last executing test programs:

3m55.946004818s ago: executing program 2 (id=540):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r1 = memfd_create(&(0x7f0000000740)='\x00\xac=W[[\x87\x12\x04\xd5\xbc\x80K\x06\xcd]4(\xa2\xee2A7:n\x8c\xa7P\x1a\x87\xd9c\xecR\xd6\xe8\xf3Y\x12\"p^\xc1\x0f\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x19M\xc2N%\x93t[\xf3\xee\xa4\xb4\xfbf\x8dz7\\\x8e\xac\x18\x00\xfd\x89\xe1d\xfa\xcfb\xf3\xdc\xd4CY\x9a\xef\xa3\\\xa7\xa9^\xafL:[\x8e\x83U\xff\xfd\xff\xfa\xdaL\xa99\x9b\xcfA\xe4n\xa0^\n\x1c\x84\x04\xc5a\xdf\xe5\xd4Hyn\xba:/\xa5\xf4\xaa\xfa\xcd\xc7T\x83\xf5N^\xf2n\xd0=\xb9\t\xdd-F\xacb\xac \xd3\xccj\x13\xa2\x9fLu\'\xed\x91\x867\xaa\xf5\xa0]\xb6\xaa\xea\xfd\xde\xa6\xec\b\x16\x86l:;\xf9\xdb\xcf\x88\"\xca\xe0E\xdb\xec\xf9\xb3\xed\a\x00\x00\x00\x00\x00\x00\x00\xd6.\xf7\x92\xc42\xdf\xefE\xce}\x1b\xda\xdd?\n6\xe1\xb1\xd8Y\x960\xd1\x00\x00\x00\x00\x00\x00MW\x8f\xc6\x82\xe4\x15\xf7\xe9\xd8\xc5b\x0e\x91\xc5\xc76$\x18\xa4\xbe\xe8V\x8d-\xe3\x8fC\xd5\xf5\xd6L\xe3\xce\xa1\x8dz\xce\xa7\xa5\xc8\xcbhM\x1b\xf8\x98\xc4\xfbD6\x88\xfd\xe5i\x8a\xd8\xcfm\x81Z\x19\xf0\xef\xc15\xe8\xcb\xf5\t\t\x00\x17\xfa\x1fqb\xe7\"\xcb4\xb8\xe5/\xd52\x17\x12\x1d\x04\x00\xb9|\x8d\x83\xea\xcc\x94\xebZ\xae\xaf\x19\xa4\xb2\xc6\xe1\x926B\xb6\x89Z\xa9\xb5/\xbb\x9d&\xeeO\xb3\xb3\xd4\bB\xa9f\x84\xad\t\x1a\xc2\xd5\x88\xbfo\x80V\x93\x9fl\xd7\xff\x03\xb7J\xed\x183\xe3\x7f\xfaq,\xca\x06\xb0\xc9\x92\x93\xa5I\x89\xb7\x85\x90\xb7\x1b0\xce\xd7!\x8fD\x96\xe1 ^>\x9f\x04\x89<\xb7S\x7f\x1a\x88\xab$\xd3y\xc2\xe1\x99\xbch\xd3\x83\xcd\x7f\xc5n\xb1\xc1X \x90\xbb\x1f\x01\x90\xb1O\x8d\x7f\xa8\xd4\xdbO\xef\x99\xf3\xd1M\x0f\t\x7f\n,\x84\x1f\xfa\xe2\xc8\x99\x97Oq\xae\x9b\x86h\xfa3\xb9\xfd\xbb\xd4^\xc0t\xa7]Y\xe9\x7f[\x11\xb1\xf3m\x17F\x9d\x18\xe2\xe1\x01\xb6f=-?\xbcI\xf2\xd9\xc4>-\xc0E\x9a\x82\xcc7S\xd4\xb6\'\xd2DY\xa5\x83,\xd1\xbc\xc7\xf6\xe0\x1f o\x06\xc2t\x14\xc2\xe0\x92\xc1\x8a\x85>@\xc9\xb0% \xc7\x13l\x8bJ\xe5\xec\x1dE\xf5\xc5\xe2\xe3\x10G7r#\xbc\x95&\x14\x1e\x97\xce\x83>Q@\xfb\xeb=\x1e\xb3\xd5H\x02\x86\xc6\xf3\xe1i\\\x1d\xf4\xc1\xacJC+\xc8}\x1b{\x86\x17\x00\n\"\xec\xa5x\xe6\xb1i\xeb\xb3\xb7I\x90\x9eai\xde\x01\xdc\xfeA\x05Sn\xe6\xe8^\xdf\x8c`\x17\xca\xbd\\QG\xb15\x82*=\xbd\xe9\xaf\x12<\xd7\xe1$\xa4\xdaU\xfb^\xd8!\xacxy\xd5X\xef\x03\xa7\x10\xa1C#S~\x0f\x17\t>X\\mv0\x9eZ\x89\xf4\xae\a\xc8\x16\xd2o\x16\xf3X%Q\xbd\xe9\x86V\xf2\x99^0\xe8xI(\xde-\x04s\x15\x06#2\xef\xef@\xa3t0d^^\xad\xf6\xad\xe0\x16\xf6\xa8\x99!\x0e\x9d+;D&\xebN\x94\x12\x04\x95o\xd6\x9fl\xcb\x16gc\xf5(\xaa_\xec\x9aiE\f\xd4\xc6\xf2\xae\x85n\x995\xcd\xa7\xbb\xf0pz\xff\x0f\x00\x00\x00\x00\x00\x00Li\r\x95Z\x89\"_\xe4\xba\xd4\x93\xab\xe1\xb9\xd8E[\xbb\xc9.M+\xbe\x81<z\xf2\xe8\xf4\x93\xe6h\x97\x7f\xaf\xc5\x06g\fI\xa5\xed\x05\x12\x0f\x0eu\xe5 \xfe\xcdMX\xb5X\x838\xf5\x18x\xc9\xb9\x03\t\x06\x96g\x8a5\xb0\xc8\x86\x14\xe2\x01\x1f\x80\xe7Ol\xba\x93\xaa\x15\x87I7W\x87\xc4;p\xc5\x1e\"K5r\xec6\xac\xf0\x1f\xf8 \xad\xc9\xf0\x16\xce\x17\xa1%f\x12\x80\x03N[qz\xf0q\xbd\xb8s\xe5>N\xd2\xae\xf4\x18\xd0\xe7\x98\x90,\xce\ft\xc4\xc7\x02\xaa\xc7\xeb1;\x86b)\x12{k#c\x1d@\xc31\x00\xd2}f\x8cX\xce\xed\xa4\xe4\xca\x00\x00\x00\x00\x00\x03\xfcWZ!<\x16a5ZL.\xe6\x15]\xebY\xaa\xbea\x8e\xdc\xc52r\"\xea\x9e\x03\x11&\xc3JU\xa7\xd6\x8a\xf8\xae>S\xdew\x94\x01\x88K\xe6\x86\xaf)hW\xc8\\/Pl\x9b\x1b\xf2\xf1_\xbb\xaa\xc9?\xf7\xae\x13\xc2\f=\x059\x1c\xb7\x1ca\xe4\xb8C[\x06\x8c\f%l\x19I\x1fq9y)\xaf~~\xa8\xaf\'S\xf0kA\xa8\x93\x8a\xd3\x98\xbf[5\x0f\x05\"\xbd4h\xd9\xd4\xb8\x17P\xb4\xa7\xd6\x03\x86\xe6\xb0\x90W\xc3\xbd\xcb\x1er\xc4e\xc2\x96\r\x15\x84\xda\x16m\xc7\x19g\x83O\a=\xcb\'\xb7E\xc2\xd3L\xd5\xe5\xc2&L\xebjb\xfaOBc\x95\xb7\x97[\xcd$n\xbcO\x81\x03\xc3e:C&\"\x06B:\xa4\xe9\xab\x95DG(^\xd7\xb4\x8e5\x1a\xdb\xcf\x12\xccV\xb7\x98i\xfb\xadv\xb3', 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000c, 0x11, r1, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {0x0, 0x401, 0x1}, 0x10, [0x1, 0x101, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x10, 0x4, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5f1], [0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x6, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x200, 0x0, 0x2, 0x23, 0x0, 0xeae2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x0, 0x2, 0x0, 0x7, 0x0, 0x0, 0x9, 0xffff], [0x4, 0xfc, 0x8f58, 0x465b, 0x0, 0xb67f75c, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfff, 0x71f, 0xa5f, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x4000, 0xdffffffc, 0xfffffffc, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)

3m55.665759554s ago: executing program 2 (id=542):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000040000000400000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000800000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m55.665510546s ago: executing program 2 (id=543):
syz_mount_image$vfat(&(0x7f0000000a40), &(0x7f0000000000)='./file1\x00', 0x2010000, &(0x7f0000000940)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d63703836352c73686f72746e616d653d6d697865642c636f6465706167653d3836392c726f6469722c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c696f636861727365743d6370313235352c636865636b3d7374726963742c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c004c21fbd23364597e61bd9e6c47bce24b3f93d831eaa8688deebdbf10d10f509bad0fabd2253225b10ce42f4dc8b613d3585bcb3b5892369a7a4e0325cb6510"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==")
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f00000000c0)=""/55, 0x37)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

3m55.371749583s ago: executing program 2 (id=548):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000001880)={[{@noadinicb}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x400}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@longad}]}, 0xfd, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file1\x00', 0x4000, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000ac0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]})

3m55.148002026s ago: executing program 2 (id=552):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000100000000002c0012800b00010067726574617000001c00028006000e000200000006000f000700000008000700ac141428080001"], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0)

3m54.724366422s ago: executing program 2 (id=558):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071004300000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

3m54.472318613s ago: executing program 32 (id=558):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071004300000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

3m49.995531057s ago: executing program 1 (id=595):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/pm_debug_messages', 0x100102, 0x0)
sendfile(r0, r0, 0x0, 0x6)

3m49.945677404s ago: executing program 1 (id=596):
r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000440)={0x0, &(0x7f0000000040)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000700)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000480)={0x0, 0x0, r2, r3, 0x0, 0x2, 0x6, 0xa, {0x141, 0x7f, 0x180, 0x30b8, 0xfdf8, 0x2025, 0x7, 0x4, 0x0, 0x3, 0xfffe, 0x9, 0x5, 0xfffffffd, "12d5d7287bd287881d942450c7153a3243937ca92a4ccc476b1500"}})

3m49.895348492s ago: executing program 1 (id=597):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000480)=0x51f6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mount$9p_unix(0x0, &(0x7f0000003600)='.\x00', 0x0, 0x2000000, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$sndctrl(0x0, 0x8002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
clock_getres(0x3, 0x0)

3m48.493607915s ago: executing program 1 (id=600):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3813009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000200)='proc\x00', 0x16, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

3m48.311264016s ago: executing program 1 (id=601):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
r1 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020)

3m48.222154829s ago: executing program 1 (id=604):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)={0x54, r1, 0x101, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "b168fa3167"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac09}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0)

3m48.111860269s ago: executing program 33 (id=604):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)={0x54, r1, 0x101, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "b168fa3167"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac09}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0)

42.935320552s ago: executing program 3 (id=3586):
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./file1\x00', 0x800, &(0x7f00000024c0)=ANY=[@ANYBLOB='iocharset=maceceland,umask=00000000000000000000005,gid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=continue,iocharset=maccroatian,errors=continue,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c696f636861727365743d63703433372c6572726f72733d636f6e74696e75652c666d61736b3d30303030303030303030303030303030303030303030302c005cfb6cadb737c3b7524172"], 0x1, 0x1527, &(0x7f00000006c0)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yV83t56/+/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVuQEgDtEeVFBtHaVRCVRWbRxVcTdoqqoKqqJ6qKGqClqilqilqgtaos6oo6oK+qKeuIhUV/0wn74iLjQmUZiMDYWQ7CJaCrkpU+wlmIYthKtRRvxlBiBw7GdaOmSxLOivRiNHcRfxBh8XnQS47CzeFF0EV1FN/GS6C5auR6ip5iEvURvMRX7iL6in+gvZmB18QHOzllDvC5SxGAxRLwh5uObYph4SwwXI8RI8bYYJd4Ro8UYMVaME6livJgg3hUTxXtikpgspoipIk1ME9PF+2KGmClmiQ/EbPGhmCPminlivkgXH4kFYqHIEB+LReITkSkWiyViqVgmlosVYqVYJVaLNWKtWCfWiw1io9gkNostYqvYJraLHeJTsVN8JnaJ3WKP+FzsFV+IfeJLsV98JQ6Ir0WW+EYcFN+KQ+I7cVh8L46IH8RRcUwcFz+KE+IncVKcEqfFGXFW/CzOiV/EeeEFSJRCSqlkIGNkDhkrc8o4eY3MJYNLz+71Ml7eIPPIG2VemU/mlwVkgiwoC0ktjbSSZCgLyyIyKm+SReXNspgsLkvIktLJUjJR3iJLy1tlGXmbLCtvl+XkHbK8rCArykryTllZ3iUhcnEf1WR1WUPWlPfKZLhP1pb3yzryAVlXPijryYdkffmwbCAfkQ3lo7KRfEw2lo/LJrKpbCabyxbyCdlSPilbydayjXxKtpVPy3byGZkkn5Xtpb/0EnledpIvyM7yRdlFdpXd5C/yvPSyh+wpoRfI3vIV2Uf2lf1kfzlAvioHytfkIPm6TJGD5RD5hhwq35TD5FtyuBwhR8q35Sj5jhwtx8ixcpxMlePlBPmunCjfk5PkZDlFTpVpcprsd2mmWVL+V35O+OP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zHJY/U4narH6wn6XT1Rv6cn6cl6ip6q0/Q0PV2/r2fomXqW/kDP1h/qOXqunqfn63T9kV6gF+oM/bFepD/RmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/VO/Vnepferffoz/Ve/YXep7/U+/VX+oD+Wmfpb/RB/a0+pL/Th/X3+oj+QR/Vx/Rx/aM+oX/SJ/UpfVqf0Wf1z/qc/kWf1/7Cyf2Fr3ejjDIxJsbEmlgTZ+JMLpPL5Da5TcRETLyJN3lMHpPX5DX5TX6TYBJMIVPIXECGTGFT2ERN1BQ1RU0xU8yUMCWMM84kmkRT2pQ2ZUwZU9aUNeVMOVPelDcVTUVzp7nT3GXuMnebu8095h5T3VQ3NU1NU8vUMrVNbVPH1DF1TV1Tz9Qz9U1908A0MA1NQ9PINDKNTWPTxDQxzUwz08K0MC1NS9PKtDJtTBvT1rQ17Uw7k2SSTHvT3nQwHUxH09F0Mp1MZ9PZdDFdTDfTzXQ33U0P08Mkm2TT2/Q2fUwf08/0MwPMADPQDDSDzCCTYlLMEDPEDDVDzTAzzAw3I8zICyeq5h0z2owxY804k2pSzQQzwUw0E80kM8lMMVNMmkkz0810M8PMMLPMLDPbzDZzzBwzz8wz6SbdLDALTIbJMIvMIpNpMs0Ss8QsM8vMCrPCrDKrzBqzxqyDdWaD2WA2mU1mi9litpltZofZYXaanWaX2WX2mD1mr9lr9pl9Zr/Zbw6YAybLZJmD5qA5ZA6Zw+awOWKOmKPmqDlujpsT5oQ5aU6a0+a0OWvyXfq+9CbW5rRx9hqby15rc9vr7N/G+W0Bm2AL2kJW27w2329iY60tZovbErakdbaUTbS3/C4ubyvYiraSvdNWtnfZKr+La9n7bG17v61jH7A17b2/ievaB209+5itjwhgm9qGtrltZB+zje3jtoltapvZ5ratfdq2s8/YJPusbW+f+128wC60q+xqu8autbvsbnvanrGH7Hf2rP3Z9rA97QD7qh1oX7OD7Os2xQ7+XTzSvm1H2XfsaDvGjrXjfhdPsVNtmp1mp9v37Qw783dxuv3IzrYZdo6da+fZ+b/GF2rKsB/bRfYTm2kDWGKX2mV2uV1hV/5XrUvtervBbrQ77Wd2i91qt9ntdsflE2G72+6xn9u99gt70H5r99uv7AF72GbZb36NLxzfYfu9PWJ/sEftMXvc/mhP2J/U5ewLx/6j/cWet94CIQFJUhRQDOWgWMpJcXQN5aJrKTddRxG6nuLpBspDN1Jeykf5qQAlUEEqRJoMWSIKqTAVoSjdRJfLK0ElyVEpSqRbqDTdSmXoNipLt1M5uoPKUwWqSJXoTqpMd1EVupuq0j1UjapTDapJ91Ituo9q0/1Uhx6guvQg1aOHqD49TA3oEWpIj1Ijeowa0+PUhJpSM2pOLegJaklPUitqTW3oKWpLT1M7eoaS6FlqT89RB/oLdaTnqRO9QJ3pRepCXakbvUTd6WXqQT0pmXpRb3qF+lBf6kf9aQC9SgPpNRpEr1MKDaYh9AYNpTdpGL1Fw2kEjaS3aRS9Q6NpDI2lcZRK42kCvUsT6T2aRJNpCk2lNJpG0+l9mkEzaRZ9QLPpQ5pDc2kezad0+ogW0ELKoI9pEX1CmbSYltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRttpB31KO+kz2kW7aQ99TnvpC9pHX9J++ooO0NeURd/QQfqWDtF3dJi+9z3pBzpKx+g4/Ugn6Cc6SafoNJ2hs/QznaNf6Dx5ghBDEcpQhUEYE+YIY8OcYVx4TZgrvDbMHV4XRsLrw/jwhjBPeGOYN8wX5g8LhAlhwbBQqEMT2pDCMCwcFgmj4U1h0fDmsFhYPCwRlgxdWCpMDG8JS4e3hmXC28Ky4e1hufCOsHxYIXzsgUrhnWHl8K6wSnh3WDW8J6wWVg9rhDXDe8Na4X1h7fD+sE74QFgmfDCsFz4U1g8fDhuEj4QNw0fDRuFjYePw8bBJ2DRsFjYPW4RPhC3DJ8NWYeuwTfhU2DZ8OmwXPhMmhc+G7cPnfl3/4MK/vz457BX2Dl8JXwm9v1/Oi86Ppkc/ii6ILoxmRD+OLop+Es2MLo4uiS6NLosuj66Iroyuiq6Oromuja6Lro9uiG6Mel8zBzh0wkmnXOBiXA4X63K6OHeNy+WudbnddS7irnfx7gaXx93o8rp8Lr8r4BJcQVfIaWecdeRCV9gVcVF3kyvqbnbFXHFXwpV0zpVyia65a+FauJbuSdfKtXZt3FPuKfe0e9o9455xz7r27jnXwf3FdXTPu07uBfeCe9F1cV1dN/eS6+7G5774nkx2vV1v18f1cf1cPzfADXAD3UA3yA1yKS7FDXFD3FA31A1zw9xwN9yNdCPdKDfKjXaj3Vg31qW6VDfBTXAT3UQ3yU1yU9wUl+bS3HQ33c1wM1zlmRf3MsfNcfPcPJfu0t0Cd+GcMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/x1Fyd1e90+t8/td/vdAfe1y3LfuIPuW3fIfecOu+/dEfeDO+qOuePuR3fC/eROulPutDvjzrqf3Tn3izvvvEuNjI9MiLwbmRh5LzIpMjkyJTI1khaZFpkeeT8yIzIzMivyQWR25MPInMjcyLzI/Eh65KPIgsjCSEbk48iiyCeRzMjiyJLI0siyyPKI9wW3hL6wL+Kj/iZf1N/si/nivoQv6Z0v5RP9Lb60v9WX8bf5sv52X87f4cv7Cr6if9w38U19M9/ct/BP+Jb+Sd/Kt/Zt/FO+rX/at/PP+CT/rG/vn/Md/F98R/+87+Rf8J39i76L7+q7+Zd8d/+y7+F7+mTfy/f2r/g+vq/v5/v7Af5VP9C/5gf5132KH+yH+Df8UP+mH+bf8sP9CD8y5m0/6vIlMozzqX68n+Df9RP9e36Sn+yn+Kk+zU/z0/37foaf6Wf5D/xs/6Gf4+f6eX6+T/cf+QV+oc/wH/tF/hOf6RdfvqnsV/iVfpVf7df4tX6dX+83+I1+k9/st/itfpvf7nf4T/1O/5nf5Xf7Pf5zv9d/4ff5L/1+/5U/4L/2Wf4bf9B/6w/57/xh/70/4n/wR/0xf9z/6E/4n/xJf8qf9mf8Wf+zP+d/8ef5d9YYY4wxxv4p468MxW/XXLyd3+sPcsRfbdwbAK7dWiDrr9dfOKNcl/fiuK9IaBsBgGd7dn7k8lKtWnJy8qVtMyUEReYCXP6foAti4Eq8GNrA05AEraH0H9bfV3Q9S/9g/ujtAHF/lRMLV+Ir838JgMl/MP8TT41cUC48Hf//mX8uQLEiV3JywpV4MbT59f5Kayjzd+rP1/If1J/zq1SAVn+VkwuuxFfqT4Qn4TlI+s2WjDHGGGOMMcbYRX1FxY6Xrz8v/8TnH12fJ6grOTngSvyPrs8ZY4wxxhhjjDF29T3ftdszTyQlte74rw+q/Ley/ulBY/ifmpkHfzjwHuDyIwoA/s0JAS4M5H/yKDb/R/aVcumt87erlp3xAfzvaOWfMbjKH0yMMcYYY4yxP92Vk/7fPq6uVkGMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlg29J/4c2JX+xgZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxq+3/BQAA//8vPgKm")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000080)=""/29, 0x1d)
getdents64(r0, 0xfffffffffffffffe, 0x29)

42.803016627s ago: executing program 3 (id=3589):
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
socket$inet6(0x10, 0x2, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x24c401, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r1], 0x3c}}, 0x10)

42.704337626s ago: executing program 3 (id=3591):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000070000e9070004000a010101080005"], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x20040040)

42.632575141s ago: executing program 3 (id=3593):
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x1000)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x80fe)

42.547562137s ago: executing program 3 (id=3594):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40800, 0x0)
read$FUSE(r3, &(0x7f0000002ac0)={0x2020}, 0x2020)

42.452469298s ago: executing program 3 (id=3595):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000200)={0x409a090a, 0x101, "eb38845cf6f2e168f59e5c708b4cddb9f54e0bd29a8afaea3096d9061a2df0c1", 0x10001, 0x1, 0x1000000, 0x0, 0x1000, 0xc, 0x400009, 0x8, [0x5, 0x2, 0x4, 0xe]})

28.224504717s ago: executing program 34 (id=3595):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000200)={0x409a090a, 0x101, "eb38845cf6f2e168f59e5c708b4cddb9f54e0bd29a8afaea3096d9061a2df0c1", 0x10001, 0x1, 0x1000000, 0x0, 0x1000, 0xc, 0x400009, 0x8, [0x5, 0x2, 0x4, 0xe]})

2.529234607s ago: executing program 4 (id=4192):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000a40)="33223609b4be6fa63c", 0x9}], 0x1, 0x0, 0x0, 0x20000851}, 0x800)
recvmmsg(r1, &(0x7f0000002e80)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/200, 0xc8}], 0x1, &(0x7f00000003c0)=""/71, 0x4d}, 0x9}], 0x1, 0x40010000, 0x0)

2.451085022s ago: executing program 4 (id=4194):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r3)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000054)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='inet_sk_error_report\x00'}, 0x18)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
lseek(r1, 0x1800000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r6, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf})
syz_io_uring_submit(0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5, 0x13, &(0x7f0000000500)=ANY=[@ANYBLOB="180000070000000000004d28afb77ace00000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000308b020010000000b50201000100000018000000840000000000000003000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x61, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000ac0)=[{0x5, 0x5, 0xb, 0x6}], 0x10, 0x6}, 0x94)
r7 = eventfd2(0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r8=>0x0)
read$eventfd(r7, 0x0, 0x0)
io_submit(r8, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r7, 0x0, 0x0, 0x0, 0x0, 0x1, r7}])
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r3, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x8}, 0x4000000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000003c0)={0x0, 0x0, 0x2, 0x0, 0x1}, 0xc)

1.757501025s ago: executing program 0 (id=4200):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCAUSEDIAG(r0, 0x89ec, &(0x7f0000000600)={0xf, 0x3})

1.579156529s ago: executing program 0 (id=4201):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='attr/sockcreate\x00')
write$tcp_mem(r0, 0x0, 0x0)

1.578918904s ago: executing program 0 (id=4202):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x2c, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x4}]}]}, 0x2c}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0xffffffffffffff0b}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e0001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.51547673s ago: executing program 0 (id=4203):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040)='./bus\x00')

1.403676055s ago: executing program 4 (id=4205):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
setpgid(0x0, 0x0)

1.197453199s ago: executing program 4 (id=4206):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter6\x00')
preadv(r6, &(0x7f0000000280)=[{&(0x7f0000000a00)=""/4096, 0x1000}], 0x1, 0x1f1, 0x1)
r7 = socket$inet(0x2, 0x3, 0x6)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000300)={0x7, 'erspan0\x00', {0x75a}, 0x6})
sendto$inet(r7, 0x0, 0x0, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10)
r8 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=@ipv6_deladdr={0x18, 0x15, 0x1, 0x70bd29, 0x25dfdbfd, {0xa, 0x78, 0x10, 0xff}}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r8, 0x40000)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x140cc014)

590.638349ms ago: executing program 0 (id=4210):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x2c, r1, 0x1, 0x0, 0x0, {0x2b}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}]}, 0x2c}}, 0x0)

495.926494ms ago: executing program 0 (id=4211):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x10000, 0x1008b}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4a, 0x9, 0xb, 0x0, 0x3}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c7902, 0x0)
sendfile(r3, r3, 0x0, 0x7fffffffffffffff)

495.763495ms ago: executing program 5 (id=4212):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
mmap(&(0x7f0000215000/0x3000)=nil, 0x3000, 0x8, 0x6011, r0, 0xffffffffffffc000)

253.017074ms ago: executing program 5 (id=4213):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
capset(&(0x7f0000000dc0)={0x20080522}, &(0x7f0000000e00)={0x0, 0x4, 0x4, 0x0, 0x80000, 0xffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

250.713668ms ago: executing program 4 (id=4214):
r0 = syz_io_uring_setup(0xc97, &(0x7f0000000700)={0x0, 0x6015, 0x800, 0xff7fffff, 0x11c}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r3, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0, 0x10121, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

76.786764ms ago: executing program 5 (id=4215):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002480)={0x24, 0x19, 0x1, 0x0, 0x25dfdbfb, {0xa, 0xd601, 0x9}, [@nested={0x10, 0x12, 0x0, 0x1, [@nested={0xc, 0xf8, 0x0, 0x1, [@typed={0x8, 0x12, 0x0, 0x0, @pid}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x0)

76.499498ms ago: executing program 5 (id=4216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd7000100000000200000403000007020000001400110069616376746170300000000000000000080006"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0)

596.993µs ago: executing program 5 (id=4217):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f000003a000/0x2000)=nil, 0x2000, 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)

79.607µs ago: executing program 4 (id=4218):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x40, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x152}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_WME={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x40480c0}, 0x4000004)

0s ago: executing program 5 (id=4219):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x64, 0x0, &(0x7f0000002540))

kernel console output (not intermixed with test programs):

FS (loop3): Ending clean mount
[  181.556923][ T9230] XFS (loop3): Quotacheck needed: Please wait.
[  181.596082][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1278'.
[  181.612906][ T9230] XFS (loop3): Quotacheck: Done.
[  181.678257][ T9269] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1281'.
[  181.679425][ T7383] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  181.683137][ T9269] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1281'.
[  181.742790][ T9273] netlink: 15 bytes leftover after parsing attributes in process `syz.0.1284'.
[  181.758050][ T9273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1284'.
[  181.831489][ T9275] loop0: detected capacity change from 0 to 1024
[  181.901658][ T9275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  181.908530][ T9275] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.919818][   T33] kauditd_printk_skb: 17 callbacks suppressed
[  181.919833][   T33] audit: type=1800 audit(1755039379.685:90): pid=9275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1285" name="file1" dev="loop0" ino=15 res=0 errno=0
[  181.920462][ T9275] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm syz.0.1285: lblock 0 mapped to illegal pblock 0 (length 6)
[  181.964754][ T9275] EXT4-fs error (device loop0): ext4_ext_remove_space:2955: inode #15: comm syz.0.1285: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  182.008659][ T9291] netlink: 65051 bytes leftover after parsing attributes in process `syz.3.1290'.
[  182.034958][ T5854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  183.030601][ T9326] overlayfs: failed to clone upperpath
[  183.740309][ T9348] loop3: detected capacity change from 0 to 1024
[  183.802535][ T9348] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.816873][ T9348] ext4 filesystem being mounted at /198/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.870444][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.067940][ T9375] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1322'.
[  184.089737][ T9375] netlink: 'syz.4.1322': attribute type 2 has an invalid length.
[  184.503301][ T9377] loop3: detected capacity change from 0 to 4096
[  184.669831][ T9385] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1326'.
[  185.243318][    T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  185.315700][ T9409] program syz.3.1337 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  185.423261][    T9] usb 1-1: Using ep0 maxpacket: 8
[  185.435624][    T9] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  185.438442][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.442672][    T9] usb 1-1: config 0 descriptor??
[  185.730551][ T9427] loop3: detected capacity change from 0 to 1024
[  186.708734][    T9] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  186.712951][    T9] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  186.717512][    T9] asix 1-1:0.0: probe with driver asix failed with error -71
[  186.724243][    T9] usb 1-1: USB disconnect, device number 23
[  186.761663][ T9445] loop3: detected capacity change from 0 to 32768
[  186.766535][ T9445] (syz.3.1352,9445,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  186.797882][ T9445] (syz.3.1352,9445,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  186.811754][ T9445] JBD2: Ignoring recovery information on journal
[  186.837654][ T9445] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  186.935412][ T7383] ocfs2: Unmounting device (7,3) on (node local)
[  187.154276][ T9465] netlink: 'syz.3.1361': attribute type 10 has an invalid length.
[  187.159371][ T9465] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.163993][ T9465] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.180399][ T9465] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.182643][ T9465] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.186472][ T9465] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.188993][ T9465] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.198508][ T9465] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  187.265586][ T9469] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  187.414508][ T9481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1369'.
[  187.418508][ T9481] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1369'.
[  187.709778][ T9479] loop0: detected capacity change from 0 to 32768
[  187.749007][ T9479] ERROR: (device loop0): diNewExt: no free extents
[  187.749007][ T9479] 
[  187.767458][ T9479] ialloc: diAlloc returned -5!
[  187.791090][ T9486] loop3: detected capacity change from 0 to 1764
[  187.977888][ T9490] loop0: detected capacity change from 0 to 764
[  187.990235][ T9490] Symlink component flag not implemented
[  187.999937][ T9490] Symlink component flag not implemented
[  188.001941][ T9490] Symlink component flag not implemented (128)
[  188.008120][ T9490] Symlink component flag not implemented (122)
[  188.107721][ T9492] loop0: detected capacity change from 0 to 2048
[  188.115381][ T5860] udevd[5860]: incorrect nilfs2 checksum on /dev/loop0
[  188.120777][ T9492] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  188.127177][ T9492] NILFS (loop0): mounting unchecked fs
[  188.139900][ T9492] NILFS (loop0): recovery complete
[  188.151491][ T9493] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  188.163208][   T51] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  188.218294][ T9495] futex_wake_op: syz.0.1375 tries to shift op by 144; fix this program
[  188.313125][   T51] usb 4-1: Using ep0 maxpacket: 8
[  188.317606][   T51] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  188.321074][   T51] usb 4-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e
[  188.331581][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.373729][   T51] usb 4-1: config 0 descriptor??
[  188.382966][   T51] usb 4-1: bad CDC descriptors
[  188.588257][   T51] usb 4-1: USB disconnect, device number 12
[  188.708142][ T9509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1381'.
[  188.735367][ T9509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1381'.
[  189.175177][ T9520] loop3: detected capacity change from 0 to 1024
[  189.237868][ T9520] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  189.241713][ T9520] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.299822][ T9520] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm syz.3.1386: lblock 0 mapped to illegal pblock 0 (length 1)
[  189.318310][ T9520] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  189.321949][ T9520] EXT4-fs (loop3): This should not happen!! Data will be lost
[  189.321949][ T9520] 
[  189.346837][ T9520] EXT4-fs error (device loop3): ext4_ext_remove_space:2955: inode #15: comm syz.3.1386: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  189.355749][ T9520] EXT4-fs error (device loop3) in ext4_setattr:6071: Corrupt filesystem
[  189.396206][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  189.708920][ T9541] loop3: detected capacity change from 0 to 64
[  189.737292][   T33] audit: type=1800 audit(1755039387.505:91): pid=9541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1395" name="file1" dev="loop3" ino=5 res=0 errno=0
[  189.809741][ T9547] trusted_key: encrypted_key: insufficient parameters specified
[  190.056233][ T9570] macsec0: entered promiscuous mode
[  190.063339][ T9569] loop0: detected capacity change from 0 to 512
[  190.066584][ T9570] macsec0: entered allmulticast mode
[  190.070998][ T9570] veth1_macvtap: entered allmulticast mode
[  190.079066][ T9569] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  190.090015][ T9569] EXT4-fs (loop0): orphan cleanup on readonly fs
[  190.092198][ T9569] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.1407: Block bitmap for bg 0 marked uninitialized
[  190.110303][ T9569] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  190.123761][ T9569] EXT4-fs (loop0): 1 orphan inode deleted
[  190.126275][ T9569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  190.163154][ T9569] EXT4-fs: Ignoring sb option on remount
[  190.164917][ T9569] EXT4-fs: Ignoring removed orlov option
[  190.166625][ T9569] EXT4-fs: Ignoring removed nomblk_io_submit option
[  190.168693][ T9569] EXT4-fs: Remounting fs w/o journal so ignoring data_err option
[  190.189728][ T9569] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  190.197023][ T9569] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  190.211125][ T9580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1413'.
[  190.227984][ T9580] bridge_slave_1: left allmulticast mode
[  190.230085][ T9580] bridge_slave_1: left promiscuous mode
[  190.231878][ T9580] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.237821][ T9580] bridge_slave_0: left allmulticast mode
[  190.239749][ T9580] bridge_slave_0: left promiscuous mode
[  190.241620][ T9580] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.258234][ T9580] bond0: (slave bridge0): Releasing backup interface
[  190.278518][ T5854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.607433][ T9588] netlink: 'syz.0.1416': attribute type 1 has an invalid length.
[  190.803889][ T9594] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  190.923278][ T5853] Bluetooth: hci2: command 0x0406 tx timeout
[  190.949516][ T9600] loop0: detected capacity change from 0 to 512
[  190.961065][ T9600] EXT4-fs (loop0): 1 truncate cleaned up
[  190.965691][ T9600] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.006702][ T5854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.397918][ T9623] ref_ctr_offset mismatch. inode: 0x8b4 offset: 0x0 ref_ctr_offset(old): 0x3070 ref_ctr_offset(new): 0x0
[  191.612234][ T9632] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1437'.
[  191.616956][ T9632] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1437'.
[  191.627331][ T9615] overlayfs: failed to clone upperpath
[  191.633162][ T5762] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  191.794975][ T5762] usb 4-1: Using ep0 maxpacket: 16
[  191.800201][ T5762] usb 4-1: config 15 has an invalid interface number: 70 but max is 0
[  191.805141][ T5762] usb 4-1: config 15 has no interface number 0
[  191.813833][ T5762] usb 4-1: config 15 interface 70 altsetting 1 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  191.817314][ T5762] usb 4-1: config 15 interface 70 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[  191.835047][ T5762] usb 4-1: config 15 interface 70 has no altsetting 0
[  191.842989][ T5762] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=56.49
[  191.848564][ T5762] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.851147][ T5762] usb 4-1: Product: syz
[  191.852419][ T5762] usb 4-1: Manufacturer: syz
[  191.854840][ T5762] usb 4-1: SerialNumber: syz
[  192.084001][ T5762] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 12 is not bulk.
[  192.093389][ T5762] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 5 is not bulk.
[  192.099891][ T5762] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 6 is not bulk.
[  192.107560][ T5762] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  192.121840][ T5762] usb 4-1: USB disconnect, device number 13
[  192.999562][ T9690] sctp: [Deprecated]: syz.3.1464 (pid 9690) Use of struct sctp_assoc_value in delayed_ack socket option.
[  192.999562][ T9690] Use struct sctp_sack_info instead
[  193.204500][ T9698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1468'.
[  193.207791][ T9698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1468'.
[  193.210825][ T9698] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1468'.
[  193.343375][ T9692] loop0: detected capacity change from 0 to 32768
[  193.347144][ T9692] XFS: noikeep mount option is deprecated.
[  193.362678][ T9692] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  193.369699][ T9703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1470'.
[  193.438517][ T9692] XFS (loop0): Ending clean mount
[  193.443941][ T9692] XFS (loop0): Quotacheck needed: Please wait.
[  193.482128][ T9692] XFS (loop0): Quotacheck: Done.
[  193.586213][ T5854] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  193.649560][ T9723] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1477'.
[  193.840426][ T9728] libceph: resolve '400' (ret=-3): failed
[  193.907005][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  193.909531][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  194.082884][ T9749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1487'.
[  194.206082][ T9749] team0 (unregistering): Port device team_slave_0 removed
[  194.212644][ T9749] team0 (unregistering): Port device team_slave_1 removed
[  194.219932][ T9749] team0 (unregistering): Port device vxlan0 removed
[  194.235752][ T5917] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.241751][ T5917] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.248460][ T5917] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.255197][ T5917] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.349454][ T9755] loop0: detected capacity change from 0 to 128
[  194.357814][ T9755] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  194.361774][ T9755] ext4 filesystem being mounted at /441/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  194.396109][ T5854] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  194.530567][ T9765] pim6reg: entered allmulticast mode
[  194.564368][ T9767] netlink: 'syz.0.1495': attribute type 3 has an invalid length.
[  194.567038][ T9767] netlink: 766 bytes leftover after parsing attributes in process `syz.0.1495'.
[  194.658704][ T9771] loop0: detected capacity change from 0 to 1024
[  194.680132][ T9771] hfsplus: hfsplus: Invalid key length: 29235
[  195.182772][ T9775] loop0: detected capacity change from 0 to 32768
[  195.190264][ T9775] (syz.0.1498,9775,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  195.202981][ T9775] (syz.0.1498,9775,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  195.205347][ T9783] loop3: detected capacity change from 0 to 4096
[  195.234879][ T9785] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  195.240200][ T9775] JBD2: Ignoring recovery information on journal
[  195.281276][ T9775] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  195.287376][ T9775] (syz.0.1498,9775,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[  195.382214][ T5854] ocfs2: Unmounting device (7,0) on (node local)
[  195.675342][ T9805] loop3: detected capacity change from 0 to 128
[  195.709635][ T9805] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  195.719716][ T9805] ext4 filesystem being mounted at /270/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  195.778663][ T7383] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  196.246941][ T9830] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1522'.
[  196.250108][ T9830] tipc: Started in network mode
[  196.251914][ T9830] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[  196.259945][ T9830] tipc: Enabled bearer <udp:syz0>, priority 10
[  196.473160][ T5919] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  196.625384][ T5919] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  196.628920][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.637928][ T5919] usb 4-1: config 0 descriptor??
[  196.858827][ T5762] usb 4-1: USB disconnect, device number 14
[  196.968752][ T9850] bond1: entered promiscuous mode
[  196.970552][ T9850] bond1: entered allmulticast mode
[  196.972471][ T9850] 8021q: adding VLAN 0 to HW filter on device bond1
[  197.143142][ T5919] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  197.263854][ T5762] tipc: Node number set to 4269801514
[  197.297201][ T5919] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  197.300150][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.302729][ T5919] usb 1-1: Product: syz
[  197.304270][ T5919] usb 1-1: Manufacturer: syz
[  197.305967][ T5919] usb 1-1: SerialNumber: syz
[  197.309861][ T5919] usb 1-1: config 0 descriptor??
[  197.395183][ T9859] loop3: detected capacity change from 0 to 256
[  197.598379][ T9861] loop3: detected capacity change from 0 to 32768
[  197.601105][ T9861] btrfs: Deprecated parameter 'usebackuproot'
[  197.603464][ T9861] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  197.606822][ T9861] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1534 (9861)
[  197.620281][ T9861] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  197.625395][ T9861] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  197.628940][ T9861] BTRFS error (device loop3): ignorebadroots must be used with ro mount option
[  197.632393][ T9861] BTRFS error (device loop3): open_ctree failed: -22
[  197.709585][ T9866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1536'.
[  198.036432][ T5919] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  198.601235][ T9881] overlayfs: failed to clone upperpath
[  198.604174][ T5919] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  198.620409][ T5919] usb 1-1: USB disconnect, device number 24
[  198.811744][ T9889] Bluetooth: MGMT ver 1.23
[  198.870094][ T9895] loop3: detected capacity change from 0 to 8
[  198.895569][ T9895] SQUASHFS error: xz decompression failed, data probably corrupt
[  198.898718][ T9895] SQUASHFS error: Failed to read block 0x108: -5
[  198.900836][ T9895] SQUASHFS error: Unable to read metadata cache entry [106]
[  198.903343][ T9895] SQUASHFS error: Unable to read inode 0x11f
[  199.156234][ T9898] loop3: detected capacity change from 0 to 32768
[  199.491448][ T9926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1563'.
[  199.497863][ T9926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1563'.
[  199.545898][ T9930] overlayfs: empty lowerdir
[  199.669910][ T9940] loop3: detected capacity change from 0 to 2048
[  199.701999][ T9936] loop0: detected capacity change from 0 to 4096
[  199.772625][ T9940] hpfs: filesystem error: improperly stopped; already mounted read-only
[  199.779196][ T9940] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  199.789247][ T9940] hpfs: filesystem error: sector(s) 'dir_band_bitmap' badly placed at 7b318cc4
[  199.850896][ T9948] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1575'.
[  199.858175][ T9948] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1575'.
[  199.862054][ T9948] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1575'.
[  199.874286][ T9948] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1575'.
[  199.887493][ T9948] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1575'.
[  200.185386][ T9965] loop0: detected capacity change from 0 to 8192
[  200.604950][ T9973] netlink: 'syz.3.1584': attribute type 9 has an invalid length.
[  200.608070][ T9973] netlink: 147436 bytes leftover after parsing attributes in process `syz.3.1584'.
[  200.739373][ T9977] CUSE: DEVNAME unspecified
[  200.790653][ T9979] loop3: detected capacity change from 0 to 128
[  200.800397][ T9979] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  200.818807][ T9979] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.130741][ T9997] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  201.615732][T10028] loop3: detected capacity change from 0 to 4096
[  201.652602][T10028] ntfs3(loop3): Failed to initialize $Secure (-22).
[  202.159020][T10040] loop0: detected capacity change from 0 to 2048
[  202.171446][T10040] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  202.182051][T10040] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  202.407712][T10051] loop0: detected capacity change from 0 to 256
[  202.428858][T10051] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  202.448761][T10051] exFAT-fs (loop0): error, data size is invalid(10)
[  202.451762][T10051] exFAT-fs (loop0): Filesystem has been set read-only
[  202.575619][T10060] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1623'.
[  202.599772][T10060] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1623'.
[  202.760554][T10070] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1629'.
[  202.939458][T10086] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1637'.
[  204.569844][T10147] netlink: 'syz.4.1666': attribute type 6 has an invalid length.
[  204.929121][T10168] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1676'.
[  205.496426][T10192] overlayfs: failed to clone upperpath
[  205.599767][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1692'.
[  205.607854][T10202] vti0: entered promiscuous mode
[  205.925565][T10221] loop3: detected capacity change from 0 to 2048
[  206.070287][ T5860]  loop3: p1 < > p4
[  206.077380][T10227] capability: warning: `syz.0.1702' uses 32-bit capabilities (legacy support in use)
[  206.078440][ T5860] loop3: p4 size 722688 extends beyond EOD, truncated
[  206.093687][T10221]  loop3: p1 < > p4
[  206.097306][T10221] loop3: p4 size 722688 extends beyond EOD, truncated
[  206.806489][T10241] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  206.811175][T10241] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  207.377818][T10250] loop3: detected capacity change from 0 to 32768
[  207.381878][T10250] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1714 (10250)
[  207.399000][T10250] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  207.407827][T10250] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  207.411670][T10250] BTRFS info (device loop3): using free-space-tree
[  207.458458][ T7383] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  207.886415][T10286] dvmrp5: entered allmulticast mode
[  207.904175][T10286] pimreg: entered allmulticast mode
[  208.277208][T10300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1729'.
[  210.212780][T10393] openvswitch: netlink: EtherType 0 is less than min 600
[  210.281283][T10396] netlink: 'syz.0.1775': attribute type 16 has an invalid length.
[  210.432498][T10408] syz_tun: refused to change device tx_queue_len
[  210.444187][T10408] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  210.507205][T10416] netlink: 'syz.4.1785': attribute type 1 has an invalid length.
[  210.510406][T10416] netlink: 'syz.4.1785': attribute type 1 has an invalid length.
[  210.522758][T10418] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1784'.
[  210.614646][T10422] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  210.714049][T10430] loop3: detected capacity change from 0 to 4096
[  210.732429][T10430] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.805194][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.121772][T10457] loop3: detected capacity change from 0 to 1024
[  211.242048][T10461] loop3: detected capacity change from 0 to 2048
[  211.246259][T10461] EXT4-fs: Ignoring removed bh option
[  211.278922][T10461] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.539586][   T33] audit: type=1326 audit(1755039409.305:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10433 comm="syz.0.1793" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7fc00000
[  212.865761][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.977211][T10486] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  212.987961][T10486] CIFS mount error: No usable UNC path provided in device string!
[  212.987961][T10486] 
[  213.006766][T10486] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  213.883138][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  213.886398][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  213.889546][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  213.950586][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  213.953621][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  213.956777][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  214.047838][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  214.051549][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  214.055526][T10519] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1829'.
[  214.606911][T10547] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  214.832174][T10553] loop3: detected capacity change from 0 to 16384
[  214.869464][T10554] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  215.207111][T10572] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1853'.
[  216.306254][T10610] 9pnet: bogus RWRITE count (2 > 1)
[  217.392646][T10635] overlayfs: missing 'lowerdir'
[  218.148668][T10672] netlink: 'syz.4.1901': attribute type 5 has an invalid length.
[  219.505976][T10727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1925'.
[  219.559671][T10729] tmpfs: Bad value for 'mpol'
[  220.268900][T10754] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  220.290293][T10756] tipc: Started in network mode
[  220.292021][T10756] tipc: Node identity 7f000001, cluster identity 4711
[  220.300513][T10756] tipc: Enabled bearer <udp:syz2>, priority 10
[  220.337171][T10756] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  220.344783][T10756] tipc: Enabled bearer <udp:syz0>, priority 10
[  220.653158][ T5762] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  220.816255][ T5762] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  220.819565][ T5762] usb 4-1: config 0 has no interface number 0
[  220.825592][ T5762] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  220.829237][ T5762] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.832566][ T5762] usb 4-1: Product: syz
[  220.834861][ T5762] usb 4-1: Manufacturer: syz
[  220.836748][ T5762] usb 4-1: SerialNumber: syz
[  220.844361][ T5762] usb 4-1: config 0 descriptor??
[  221.263639][ T5762] usb 4-1: Firmware: major: 12, minor: 32, hardware type: UNKNOWN (133)
[  221.467865][ T5762] usb 4-1: no permanent extended address found, random address set
[  221.471080][ T5762] usb 4-1: atusb_probe: initialization failed, error = -524
[  221.478027][ T5762] atusb 4-1:0.128: probe with driver atusb failed with error -524
[  221.672435][ T5762] usb 4-1: USB disconnect, device number 15
[  221.750403][ T5919] tipc: Node number set to 2130706433
[  221.792589][T10787] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1953'.
[  221.797415][T10787] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1953'.
[  222.093309][T10801] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1960'.
[  222.967171][T10833] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  222.997721][T10835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1976'.
[  223.000984][T10835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1976'.
[  223.114674][T10847] loop3: detected capacity change from 0 to 1024
[  223.117329][T10847] EXT4-fs: Ignoring removed bh option
[  223.144899][T10847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback.
[  223.182942][T10847] EXT4-fs: Ignoring removed orlov option
[  223.188265][T10847] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.1982: Abort forced by user
[  223.192708][T10847] EXT4-fs (loop3): Remounting filesystem read-only
[  223.195898][T10847] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-001000000000.
[  223.211178][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  223.297111][T10860] netlink: 'syz.3.1985': attribute type 21 has an invalid length.
[  223.302846][T10860] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1985'.
[  223.313905][T10860] netlink: 'syz.3.1985': attribute type 21 has an invalid length.
[  223.410575][T10868] IPVS: persistence engine module ip_vs_pe_s not found
[  224.913172][ T5919] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  225.088434][ T5919] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  225.100105][ T5919] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  225.103960][ T5919] usb 4-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config
[  225.108076][ T5919] usb 4-1: config 220 has no interface number 2
[  225.110571][ T5919] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  225.117149][ T5919] usb 4-1: config 220 interface 0 has no altsetting 0
[  225.120168][ T5919] usb 4-1: config 220 interface 76 has no altsetting 0
[  225.133920][ T5919] usb 4-1: config 220 interface 1 has no altsetting 0
[  225.139959][ T5919] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  225.144633][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.147762][ T5919] usb 4-1: Product: syz
[  225.149432][ T5919] usb 4-1: Manufacturer: syz
[  225.151869][ T5919] usb 4-1: SerialNumber: syz
[  225.376638][ T5919] usb 4-1: selecting invalid altsetting 0
[  225.388255][ T5919] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  225.390868][ T5919] usb 4-1: No valid video chain found.
[  225.409047][ T5919] usb 4-1: selecting invalid altsetting 0
[  225.411519][ T5919] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  225.430391][ T5919] usb 4-1: USB disconnect, device number 16
[  225.651380][T10953] netlink: 'syz.4.2030': attribute type 10 has an invalid length.
[  225.662492][T10953] team0: Port device syz_tun added
[  226.280692][T10970] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  226.293493][T10970] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  226.296824][T10970] gretap1: entered promiscuous mode
[  226.298909][T10970] gretap1: entered allmulticast mode
[  226.863668][T10994] netlink: 'syz.0.2049': attribute type 16 has an invalid length.
[  226.866316][T10994] netlink: 'syz.0.2049': attribute type 17 has an invalid length.
[  226.877732][T10994] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.000335][T10990] loop3: detected capacity change from 0 to 32768
[  227.008487][T10990] XFS: ikeep mount option is deprecated.
[  227.059531][T10990] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.084854][T10990] XFS (loop3): Ending clean mount
[  227.087766][T10990] XFS (loop3): Quotacheck needed: Please wait.
[  227.125821][T10990] XFS (loop3): Quotacheck: Done.
[  227.186681][ T7383] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.231779][T11019] netlink: 'syz.4.2057': attribute type 1 has an invalid length.
[  227.250763][T11019] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2057'.
[  227.259452][T11019] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  227.388875][T11025] tls_set_device_offload_rx: netdev not found
[  227.484806][T11036] loop3: detected capacity change from 0 to 256
[  227.489379][T11036] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  227.492529][T11036] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  227.502882][T11036] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  227.824178][   T33] audit: type=1800 audit(1755039425.535:93): pid=11046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2064" name="file1" dev="loop3" ino=1048658 res=0 errno=0
[  228.159402][T11061] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2073'.
[  228.195645][T11067] netlink: 495 bytes leftover after parsing attributes in process `syz.4.2076'.
[  228.397914][T11076] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (1024)
[  228.400817][T11076] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[  228.583845][T11078] loop3: detected capacity change from 0 to 32768
[  228.587167][T11078] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2081 (11078)
[  228.605960][T11078] BTRFS info (device loop3 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  228.610099][T11078] BTRFS info (device loop3 state S): using crc32c (crc32c-lib) checksum algorithm
[  228.613895][T11078] BTRFS info (device loop3 state S): using free-space-tree
[  228.690951][ T1090] BTRFS warning (device loop3 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xbeadaddc level 0, ignored
[  228.714090][ T1090] BTRFS warning (device loop3 state S): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x32c165c1 level 0, ignored
[  228.720825][   T36] BTRFS warning (device loop3 state S): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x31515604 level 0, ignored
[  228.734342][T11078] BTRFS error (device loop3 state S): dev extent physical offset 6881280 devid 2 has no corresponding chunk
[  228.739333][T11078] BTRFS error (device loop3 state S): failed to find devid 2
[  228.742615][T11078] BTRFS error (device loop3 state S): failed to verify dev extents against chunks: -117
[  228.763606][T11078] BTRFS error (device loop3 state S): open_ctree failed: -117
[  229.990470][  T791] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  230.348384][  T791] usb 4-1: New USB device found, idVendor=041e, idProduct=4053, bcdDevice=e6.56
[  230.351985][  T791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.362646][  T791] usb 4-1: config 0 descriptor??
[  230.375229][  T791] gspca_main: gspca_zc3xx-2.14.0 probing 041e:4053
[  230.580796][  T791] gspca_zc3xx: reg_w_i err -71
[  230.587918][  T791] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  230.596458][  T791] usb 4-1: USB disconnect, device number 17
[  231.420966][T11244] loop3: detected capacity change from 0 to 512
[  231.426633][T11244] EXT4-fs (loop3): Test dummy encryption mode enabled
[  231.431115][T11244] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  231.448728][T11244] EXT4-fs (loop3): SIPHASH is not a valid default hash value
[  231.608330][T11261] QAT: Invalid ioctl 21531
[  233.935306][ T5967] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  234.015957][T11316] fuse: Bad value for 'fd'
[  234.093142][ T5967] usb 4-1: Using ep0 maxpacket: 16
[  234.097695][ T5967] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  234.101191][ T5967] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  234.108428][ T5967] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  234.112188][ T5967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.115947][ T5967] usb 4-1: Product: syz
[  234.117675][ T5967] usb 4-1: Manufacturer: syz
[  234.119301][ T5967] usb 4-1: SerialNumber: syz
[  234.332995][ T5967] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  234.375045][ T5967] usb 4-1: USB disconnect, device number 18
[  234.415318][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  234.934254][T11351] loop3: detected capacity change from 0 to 512
[  235.203179][ T5967] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  235.371746][ T5967] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  235.380775][ T5967] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  235.386070][ T5967] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  235.389481][ T5967] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 28865, setting to 64
[  235.396258][ T5967] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  235.399091][ T5967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.401499][ T5967] usb 4-1: Product: syz
[  235.402741][ T5967] usb 4-1: Manufacturer: syz
[  235.404716][T11380] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  235.408771][ T5967] usb 4-1: SerialNumber: syz
[  235.415619][T11351] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  235.421662][ T5967] cdc_mbim 4-1:1.0: skipping garbage
[  235.625985][T11351] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  235.628500][T11351] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  236.079386][T11395] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2218'.
[  236.082890][T11395] unsupported nlmsg_type 40
[  236.237640][T11351] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  236.241263][T11351] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  236.456803][ T5967] cdc_mbim 4-1:1.0: bind() failure
[  236.463716][ T5967] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71
[  236.467735][ T5967] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  236.474958][ T5967] usbtest 4-1:1.1: probe with driver usbtest failed with error -71
[  236.481813][ T5967] usb 4-1: USB disconnect, device number 19
[  237.039370][T11438] netlink: 'syz.3.2238': attribute type 2 has an invalid length.
[  237.290123][T11452] xt_policy: too many policy elements
[  237.392487][T11463] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2249'.
[  237.395667][T11463] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2249'.
[  237.464356][   T33] audit: type=1326 audit(1755039435.235:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11470 comm="syz.3.2254" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756cb8ebe9 code=0x7ffc0000
[  237.491786][   T33] audit: type=1326 audit(1755039435.235:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11470 comm="syz.3.2254" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756cb8ebe9 code=0x7ffc0000
[  237.504739][   T33] audit: type=1326 audit(1755039435.235:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11470 comm="syz.3.2254" exe="/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f756cb8ebe9 code=0x7ffc0000
[  237.509011][T11473] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2256'.
[  237.514790][   T33] audit: type=1326 audit(1755039435.235:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11470 comm="syz.3.2254" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756cb8ebe9 code=0x7ffc0000
[  237.514817][   T33] audit: type=1326 audit(1755039435.235:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11470 comm="syz.3.2254" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756cb8ebe9 code=0x7ffc0000
[  237.543364][T11473] netlink: 'syz.3.2256': attribute type 1 has an invalid length.
[  237.547311][T11473] netlink: 'syz.3.2256': attribute type 2 has an invalid length.
[  237.550087][T11473] netlink: 'syz.3.2256': attribute type 3 has an invalid length.
[  237.759648][T11493] dns_resolver: Unsupported content type (218)
[  237.877316][T11500] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  238.250489][T11508] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  238.626046][ T5853] Bluetooth: hci0: hardware error 0x00
[  239.193285][T11528] loop3: detected capacity change from 0 to 40427
[  239.205437][T11528] F2FS-fs (loop3): build fault injection rate: 771
[  239.221535][T11528] F2FS-fs (loop3): invalid crc value
[  239.310518][T11528] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  239.318952][T11528] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  240.683262][ T5853] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  240.882199][T11597] loop3: detected capacity change from 0 to 4096
[  240.896266][T11597] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  240.901422][T11597] ntfs3(loop3): Failed to load $Extend (-22).
[  240.906475][T11597] ntfs3(loop3): Failed to initialize $Extend.
[  240.925307][T11597] ntfs3(loop3): ino=1b, "file0" ntfs_readdir
[  241.025949][T11605] loop3: detected capacity change from 0 to 2048
[  241.040781][T11605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.050948][T11605] ext4 filesystem being mounted at /467/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.100481][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.419917][T11627] syzkaller1: entered promiscuous mode
[  241.422758][T11627] syzkaller1: entered allmulticast mode
[  241.884282][T11643] loop3: detected capacity change from 0 to 32768
[  241.909389][T11643] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  241.937704][T11643] XFS (loop3): Ending clean mount
[  241.985295][T11669] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  241.993975][   T33] audit: type=1800 audit(1755039439.755:99): pid=11643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2329" name="file1" dev="loop3" ino=6150 res=0 errno=0
[  242.050711][ T7383] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  242.475101][T11685] overlayfs: failed to clone upperpath
[  243.125695][T11714] netlink: 'syz.3.2358': attribute type 11 has an invalid length.
[  243.250923][T11728] netlink: 788 bytes leftover after parsing attributes in process `syz.0.2365'.
[  243.403510][ T5919] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  243.553708][ T5919] usb 4-1: Using ep0 maxpacket: 8
[  243.560701][ T5919] usb 4-1: config 93 has an invalid interface number: 31 but max is 0
[  243.564577][ T5919] usb 4-1: config 93 has no interface number 0
[  243.572166][ T5919] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  243.576490][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.578997][ T5919] usb 4-1: Product: syz
[  243.580568][ T5919] usb 4-1: Manufacturer: syz
[  243.582337][ T5919] usb 4-1: SerialNumber: syz
[  243.599720][ T5919] usb 4-1: Found UVC 0.00 device syz (046d:08c3)
[  243.602908][ T5919] usb 4-1: No valid video chain found.
[  243.801389][ T5919] usb 4-1: USB disconnect, device number 20
[  244.583984][ T5919] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  244.736480][ T5919] usb 4-1: unable to get BOS descriptor or descriptor too short
[  244.744163][ T5919] usb 4-1: not running at top speed; connect to a high speed hub
[  244.758136][ T5919] usb 4-1: config 129 has an invalid interface number: 28 but max is 0
[  244.762830][ T5919] usb 4-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config
[  244.773982][ T5919] usb 4-1: config 129 has no interface number 0
[  244.776534][ T5919] usb 4-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  244.781205][ T5919] usb 4-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid wMaxPacketSize 0
[  244.786267][ T5919] usb 4-1: config 129 interface 28 has no altsetting 0
[  244.793857][ T5919] usb 4-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57
[  244.797170][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.800118][ T5919] usb 4-1: Product: syz
[  244.801726][ T5919] usb 4-1: Manufacturer: syz
[  244.805151][ T5919] usb 4-1: SerialNumber: syz
[  244.886995][T11780] overlayfs: failed to clone upperpath
[  244.902150][T11782] fuse: Bad value for 'fd'
[  244.996432][T11789] geneve3: entered promiscuous mode
[  244.998188][T11789] geneve3: entered allmulticast mode
[  245.024760][ T5919] etas_es58x 4-1:129.28: Starting syz syz (Serial Number syz)
[  245.036120][ T5919] etas_es58x 4-1:129.28: could not retrieve the product info string
[  245.061139][ T5919] usb 4-1: USB disconnect, device number 21
[  245.064221][ T5919] etas_es58x 4-1:129.28: Disconnecting syz syz
[  245.246779][T11799] overlayfs: failed to clone upperpath
[  245.574921][T11818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2408'.
[  245.578312][T11818] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[  245.596734][T11818] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[  246.517682][T11873] bridge0: entered promiscuous mode
[  246.850974][T11899] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  246.850974][T11899] The task syz.0.2444 (11899) triggered the difference, watch for misbehavior.
[  246.943130][   T51] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  247.096422][   T51] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  247.101697][   T51] usb 4-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  247.104705][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.107443][   T51] usb 4-1: Product: syz
[  247.108834][   T51] usb 4-1: Manufacturer: syz
[  247.110435][   T51] usb 4-1: SerialNumber: syz
[  247.319456][   T51] usb 4-1: selecting invalid altsetting 1
[  247.325375][   T51] LME2510(C): Firmware Status: 00 00 00 00 00 00
[  247.325469][   T51] dvb_usb_lmedm04 4-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  247.333268][   T51] usb 4-1: USB disconnect, device number 22
[  247.640069][   T33] audit: type=1326 audit(1755039445.405:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="syz.4.2455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed8f8ebe9 code=0x7ffc0000
[  247.650953][   T33] audit: type=1326 audit(1755039445.405:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="syz.4.2455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed8f8ebe9 code=0x7ffc0000
[  247.660044][   T33] audit: type=1326 audit(1755039445.405:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="syz.4.2455" exe="/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7efed8f8ebe9 code=0x7ffc0000
[  247.672499][   T33] audit: type=1326 audit(1755039445.405:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="syz.4.2455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed8f8ebe9 code=0x7ffc0000
[  247.691714][   T33] audit: type=1326 audit(1755039445.405:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="syz.4.2455" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed8f8ebe9 code=0x7ffc0000
[  247.747630][T11925] overlayfs: failed to clone upperpath
[  247.824856][T11933] ptrace attach of "/syz-executor exec"[5854] was attempted by "/syz-executor exec"[11933]
[  247.882914][T11938] loop3: detected capacity change from 0 to 1024
[  247.931676][   T32] hfsplus: b-tree write err: -5, ino 3
[  247.937327][ T7383] hfsplus: node 4:3 still has 1 user(s)!
[  249.389052][T11965] sit0: entered promiscuous mode
[  249.400732][T11965] netlink: 'syz.4.2477': attribute type 1 has an invalid length.
[  249.415326][T11965] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2477'.
[  249.429070][T11967] loop3: detected capacity change from 0 to 256
[  249.445552][T11967] FAT-fs (loop3): Directory bread(block 64) failed
[  249.448224][T11967] FAT-fs (loop3): Directory bread(block 65) failed
[  249.450577][T11967] FAT-fs (loop3): Directory bread(block 66) failed
[  249.452732][T11967] FAT-fs (loop3): Directory bread(block 67) failed
[  249.457824][T11967] FAT-fs (loop3): Directory bread(block 68) failed
[  249.459880][T11967] FAT-fs (loop3): Directory bread(block 69) failed
[  249.462112][T11967] FAT-fs (loop3): Directory bread(block 70) failed
[  249.464984][T11967] FAT-fs (loop3): Directory bread(block 71) failed
[  249.467504][T11967] FAT-fs (loop3): Directory bread(block 72) failed
[  249.469445][T11967] FAT-fs (loop3): Directory bread(block 73) failed
[  250.079453][T12019] RDS: rds_bind could not find a transport for ::ffff:0.0.0.224, load rds_tcp or rds_rdma?
[  250.093710][ T1092] Bluetooth: hci3: Frame reassembly failed (-84)
[  250.096745][ T1092] Bluetooth: hci3: Frame reassembly failed (-84)
[  250.148237][   T33] audit: type=1326 audit(1755039447.915:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12024 comm="syz.0.2505" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  250.166138][   T33] audit: type=1326 audit(1755039447.915:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12024 comm="syz.0.2505" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  250.184760][   T33] audit: type=1326 audit(1755039447.925:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12024 comm="syz.0.2505" exe="/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  250.199612][   T33] audit: type=1326 audit(1755039447.925:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12024 comm="syz.0.2505" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  251.184299][T12039] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2511'.
[  251.187839][T12039] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2511'.
[  252.124720][ T5853] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  252.210458][T12066] loop3: detected capacity change from 0 to 2048
[  252.418486][T12076] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2527'.
[  252.563365][   T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  252.608802][   T33] audit: type=1326 audit(1755039450.375:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12087 comm="syz.4.2533" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed8f8ebe9 code=0x7ffc0000
[  252.707973][T12094] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2536'.
[  252.715979][   T24] usb 4-1: Using ep0 maxpacket: 8
[  252.719226][   T24] usb 4-1: config 135 has an invalid interface number: 230 but max is 0
[  252.722214][   T24] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  252.727493][   T24] usb 4-1: config 135 has no interface number 0
[  252.736807][   T24] usb 4-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  252.740460][   T24] usb 4-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  252.753144][   T24] usb 4-1: config 135 interface 230 has no altsetting 0
[  252.757399][   T24] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  252.760460][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.763731][   T24] usb 4-1: Product: syz
[  252.765506][   T24] usb 4-1: Manufacturer: syz
[  252.767397][   T24] usb 4-1: SerialNumber: syz
[  252.779541][   T24] usb 4-1: Found UVC 0.00 device syz (18ec:3288)
[  252.782303][   T24] usb 4-1: No valid video chain found.
[  252.824762][T12106] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  252.980734][   T24] usb 4-1: USB disconnect, device number 23
[  253.273285][T12134] tipc: Trying to set illegal importance in message
[  254.044438][   T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  254.196215][   T24] usb 4-1: Using ep0 maxpacket: 32
[  254.207442][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  254.213173][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  254.219907][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  254.228788][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  254.231700][   T24] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  254.243101][   T24] usb 4-1: Product: syz
[  254.244522][   T24] usb 4-1: Manufacturer: syz
[  254.245948][   T24] usb 4-1: SerialNumber: syz
[  254.267894][   T24] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input13
[  254.416457][T12225] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2599'.
[  254.479961][   T24] usb 4-1: USB disconnect, device number 24
[  254.514985][   T24] appletouch 4-1:1.0: input: appletouch disconnected
[  254.700454][ T5762] IPVS: starting estimator thread 0...
[  254.803343][T12244] IPVS: using max 40 ests per chain, 96000 per kthread
[  255.357772][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  255.359911][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  257.585486][T12319] batadv0: entered allmulticast mode
[  257.647727][T12325] kernel read not supported for file /!selinu (pid: 12325 comm: syz.3.2644)
[  257.647890][ T5853] Bluetooth: hci1: link tx timeout
[  257.651774][   T33] kauditd_printk_skb: 7 callbacks suppressed
[  257.651786][   T33] audit: type=1800 audit(1755039455.415:117): pid=12325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2644" name=2173656C696E75FF7F dev="mqueue" ino=25197 res=0 errno=0
[  257.655947][ T5853] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  257.720849][T12330] loop3: detected capacity change from 0 to 512
[  257.727532][T12330] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  257.815810][T12330] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[  257.821853][T12330] System zones: 1-12
[  257.827631][T12330] EXT4-fs (loop3): 1 truncate cleaned up
[  257.837097][T12330] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  257.928420][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.451675][T12354] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  258.633184][ T5903] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  258.795427][ T5903] usb 4-1: Using ep0 maxpacket: 32
[  258.799369][ T5903] usb 4-1: config 1 has an invalid interface number: 233 but max is 0
[  258.802540][ T5903] usb 4-1: config 1 has no interface number 0
[  258.805597][ T5903] usb 4-1: config 1 interface 233 altsetting 250 bulk endpoint 0x9 has invalid maxpacket 8
[  258.809449][ T5903] usb 4-1: config 1 interface 233 has no altsetting 0
[  258.830819][ T5903] usb 4-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=34.ac
[  258.835648][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.839526][ T5903] usb 4-1: Product: syz
[  258.841916][ T5903] usb 4-1: Manufacturer: syz
[  258.850756][ T5903] usb 4-1: SerialNumber: syz
[  258.859782][T12352] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  258.895500][T12378] trusted_key: encrypted_key: master key parameter is missing
[  259.085954][ T5903] imon_raw 4-1:1.233: IR endpoint missing
[  259.095439][ T5903] usb 4-1: USB disconnect, device number 25
[  259.730505][ T5862] Bluetooth: hci1: command 0x0405 tx timeout
[  259.926125][T12416] kAFS: unable to lookup cell '\/'
[  260.302062][T12435] overlayfs: missing 'lowerdir'
[  261.593415][T12472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2706'.
[  261.709508][T12470] loop3: detected capacity change from 0 to 32768
[  261.733192][T12470] (syz.3.2705,12470,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  261.738196][T12470] (syz.3.2705,12470,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  261.754693][T12470] JBD2: Ignoring recovery information on journal
[  261.787668][T12470] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  261.810290][T12470] syz.3.2705: attempt to access beyond end of device
[  261.810290][T12470] loop3: rw=2051, sector=28680, nr_sectors = 28664 limit=32768
[  261.817481][T12470] (syz.3.2705,12470,1):ocfs2_trim_group:7530 ERROR: status = -5
[  261.820694][T12470] (syz.3.2705,12470,1):ocfs2_trim_mainbm:7641 ERROR: status = -5
[  261.854446][ T7383] ocfs2: Unmounting device (7,3) on (node local)
[  261.902000][T12482] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2710'.
[  262.207135][T12500] loop3: detected capacity change from 0 to 512
[  262.247401][T12500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.252596][T12500] ext4 filesystem being mounted at /551/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  262.266129][T12500] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.2719: corrupted inode contents
[  262.275928][T12500] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.2719: mark_inode_dirty error
[  262.283543][T12500] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.2719: corrupted inode contents
[  262.291432][T12500] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.2719: corrupted inode contents
[  262.297167][T12500] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.2719: mark_inode_dirty error
[  262.302411][T12500] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.2719: corrupted inode contents
[  262.327315][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.416784][T12504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2720'.
[  262.562763][T12510] netlink: 'syz.4.2723': attribute type 2 has an invalid length.
[  262.565965][T12510] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2723'.
[  262.700816][T12520] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2728'.
[  263.239631][ T5903] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  263.403179][ T5903] usb 4-1: Using ep0 maxpacket: 8
[  263.407523][ T5903] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  263.410777][ T5903] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  263.415533][ T5903] usb 4-1: config 0 has no interface number 0
[  263.418171][ T5903] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  263.422358][ T5903] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  263.428032][ T5903] usb 4-1: config 0 interface 52 has no altsetting 0
[  263.432332][ T5903] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  263.436297][ T5903] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  263.439564][ T5903] usb 4-1: Manufacturer: syz
[  263.444366][ T5903] usb 4-1: config 0 descriptor??
[  263.448717][ T5903] hub 4-1:0.52: bad descriptor, ignoring hub
[  263.451299][ T5903] hub 4-1:0.52: probe with driver hub failed with error -5
[  263.663903][ T5903] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input14
[  263.712163][ T5853] Bluetooth: hci2: unknown advertising packet type: 0x82
[  263.712243][ T5853] Bluetooth: hci2: Dropping invalid advertising data
[  263.717757][ T5853] Bluetooth: hci2: Malformed LE Event: 0x02
[  263.963769][ T5903] usb 4-1: USB disconnect, device number 26
[  264.427252][T12575] netlink: 'syz.0.2754': attribute type 11 has an invalid length.
[  264.498068][T12580] loop3: detected capacity change from 0 to 512
[  264.505067][T12580] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  264.522485][T12580] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[  264.527039][T12580] EXT4-fs (loop3): orphan cleanup on readonly fs
[  264.530306][T12580] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2757: bg 0: block 361: padding at end of block bitmap is not set
[  264.536327][T12580] EXT4-fs (loop3): Remounting filesystem read-only
[  264.540412][T12580] EXT4-fs (loop3): 1 truncate cleaned up
[  264.544805][T12580] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  264.869827][T12592] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.2757: dx entry: limit 0 != root limit 125
[  264.873905][T12592] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2757: Corrupt directory, running e2fsck is recommended
[  264.878728][T12592] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.2757: dx entry: limit 0 != root limit 125
[  264.882680][T12592] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2757: Corrupt directory, running e2fsck is recommended
[  264.886783][T12592] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.2757: dx entry: limit 0 != root limit 125
[  264.890779][T12592] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2757: Corrupt directory, running e2fsck is recommended
[  264.895980][T12592] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.2757: dx entry: limit 0 != root limit 125
[  264.899480][T12592] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2757: Corrupt directory, running e2fsck is recommended
[  265.230849][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  265.270352][T12596] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2763'.
[  265.277552][T12596] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2763'.
[  265.927959][T12624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2777'.
[  265.930982][T12616] loop3: detected capacity change from 0 to 32768
[  265.938762][T12616] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2773 (12616)
[  265.959193][T12616] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  265.966028][T12616] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  265.969753][T12616] BTRFS info (device loop3): using free-space-tree
[  265.996780][T12632] sch_tbf: burst 8256 is lower than device lo mtu (65550) !
[  266.129623][T12648] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2780'.
[  266.239500][ T7383] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  266.710046][T12662] 9pnet_fd: Insufficient options for proto=fd
[  266.753225][ T5903] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  266.923996][ T5903] usb 4-1: Using ep0 maxpacket: 16
[  266.928492][ T5903] usb 4-1: config 0 interface 0 has no altsetting 0
[  266.934573][ T5903] usb 4-1: New USB device found, idVendor=5fc9, idProduct=0063, bcdDevice=48.e3
[  266.938322][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.941699][ T5903] usb 4-1: Product: syz
[  266.943730][ T5903] usb 4-1: Manufacturer: syz
[  266.945719][ T5903] usb 4-1: SerialNumber: syz
[  266.952041][ T5903] usb 4-1: config 0 descriptor??
[  267.186653][ T5903] usb 4-1: USB disconnect, device number 27
[  267.637793][T12680] openvswitch: netlink: IP tunnel dst address not specified
[  267.841165][T12695] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2802'.
[  269.820999][T12762] loop3: detected capacity change from 0 to 1024
[  269.859808][   T36] hfsplus: b-tree write err: -5, ino 4
[  271.013508][   T33] audit: type=1326 audit(1755039468.755:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.041659][   T33] audit: type=1326 audit(1755039468.755:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.066990][   T33] audit: type=1326 audit(1755039468.755:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.111091][   T33] audit: type=1326 audit(1755039468.755:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.173646][   T33] audit: type=1326 audit(1755039468.755:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.210700][   T33] audit: type=1326 audit(1755039468.755:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.254045][   T33] audit: type=1326 audit(1755039468.755:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.299991][   T33] audit: type=1326 audit(1755039468.755:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.311318][   T33] audit: type=1326 audit(1755039468.755:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.321662][   T33] audit: type=1326 audit(1755039468.765:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.0.2850" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ddd8ebe9 code=0x7ffc0000
[  271.635403][T12815] loop3: detected capacity change from 0 to 32768
[  271.687991][T12815] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  271.699862][T12815] XFS (loop3): Ending clean mount
[  271.719666][T12815] XFS (loop3): syz.3.2856 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  271.762308][ T7383] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  272.530649][T12850] loop3: detected capacity change from 0 to 128
[  272.660027][T12850] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  272.678853][T12850] ext4 filesystem being mounted at /580/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  272.694853][T12850] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload
[  272.699897][T12850] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload
[  272.721776][ T7383] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  272.994332][ T5967] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  273.083345][T12878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2881'.
[  273.089846][T12878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2881'.
[  273.148313][ T5967] usb 4-1: config 8 has an invalid interface number: 177 but max is 0
[  273.151348][ T5967] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  273.154317][ T5967] usb 4-1: config 8 has no interface number 0
[  273.160643][ T5967] usb 4-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  273.166216][ T5967] usb 4-1: config 8 interface 177 has no altsetting 0
[  273.168253][ T5967] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  273.171320][ T5967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.189780][ T5967] ir_toy 4-1:8.177: required endpoints not found
[  273.385643][ T5967] usb 4-1: USB disconnect, device number 28
[  273.708489][T12909] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2896'.
[  273.714630][T12909] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2896'.
[  273.899618][T12918] CIFS mount error: No usable UNC path provided in device string!
[  273.899618][T12918] 
[  273.908381][T12918] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  274.028527][T12922] loop3: detected capacity change from 0 to 4096
[  274.657071][T12932] loop3: detected capacity change from 0 to 32768
[  274.665550][T12932] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2907 (12932)
[  274.690209][T12932] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  274.693578][T12932] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  274.697124][T12932] BTRFS info (device loop3): disk space caching is enabled
[  274.699511][T12932] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  274.823108][T12932] BTRFS info (device loop3): rebuilding free space tree
[  274.849251][T12932] BTRFS info (device loop3): disabling free space tree
[  274.851483][T12932] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  274.869791][T12932] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  274.967478][ T7383] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  275.724470][T12995] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2930'.
[  275.766441][T13002] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2931'.
[  276.340064][T13033] Invalid option length (0) for dns_resolver key
[  276.410497][T13039] netlink: 'syz.4.2948': attribute type 21 has an invalid length.
[  276.533048][T13050] usb usb1: usbfs: process 13050 (syz.3.2953) did not claim interface 0 before use
[  276.647245][T13056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2956'.
[  276.945623][T13071] loop3: detected capacity change from 0 to 8
[  276.967959][T13071] cramfs: Error -5 while decompressing!
[  276.970428][T13071] cramfs: ffffffff99be3628(26)->ffff888112b60000(4096)
[  276.973099][T13071] cramfs: Error -5 while decompressing!
[  276.978909][T13071] cramfs: ffffffff99be3642(26)->ffff888127ab6000(4096)
[  276.981121][T13071] cramfs: Error -3 while decompressing!
[  276.989925][T13071] cramfs: ffffffff99be365c(16)->ffff88811e57a000(4096)
[  276.995438][T13071] cramfs: Error -5 while decompressing!
[  276.997159][T13071] cramfs: ffffffff99be3628(26)->ffff888112b60000(4096)
[  277.062680][T13075] kernel read not supported for file /ٓ㎀Dg@]eh (pid: 13075 comm: syz.3.2965)
[  277.066690][   T33] kauditd_printk_skb: 148 callbacks suppressed
[  277.066703][   T33] audit: type=1800 audit(1755040243.155:276): pid=13075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2965" name=D99310E38E804467405DA6A29A65F1CE1868 dev="mqueue" ino=27130 res=0 errno=0
[  277.494275][ T5903] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  277.647826][ T5903] usb 4-1: config 0 has an invalid interface number: 130 but max is 0
[  277.650394][ T5903] usb 4-1: config 0 has no interface number 0
[  277.652284][ T5903] usb 4-1: config 0 interface 130 altsetting 0 endpoint 0x8B has an invalid bInterval 68, changing to 10
[  277.656408][ T5903] usb 4-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e2.ca
[  277.659279][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.664050][ T5903] usb 4-1: config 0 descriptor??
[  277.672817][ T5903] usb 4-1: Found UVC 0.00 device <unnamed> (8086:0b5b)
[  277.678904][ T5903] usb 4-1: No valid video chain found.
[  277.755798][T13108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2981'.
[  277.771593][T13108] bridge0: entered promiscuous mode
[  277.774094][T13108] macvlan4: entered allmulticast mode
[  277.775767][T13108] bridge0: entered allmulticast mode
[  277.781736][T13108] bridge0: port 3(macvlan4) entered blocking state
[  277.783900][T13108] bridge0: port 3(macvlan4) entered disabled state
[  277.788616][T13108] bridge0: left allmulticast mode
[  277.790463][T13108] bridge0: left promiscuous mode
[  277.881962][   T51] usb 4-1: USB disconnect, device number 29
[  278.027438][T13124] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2989'.
[  278.286019][T13136] overlayfs: failed to clone lowerpath
[  278.585942][T13144] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  278.690225][T13149] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3000'.
[  278.746680][T13152] netlink: 'syz.3.3001': attribute type 21 has an invalid length.
[  278.750095][T13152] netlink: 'syz.3.3001': attribute type 4 has an invalid length.
[  278.820544][T13154] loop3: detected capacity change from 0 to 2048
[  278.914492][T13154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.952598][T13154] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  278.962387][T13154] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  278.967879][T13154] EXT4-fs (loop3): This should not happen!! Data will be lost
[  278.967879][T13154] 
[  278.972264][T13154] EXT4-fs (loop3): Total free blocks count 0
[  278.974870][T13154] EXT4-fs (loop3): Free/Dirty block details
[  278.977461][T13154] EXT4-fs (loop3): free_blocks=66060288
[  278.979975][T13154] EXT4-fs (loop3): dirty_blocks=48
[  278.982721][T13154] EXT4-fs (loop3): Block reservation details
[  278.985376][T13154] EXT4-fs (loop3): i_reserved_data_blocks=3
[  278.994210][T13154] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  279.347758][  T791] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  279.502502][  T791] usb 4-1: Using ep0 maxpacket: 16
[  279.510847][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.515278][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.520194][  T791] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  279.525333][  T791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.532462][  T791] usb 4-1: config 0 descriptor??
[  279.927781][  T791] hid-multitouch 0003:1FD2:6007.0009: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0
[  280.124658][  T791] usb 4-1: USB disconnect, device number 30
[  281.237056][T13236] bond2: entered allmulticast mode
[  281.241378][T13233] syzkaller1: entered promiscuous mode
[  281.243628][T13233] syzkaller1: entered allmulticast mode
[  281.379481][T13243] loop3: detected capacity change from 0 to 1024
[  281.403902][T13243] EXT4-fs: inline encryption not supported
[  281.406432][T13243] EXT4-fs: Ignoring removed bh option
[  281.423910][T13243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.464057][T13243] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  281.472145][T13243] EXT4-fs (loop3): Remounting filesystem read-only
[  281.493425][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.873653][ T5903] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  282.036493][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.037788][T13281] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3058'.
[  282.051537][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.055975][ T5903] usb 4-1: New USB device found, idVendor=046d, idProduct=c713, bcdDevice= 0.00
[  282.059605][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.079956][ T5903] usb 4-1: config 0 descriptor??
[  282.090384][T13286] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3060'.
[  282.472802][T13259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.475758][T13259] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.496902][ T5903] hid (null): global environment stack underflow
[  282.511717][ T5903] logitech-djreceiver 0003:046D:C713.000A: unexpected long global item
[  282.514688][ T5903] logitech-djreceiver 0003:046D:C713.000A: logi_dj_probe: parse failed
[  282.520246][ T5903] logitech-djreceiver 0003:046D:C713.000A: probe with driver logitech-djreceiver failed with error -22
[  282.681437][   T51] usb 4-1: USB disconnect, device number 31
[  283.306285][T13337] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3085'.
[  283.876756][T13347] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3089'.
[  283.882617][T13347] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3089'.
[  283.980274][T13353] netlink: 'syz.3.3092': attribute type 62 has an invalid length.
[  284.269349][T13367] loop3: detected capacity change from 0 to 4096
[  284.273586][T13367] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  284.316863][T13367] ntfs3(loop3): ino=19, mi_enum_attr
[  284.324534][T13367] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  284.348006][   T33] audit: type=1800 audit(1755040250.851:277): pid=13367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3099" name="file1" dev="loop3" ino=33 res=0 errno=0
[  284.479412][T13376] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  284.667116][T13388] 9pnet_fd: Insufficient options for proto=fd
[  284.809135][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3114'.
[  284.813322][T13400] netlink: 'syz.3.3114': attribute type 30 has an invalid length.
[  284.836022][ T5883] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  284.839692][ T5883] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  284.843328][ T5883] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  284.849770][ T5883] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  285.239895][   T33] audit: type=1326 audit(1755040251.791:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.248604][   T33] audit: type=1326 audit(1755040251.791:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.260726][   T33] audit: type=1326 audit(1755040251.791:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.269443][   T33] audit: type=1326 audit(1755040251.791:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.277528][   T33] audit: type=1326 audit(1755040251.802:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.285996][   T33] audit: type=1326 audit(1755040251.802:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756cb8ebe9 code=0x7ffc0000
[  285.294713][   T33] audit: type=1326 audit(1755040251.802:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.301738][   T33] audit: type=1326 audit(1755040251.802:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.310319][   T33] audit: type=1326 audit(1755040251.802:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13431 comm="syz.3.3131" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f756cb2add9 code=0x7ffc0000
[  285.935120][   T51] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  286.075298][   T51] usb 4-1: Using ep0 maxpacket: 8
[  286.079328][   T51] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  286.083436][   T51] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  286.092204][   T51] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  286.095945][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  286.099184][   T51] usb 4-1: SerialNumber: syz
[  286.108170][   T51] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  286.112496][   T51] cdc_acm 4-1:1.0: This needs exactly 3 endpoints
[  286.115225][   T51] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22
[  286.307413][   T51] usb 4-1: USB disconnect, device number 32
[  286.415306][T13464] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3146'.
[  286.754804][T13486] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  287.125282][T13504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3166'.
[  287.199023][T13506] bridge0: port 3(erspan0) entered blocking state
[  287.206229][T13506] bridge0: port 3(erspan0) entered disabled state
[  287.220769][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  287.224573][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  287.239360][T13506] erspan0: entered allmulticast mode
[  287.242467][ T5853] Bluetooth: hci1: command 0x0405 tx timeout
[  287.252880][T13506] erspan0: entered promiscuous mode
[  287.257450][T13506] bridge0: port 3(erspan0) entered blocking state
[  287.260218][T13506] bridge0: port 3(erspan0) entered forwarding state
[  287.382003][T13512] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3170'.
[  287.393703][T13512] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3170'.
[  287.468149][T13516] bond0: Error: Cannot enslave bond to itself.
[  287.692029][T13536] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3181'.
[  287.850672][T13548] netlink: 'syz.4.3187': attribute type 1 has an invalid length.
[  287.853154][T13548] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3187'.
[  288.022436][T13563] netlink: ct family unspecified
[  288.024494][T13563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  288.205366][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  288.208806][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  288.611815][ T5903] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  288.755692][ T5903] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  288.759052][ T5903] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  288.763417][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.775606][ T5903] usb 4-1: config 0 descriptor??
[  288.983696][T13583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.987522][T13583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.057065][T13614] netlink: 'syz.3.3203': attribute type 10 has an invalid length.
[  289.059887][T13614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3203'.
[  289.189722][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  289.192493][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  289.500583][ T5903] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  289.983153][T13636] netlink: 'syz.0.3228': attribute type 9 has an invalid length.
[  289.987173][T13636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3228'.
[  290.073771][T13640] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.077878][T13640] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.081602][T13640] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.090843][T13639] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.097145][T13639] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.100436][   T32] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.183430][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.186100][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.480934][T13668] netlink: 61967 bytes leftover after parsing attributes in process `syz.4.3244'.
[  290.516355][T13672] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3246'.
[  290.716063][   T27] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.740635][T13688] netlink: 'syz.0.3254': attribute type 2 has an invalid length.
[  291.245922][ T5903] usb 4-1: USB disconnect, device number 33
[  291.833631][T13737] loop3: detected capacity change from 0 to 256
[  291.864836][T13737] FAT-fs (loop3): Directory bread(block 64) failed
[  291.867000][T13737] FAT-fs (loop3): Directory bread(block 65) failed
[  291.872782][T13737] FAT-fs (loop3): Directory bread(block 66) failed
[  291.874855][T13737] FAT-fs (loop3): Directory bread(block 67) failed
[  291.876945][T13737] FAT-fs (loop3): Directory bread(block 68) failed
[  291.880961][T13737] FAT-fs (loop3): Directory bread(block 69) failed
[  291.883187][T13737] FAT-fs (loop3): Directory bread(block 70) failed
[  291.885345][T13737] FAT-fs (loop3): Directory bread(block 71) failed
[  291.887487][T13737] FAT-fs (loop3): Directory bread(block 72) failed
[  291.891175][T13737] FAT-fs (loop3): Directory bread(block 73) failed
[  292.155329][T13752] loop3: detected capacity change from 0 to 512
[  292.169150][T13752] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  292.187202][T13752] EXT4-fs (loop3): invalid journal inode
[  292.189492][T13752] EXT4-fs (loop3): can't get journal size
[  292.212028][T13752] EXT4-fs (loop3): orphan cleanup on readonly fs
[  292.214973][T13752] EXT4-fs (loop3): 1 truncate cleaned up
[  292.218155][T13752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  292.263136][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.144663][T13804] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3307'.
[  294.411739][T13821] netlink: 'syz.0.3315': attribute type 10 has an invalid length.
[  294.472202][T13821] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  294.500772][T13821] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  294.891255][T13832] syz_tun: entered allmulticast mode
[  295.108222][    C1] net_ratelimit: 3340 callbacks suppressed
[  295.108260][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  295.112877][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  295.332543][  T791] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  295.521062][   T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  295.556338][ T1102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  295.641354][T13844] loop3: detected capacity change from 0 to 1024
[  296.084434][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  296.087899][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  296.558006][T13893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3345'.
[  296.933802][T13886] loop3: detected capacity change from 0 to 40427
[  297.036676][T13886] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  297.052403][T13886] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  297.069301][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.072661][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.535955][T13934] bridge_slave_0: invalid flags given to default FDB implementation
[  297.733816][T13930] loop3: detected capacity change from 0 to 32768
[  297.758541][T13930] JBD2: Ignoring recovery information on journal
[  297.797723][T13930] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  297.836824][ T7383] ocfs2: Unmounting device (7,3) on (node local)
[  298.055087][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  298.097944][T13949] loop3: detected capacity change from 0 to 2048
[  298.127959][T13949] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  298.484676][T13952] infiniband syz0: set active
[  298.487050][T13952] infiniband syz0: added bond_slave_1
[  298.545470][T13952] RDS/IB: syz0: added
[  298.548441][T13952] smc: adding ib device syz0 with port count 1
[  298.551270][T13952] smc:    ib device syz0 port 1 has pnetid 
[  298.856050][T13967] xt_limit: Overflow, try lower: 604147548/4200216962
[  298.918396][T13969] loop3: detected capacity change from 0 to 64
[  298.942188][T13969] MINIX-fs: mounting file system with errors, running fsck is recommended
[  299.083034][T13975] input: syz0 as /devices/virtual/input/input16
[  299.447975][T13998] loop3: detected capacity change from 0 to 128
[  299.469227][T13998] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  299.473448][T13998] ext4 filesystem being mounted at /718/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.529052][ T7383] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  299.641329][T14004] loop3: detected capacity change from 0 to 16
[  299.654369][T14004] erofs (device loop3): mounted with root inode @ nid 36.
[  299.683707][T14004] syz.3.3390: attempt to access beyond end of device
[  299.683707][T14004] loop3: rw=0, sector=14546590680, nr_sectors = 8 limit=16
[  299.691036][T14004] erofs (device loop3): failed to decompress -2 in[1, 1440] out[1677]
[  299.696415][T14004] erofs (device loop3): read error -5 @ 87 of nid 36
[  299.699145][T14004] erofs (device loop3): failed to readdir of logical block 87 of nid 36
[  300.019905][T14017] netlink: 348 bytes leftover after parsing attributes in process `syz.4.3397'.
[  300.025948][    C1] net_ratelimit: 5 callbacks suppressed
[  300.025963][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  300.031699][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  300.274827][T14034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3405'.
[  300.405747][ T1102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  300.739129][T14061] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3414'.
[  300.981075][T14066] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.012209][ T2256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.020777][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.024297][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.087416][ T5903] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.322403][T14075] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.331192][T14075] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  301.683736][T14086] loop3: detected capacity change from 0 to 1024
[  301.731096][T14086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  301.751162][T14086] ext4 filesystem being mounted at /735/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.771183][T14086] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 2: comm syz.3.3427: lblock 2 mapped to illegal pblock 2 (length 4)
[  301.821976][ T2256] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm kworker/u9:4: lblock 0 mapped to illegal pblock 0 (length 1)
[  301.840078][ T2256] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  301.844893][ T2256] EXT4-fs (loop3): This should not happen!! Data will be lost
[  301.844893][ T2256] 
[  301.865330][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  302.436819][T14106] loop3: detected capacity change from 0 to 128
[  302.441083][T14106] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  302.459169][   T33] kauditd_printk_skb: 36 callbacks suppressed
[  302.459188][   T33] audit: type=1800 audit(1755040269.973:323): pid=14106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3436" name="bus" dev="loop3" ino=1048660 res=0 errno=0
[  302.516014][T14110] 9p: Unknown access argument 18446744073709551615: -34
[  302.551729][ T1092] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  303.875521][  T791] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  304.015698][  T791] usb 4-1: Using ep0 maxpacket: 16
[  304.034915][  T791] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  304.039009][  T791] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3
[  304.065277][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  304.069980][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  304.076191][  T791] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  304.080428][  T791] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  304.089107][  T791] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  304.094455][  T791] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  304.097533][  T791] usb 4-1: Manufacturer: syz
[  304.114496][  T791] usb 4-1: config 0 descriptor??
[  304.323543][  T791] usb 4-1: USB disconnect, device number 34
[  304.954107][    C1] net_ratelimit: 1030 callbacks suppressed
[  304.954131][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  304.959973][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  305.513263][ T5762] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  305.910614][   T27] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  305.919177][  T500] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  305.930584][ T5762] usb 4-1: Using ep0 maxpacket: 32
[  305.936131][ T5762] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  305.940327][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  305.943234][ T5762] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.943679][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  305.953820][ T5762] usb 4-1: config 0 descriptor??
[  305.961386][ T5762] gspca_main: sunplus-2.14.0 probing 041e:400b
[  306.160044][ T5762] gspca_sunplus: reg_w_riv err -71
[  306.166405][ T5762] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  306.191730][ T5762] usb 4-1: USB disconnect, device number 35
[  306.853029][ T5762] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  306.891534][T14241] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.935566][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  306.939124][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  307.480890][T14261] overlayfs: failed to clone upperpath
[  307.921689][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  308.263308][ T5762] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  308.413560][ T5762] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  308.417855][ T5762] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.421118][ T5762] usb 4-1: Product: syz
[  308.423798][ T5762] usb 4-1: Manufacturer: syz
[  308.429854][ T5762] usb 4-1: SerialNumber: syz
[  308.439262][ T5762] usb 4-1: config 0 descriptor??
[  308.628652][ T5862] Bluetooth: hci1: unexpected event for opcode 0x0c1c
[  308.638722][ T5762] usb 4-1: USB disconnect, device number 36
[  310.018684][T14324] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3525'.
[  310.021592][T14324] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3525'.
[  310.606949][T14331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3528'.
[  310.609875][T14331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3528'.
[  310.650026][T14333] loop3: detected capacity change from 0 to 512
[  310.656926][T14333] EXT4-fs: Ignoring removed mblk_io_submit option
[  310.660188][T14333] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  310.670931][T14333] EXT4-fs (loop3): 1 truncate cleaned up
[  310.676036][T14333] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.745998][ T7383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.117311][T14355] netlink: 'syz.0.3538': attribute type 1 has an invalid length.
[  311.120688][T14355] netlink: 'syz.0.3538': attribute type 1 has an invalid length.
[  311.184523][T14357] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3539'.
[  313.752719][T14420] netlink: 'syz.3.3563': attribute type 39 has an invalid length.
[  314.293926][T14453] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3578'.
[  314.372250][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  314.374701][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  314.497431][T14467] loop3: detected capacity change from 0 to 256
[  314.541059][T14467] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d)
[  314.877252][T14485] netfs: Couldn't get user pages (rc=-14)
[  314.880484][T14485] netfs: Zero-sized read [R=3]
[  316.862517][T14527] ip6gretap1: entered promiscuous mode
[  316.864381][T14527] ip6gretap1: entered allmulticast mode
[  317.033640][T14540] overlayfs: failed to clone upperpath
[  317.099127][T14547] netlink: 'syz.0.3622': attribute type 29 has an invalid length.
[  317.112975][T14547] netlink: 'syz.0.3622': attribute type 29 has an invalid length.
[  317.121242][T14547] netlink: 500 bytes leftover after parsing attributes in process `syz.0.3622'.
[  318.078935][T14585] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3640'.
[  318.219636][T14589] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3642'.
[  318.727818][T14617] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  318.731670][T14617] batadv_slave_0: entered promiscuous mode
[  319.399878][T14639] netlink: 140 bytes leftover after parsing attributes in process `syz.0.3665'.
[  319.439383][T14641] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3666'.
[  319.445072][T14641] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3666'.
[  321.289337][T14682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3678'.
[  321.517814][T14696] netlink: 452 bytes leftover after parsing attributes in process `syz.0.3685'.
[  321.933798][T14708] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3690'.
[  321.945279][T14708] bond0: entered promiscuous mode
[  321.946953][T14708] bond_slave_0: entered promiscuous mode
[  321.948857][T14708] bond_slave_1: entered promiscuous mode
[  321.953314][T14708] bond0: left promiscuous mode
[  321.954877][T14708] bond_slave_0: left promiscuous mode
[  321.956744][T14708] bond_slave_1: left promiscuous mode
[  323.265037][T14729] netlink: 'syz.0.3698': attribute type 1 has an invalid length.
[  323.291620][T14729] bond1: entered promiscuous mode
[  323.293632][T14729] 8021q: adding VLAN 0 to HW filter on device bond1
[  323.311878][T14729] 8021q: adding VLAN 0 to HW filter on device bond1
[  323.314585][T14729] bond1: (slave ip6gre3): The slave device specified does not support setting the MAC address
[  323.318951][T14729] bond1: (slave ip6gre3): Setting fail_over_mac to active for active-backup mode
[  323.325866][T14729] bond1: (slave ip6gre3): making interface the new active one
[  323.329126][T14729] ip6gre3: entered promiscuous mode
[  323.332625][T14729] bond1: (slave ip6gre3): Enslaving as an active interface with an up link
[  323.573888][T14740] cgroup: Name too long
[  324.366659][T14768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3717'.
[  324.370327][T14768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3717'.
[  324.689431][T14786] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3725'.
[  324.692884][T14786] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3725'.
[  325.041036][T14797] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3727'.
[  325.533293][T14815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3736'.
[  327.080430][T14873] batman_adv: batadv0: Removing interface: batadv_slave_0
[  327.084858][T14873] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  327.089601][T14873] batman_adv: batadv0: Removing interface: batadv_slave_1
[  327.093329][T14873] batman_adv: batadv0: Interface deactivated: wlan0
[  327.097312][T14873] batman_adv: batadv0: Removing interface: wlan0
[  327.132936][T14873] batadv0 (unregistering): left allmulticast mode
[  328.356562][T14904] geneve2: entered promiscuous mode
[  328.358279][T14904] geneve2: entered allmulticast mode
[  328.660054][T14914] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3781'.
[  329.411553][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  329.416328][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  329.419910][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  329.425425][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  329.428160][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  329.473083][T14979] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3808'.
[  329.837862][T14972] chnl_net:caif_netlink_parms(): no params data found
[  330.006583][T14972] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.009514][T14972] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.021956][T14972] bridge_slave_0: entered allmulticast mode
[  330.026136][T14972] bridge_slave_0: entered promiscuous mode
[  330.045935][T14972] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.049640][T14972] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.052596][T14972] bridge_slave_1: entered allmulticast mode
[  330.067462][T14972] bridge_slave_1: entered promiscuous mode
[  330.131151][T14972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.148641][T14972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  330.204590][T14972] team0: Port device team_slave_0 added
[  330.209482][T14972] team0: Port device team_slave_1 added
[  330.269581][T14972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  330.272424][T14972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.284361][T14972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  330.298379][T14972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  330.301135][T14972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.311701][T14972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  330.378934][T14972] hsr_slave_0: entered promiscuous mode
[  330.406536][T14972] hsr_slave_1: entered promiscuous mode
[  330.410065][T14972] debugfs: 'hsr0' already exists in 'hsr'
[  330.412319][T14972] Cannot create hsr debugfs directory
[  330.720752][T14972] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  330.738006][T14972] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  330.753468][T14972] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  330.882233][T14972] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  331.306146][T14972] 8021q: adding VLAN 0 to HW filter on device bond0
[  331.325934][T14972] 8021q: adding VLAN 0 to HW filter on device team0
[  331.337173][  T500] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.340002][  T500] bridge0: port 1(bridge_slave_0) entered forwarding state
[  331.357720][  T500] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.360669][  T500] bridge0: port 2(bridge_slave_1) entered forwarding state
[  331.387107][ T5862] Bluetooth: hci3: command tx timeout
[  331.674291][T14972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.821837][T14972] veth0_vlan: entered promiscuous mode
[  331.832011][T14972] veth1_vlan: entered promiscuous mode
[  331.860465][T14972] veth0_macvtap: entered promiscuous mode
[  331.867478][T14972] veth1_macvtap: entered promiscuous mode
[  331.898238][T14972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  331.909652][T14972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  331.923708][ T5867] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.932713][ T5867] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.941424][ T5867] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.946857][ T5867] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  332.066293][T14254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.069382][T14254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.109769][T14253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.112845][T14253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  333.343209][ T5862] Bluetooth: hci3: command tx timeout
[  333.570841][ T5967] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  333.756900][ T5967] usb 6-1: config 0 interface 0 has no altsetting 0
[  333.759011][ T5967] usb 6-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  333.762788][T15119] netlink: 'syz.0.3860': attribute type 8 has an invalid length.
[  333.764223][ T5967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.771079][ T5967] usb 6-1: config 0 descriptor??
[  333.890810][T15126] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  334.037569][   T33] audit: type=1326 audit(1755040303.258:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15137 comm="syz.4.3869" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efed8f8ebe9 code=0x0
[  334.162966][T15148] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3874'.
[  334.186715][ T5967] logitech 0003:046D:C294.000B: unknown main item tag 0x6
[  334.192857][ T5967] logitech 0003:046D:C294.000B: item fetching failed at offset 5/7
[  334.196633][ T5967] logitech 0003:046D:C294.000B: parse failed
[  334.200370][ T5967] logitech 0003:046D:C294.000B: probe with driver logitech failed with error -22
[  334.371563][ T5903] usb 6-1: USB disconnect, device number 2
[  334.483465][T15161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3880'.
[  334.827150][T15173] net_ratelimit: 3 callbacks suppressed
[  334.827174][T15173] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  335.298992][   T51] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  335.328037][ T5862] Bluetooth: hci3: command tx timeout
[  335.444213][   T51] usb 6-1: config index 0 descriptor too short (expected 63186, got 210)
[  335.448570][   T51] usb 6-1: config 0 has an invalid interface number: 106 but max is 0
[  335.454481][   T51] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.458324][   T51] usb 6-1: config 0 has no interface number 0
[  335.461089][   T51] usb 6-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  335.464976][   T51] usb 6-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  335.468733][   T51] usb 6-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  335.476846][   T51] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  335.480888][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.487374][   T51] usb 6-1: config 0 descriptor??
[  335.511116][   T51] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  335.686673][ T5867] usb 6-1: Failed to submit usb control message: -71
[  335.690644][   T51] usb 6-1: USB disconnect, device number 3
[  335.696353][ T5867] usb 6-1: unable to send the bmi data to the device: -71
[  335.705328][T15206] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  335.707185][ T5867] usb 6-1: unable to get target info from device
[  335.712469][ T5867] usb 6-1: could not get target info (-71)
[  335.715758][ T5867] usb 6-1: could not probe fw (-71)
[  337.307276][ T5862] Bluetooth: hci3: command tx timeout
[  337.463684][T15256] loop5: detected capacity change from 0 to 32768
[  337.479958][T15256] (syz.5.3920,15256,0):ocfs2_sb_probe:759 ERROR: incompatible version: 2.33686018
[  337.482892][T15256] (syz.5.3920,15256,0):ocfs2_sb_probe:772 ERROR: This is an ocfs v1 filesystem which must be upgraded before mounting with ocfs v2
[  337.494569][T15256] (syz.5.3920,15256,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  337.498137][T15256] (syz.5.3920,15256,0):ocfs2_fill_super:1177 ERROR: status = -22
[  339.358233][T15343] loop5: detected capacity change from 0 to 16
[  339.369428][T15343] erofs (device loop5): mounted with root inode @ nid 36.
[  339.896128][T15357] loop5: detected capacity change from 0 to 32768
[  339.922823][T15357] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  339.962395][T15357] XFS (loop5): Ending clean mount
[  339.974838][T15357] XFS (loop5): Quotacheck needed: Please wait.
[  340.017318][T15357] XFS (loop5): Quotacheck: Done.
[  340.049875][T14972] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  340.422005][T15381] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  340.425594][T15381] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  340.431480][T15381] overlayfs: missing 'lowerdir'
[  340.453260][T15383] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  340.470273][ T5967] IPVS: starting estimator thread 0...
[  340.552449][T15386] IPVS: using max 36 ests per chain, 86400 per kthread
[  340.854618][T15399] loop5: detected capacity change from 0 to 32768
[  340.875377][T15399] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  340.991722][T15399] XFS (loop5): Ending clean mount
[  340.994907][T15399] XFS (loop5): Quotacheck needed: Please wait.
[  341.023935][T15399] XFS (loop5): Quotacheck: Done.
[  341.163171][T14972] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  341.362167][T15430] netlink: 'syz.5.3994': attribute type 5 has an invalid length.
[  341.365019][T15430] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.3994'.
[  342.447648][   T33] audit: type=1800 audit(1755040312.113:325): pid=15475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4018" name="bus" dev="tmpfs" ino=7349 res=0 errno=0
[  343.520612][T15542] nfs: Deprecated parameter 'nointr'
[  343.713021][T15549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4053'.
[  343.717288][T15549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4053'.
[  343.721007][T15549] netlink: 'syz.4.4053': attribute type 18 has an invalid length.
[  343.724987][T15549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4053'.
[  343.979610][T15565] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4060'.
[  343.986253][T15565] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4060'.
[  344.544966][T15589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4069'.
[  344.563264][T15589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4069'.
[  345.198470][T15607] netlink: 'syz.0.4078': attribute type 1 has an invalid length.
[  345.273374][T15607] 8021q: adding VLAN 0 to HW filter on device bond4
[  345.299752][T15611] bond4: (slave geneve2): making interface the new active one
[  345.393945][T15611] bond4: (slave geneve2): Enslaving as an active interface with an up link
[  345.400379][T15607] bond4: entered promiscuous mode
[  345.402348][T15607] geneve2: entered promiscuous mode
[  345.539103][T15615] netlink: 420 bytes leftover after parsing attributes in process `syz.0.4081'.
[  345.543222][T15615] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4081'.
[  346.123787][T15623] __nla_validate_parse: 3 callbacks suppressed
[  346.123807][T15623] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4084'.
[  346.140513][T15623] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4084'.
[  346.687690][ T5967] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  346.925252][ T5967] usb 6-1: Using ep0 maxpacket: 8
[  346.931466][ T5967] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  346.936308][ T5967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.938852][ T5967] usb 6-1: Product: syz
[  346.940245][ T5967] usb 6-1: Manufacturer: syz
[  346.941805][ T5967] usb 6-1: SerialNumber: syz
[  346.947295][ T5967] usb 6-1: config 0 descriptor??
[  346.955608][ T5967] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  347.047145][T15656] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4098'.
[  348.318303][T15680] overlayfs: failed to clone upperpath
[  348.508359][T15686] netlink: 209588 bytes leftover after parsing attributes in process `syz.0.4112'.
[  349.259982][ T5967] gspca_sonixj: reg_w1 err -71
[  349.300941][ T5967] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  349.305582][ T5967] usb 6-1: USB disconnect, device number 4
[  351.429648][ T5903] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  351.443840][T15764] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4144'.
[  351.694445][ T5903] usb 6-1: Using ep0 maxpacket: 32
[  351.702059][ T5903] usb 6-1: config 0 has an invalid interface number: 75 but max is 0
[  351.709623][T15768] bridge: RTM_NEWNEIGH with invalid state 0x0
[  351.711813][ T5903] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.716541][ T5903] usb 6-1: config 0 has no interface number 0
[  351.724076][ T5903] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=7b.41
[  351.726954][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.732820][ T5903] usb 6-1: Product: syz
[  351.734185][ T5903] usb 6-1: Manufacturer: syz
[  351.735631][ T5903] usb 6-1: SerialNumber: syz
[  351.749917][ T5903] usb 6-1: config 0 descriptor??
[  351.754789][ T5903] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  351.756837][ T5903] gspca_stv06xx: st6422 sensor detected
[  352.357881][ T5903] STV06xx 6-1:0.75: probe with driver STV06xx failed with error -71
[  352.363307][ T5903] usb 6-1: USB disconnect, device number 5
[  353.259095][T15836] loop5: detected capacity change from 0 to 256
[  353.578375][T15839] loop5: detected capacity change from 0 to 40427
[  353.589748][T15839] F2FS-fs (loop5): invalid crc value
[  353.625819][T15839] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  353.634983][T15839] F2FS-fs (loop5): Start checkpoint disabled!
[  353.669843][T15844] IPVS: fo: SCTP 172.20.20.187:0 - no destination available
[  353.713836][T15839] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  353.734179][   T51] IPVS: starting estimator thread 0...
[  353.899058][T15846] IPVS: using max 58 ests per chain, 139200 per kthread
[  353.932725][T15848] tipc: Enabled bearer <udp:syz2>, priority 10
[  354.123821][T15849] F2FS-fs (loop5): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  354.193099][ T4468] kworker/u9:5: attempt to access beyond end of device
[  354.193099][ T4468] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  354.203747][ T4468] CPU: 1 UID: 0 PID: 4468 Comm: kworker/u9:5 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  354.203765][ T4468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  354.203772][ T4468] Workqueue: writeback wb_workfn (flush-7:5)
[  354.203792][ T4468] Call Trace:
[  354.203797][ T4468]  <TASK>
[  354.203803][ T4468]  dump_stack_lvl+0x189/0x250
[  354.203818][ T4468]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.203828][ T4468]  ? __pfx_queue_work_on+0x10/0x10
[  354.203837][ T4468]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  354.203848][ T4468]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  354.203863][ T4468]  f2fs_handle_critical_error+0x37c/0x540
[  354.203880][ T4468]  f2fs_write_end_io+0x886/0xb60
[  354.203901][ T4468]  __submit_merged_bio+0x27a/0x6a0
[  354.203914][ T4468]  __submit_merged_write_cond+0x255/0x530
[  354.203928][ T4468]  f2fs_write_data_pages+0x261d/0x3000
[  354.203957][ T4468]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  354.204015][ T4468]  ? f2fs_write_meta_pages+0x357/0x450
[  354.204032][ T4468]  ? __lock_acquire+0xab9/0xd20
[  354.204047][ T4468]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  354.204059][ T4468]  do_writepages+0x32e/0x550
[  354.204073][ T4468]  ? reacquire_held_locks+0x127/0x1d0
[  354.204081][ T4468]  ? writeback_sb_inodes+0x384/0x1010
[  354.204097][ T4468]  __writeback_single_inode+0x145/0xff0
[  354.204107][ T4468]  ? do_raw_spin_unlock+0x4d/0x240
[  354.204119][ T4468]  writeback_sb_inodes+0x6c7/0x1010
[  354.204143][ T4468]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  354.204176][ T4468]  ? rcu_is_watching+0x15/0xb0
[  354.204191][ T4468]  wb_writeback+0x43b/0xaf0
[  354.204206][ T4468]  ? queue_io+0x391/0x590
[  354.204217][ T4468]  ? __pfx_wb_writeback+0x10/0x10
[  354.204232][ T4468]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.204243][ T4468]  wb_workfn+0x409/0xef0
[  354.204260][ T4468]  ? __pfx_wb_workfn+0x10/0x10
[  354.204271][ T4468]  ? __lock_acquire+0xab9/0xd20
[  354.204288][ T4468]  ? process_scheduled_works+0x9ef/0x17b0
[  354.204299][ T4468]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.204307][ T4468]  ? process_scheduled_works+0x9ef/0x17b0
[  354.204314][ T4468]  ? process_scheduled_works+0x9ef/0x17b0
[  354.204323][ T4468]  process_scheduled_works+0xae1/0x17b0
[  354.204347][ T4468]  ? __pfx_process_scheduled_works+0x10/0x10
[  354.204370][ T4468]  worker_thread+0x8a0/0xda0
[  354.204380][ T4468]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  354.204393][ T4468]  ? __kthread_parkme+0x7b/0x200
[  354.204408][ T4468]  kthread+0x711/0x8a0
[  354.204420][ T4468]  ? __pfx_worker_thread+0x10/0x10
[  354.204427][ T4468]  ? __pfx_kthread+0x10/0x10
[  354.204438][ T4468]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.204472][ T4468]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.204483][ T4468]  ? __pfx_kthread+0x10/0x10
[  354.204493][ T4468]  ret_from_fork+0x3fc/0x770
[  354.204504][ T4468]  ? __pfx_ret_from_fork+0x10/0x10
[  354.204516][ T4468]  ? __switch_to_asm+0x39/0x70
[  354.204525][ T4468]  ? __switch_to_asm+0x33/0x70
[  354.204534][ T4468]  ? __pfx_kthread+0x10/0x10
[  354.204545][ T4468]  ret_from_fork_asm+0x1a/0x30
[  354.204564][ T4468]  </TASK>
[  354.204568][ T4468] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  355.026500][T15871] loop5: detected capacity change from 0 to 32768
[  355.056881][T15871] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  355.102071][T15871] XFS (loop5): Ending clean mount
[  355.506841][T15892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4196'.
[  355.510659][T15892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4196'.
[  355.514871][T15892] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4196'.
[  355.614166][T15897] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4198'.
[  355.623996][T14972] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  355.860284][T15905] openvswitch: netlink: IPv4 tunnel dst address is zero
[  356.121251][T15913] overlayfs: failed to clone upperpath
[  356.469059][T15920] loop5: detected capacity change from 0 to 8192
[  356.486771][T15920] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  356.829011][T15924] loop5: detected capacity change from 0 to 2048
[  356.863425][T15924] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  357.421453][T15945] ------------[ cut here ]------------
[  357.424385][T15945] WARNING: CPU: 1 PID: 15945 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0
[  357.428306][T15945] Modules linked in:
[  357.430396][T15945] CPU: 1 UID: 0 PID: 15945 Comm: syz.4.4218 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  357.443634][T15945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  357.448451][T15945] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  357.450930][T15945] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 ce d0 f6 90 0f 0b 90 eb e1 e8 f7 cd d0 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  357.459278][T15945] RSP: 0018:ffffc900097c6f70 EFLAGS: 00010283
[  357.461731][T15945] RAX: ffffffff8aeeddb9 RBX: ffff888106730000 RCX: 0000000000080000
[  357.465688][T15945] RDX: ffffc9000f4f2000 RSI: 0000000000000367 RDI: 0000000000000368
[  357.469611][T15945] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8aeed8d3
[  357.473374][T15945] R10: dffffc0000000000 R11: ffffed1020ce6031 R12: 1ffff11020ce600a
[  357.476538][T15945] R13: ffff888123110e40 R14: 0000000000000001 R15: ffffffff8aeed8d3
[  357.479693][T15945] FS:  00007efed9ddd6c0(0000) GS:ffff8881a3c24000(0000) knlGS:0000000000000000
[  357.484227][T15945] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  357.487523][T15945] CR2: 0000200000001040 CR3: 000000012bb02000 CR4: 00000000000006f0
[  357.490680][T15945] Call Trace:
[  357.492829][T15945]  <TASK>
[  357.494080][T15945]  rate_control_rate_init_all_links+0x109/0x1a0
[  357.496611][T15945]  sta_apply_auth_flags+0x1c2/0x400
[  357.498734][T15945]  sta_apply_parameters+0xe4b/0x15b0
[  357.500911][T15945]  ieee80211_add_station+0x424/0x6a0
[  357.503755][T15945]  rdev_add_station+0x108/0x290
[  357.505788][T15945]  nl80211_new_station+0x1755/0x1b70
[  357.507954][T15945]  ? __pfx_nl80211_new_station+0x10/0x10
[  357.510228][T15945]  ? netdev_run_todo+0xe1d/0xea0
[  357.521719][T15945]  ? nl80211_pre_doit+0x4f1/0x930
[  357.525554][T15945]  genl_family_rcv_msg_doit+0x215/0x300
[  357.528961][T15945]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  357.532174][T15945]  ? bpf_lsm_capable+0x9/0x20
[  357.534123][T15945]  ? security_capable+0x7e/0x2e0
[  357.536192][T15945]  genl_rcv_msg+0x60e/0x790
[  357.538027][T15945]  ? __pfx_genl_rcv_msg+0x10/0x10
[  357.540606][T15945]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  357.542806][T15945]  ? __pfx_nl80211_new_station+0x10/0x10
[  357.545057][T15945]  ? __pfx_nl80211_post_doit+0x10/0x10
[  357.547308][T15945]  ? __asan_memcpy+0x40/0x70
[  357.549886][T15945]  ? __pfx_ref_tracker_free+0x10/0x10
[  357.552507][T15945]  netlink_rcv_skb+0x208/0x470
[  357.554455][T15945]  ? __lock_acquire+0xab9/0xd20
[  357.556410][T15945]  ? __pfx_genl_rcv_msg+0x10/0x10
[  357.559047][T15945]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  357.561242][T15945]  ? down_read+0x1ad/0x2e0
[  357.563055][T15945]  genl_rcv+0x28/0x40
[  357.564683][T15945]  netlink_unicast+0x82f/0x9e0
[  357.566680][T15945]  ? __pfx_netlink_unicast+0x10/0x10
[  357.569379][T15945]  ? netlink_sendmsg+0x642/0xb30
[  357.571402][T15945]  ? skb_put+0x11b/0x210
[  357.573287][T15945]  netlink_sendmsg+0x805/0xb30
[  357.575245][T15945]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.578048][T15945]  ? aa_sock_msg_perm+0xf1/0x1d0
[  357.580043][T15945]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  357.582167][T15945]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.584241][T15945]  __sock_sendmsg+0x21c/0x270
[  357.586100][T15945]  ____sys_sendmsg+0x505/0x830
[  357.588771][T15945]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.590924][T15945]  ? import_iovec+0x74/0xa0
[  357.592772][T15945]  ___sys_sendmsg+0x21f/0x2a0
[  357.594707][T15945]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.597459][T15945]  ? __fget_files+0x2a/0x420
[  357.599275][T15945]  ? __fget_files+0x3a0/0x420
[  357.601202][T15945]  __x64_sys_sendmsg+0x19b/0x260
[  357.603216][T15945]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  357.605385][T15945]  ? rcu_is_watching+0x15/0xb0
[  357.608122][T15945]  ? do_syscall_64+0xbe/0x3b0
[  357.610078][T15945]  do_syscall_64+0xfa/0x3b0
[  357.611946][T15945]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.614056][T15945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.617031][T15945]  ? exc_page_fault+0x9f/0xf0
[  357.618931][T15945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.621319][T15945] RIP: 0033:0x7efed8f8ebe9
[  357.623169][T15945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.632389][T15945] RSP: 002b:00007efed9ddd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.636950][T15945] RAX: ffffffffffffffda RBX: 00007efed91b5fa0 RCX: 00007efed8f8ebe9
[  357.640879][T15945] RDX: 0000000004000004 RSI: 0000200000000200 RDI: 0000000000000003
[  357.644497][T15945] RBP: 00007efed9011e19 R08: 0000000000000000 R09: 0000000000000000
[  357.648041][T15945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  357.651265][T15945] R13: 00007efed91b6038 R14: 00007efed91b5fa0 R15: 00007ffdb95c0738
[  357.655059][T15945]  </TASK>
[  357.656321][T15945] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  357.659153][T15945] CPU: 1 UID: 0 PID: 15945 Comm: syz.4.4218 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  357.663951][T15945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  357.668160][T15945] Call Trace:
[  357.669544][T15945]  <TASK>
[  357.670745][T15945]  dump_stack_lvl+0x99/0x250
[  357.672591][T15945]  ? __asan_memcpy+0x40/0x70
[  357.674490][T15945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.676605][T15945]  ? __pfx__printk+0x10/0x10
[  357.678597][T15945]  vpanic+0x281/0x750
[  357.680216][T15945]  ? __pfx__printk+0x10/0x10
[  357.682121][T15945]  ? __pfx_vpanic+0x10/0x10
[  357.684005][T15945]  ? is_bpf_text_address+0x292/0x2b0
[  357.686083][T15945]  panic+0xb9/0xc0
[  357.687627][T15945]  ? __pfx_panic+0x10/0x10
[  357.689460][T15945]  __warn+0x31b/0x4b0
[  357.691093][T15945]  ? rate_control_rate_init+0x64a/0x6e0
[  357.693371][T15945]  ? rate_control_rate_init+0x64a/0x6e0
[  357.695616][T15945]  report_bug+0x2be/0x4f0
[  357.697368][T15945]  ? rate_control_rate_init+0x64a/0x6e0
[  357.699546][T15945]  ? rate_control_rate_init+0x64a/0x6e0
[  357.701786][T15945]  ? rate_control_rate_init+0x64c/0x6e0
[  357.704103][T15945]  handle_bug+0x84/0x160
[  357.705844][T15945]  exc_invalid_op+0x1a/0x50
[  357.707743][T15945]  asm_exc_invalid_op+0x1a/0x20
[  357.709680][T15945] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  357.712169][T15945] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 ce d0 f6 90 0f 0b 90 eb e1 e8 f7 cd d0 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  357.719773][T15945] RSP: 0018:ffffc900097c6f70 EFLAGS: 00010283
[  357.722182][T15945] RAX: ffffffff8aeeddb9 RBX: ffff888106730000 RCX: 0000000000080000
[  357.725354][T15945] RDX: ffffc9000f4f2000 RSI: 0000000000000367 RDI: 0000000000000368
[  357.728513][T15945] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8aeed8d3
[  357.731651][T15945] R10: dffffc0000000000 R11: ffffed1020ce6031 R12: 1ffff11020ce600a
[  357.734840][T15945] R13: ffff888123110e40 R14: 0000000000000001 R15: ffffffff8aeed8d3
[  357.737973][T15945]  ? rate_control_rate_init+0x163/0x6e0
[  357.740246][T15945]  ? rate_control_rate_init+0x163/0x6e0
[  357.742648][T15945]  ? rate_control_rate_init+0x649/0x6e0
[  357.744876][T15945]  rate_control_rate_init_all_links+0x109/0x1a0
[  357.747349][T15945]  sta_apply_auth_flags+0x1c2/0x400
[  357.749508][T15945]  sta_apply_parameters+0xe4b/0x15b0
[  357.751640][T15945]  ieee80211_add_station+0x424/0x6a0
[  357.753776][T15945]  rdev_add_station+0x108/0x290
[  357.755778][T15945]  nl80211_new_station+0x1755/0x1b70
[  357.757928][T15945]  ? __pfx_nl80211_new_station+0x10/0x10
[  357.760194][T15945]  ? netdev_run_todo+0xe1d/0xea0
[  357.762244][T15945]  ? nl80211_pre_doit+0x4f1/0x930
[  357.764297][T15945]  genl_family_rcv_msg_doit+0x215/0x300
[  357.766601][T15945]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  357.769073][T15945]  ? bpf_lsm_capable+0x9/0x20
[  357.770996][T15945]  ? security_capable+0x7e/0x2e0
[  357.773027][T15945]  genl_rcv_msg+0x60e/0x790
[  357.774898][T15945]  ? __pfx_genl_rcv_msg+0x10/0x10
[  357.776927][T15945]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  357.779080][T15945]  ? __pfx_nl80211_new_station+0x10/0x10
[  357.781359][T15945]  ? __pfx_nl80211_post_doit+0x10/0x10
[  357.783571][T15945]  ? __asan_memcpy+0x40/0x70
[  357.785465][T15945]  ? __pfx_ref_tracker_free+0x10/0x10
[  357.787580][T15945]  netlink_rcv_skb+0x208/0x470
[  357.789467][T15945]  ? __lock_acquire+0xab9/0xd20
[  357.791467][T15945]  ? __pfx_genl_rcv_msg+0x10/0x10
[  357.793635][T15945]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  357.795812][T15945]  ? down_read+0x1ad/0x2e0
[  357.797638][T15945]  genl_rcv+0x28/0x40
[  357.799258][T15945]  netlink_unicast+0x82f/0x9e0
[  357.801230][T15945]  ? __pfx_netlink_unicast+0x10/0x10
[  357.803360][T15945]  ? netlink_sendmsg+0x642/0xb30
[  357.805381][T15945]  ? skb_put+0x11b/0x210
[  357.807110][T15945]  netlink_sendmsg+0x805/0xb30
[  357.809086][T15945]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.811259][T15945]  ? aa_sock_msg_perm+0xf1/0x1d0
[  357.813252][T15945]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  357.815310][T15945]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.817453][T15945]  __sock_sendmsg+0x21c/0x270
[  357.819379][T15945]  ____sys_sendmsg+0x505/0x830
[  357.821516][T15945]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.823648][T15945]  ? import_iovec+0x74/0xa0
[  357.825437][T15945]  ___sys_sendmsg+0x21f/0x2a0
[  357.827311][T15945]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.829433][T15945]  ? __fget_files+0x2a/0x420
[  357.831338][T15945]  ? __fget_files+0x3a0/0x420
[  357.833272][T15945]  __x64_sys_sendmsg+0x19b/0x260
[  357.835317][T15945]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  357.837548][T15945]  ? rcu_is_watching+0x15/0xb0
[  357.839508][T15945]  ? do_syscall_64+0xbe/0x3b0
[  357.841415][T15945]  do_syscall_64+0xfa/0x3b0
[  357.843216][T15945]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.845287][T15945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.847731][T15945]  ? exc_page_fault+0x9f/0xf0
[  357.849657][T15945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.852021][T15945] RIP: 0033:0x7efed8f8ebe9
[  357.853846][T15945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.861561][T15945] RSP: 002b:00007efed9ddd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.864908][T15945] RAX: ffffffffffffffda RBX: 00007efed91b5fa0 RCX: 00007efed8f8ebe9
[  357.868082][T15945] RDX: 0000000004000004 RSI: 0000200000000200 RDI: 0000000000000003
[  357.871251][T15945] RBP: 00007efed9011e19 R08: 0000000000000000 R09: 0000000000000000
[  357.874449][T15945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  357.877614][T15945] R13: 00007efed91b6038 R14: 00007efed91b5fa0 R15: 00007ffdb95c0738
[  357.880889][T15945]  </TASK>
[  357.882834][T15945] Kernel Offset: disabled
[  357.884619][T15945] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:54:59  Registers:
info registers vcpu 0

CPU#0
RAX=1ffff92000daee01 RBX=ffffc90006d774e8 RCX=0000000000000001 RDX=ffffc90006d774e8
RSI=dffffc0000000000 RDI=ffffc90006d775d0 RBP=1ffff92000daee95 RSP=ffffc90006d77380
R8 =ffffc90006d775d0 R9 =0000000000000000 R10=ffffc90006d774f8 R11=fffff52000daeea1
R12=1ffff92000daee96 R13=1ffff92000daee97 R14=ffffc90006d77810 R15=dffffc0000000000
RIP=ffffffff8172e8c6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000002540 CR3=0000000126f12000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fcdee212e53
XMM06=0000000000000000 00007fcdee212e4d XMM07=0000000000000000 00007fcdee212e61
XMM08=0000000000000000 00007fcdee212ee7 XMM09=0000000000000000 00007fcdee212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000079 RBX=0000000000000079 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000010699 RDI=000000000001069a RBP=00000000000003f8 RSP=ffffc900097c6710
R8 =ffff888106aa0237 R9 =1ffff11020d54046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af18f8 R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007efed9ddd6c0 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000001040 CR3=000000012bb02000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ff00000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=00007efed9ced100 00007efed9187460 XMM05=00007efed9187478 00007efed91874c0
XMM06=00007efed91874b8 00007efed91874b0 XMM07=00007efed91874a8 00007efed91874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007efed9012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
