=00007f1333d3a216 RFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556bb0c500 ffffffff 00c00000
GS =0000 0000000000000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1334aed9b8 CR3=000000010deef000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000ff0000ff00 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=000490000a900300 0488000a88030004 XMM03=0000000000000000 0000000000000000
XMM04=000000ff00000000 0000000000000000 XMM05=000055556bb206dc 000055556bb20650
XMM06=000055556bb2a374 000055556bb2a370 XMM07=060c0168fc028208 000ab00302049000
XMM08=013db00100000208 0601880301000004 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900000f7030
R8 =ffff888106968237 R9 =1ffff11020d2d046 R10=dffffc0000000000 R11=ffffffff854f0330
R12=dffffc0000000000 R13=ffffffff99af98d1 R14=ffffffff99dee3e0 R15=0000000000000000
RIP=ffffffff854f03ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f016d7a8fc8 CR3=0000000032da0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f016cb87498 00007f016cb87470 XMM03=00007f016cb874a8 00007f016cb874a0
XMM04=00007f016d6ed100 00007f016cb87460 XMM05=00007f016cb87478 00007f016cb874c0
XMM06=00007f016cb874b8 00007f016cb874b0 XMM07=00007f016cb874a8 00007f016cb874a0
XMM08=c83c9ddbaf0ab46c be76974a1440c447 XMM09=0000000000000000 00007f016ca12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
