last executing test programs:

2.136888452s ago: executing program 2 (id=529):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000500)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00089aafc727346c3e0d8728525a2641b3b31621730c58dcf8e0ca2e6767a45a978776e9d2c689feab83a160d00a77ae5112cd4e7141cad333d7cbb69dc6b314609d3827059c11066ba0b4b95c12d2d9ff9c8896d9e247bd55f9ff578a14e0e9d0ca07693396b00d2ef44adb4858475a07d5e8fa3ef5b306fe8a5d1cd2d8e06e7f88226ece092c6aabf8870e140124d5a48670513e0c419c99b7c5105959e7a535f12694634cf272490e0000"], 0x81, 0x4ac, &(0x7f00000011c0)="$eJzs20tsG1UXwPFzPLbruPk+3Adpi6piCSRCS9skLmmrIKE8iEBqG0gaEBUPhdgJJk4cxSkkVUu7BHYsumTJlgUrxBZVYolYoCDUXemGjVeUHeiO52XXSewm8TT1/1e1dx7H7r33zMy914kFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIDL022NOrYdcCAAC00qWJ8Z4M4z8AAG3lMut/AACAdqJiyR+icnKurBft/YrEhfzC1ZXJkdH6L+tQUYmIZcebv4nevsyZl/vPnnPLjV+/3Y7I2MTlwfRwcX5xKVcq5bLpyYX8dDGba/gdtvr6WsftDkjPz13NzsyU0n2nMlWnV1L39+ztSg30vz8cd2MnR0ZHJwIx0dgj/+8PWW+GHxdLXhSVT374Ti+JSES23hebXDs7rcNuxHG7EZMjo3ZDCvmphWVzUiNOVKS6T+JuH7UgF1sSETH10vj2rNliYsmPojJ0uqxjImK5/XDC/mC4ofqEIWqWriLSLbsgZ4+xPWLJh6Jy53RK3nT61c5/XOR62JXDjos6939Ry/qW/Tww95N5bF54O/3GwkwxEKsR545qZnyocw+GPj600mP+bEqIJWP2HV/W8bArg5brEEvmRSX+9af2vELseelTA2ePPXs+OMM4tMn7mNhTzs3VyJgcc6YOGjF/HqHa2BYJteRPUXnwe8Le73Zyw08E2oRaUhCVf26UVWvWpVZgfe/Z7WvDna1/R2K4uLi6lJ/9eLnu+WRi8KPS8tLUdP3TlbWrFTyy2Tq2VqS5JVlSKyu+Lz4re69z1gD/q+z5tfn2un8tdNeUruD108h2w8+ZJuZRpk6qltwTlZkPDlfGGUk23TftwOR/VFRK5V/UzbST/2hlL5D/V/z+S2h16bFz+//K51ruXOLIlYPrHd+J/Js6mfy/KypDfx92PtOo5N+qiTVxXaLy3u2jTlwkbuKibnMq7ziTL+R6TOy/orL/ZzdW7NikE3vAj+01sSVR+fJOdexeJ/agH9tnYtdE5e5v9WOf9mMzJnbV5Otu2o1NmthjTmyXH3tquljIbtatJv99ovLOzdfVbfO6+Q/c/7dqSs9DOd94e7vynwocu+Xk9YqT/+gm+f9KVFb/Ouq22+5797LaZ//r59/Mlb+/XR3rTkb3+7G9jTYrbCb/+0Tl/qtrXpudtjm7foaC+X8mWl16/RpS/vcFjqWcesWb7It2VFq9NjdVKOSW2GCDDTa8jbCfTGgFM/6Pm1G931J3HuOM/52VPX/G9OBzf/wfqCk9IY3/+wPHBpxZSywqklieX4wdEkmUVq+dzM9PzeZmcwuZM/09fefP9GTOxeLu5M7farjvngQm/ydE5cZPv3rrmOr5X/35f7Km9ISU/wPBNlXNaxruirZk8t8pKv331rz15kbzf3f93/1cdendfyHl/2DgWMqpV2eTfQEAAAAAAAAAAAAAAAAAu0lSLXleVFbGX1L3O0SN/P5ftqb0hPT7X12BY9nt/16D+9WoqlONVh0AAAAAAAAAAKCVImLJN6LygpT1pjnQKXIxWOKJ9l8AAAD//16uQhc=")
rename(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='./file0/file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)

2.057433264s ago: executing program 2 (id=531):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}]}], {0x14, 0x10}}, 0x74}}, 0x0)

1.740415418s ago: executing program 2 (id=535):
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000800000000000000e218d1ddf66ed538f2523250", 0x78, 0x4804, 0x0, 0x0)

1.654747663s ago: executing program 2 (id=537):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000001, 0x32, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000540)=0x7b1)

1.654432253s ago: executing program 1 (id=538):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000001100)='./file0\x00')
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000007c0), 0x1, 0x73a, &(0x7f0000000800)="$eJzs3M9rHGUfAPDvTJO2b5v33bzgQTwJFSvUTtJU7UmIeC4U+gfUsJmEkEk2ZDe1iQFbDx4EQUXwRy/6H3hRBC+l/4MieFPwIGhN40HwsLKT3a1ud9PYJl2onw/Mzvd5Zme+zzc7PGRgnw3gX+vJ1ksSMRYRFyKi0u5PI+JwGR2NuLrzvttbm9Xtrc1qEs3mxVtJ67Syr3OtpL0/HuUp8XhE3ByNOPXG3Xnr6xuLM0WRr7bbE42llYn6+sbphaWZ+Xw+X56anDx79oWp55+b3Lda337ts1/e+vLlrz8+t/THi7eenU1iuqw7eurYTzt/k9GY7ulfPohkQ9RsNpvDHgMAAPeWlv+dRoyU+0ocKiMAAADgUdI80gQAAAAeeUkMewQAAADAwep8D+D21ma1sz3M7x/8/FJEjN9ZW7zdzT9SriGOOFquTzi2nfxtZUKycxo8kKvXIuLGdJ/7P2nff/evd+V68oDXY//daM0/0/3mv7Q7/0Sf+Wek89sJD6gz/23fNf/dyX9owPx3YY85jqye/GZg/msRT4z0y5908ycD8r+yx/yfj333/aBjzU8jTkb//H/NtcvvQ0zMLRR5+7VvjhNfvH5qt/qPDcqf7F7/yh7r/+H61PyguaSV/5kTu3/+/fK37ol32uNII+Ld9r7Vfq8nx9M3Jz/arf7ZAfXf6/P/ZI/1f/Xmxo97fCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU0ogYiyTNunGaZlnE8Yh4LI6lRa3eODVXW1uebR2LGI/RdG6hyCcjorLTTlrtM2V8pz3V0z4bEf+PiPcr/ynbWbVWzA67eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALqOR8RYJGkWEWlE/FZJ0ywb9qgAAACAfTc+7AEAAAAAB87zPwAAADz6PP8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8GF8+dbW3N7a7Paas9eXl9brF0+PZvXF7OltWpWra2uZPO12nyRZ9Xa0r2uV9RqK+diee3KRCOvNybq6xuXlmpry41LC0sz8/mlfPShVAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/NVZuSZpFRFrGaZplEf+NiPEYTeYWinwyIv4XEd9WRo+02meGPWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2XX19Y3GmKPJVgUAg6AbDnpkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiG+vrG4kxR5Kv1YY8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4Up/SiKitZ2sPDXWe/Rw8nul3EfEq9cvfnBlptFYPdPq/7Xb3/iw3T81jPEDAAAAvTrP6Z3neAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL2qr28szhRFvnqAwbBrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7s+fAQAA//8gLc9Y")
open(&(0x7f0000000400)='./bus\x00', 0x42b42, 0x1c0)

1.65341984s ago: executing program 0 (id=539):
r0 = syz_open_dev$vim2m(0x0, 0x47b, 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f005, 0x2})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000680)=""/4096, 0x1000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setuid(0x0)

1.431613632s ago: executing program 1 (id=540):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000000)=""/9)

1.431020179s ago: executing program 2 (id=541):
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x3214212, &(0x7f00000001c0)=ANY=[], 0x7, 0xf11, &(0x7f0000001100)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcWXnvfX62ZNdT9az3t3fT/r77Zs3O///eCNnZnb2bQBGVmPt59GjC0UIH3zx/hOvPVv8bnXZva01Dqz9LGKvGUKYaOsX2fa+iguuXHz1xFZtEQ6v/Uz98OSF1nNnQgjnwoHwZWiGT5eWL33y4eMHP3tr+vZ3zz7/+g7tfku+HwAAMIzO/2X5Hw/+688Pz18+v/94mGotT8fnzdificf9h+KBcjpeboSN/aIt2k1m643FaGTrjWXrjWd5xkvyTWTbmShZb7JDvrG2ZVvtJwAAAAyidF7bDEVjcUO/0VhcvHbev+qrucli8cXTy6fO9KlQAAAAoLL/vrF2060QQgghhBBCiB5G6x7lXVCLEKuxMtff6w8AAADA6MnnC9vkXG9n6mptrdld/guPNbZ+PvRA3f/+5R+s/B+/6S8OAADVDevRZNqvdByd5jHI5xEcy5633eP/Rrad8W3WWTav4KDMN1hWZ/573a3K6t/u69gvZfXn82HuVmX15/N07lZl9U/VXEdVZfVP11xHVWX176m5jqrK6t9bcx1VldU/U3MdVZXVP1tzHVWV1X9TzXVUVVb/vprrqKqs/kG5rbas/mbNdVRVVv98zXVUVVb/zTXXUVVZ/bfUXEdVZfXfWnMd/XJPbNPvYX823n7+nJ/TDco5HgAAAIy6/5n/TwghhBBiCOK2XVCDEEKI3Rxv9PsCBAAAANB36XMB6VPvK1EaH+swPt5hfKLD+GSH8akO4wAAAEAIv3/71J3vFeuf87/R+fDSvFFp/qXtzmOUz0e43fw3Ou9Z2tq1+i9tO/+gzFsGAADAaCm+/+XVh5746OX5y+f3H287+74az3fTPKDj8drA57Gf7guYzfpFOoc+vjFPo2S9/PrATWXbe+oGdxQAAABGWDp/b4Zi7ZS70eo3GouL6+fjC2GiOHV6+eSh2E/fz/KnuYmp1eWP1ls2AAAAsA3r5/tFY3GL8//0Pb4LYbJYfPH08qkz1/qzreUTjfbrAnPry4v26wLNbPnhkuVHYj99f+cP5/asLV888aPlZ3u98wAAADAizrxy9vlnlpdP/njLB+nT7NdbZzsP0ucLtvOsEIrQm+weeOBBtw/6+EcJAADYEV9//f7ET47M/uHa5//X579Ln/8/EPvNOLffX+MK6T6B9DmATZ/Xf3pjnrmy9V7auF4zW28sxlRW93TbdkLbfIPpefNl+ZobtzNZkm8myzeb5cvnKRjP1k/59mXL8/kJ03pz2fJ8HsbxLEeR5b8vAAAAQLmll194aenMK2cfOf3CM8+dfO7ki0cOH/vesWOHHv3uo0tr9/Uvtd/dDwAAAAyi9Zt++10JAAAAAAAAAAAAAAAAAAAAjK46vk6s3/sIAAAAo+4/b4QQzgkhSuLaV2D2frvr30TZ/30Uwxt7dkENQggheh2XrzM2tgvqE0Ls2lhZyb9pHgAAAGBnXbn46on2dpNzRU/ztbYW3429GvOmdvaRv8+vRlrtwmMbr5fs7Wk1jLq6//3LP1j5P36zt/mn04Ou//41Nm7geLW8Dyz9aqE9/13jXebP9/+pavkPZvkfCN3lX/koy/90tfwPZvn3dpl/0/6/VC3/QzH/QuwfvL/b/Btf/6nYpv3Y02X+72T7/2zoNn+2/80uE2YejvkBYBQ1+l3ADklHCek4eib20/7Gw82Q3/2w3eP/Rrad8RuufON203HQHbGfjpdms7zJduufybZ3U8U6c4NyV0lZ/b16HXdaWf0TNddRVVn9kzXXUVVZ/VM111FVWf3TNddRVVn93Z6H9ltZ/YNyXbms/pma66iqrP7Zmuuoqqz+7f4/3i9l9e+ruY6qyuqfq7mOqsrqr3hZrXZl9c/XXEdVZfXfXHMdVZXVf0vNdVRVVv+tNdfRL3fHtux8OJ1/zsWx1G9m/aktfpfDem0BAAAABs2/zf8nBiWOzva/BiGE6Fns2QU1iNGO+O5P3+sQYjhiZeXqyqp+1yHE9WJlpd9XIOinnf00MwC7lb//o83rP9q8/qPN68/1pHv4i6yfjHUYH+8wPtFhfDIbz/+9TnUYvyXb7kqUxm/tMH5bh/F9Hcbv6DC+0GH8zg7jd3UYv7vDOAAAAKPh9tg6PwQAAIDh9dqvP3/ntw88fXH+8vn9x8PkpnnnD8X+VHxv/e3Yz+e9Tybie/4/jf1fxvaPsf1ntr77TwAAAGDnpe+J8f4/AAAADK/0PaXO/wEAAGB4zcfW+T8AAAAMr5tj6/wfAAAAhlgxvfXi2KbrAvfFttt5/QCA3e8bsb0ntvtje29svxnbdBxwf2y/VVN9AEDv/OIHPzv2XrE+3/+RbPxKXJ7aTc5du1JQNDbO5L8ntntj++0u68m/D6Db/Mm+LvPsVP65G8wPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyPxtrPo0cXihA++OL9J34++c7fVpfd21rjwNrPIvaaIYSJ1vPS6Hr/N3HFKxdfPdHeXo1tEQ6HIhSt5eHJC61MMyGEc+FA+DI0w6dLy5c++fDxg5+9NX37u2eff30HfwUb9g8AAACG0f8DAAD//+bVG3I=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r0, 0x0)
creat(&(0x7f0000002200)='./file1\x00', 0x50)
truncate(&(0x7f00000000c0)='./file1\x00', 0x6e3)
read(r0, &(0x7f0000001400)=""/4096, 0x1000)

928.056793ms ago: executing program 1 (id=542):
geteuid()

849.971942ms ago: executing program 1 (id=543):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}, [@NLBL_UNLABEL_A_SECCTX={0xf, 0x7, 'unconfined\x00'}]}, 0x24}, 0x2, 0x34005}, 0x0)

779.338053ms ago: executing program 2 (id=544):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NET_GET(r3, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040004)
tkill(r0, 0x5)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[], 0x14}}, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c23c000, 0x3, 0x2})
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

779.081561ms ago: executing program 1 (id=545):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f00000000c0))

706.092939ms ago: executing program 1 (id=546):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0}, 0x2020)
ioctl$sock_ax25_SIOCADDRT(r3, 0x890b, &(0x7f00000000c0)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000005000000085000000d00000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = syz_open_dev$I2C(&(0x7f0000000480), 0x0, 0x0)
ioctl$I2C_RDWR(r6, 0x707, &(0x7f0000000180)={&(0x7f0000000400)=[{0x0, 0xfff5, 0x0, 0x0}], 0x1})
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
ioctl$sock_ax25_SIOCADDRT(r7, 0x890b, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]})
ioctl$sock_ax25_SIOCADDRT(r3, 0x890b, &(0x7f0000000200)={@null, @bcast, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @default]})
r8 = dup2(r7, r4)
fallocate(r8, 0x10, 0x480000000, 0xe6e)

529.925419ms ago: executing program 0 (id=547):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0})
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

529.622201ms ago: executing program 0 (id=548):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r1 = dup(r0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4c24, @empty}}, 0x6, 0x6}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e21, @local}}, 0x3, 0x4001}, 0x90)

175.451422ms ago: executing program 0 (id=549):
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)

69.11609ms ago: executing program 0 (id=550):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01)

0s ago: executing program 0 (id=551):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x400c041}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:21741' (ED25519) to the list of known hosts.
syzkaller login: [   62.484245][ T5847] cgroup: Unknown subsys name 'net'
[   62.587816][ T5847] cgroup: Unknown subsys name 'cpuset'
[   62.591662][ T5847] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   64.288878][ T5847] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.237813][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.240175][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   72.426954][ T5878] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.431369][ T5878] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.435282][ T5878] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.440329][ T5878] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.444704][ T5878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.533241][ T5878] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.551341][ T5883] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.554726][ T5883] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.559105][ T5883] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.562619][ T5883] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   72.569541][ T5883] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   72.600412][ T5885] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.604848][ T5885] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.615415][ T5885] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.624395][ T5885] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.939835][ T5876] chnl_net:caif_netlink_parms(): no params data found
[   73.018625][ T5880] chnl_net:caif_netlink_parms(): no params data found
[   73.050087][ T5879] chnl_net:caif_netlink_parms(): no params data found
[   73.188353][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.191002][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.193619][ T5880] bridge_slave_0: entered allmulticast mode
[   73.197536][ T5880] bridge_slave_0: entered promiscuous mode
[   73.202018][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.204585][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.207927][ T5876] bridge_slave_0: entered allmulticast mode
[   73.211207][ T5876] bridge_slave_0: entered promiscuous mode
[   73.220383][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.222633][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.224804][ T5876] bridge_slave_1: entered allmulticast mode
[   73.227922][ T5876] bridge_slave_1: entered promiscuous mode
[   73.231054][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.233658][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.236752][ T5880] bridge_slave_1: entered allmulticast mode
[   73.240210][ T5880] bridge_slave_1: entered promiscuous mode
[   73.308743][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.317438][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.337234][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.340824][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.343846][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.346776][ T5879] bridge_slave_0: entered allmulticast mode
[   73.350506][ T5879] bridge_slave_0: entered promiscuous mode
[   73.357814][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.389244][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.391907][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.394609][ T5879] bridge_slave_1: entered allmulticast mode
[   73.400129][ T5879] bridge_slave_1: entered promiscuous mode
[   73.429763][ T5876] team0: Port device team_slave_0 added
[   73.456485][ T5876] team0: Port device team_slave_1 added
[   73.461057][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.466352][ T5880] team0: Port device team_slave_0 added
[   73.482797][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.496608][ T5880] team0: Port device team_slave_1 added
[   73.541737][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.544158][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.554568][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.561840][ T5879] team0: Port device team_slave_0 added
[   73.565042][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.567577][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.577589][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.582653][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.585257][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.594309][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.599614][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.602181][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.612006][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.621705][ T5879] team0: Port device team_slave_1 added
[   73.687505][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.690123][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.699571][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.709644][ T5880] hsr_slave_0: entered promiscuous mode
[   73.712559][ T5880] hsr_slave_1: entered promiscuous mode
[   73.748718][ T5876] hsr_slave_0: entered promiscuous mode
[   73.751439][ T5876] hsr_slave_1: entered promiscuous mode
[   73.754232][ T5876] debugfs: 'hsr0' already exists in 'hsr'
[   73.756617][ T5876] Cannot create hsr debugfs directory
[   73.759437][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.762040][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.771944][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.864054][ T5879] hsr_slave_0: entered promiscuous mode
[   73.866430][ T5879] hsr_slave_1: entered promiscuous mode
[   73.868895][ T5879] debugfs: 'hsr0' already exists in 'hsr'
[   73.870943][ T5879] Cannot create hsr debugfs directory
[   74.159015][ T5880] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   74.168750][ T5880] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   74.194701][ T5880] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   74.201084][ T5880] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   74.248739][ T5876] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   74.256900][ T5876] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.267761][ T5876] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.281341][ T5876] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.350710][ T5879] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   74.359898][ T5879] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   74.368763][ T5879] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   74.374769][ T5879] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   74.464021][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.492580][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.524046][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[   74.526475][ T5885] Bluetooth: hci0: command tx timeout
[   74.538196][ T5880] 8021q: adding VLAN 0 to HW filter on device team0
[   74.544176][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.546703][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.551400][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.553598][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.568237][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.570571][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.582561][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.584851][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.596496][ T5885] Bluetooth: hci1: command tx timeout
[   74.643031][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.680213][ T5879] 8021q: adding VLAN 0 to HW filter on device team0
[   74.684811][ T5885] Bluetooth: hci2: command tx timeout
[   74.709599][ T1016] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.712845][ T1016] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.734915][ T1016] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.738225][ T1016] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.889715][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.934010][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.983335][ T5876] veth0_vlan: entered promiscuous mode
[   74.997963][ T5876] veth1_vlan: entered promiscuous mode
[   75.028379][ T5879] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.048521][ T5876] veth0_macvtap: entered promiscuous mode
[   75.058210][ T5876] veth1_macvtap: entered promiscuous mode
[   75.067023][ T5880] veth0_vlan: entered promiscuous mode
[   75.079912][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.083739][ T5880] veth1_vlan: entered promiscuous mode
[   75.099615][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.116541][ T5905] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.128424][ T5905] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.137253][ T5905] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.146984][ T5905] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.160504][ T5879] veth0_vlan: entered promiscuous mode
[   75.170812][ T5880] veth0_macvtap: entered promiscuous mode
[   75.182148][ T5879] veth1_vlan: entered promiscuous mode
[   75.193366][ T5880] veth1_macvtap: entered promiscuous mode
[   75.240216][ T3563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.247565][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.250540][ T3563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.271403][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.294514][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.304414][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.309515][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.314794][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.325883][ T3563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.333144][ T3563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.358575][ T5879] veth0_macvtap: entered promiscuous mode
[   75.364984][ T5879] veth1_macvtap: entered promiscuous mode
[   75.384393][ T5876] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   75.392911][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.433181][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.479988][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.488428][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.491376][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.506370][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.538203][ T5941] bond_slave_0: entered promiscuous mode
[   75.540558][ T5941] bond_slave_1: entered promiscuous mode
[   75.543457][ T5940] bond_slave_0: left promiscuous mode
[   75.545924][ T5940] bond_slave_1: left promiscuous mode
[   75.549381][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.578984][ T5905] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.604214][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.616106][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.659562][ T3552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.662800][ T3552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.712604][ T3563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.717328][ T3563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.461363][ T5964] loop2: detected capacity change from 0 to 1024
[   76.596833][ T5885] Bluetooth: hci0: command tx timeout
[   76.675486][ T5885] Bluetooth: hci1: command tx timeout
[   76.755951][ T5885] Bluetooth: hci2: command tx timeout
[   77.439193][ T5981] netlink: 'syz.2.30': attribute type 21 has an invalid length.
[   77.441996][ T5981] netlink: 132 bytes leftover after parsing attributes in process `syz.2.30'.
[   77.462205][ T5985] loop1: detected capacity change from 0 to 256
[   77.552910][ T5991] loop2: detected capacity change from 0 to 512
[   77.557784][ T5985] FAT-fs (loop1): Directory bread(block 64) failed
[   77.560227][ T5985] FAT-fs (loop1): Directory bread(block 65) failed
[   77.562688][ T5985] FAT-fs (loop1): Directory bread(block 66) failed
[   77.576070][ T5991] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.584882][ T5985] FAT-fs (loop1): Directory bread(block 67) failed
[   77.589813][ T5985] FAT-fs (loop1): Directory bread(block 68) failed
[   77.591974][ T5985] FAT-fs (loop1): Directory bread(block 69) failed
[   77.594291][ T5985] FAT-fs (loop1): Directory bread(block 70) failed
[   77.607041][ T5985] FAT-fs (loop1): Directory bread(block 71) failed
[   77.614252][ T5985] FAT-fs (loop1): Directory bread(block 72) failed
[   77.618589][ T5985] FAT-fs (loop1): Directory bread(block 73) failed
[   77.690164][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.691698][ T5997] loop0: detected capacity change from 0 to 64
[   77.911934][ T6005] loop2: detected capacity change from 0 to 2048
[   77.938584][ T6009] loop0: detected capacity change from 0 to 1024
[   77.941025][ T6009] =======================================================
[   77.941025][ T6009] WARNING: The mand mount option has been deprecated and
[   77.941025][ T6009]          and is ignored by this kernel. Remove the mand
[   77.941025][ T6009]          option from the mount to silence this warning.
[   77.941025][ T6009] =======================================================
[   77.952350][ T6005] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   77.978671][ T6009] hfsplus: invalid extended attribute record
[   78.008367][ T3022] hfsplus: b-tree write err: -5, ino 4
[   78.020028][   T33] audit: type=1800 audit(1757665912.873:2): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.40" name="file1" dev="loop2" ino=1335 res=0 errno=0
[   78.104667][ T6015] loop1: detected capacity change from 0 to 128
[   78.113965][ T6015] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   78.127120][ T6015] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   78.201570][ T1090] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   78.238975][ T6020] netlink: 8 bytes leftover after parsing attributes in process `syz.1.47'.
[   78.246882][ T6022] loop2: detected capacity change from 0 to 16
[   78.262236][ T6022] erofs (device loop2): mounted with root inode @ nid 36.
[   78.266018][ T6020] team_slave_0: entered promiscuous mode
[   78.268420][ T6020] team_slave_1: entered promiscuous mode
[   78.271352][ T6020] macsec1: entered promiscuous mode
[   78.273603][ T6020] team0: entered promiscuous mode
[   78.285452][   T33] audit: type=1800 audit(1757665913.143:3): pid=6022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.48" name="file1" dev="loop2" ino=86 res=0 errno=0
[   78.363658][ T6026] binder: 6025:6026 ioctl c0306201 200000000780 returned -11
[   78.451026][ T6032] netlink: 28 bytes leftover after parsing attributes in process `syz.1.53'.
[   78.454317][ T6032] netlink: 32 bytes leftover after parsing attributes in process `syz.1.53'.
[   78.458520][ T6032] Zero length message leads to an empty skb
[   78.466414][ T6031] loop2: detected capacity change from 0 to 4096
[   78.508409][ T6031] NILFS (loop2): invalid segment: Checksum error in segment payload
[   78.511279][ T6031] NILFS (loop2): trying rollback from an earlier position
[   78.533797][ T6031] NILFS (loop2): recovery complete
[   78.541166][ T6035] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   78.678568][ T5885] Bluetooth: hci0: command tx timeout
[   78.758510][ T5885] Bluetooth: hci1: command tx timeout
[   78.835989][ T5885] Bluetooth: hci2: command tx timeout
[   79.146893][ T6054] qrtr: Invalid version 0
[   79.217622][ T6060] netlink: 8 bytes leftover after parsing attributes in process `syz.1.65'.
[   79.221018][ T6060] netlink: 'syz.1.65': attribute type 30 has an invalid length.
[   79.231951][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   79.237600][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   79.240316][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   79.245438][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   79.329027][ T6066] loop2: detected capacity change from 0 to 256
[   79.331686][ T6066] exfat: Deprecated parameter 'namecase'
[   79.333342][ T6066] exfat: Deprecated parameter 'utf8'
[   79.341495][ T6066] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d)
[   79.364627][ T6068] loop1: detected capacity change from 0 to 256
[   79.379539][ T6068] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[   79.513199][ T6072] netlink: 'syz.1.70': attribute type 1 has an invalid length.
[   79.713445][ T6078] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[   79.716167][ T6078] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   79.729124][ T6078] vhci_hcd vhci_hcd.0: Device attached
[   79.792289][ T6080] vhci_hcd: connection closed
[   79.803863][   T13] vhci_hcd: stop threads
[   79.819011][   T13] vhci_hcd: release socket
[   79.826834][   T13] vhci_hcd: disconnect device
[   80.146544][ T6088] loop0: detected capacity change from 0 to 4096
[   80.179909][ T6089] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   80.229524][   T33] audit: type=1800 audit(1757665915.083:4): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.76" name="file1" dev="loop0" ino=15 res=0 errno=0
[   80.755523][ T5885] Bluetooth: hci0: command tx timeout
[   80.836787][ T5885] Bluetooth: hci1: command tx timeout
[   80.915643][ T5885] Bluetooth: hci2: command tx timeout
[   81.335707][ T5937] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   81.477732][   T51] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   81.495558][ T5937] usb 2-1: Using ep0 maxpacket: 32
[   81.507731][ T5937] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[   81.511827][ T5937] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.514917][ T5937] usb 2-1: Product: syz
[   81.518295][ T5937] usb 2-1: Manufacturer: syz
[   81.520892][ T5937] usb 2-1: SerialNumber: syz
[   81.530454][ T5937] usb 2-1: config 0 descriptor??
[   81.542506][ T5937] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[   81.640488][   T51] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[   81.644229][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.647990][   T51] usb 3-1: Product: syz
[   81.649754][   T51] usb 3-1: Manufacturer: syz
[   81.653299][   T51] usb 3-1: SerialNumber: syz
[   81.658654][   T51] usb 3-1: config 0 descriptor??
[   81.666964][   T51] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 002
[   82.072281][   T51]  (null): failure reading functionality
[   82.077895][   T51] i2c i2c-2: failure reading functionality
[   82.082728][   T51] i2c i2c-2: connected i2c-tiny-usb device
[   82.088338][   T51] usb 3-1: USB disconnect, device number 2
[   82.300470][ T6122] loop0: detected capacity change from 0 to 128
[   82.322066][ T6122] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   82.331458][ T6122] hpfs: filesystem error: improperly stopped
[   82.333944][ T6122] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[   82.339297][ T6122] hpfs: You really don't want any checks? You are crazy...
[   82.342637][ T6122] hpfs: hpfs_map_sector(): read error
[   82.344961][ T6122] hpfs: code page support is disabled
[   82.348144][ T5937] gspca_ov534_9: reg_w failed -71
[   82.349523][ T6122] hpfs: hpfs_map_4sectors(): unaligned read
[   82.356105][ T6122] hpfs: hpfs_map_4sectors(): unaligned read
[   82.358128][ T6122] hpfs: filesystem error: unable to find root dir
[   82.529304][ T6126] loop0: detected capacity change from 0 to 128
[   82.550112][ T6126] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   82.555989][ T6126] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   82.621930][ T5876] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   82.637885][ T5937] gspca_ov534_9: Unknown sensor 0000
[   82.638031][ T5937] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[   82.658721][ T5937] usb 2-1: USB disconnect, device number 2
[   82.732382][ T6134] loop2: detected capacity change from 0 to 512
[   82.745461][ T6134] EXT4-fs (loop2): Test dummy encryption mode enabled
[   82.767761][ T6134] EXT4-fs error (device loop2): __ext4_iget:5464: inode #11: block 1: comm syz.2.94: invalid block
[   82.778634][ T6134] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.94: couldn't read orphan inode 11 (err -117)
[   82.786675][ T6134] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.814079][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.862283][ T6139] netlink: 12 bytes leftover after parsing attributes in process `syz.0.97'.
[   82.953855][ T6145] loop2: detected capacity change from 0 to 512
[   82.992687][ T6145] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.011481][ T6145] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.067921][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.245340][  T125] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   83.485255][  T125] usb 1-1: Using ep0 maxpacket: 8
[   83.489621][  T125] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   83.498194][  T125] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[   83.502007][  T125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.505963][  T125] usb 1-1: Product: syz
[   83.507619][  T125] usb 1-1: Manufacturer: syz
[   83.509408][  T125] usb 1-1: SerialNumber: syz
[   83.513784][  T125] usb 1-1: config 0 descriptor??
[   83.525767][  T125] streamzap 1-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[   83.733404][   T51] usb 1-1: USB disconnect, device number 2
[   84.007088][ T6159] overlayfs: statfs failed on './file0'
[   84.946000][ T5944] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   85.166542][ T5944] usb 2-1: config 0 has an invalid interface number: 17 but max is 0
[   85.169787][ T5944] usb 2-1: config 0 has no interface number 0
[   85.171757][ T5944] usb 2-1: config 0 interface 17 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64
[   85.185343][ T5944] usb 2-1: config 0 interface 17 has no altsetting 0
[   85.187506][ T5944] usb 2-1: New USB device found, idVendor=0bb4, idProduct=0a21, bcdDevice=e2.be
[   85.190614][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.205991][ T5944] usb 2-1: config 0 descriptor??
[   85.209406][ T6182] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   85.225583][ T6195] loop2: detected capacity change from 0 to 512
[   85.279307][ T6195] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.284189][ T6195] ext4 filesystem being mounted at /36/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.378413][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.428947][ T5882] usb 2-1: USB disconnect, device number 3
[   85.437708][ T6199] loop2: detected capacity change from 0 to 65
[   85.449231][ T6199] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway
[   85.670952][ T6206] loop2: detected capacity change from 0 to 256
[   85.682167][ T6206] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[   85.696274][ T6206] exFAT-fs (loop2): error, data size is invalid(10)
[   85.703993][ T6206] exFAT-fs (loop2): Filesystem has been set read-only
[   86.401891][ T6228] loop1: detected capacity change from 0 to 4096
[   86.419293][ T6228] EXT4-fs (loop1): Test dummy encryption mode enabled
[   86.445630][ T6228] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   86.476122][ T6228] System zones: 0-5
[   86.483924][ T6228] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.592264][ T6234] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   86.592264][ T6234]    program syz.0.129 not setting count and/or reply_len properly
[   86.658490][ T1278] cfg80211: failed to load regulatory.db
[   86.895906][ T6228] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[   86.917112][ T6237] loop2: detected capacity change from 0 to 128
[   86.923311][ T6237] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   86.932499][ T6237] hpfs: filesystem error: improperly stopped
[   86.935050][ T6237] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[   86.940618][ T6237] hpfs: You really don't want any checks? You are crazy...
[   86.950230][ T5880] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.954408][ T6237] hpfs: hpfs_map_sector(): read error
[   86.961893][ T6237] hpfs: code page support is disabled
[   86.964345][ T6237] hpfs: hpfs_map_4sectors(): unaligned read
[   86.973200][ T6237] hpfs: hpfs_map_4sectors(): unaligned read
[   86.983092][ T6237] hpfs: filesystem error: unable to find root dir
[   87.292268][ T6251] netlink: 176 bytes leftover after parsing attributes in process `syz.0.139'.
[   87.562191][ T6269] netlink: 256 bytes leftover after parsing attributes in process `syz.2.146'.
[   88.285513][  T125] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   88.380110][ T6284] loop1: detected capacity change from 0 to 1024
[   88.387160][ T6284] EXT4-fs (loop1): filesystem is read-only
[   88.438598][ T5885] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   88.441951][ T5885] Bluetooth: hci0: Injecting HCI hardware error event
[   88.447780][ T5885] Bluetooth: hci0: hardware error 0x00
[   88.565295][  T125] usb 3-1: Using ep0 maxpacket: 8
[   88.569408][  T125] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   88.573929][  T125] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   88.584146][  T125] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   88.588605][  T125] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   88.593610][  T125] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   88.597644][  T125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.782994][ T6297] process 'syz.0.155' launched '/dev/fd/3' with NULL argv: empty string added
[   88.814132][   T33] audit: type=1326 audit(1757665923.663:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.1.156" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd37a98eba9 code=0x0
[   88.828654][  T125] usb 3-1: GET_CAPABILITIES returned 0
[   88.831036][  T125] usbtmc 3-1:16.0: can't read capabilities
[   89.098051][ T5882] usb 3-1: USB disconnect, device number 3
[   89.924368][ T6311] loop0: detected capacity change from 0 to 512
[   89.925472][ T5944] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   89.948793][ T6311] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   89.983847][ T5876] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.995276][  T125] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   90.038368][ T6314] mmap: syz.0.162 (6314) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   90.075201][ T5944] usb 2-1: Using ep0 maxpacket: 16
[   90.081766][ T5944] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   90.087833][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   90.094923][ T5944] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   90.098983][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.102818][ T5944] usb 2-1: Product: syz
[   90.104481][ T5944] usb 2-1: Manufacturer: syz
[   90.107467][ T5944] usb 2-1: SerialNumber: syz
[   90.112629][ T5944] usb 2-1: config 0 descriptor??
[   90.121826][ T5944] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   90.125706][ T5944] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[   90.157049][  T125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.160821][  T125] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[   90.175163][  T125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.181649][  T125] usb 3-1: config 0 descriptor??
[   90.448786][ T6328] loop0: detected capacity change from 0 to 256
[   90.517515][ T5885] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[   90.542590][ T6330] netlink: 248 bytes leftover after parsing attributes in process `syz.0.170'.
[   90.603047][  T125] lenovo 0003:17EF:6047.0001: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[   90.727227][ T5944] em28xx 2-1:0.0: chip ID is em2710
[   90.934432][ T5944] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[   90.939700][ T5944] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[   90.942733][ T5944] em28xx 2-1:0.0: No AC97 audio processor
[   90.955816][ T5944] usb 2-1: USB disconnect, device number 4
[   90.960750][ T5944] em28xx 2-1:0.0: Disconnecting em28xx
[   90.970643][ T5944] em28xx 2-1:0.0: Freeing device
[   91.301141][ T6344] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.477642][ T6350] loop0: detected capacity change from 0 to 64
[   91.502744][ T6350] syz.0.180: attempt to access beyond end of device
[   91.502744][ T6350] loop0: rw=2049, sector=268435468, nr_sectors = 2 limit=64
[   91.598113][  T125] usb 3-1: USB disconnect, device number 4
[   91.805199][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   91.963277][    T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   91.967053][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.970256][    T9] usb 2-1: Product: syz
[   91.971823][    T9] usb 2-1: Manufacturer: syz
[   91.973674][    T9] usb 2-1: SerialNumber: syz
[   91.999403][    T9] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   92.048377][ T6367] loop0: detected capacity change from 0 to 136
[   92.050959][  T125] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   92.537000][    T9] usb 2-1: USB disconnect, device number 5
[   92.558786][ T6386] netlink: 'syz.0.196': attribute type 3 has an invalid length.
[   92.561688][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.196'.
[   92.565362][ T6386] netlink: 'syz.0.196': attribute type 1 has an invalid length.
[   92.649726][ T6390] binder: 6389:6390 ioctl c0306201 2000000003c0 returned -14
[   92.659227][ T6392] loop2: detected capacity change from 0 to 2048
[   92.679714][ T6116]  loop2: p1 < > p3 p4 < >
[   92.690676][ T6116] loop2: p3 start 4284289 is beyond EOD, truncated
[   92.711441][ T6392]  loop2: p1 < > p3 p4 < >
[   92.716541][ T6392] loop2: p3 start 4284289 is beyond EOD, truncated
[   92.783780][ T6116] udevd[6116]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   92.798397][ T5859] udevd[5859]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   92.813417][ T6399] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   92.817271][ T6116] udevd[6116]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   92.824819][ T5859] udevd[5859]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   92.994533][ T6404] loop2: detected capacity change from 0 to 512
[   93.009493][ T6404] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   93.076613][  T125] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[   93.095510][  T125] ath9k_htc: Failed to initialize the device
[   93.100449][ T6404] FAT-fs (loop2): FAT read failed (blocknr 1568)
[   93.102003][    T9] usb 2-1: ath9k_htc: USB layer deinitialized
[   93.622376][    T9] libceph: connect (1)[c::]:6789 error -101
[   93.654126][    T9] libceph: mon0 (1)[c::]:6789 connect error
[   93.695356][    T9] libceph: connect (1)[c::]:6789 error -101
[   93.698036][    T9] libceph: mon0 (1)[c::]:6789 connect error
[   93.976689][    T9] libceph: connect (1)[c::]:6789 error -101
[   93.978897][    T9] libceph: mon0 (1)[c::]:6789 connect error
[   94.104707][ T6422] netlink: 16 bytes leftover after parsing attributes in process `syz.2.212'.
[   94.371629][ T6416] ceph: No mds server is up or the cluster is laggy
[   94.548332][ T6433] loop1: detected capacity change from 0 to 8
[   94.809942][ T6443] loop1: detected capacity change from 0 to 128
[   94.824219][ T6443] EXT4-fs: inline encryption not supported
[   94.834648][ T6443] EXT4-fs: Mount option(s) incompatible with ext2
[   95.353373][ T6445] loop0: detected capacity change from 0 to 8192
[   95.356900][ T6445] msdos: Unknown parameter ''
[   96.280540][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.222'.
[   97.292504][ T6458] loop1: detected capacity change from 0 to 1024
[   97.300762][ T6458] EXT4-fs (loop1): Can't support bigalloc feature without extents feature
[   97.300762][ T6458] 
[   97.326493][ T6458] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
[   97.382548][ T6460] loop2: detected capacity change from 0 to 256
[   97.387156][ T6460] exfat: Deprecated parameter 'utf8'
[   97.389106][ T6460] exfat: Deprecated parameter 'utf8'
[   97.390947][ T6460] exfat: Deprecated parameter 'utf8'
[   97.392661][ T6460] exfat: Deprecated parameter 'utf8'
[   97.400575][ T6460] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d)
[   97.428609][ T6464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'.
[   97.573588][ T6470] loop2: detected capacity change from 0 to 2048
[   97.582867][ T6470] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   98.045983][ T5944] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[   98.196882][ T5944] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   98.200956][ T5944] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[   98.207139][ T5944] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[   98.211261][ T5944] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[   98.214869][ T5944] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   98.222118][ T5944] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[   98.227462][ T5944] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[   98.230581][ T5944] usb 1-1: Product: syz
[   98.232208][ T5944] usb 1-1: Manufacturer: syz
[   98.233959][ T5944] usb 1-1: SerialNumber: syz
[   98.246027][ T5944] usb 1-1: config 0 descriptor??
[   98.246833][ T5937] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[   98.332478][ T6493] loop1: detected capacity change from 0 to 64
[   98.460689][ T5944] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[   98.462771][ T5944] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[   98.587404][ T5937] usb 3-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a
[   98.590798][ T5937] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.596706][ T5937] usb 3-1: config 0 descriptor??
[   98.602306][ T5937] pwc: Logitech QuickCam Notebook Pro USB webcam detected.
[   98.669525][ T5944] radio-si470x 1-1:0.0: software version 129, hardware version 102
[   98.672951][ T5944] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[   98.803630][ T5937] pwc: Failed to set LED on/off time (-71)
[   98.808964][ T5937] pwc: send_video_command error -71
[   98.810826][ T5937] pwc: Failed to set video mode VGA@30 fps; return code = -71
[   98.813776][ T5937] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[   98.819939][ T5937] usb 3-1: USB disconnect, device number 5
[   98.872039][ T5944] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[   98.876474][ T5944] radio-si470x 1-1:0.0: submitting int urb failed (-90)
[   98.879578][ T5944] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[   98.882600][ T5944] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22
[   98.890353][ T5944] usb 1-1: USB disconnect, device number 3
[   99.416115][ T6501] loop2: detected capacity change from 0 to 256
[   99.453434][ T6501] exFAT-fs (loop2): failed to load upcase table (idx : 0x00002e7f, chksum : 0x03279930, utbl_chksum : 0xe619d30d)
[   99.632871][ T6517] netlink: 'syz.1.252': attribute type 5 has an invalid length.
[   99.637961][ T6517] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.252'.
[   99.919501][ T6535] loop0: detected capacity change from 0 to 128
[   99.941131][ T6535] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   99.953838][ T6535] ext4 filesystem being mounted at /98/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  100.046334][ T5876] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  100.140983][ T6551] netlink: 76 bytes leftover after parsing attributes in process `syz.1.266'.
[  100.434935][ T6570] loop1: detected capacity change from 0 to 512
[  100.438935][ T6570] EXT4-fs: Ignoring removed i_version option
[  100.442041][ T6570] EXT4-fs (loop1): Test dummy encryption mode enabled
[  100.450331][ T6570] EXT4-fs error (device loop1): __ext4_iget:5464: inode #11: block 1: comm syz.1.274: invalid block
[  100.455830][ T6570] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.274: couldn't read orphan inode 11 (err -117)
[  100.461332][ T6570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.496397][ T6574] loop2: detected capacity change from 0 to 256
[  100.503576][ T5880] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.505622][ T6574] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  100.895321][  T125] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  101.057343][  T125] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  101.060889][  T125] usb 3-1: config 179 has no interface number 0
[  101.064241][  T125] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  101.071984][  T125] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  101.076343][  T125] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  101.086292][  T125] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8
[  101.097615][  T125] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  101.113305][  T125] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  101.121943][  T125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.154554][ T6581] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  101.161857][  T125] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  101.176829][  T125] xpad 3-1:179.65: probe with driver xpad failed with error -90
[  101.381132][  T125] usb 3-1: USB disconnect, device number 6
[  101.505227][ T5944] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  101.655718][ T5944] usb 1-1: Using ep0 maxpacket: 8
[  101.659734][ T5944] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  101.662792][ T5944] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  101.666276][ T5944] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  101.669305][ T5944] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  101.673089][ T5944] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  101.678610][ T5944] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  101.681685][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.898678][ T5944] usb 1-1: usb_control_msg returned -32
[  101.901359][ T5944] usbtmc 1-1:16.0: can't read capabilities
[  102.260393][ T6615] usbtmc 1-1:16.0: stb usb_control_msg returned -32
[  102.264871][    T9] usb 1-1: USB disconnect, device number 4
[  102.328795][ T6617] capability: warning: `syz.2.293' uses deprecated v2 capabilities in a way that may be insecure
[  102.373542][ T6619] loop2: detected capacity change from 0 to 512
[  102.379269][ T6619] EXT4-fs: Ignoring removed i_version option
[  102.381711][ T6619] EXT4-fs: Ignoring removed bh option
[  102.409189][ T6619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.414056][ T6619] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  102.425503][   T33] audit: type=1800 audit(1757665937.283:6): pid=6619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.294" name="bus" dev="loop2" ino=18 res=0 errno=0
[  102.450732][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.522631][ T6626] evm: overlay not supported
[  102.547399][ T6626] overlayfs: failed to get index nlink (file0/file1, err=-61)
[  102.622681][ T6632] loop1: detected capacity change from 0 to 128
[  102.640358][ T6632] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  102.651610][ T6632] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  102.690345][   T33] audit: type=1804 audit(1757665937.543:7): pid=6632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.299" name="/newroot/86/file0/file1" dev="loop1" ino=104 res=1 errno=0
[  103.533742][ T6663] loop2: detected capacity change from 0 to 2048
[  103.541625][ T6663] hpfs: hpfs_map_sector(): read error
[  103.656900][ T6668] loop0: detected capacity change from 0 to 4096
[  103.759927][ T6668] ntfs3(loop0): ino=5, "/" mi_enum_attr
[  103.928082][ T6671] netlink: 'syz.2.313': attribute type 1 has an invalid length.
[  103.931252][ T6671] netlink: 244 bytes leftover after parsing attributes in process `syz.2.313'.
[  104.229346][ T6678] loop0: detected capacity change from 0 to 128
[  104.242489][   T33] audit: type=1800 audit(1757665939.093:8): pid=6678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.317" name="file2" dev="loop0" ino=1048636 res=0 errno=0
[  104.251398][ T6678] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  104.254359][ T6678] FAT-fs (loop0): Filesystem has been set read-only
[  104.262491][ T6678] syz.0.317: attempt to access beyond end of device
[  104.262491][ T6678] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  104.268146][ T6678] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  104.275309][ T6678] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  104.286484][ T6678] syz.0.317: attempt to access beyond end of device
[  104.286484][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.291186][ T6678] syz.0.317: attempt to access beyond end of device
[  104.291186][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.298013][ T6678] syz.0.317: attempt to access beyond end of device
[  104.298013][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.307564][ T6678] syz.0.317: attempt to access beyond end of device
[  104.307564][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.312712][ T6678] syz.0.317: attempt to access beyond end of device
[  104.312712][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.320660][ T6684] netlink: 'syz.2.321': attribute type 21 has an invalid length.
[  104.322052][ T6678] syz.0.317: attempt to access beyond end of device
[  104.322052][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.323908][ T6684] IPv6: NLM_F_CREATE should be specified when creating new route
[  104.331201][ T6678] syz.0.317: attempt to access beyond end of device
[  104.331201][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.332405][ T6684] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  104.337373][ T6678] syz.0.317: attempt to access beyond end of device
[  104.337373][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.339337][ T6684] IPv6: NLM_F_CREATE should be set when creating new route
[  104.339369][ T6684] IPv6: NLM_F_CREATE should be set when creating new route
[  104.339381][ T6684] IPv6: NLM_F_CREATE should be set when creating new route
[  104.344485][ T6678] syz.0.317: attempt to access beyond end of device
[  104.344485][ T6678] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  104.364582][ T6685] Buffer I/O error on dev loop0, logical block 2065, async page read
[  104.368675][ T6685] Buffer I/O error on dev loop0, logical block 2066, async page read
[  104.371720][ T6685] Buffer I/O error on dev loop0, logical block 2067, async page read
[  104.374847][ T6685] Buffer I/O error on dev loop0, logical block 2068, async page read
[  104.378675][ T6685] Buffer I/O error on dev loop0, logical block 2069, async page read
[  104.381834][ T6685] Buffer I/O error on dev loop0, logical block 2070, async page read
[  104.386414][ T6685] Buffer I/O error on dev loop0, logical block 2071, async page read
[  104.402715][ T6685] Buffer I/O error on dev loop0, logical block 2072, async page read
[  104.407218][ T6685] Buffer I/O error on dev loop0, logical block 2065, async page read
[  104.411124][ T6685] Buffer I/O error on dev loop0, logical block 2066, async page read
[  104.433315][ T6687] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.322' sets config #-1
[  104.495235][ T5885] Bluetooth: Unexpected continuation frame (len 16)
[  104.641353][ T6696] 9pnet_fd: Insufficient options for proto=fd
[  104.768919][ T6700] netlink: 84 bytes leftover after parsing attributes in process `syz.1.328'.
[  104.800723][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.1.329'.
[  105.380057][ T6718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.336'.
[  105.383868][ T6718] netlink: 660 bytes leftover after parsing attributes in process `syz.1.336'.
[  105.985881][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  106.165821][    T9] usb 2-1: Using ep0 maxpacket: 16
[  106.187357][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.211076][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.239716][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  106.252538][    T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  106.259068][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.273247][    T9] usb 2-1: config 0 descriptor??
[  106.401765][ T6740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.346'.
[  106.407796][ T6740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.346'.
[  106.783012][    T9] HID 045e:07da: Invalid code 65791 type 1
[  106.809378][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0002/input/input4
[  106.810016][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.348'.
[  106.868533][    T9] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  107.011512][ T1278] usb 2-1: USB disconnect, device number 6
[  108.010780][ T6769] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  108.105311][   T51] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  108.265344][   T51] usb 2-1: Using ep0 maxpacket: 32
[  108.275193][   T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.280073][   T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.283885][   T51] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  108.289610][   T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.310843][   T51] usb 2-1: config 0 descriptor??
[  108.337827][   T51] hub 2-1:0.0: USB hub found
[  108.528470][   T51] hub 2-1:0.0: 1 port detected
[  108.734054][   T51] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  108.737287][   T51] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  108.754630][   T51] usbhid 2-1:0.0: can't add hid device: -71
[  108.757444][   T51] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  108.791152][   T51] usb 2-1: USB disconnect, device number 7
[  109.334554][ T6781] loop2: detected capacity change from 0 to 2048
[  109.338390][ T5937] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  109.354691][ T6781] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  109.359438][ T6781] NILFS (loop2): mounting unchecked fs
[  109.369165][ T6116] udevd[6116]: incorrect nilfs2 checksum on /dev/loop2
[  109.391393][ T6781] NILFS (loop2): recovery complete
[  109.401202][ T6784] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  109.485291][ T5937] usb 1-1: Using ep0 maxpacket: 32
[  109.491025][ T5937] usb 1-1: config 64 has an invalid interface number: 110 but max is 0
[  109.497337][ T5937] usb 1-1: config 64 has no interface number 0
[  109.499829][ T5937] usb 1-1: config 64 interface 110 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  109.507788][ T5937] usb 1-1: config 64 interface 110 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  109.512763][ T5937] usb 1-1: config 64 interface 110 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  109.522854][ T5937] usb 1-1: config 64 interface 110 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  109.531370][ T5937] usb 1-1: config 64 interface 110 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  109.542419][ T5937] usb 1-1: config 64 interface 110 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  109.550027][ T5937] usb 1-1: config 64 interface 110 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  109.579776][ T5937] usb 1-1: New USB device found, idVendor=04fc, idProduct=0231, bcdDevice=6f.a9
[  109.583516][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.591118][ T5937] usb 1-1: Product: syz
[  109.593211][ T5937] usb 1-1: Manufacturer: syz
[  109.596249][ T5937] usb 1-1: SerialNumber: syz
[  109.602858][ T6778] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  109.611870][ T5937] spcp8x5 1-1:64.110: SPCP8x5 converter detected
[  109.626929][ T5937] usb 1-1: SPCP8x5 converter now attached to ttyUSB0
[  109.777144][ T6802] netlink: 20 bytes leftover after parsing attributes in process `syz.2.370'.
[  109.780376][ T6802] netlink: 140 bytes leftover after parsing attributes in process `syz.2.370'.
[  109.816780][ T5937] usb 1-1: USB disconnect, device number 5
[  109.836823][ T5937] SPCP8x5 ttyUSB0: SPCP8x5 converter now disconnected from ttyUSB0
[  109.839590][ T5937] spcp8x5 1-1:64.110: device disconnected
[  109.845019][ T6806] loop6: detected capacity change from 0 to 2560
[  109.851311][ T6806] buffer_io_error: 7318 callbacks suppressed
[  109.851319][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.868492][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.871479][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.886130][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.889315][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.892432][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.905868][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.913150][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.919228][ T6806] ldm_validate_partition_table(): Disk read failed.
[  109.921727][ T6810] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2
[  109.921741][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.930525][ T6810] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2
[  109.930607][ T6812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.373'.
[  109.945651][ T6806] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.951650][ T6806] Dev loop6: unable to read RDB block 0
[  109.954347][ T6806]  loop6: unable to read partition table
[  109.958141][ T6810] I/O error, dev loop6, sector 1008 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2
[  109.962813][ T6810] I/O error, dev loop6, sector 1008 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2
[  109.964172][ T6806] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  109.973268][ T6810] I/O error, dev loop6, sector 2016 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 2
[  109.980598][ T6810] I/O error, dev loop6, sector 2016 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 2
[  109.984534][ T6810] I/O error, dev loop6, sector 2032 op 0x1:(WRITE) flags 0x8800 phys_seg 67 prio class 2
[  109.990548][ T6810] I/O error, dev loop6, sector 2032 op 0x1:(WRITE) flags 0x8800 phys_seg 67 prio class 2
[  110.097456][ T6820] block device autoloading is deprecated and will be removed.
[  110.371318][ T6833] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  111.776756][ T6847] loop1: detected capacity change from 0 to 16
[  111.792075][ T6847] erofs (device loop1): mounted with root inode @ nid 36.
[  112.121676][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.2.390'.
[  112.132626][   T33] audit: type=1326 audit(1757665946.983:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.1.391" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd37a98eba9 code=0x7ffc0000
[  112.144407][   T33] audit: type=1326 audit(1757665947.003:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.1.391" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd37a98eba9 code=0x7ffc0000
[  112.166558][   T33] audit: type=1326 audit(1757665947.003:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.1.391" exe="/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fd37a98eba9 code=0x7ffc0000
[  112.190870][   T33] audit: type=1326 audit(1757665947.003:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.1.391" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd37a98eba9 code=0x7ffc0000
[  112.208660][   T33] audit: type=1326 audit(1757665947.003:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.1.391" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd37a98eba9 code=0x7ffc0000
[  112.227925][ T6863] loop1: detected capacity change from 0 to 512
[  112.293122][ T6863] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  112.301212][ T6867] tmpfs: Bad value for 'mpol'
[  113.066630][ T6879] loop0: detected capacity change from 0 to 128
[  113.088404][ T6879] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  113.109117][ T6883] capability: warning: `syz.1.400' uses 32-bit capabilities (legacy support in use)
[  113.113108][ T6879] ext4 filesystem being mounted at /127/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  113.148646][ T5876] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  113.914898][ T6905] loop1: detected capacity change from 0 to 1024
[  113.918971][ T6905] EXT4-fs: Ignoring removed nomblk_io_submit option
[  113.931383][ T6905] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  113.935368][ T6905] System zones: 0-1, 3-36
[  113.945041][ T6905] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.049891][ T5880] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.879427][ T6920] kernel profiling enabled (shift: 7)
[  115.164819][ T6926] loop0: detected capacity change from 0 to 4096
[  115.183302][ T6928] netlink: 'syz.1.416': attribute type 14 has an invalid length.
[  115.240597][ T6929] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  115.614895][ T6935] loop1: detected capacity change from 0 to 2048
[  115.632865][ T6935] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  116.105448][ T5937] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  116.283491][ T5937] usb 1-1: config 1 has an invalid interface number: 2 but max is 1
[  116.287336][ T5937] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  116.291377][ T5937] usb 1-1: config 1 has no interface number 0
[  116.300495][ T5937] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  116.304433][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.309502][ T5937] usb 1-1: Product: syz
[  116.311241][ T5937] usb 1-1: Manufacturer: syz
[  116.313339][ T5937] usb 1-1: SerialNumber: syz
[  116.330229][ T5937] usb 1-1: selecting invalid altsetting 1
[  116.572293][ T5937] cdc_ncm 1-1:1.2: bind() failure
[  116.592109][ T5937] cdc_ncm 1-1:1.1: skipping garbage
[  116.594687][ T5937] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  116.597657][ T5937] cdc_ncm 1-1:1.1: bind() failure
[  116.613671][ T5937] usb 1-1: USB disconnect, device number 6
[  117.374755][ T6976] loop0: detected capacity change from 0 to 512
[  117.472502][ T6976] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -13
[  117.479758][ T6976] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #13: comm syz.0.436: iget: bad i_size value: 12154757448730
[  117.487666][ T6976] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.436: couldn't read orphan inode 13 (err -117)
[  117.651580][ T6976] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.809200][ T6976] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  117.938347][ T5876] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.762836][ T6988] loop0: detected capacity change from 0 to 32768
[  119.818769][ T6988] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  119.940977][ T6988] XFS (loop0): Ending clean mount
[  119.954669][ T6988] XFS (loop0): Quotacheck needed: Please wait.
[  120.004277][ T6988] XFS (loop0): Quotacheck: Done.
[  120.084431][ T5876] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  120.548504][ T7035] random: crng reseeded on system resumption
[  120.626099][ T2333] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  120.787069][ T2333] usb 3-1: Using ep0 maxpacket: 8
[  121.151922][ T2333] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  121.155423][ T2333] usb 3-1: config 0 has no interface number 0
[  121.157966][ T2333] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  121.162256][ T2333] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 17056, setting to 1024
[  121.170771][ T2333] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  121.175699][ T2333] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  121.181044][ T2333] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  121.187151][ T2333] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  121.190916][ T2333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.196931][ T2333] usb 3-1: config 0 descriptor??
[  121.217076][ T2333] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  121.361153][ T7047] loop1: detected capacity change from 0 to 32768
[  121.370950][ T7047] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.455 (7047)
[  121.392464][ T7047] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  121.397390][ T7047] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  121.478505][ T7047] BTRFS info (device loop1): enabling ssd optimizations
[  121.481565][ T7047] BTRFS info (device loop1): enabling free space tree
[  121.666449][   T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  121.783463][ T5880] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  122.406584][ T5882] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  122.565308][ T5882] usb 2-1: Using ep0 maxpacket: 32
[  122.570977][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7
[  122.575324][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  122.582354][ T5882] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  122.586243][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.589150][ T5882] usb 2-1: Product: syz
[  122.590976][ T5882] usb 2-1: Manufacturer: syz
[  122.592876][ T5882] usb 2-1: SerialNumber: syz
[  122.597170][ T5882] usb 2-1: config 0 descriptor??
[  122.615959][ T5882] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  122.810798][   T12] usb 2-1: Failed to submit usb control message: -71
[  122.813347][   T12] usb 2-1: unable to send the bmi data to the device: -71
[  122.815203][ T1278] usb 2-1: USB disconnect, device number 8
[  122.817767][   T12] usb 2-1: unable to get target info from device
[  122.820630][   T12] usb 2-1: could not get target info (-71)
[  122.823335][   T12] usb 2-1: could not probe fw (-71)
[  123.380150][ T2333] usb 3-1: USB disconnect, device number 7
[  123.387226][ T2333] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  123.548176][ T1278] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  123.714151][ T1278] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  123.718822][ T1278] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.723382][ T1278] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.733722][ T1278] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  123.751403][ T1278] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  123.758925][ T1278] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  123.762117][ T1278] usb 1-1: Manufacturer: syz
[  123.784972][ T1278] usb 1-1: config 0 descriptor??
[  124.198492][ T7127] loop2: detected capacity change from 0 to 1024
[  124.202094][ T7127] EXT4-fs: Ignoring removed nobh option
[  124.211655][ T7127] EXT4-fs: Ignoring removed bh option
[  124.212016][ T1278] appleir 0003:05AC:8243.0003: unknown main item tag 0x0
[  124.229060][ T1278] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  124.250293][ T7127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.261485][   T33] audit: type=1800 audit(1757665959.113:14): pid=7127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.484" name="bus" dev="loop2" ino=18 res=0 errno=0
[  124.271103][ T7127] EXT4-fs (loop2): shut down requested (2)
[  124.293367][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.386675][ T5937] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  124.523859][ T2333] usb 1-1: USB disconnect, device number 7
[  124.545212][ T5937] usb 2-1: Using ep0 maxpacket: 8
[  124.552865][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.558698][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.562593][ T5937] usb 2-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00
[  124.569276][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.575557][ T5937] usb 2-1: config 0 descriptor??
[  124.595249][ T1278] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  124.745296][ T1278] usb 3-1: Using ep0 maxpacket: 8
[  124.753312][ T1278] usb 3-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=d3.6c
[  124.758388][ T1278] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.763017][ T1278] usb 3-1: Product: syz
[  124.764670][ T1278] usb 3-1: Manufacturer: syz
[  124.767194][ T1278] usb 3-1: SerialNumber: syz
[  124.775806][ T1278] usb 3-1: config 0 descriptor??
[  124.780191][ T1278] usb 3-1: bad CDC descriptors
[  124.783336][ T1278] usb 3-1: unsupported MDLM descriptors
[  124.988968][ T5937] cherry 0003:046A:0027.0004: fixing up Cherry Cymotion report descriptor
[  124.993480][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x0
[  124.999894][ T1278] usb 3-1: USB disconnect, device number 8
[  125.002729][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x0
[  125.005742][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x0
[  125.008444][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x6
[  125.011646][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x5
[  125.014573][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x4
[  125.019818][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x0
[  125.022586][ T5937] cherry 0003:046A:0027.0004: unknown main item tag 0x0
[  125.037148][ T5937] cherry 0003:046A:0027.0004: hidraw0: USB HID v0.00 Device [HID 046a:0027] on usb-dummy_hcd.1-1/input0
[  125.193849][ T1278] usb 2-1: USB disconnect, device number 9
[  125.385272][ T5937] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  125.567684][ T5937] usb 1-1: config 0 has an invalid interface number: 168 but max is 0
[  125.571316][ T5937] usb 1-1: config 0 has no interface number 0
[  125.574257][ T5937] usb 1-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06
[  125.581367][ T5937] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.587186][ T5937] usb 1-1: config 0 descriptor??
[  125.797106][ T7140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  125.804403][ T7140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  125.815432][ T5937] usb 1-1: string descriptor 0 read error: -71
[  125.819106][ T5937] usb-storage 1-1:0.168: USB Mass Storage device detected
[  125.834227][ T5937] usb-storage 1-1:0.168: Quirks match for vid 05ab pid 0060: 2
[  125.882713][ T5937] usb 1-1: USB disconnect, device number 8
[  125.895280][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  126.162429][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.171367][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.174744][    T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  126.177888][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.412339][    T9] usb 3-1: config 0 descriptor??
[  127.082154][    T9] arvo 0003:1E7D:30D4.0005: unbalanced collection at end of report description
[  127.089926][    T9] arvo 0003:1E7D:30D4.0005: parse failed
[  127.092418][    T9] arvo 0003:1E7D:30D4.0005: probe with driver arvo failed with error -22
[  127.226366][    T9] usb 3-1: USB disconnect, device number 9
[  127.304227][ T7169] loop1: detected capacity change from 0 to 32768
[  127.346077][ T7169] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  127.371599][   T33] audit: type=1800 audit(1757665962.233:15): pid=7169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.500" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  127.524847][ T2333] IPVS: starting estimator thread 0...
[  127.636232][ T7176] IPVS: using max 43 ests per chain, 103200 per kthread
[  128.454258][ T7169] syz.1.500 (7169) used greatest stack depth: 19240 bytes left
[  128.515023][ T5880] ocfs2: Unmounting device (7,1) on (node local)
[  128.653971][ T7188] vxcan1: entered allmulticast mode
[  128.659268][ T7188] vxcan1: left allmulticast mode
[  128.717467][ T7194] loop0: detected capacity change from 0 to 256
[  128.741326][ T7194] FAT-fs (loop0): Directory bread(block 64) failed
[  128.743314][ T7194] FAT-fs (loop0): Directory bread(block 65) failed
[  128.746994][ T7194] FAT-fs (loop0): Directory bread(block 66) failed
[  128.749183][ T7194] FAT-fs (loop0): Directory bread(block 67) failed
[  128.751994][ T7194] FAT-fs (loop0): Directory bread(block 68) failed
[  128.756771][ T7194] FAT-fs (loop0): Directory bread(block 69) failed
[  128.759114][ T7194] FAT-fs (loop0): Directory bread(block 70) failed
[  128.761383][ T7194] FAT-fs (loop0): Directory bread(block 71) failed
[  128.763673][ T7194] FAT-fs (loop0): Directory bread(block 72) failed
[  128.767238][ T7194] FAT-fs (loop0): Directory bread(block 73) failed
[  128.892779][ T7198] tipc: Started in network mode
[  128.899252][ T7201] loop2: detected capacity change from 0 to 512
[  128.900197][ T7198] tipc: Node identity d2f0d2887d04, cluster identity 4711
[  128.902078][ T7201] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  128.903635][ T7202] netlink: 36 bytes leftover after parsing attributes in process `syz.1.510'.
[  128.907919][ T7201] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  128.916407][ T7198] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  128.923057][ T7198] syzkaller0: entered promiscuous mode
[  128.923129][ T7202] netlink: 16 bytes leftover after parsing attributes in process `syz.1.510'.
[  128.924714][ T7198] syzkaller0: entered allmulticast mode
[  128.940623][ T7201] EXT4-fs (loop2): 1 truncate cleaned up
[  128.952925][ T7201] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.956790][ T7198] tipc: Resetting bearer <eth:syzkaller0>
[  128.973037][ T7197] tipc: Resetting bearer <eth:syzkaller0>
[  129.016566][ T5879] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.017919][ T7197] tipc: Disabling bearer <eth:syzkaller0>
[  129.167466][ T7206] loop1: detected capacity change from 0 to 32768
[  129.301765][ T7206] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  129.301787][ T7206]   allowing incompatible features above 0.0: (unknown version)
[  129.301796][ T7206]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  129.317941][ T7206] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  129.321155][ T7206] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  129.324296][ T7206] bcachefs (loop1): Version upgrade required:
[  129.324296][ T7206] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  129.324296][ T7206] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  129.324296][ T7206]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  129.375849][ T7206] bcachefs (loop1): dropping and reconstructing all alloc info
[  129.404777][ T7206] bcachefs (loop1): accounting_read... done
[  129.500955][ T7206] bcachefs (loop1): alloc_read... done
[  129.512095][ T7206] bcachefs (loop1): snapshots_read... done
[  129.523056][ T7206] bcachefs (loop1): check_allocations... done
[  129.608124][ T7206] bcachefs (loop1): going read-write
[  129.699699][ T7206] bcachefs (loop1): done starting filesystem
[  129.767860][ T7206] bcachefs (loop1): inode 536870913 truncated to 0 but i_blocks 24 (ondisk 24)
[  129.802271][ T3574] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  129.802312][ T3574]   u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
[  129.822288][ T7206] syz.1.512 (7206) used greatest stack depth: 17624 bytes left
[  129.858668][ T5880] bcachefs (loop1): shutting down
[  129.878588][ T5880] bcachefs (loop1): going read-only
[  129.923328][ T3574] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  129.924380][ T3574]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  129.949053][ T5880] bcachefs (loop1): finished waiting for writes to stop
[  130.007728][ T5880] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11
[  130.057356][ T3574] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  130.057371][ T3574]   u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
[  130.088640][   T79] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  130.088652][   T79]   u64s 5 type deleted 0:43:0 len 0 ver 0, , continuing
[  130.104413][ T5880] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 11
[  130.134227][ T5880] bcachefs (loop1): unclean shutdown complete, journal seq 12
[  130.153773][ T5880] bcachefs (loop1): done going read-only, filesystem not clean
[  130.199134][ T5880] bcachefs (loop1): shutdown complete
[  130.635384][ T5944] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  130.804597][ T5944] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  130.809706][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.820174][ T5944] usb 3-1: config 0 descriptor??
[  130.827708][ T5944] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  130.834377][ T7242] loop0: detected capacity change from 0 to 32768
[  131.070120][ T7242] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  131.070136][ T7242]   allowing incompatible features above 0.0: (unknown version)
[  131.070141][ T7242]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  131.087718][ T7242] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  131.090320][ T7242] bcachefs (loop0): initializing new filesystem
[  131.098743][ T7242] bcachefs (loop0): going read-write
[  131.123960][ T7242] bcachefs (loop0): marking superblocks
[  131.176713][ T7242] bcachefs (loop0): initializing freespace
[  131.196328][ T7242] bcachefs (loop0): done initializing freespace
[  131.209926][ T7242] bcachefs (loop0): reading snapshots table
[  131.213355][ T7242] bcachefs (loop0): reading snapshots done
[  131.231972][ T5944] gp8psk: usb in 137 operation failed.
[  131.234425][ T5944] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  131.247407][ T5944] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  131.258912][ T5944] usb 3-1: USB disconnect, device number 10
[  131.276781][ T7242] bcachefs (loop0): done starting filesystem
[  131.357592][ T7242] syz.0.523 (7242) used greatest stack depth: 17448 bytes left
[  131.372452][ T5876] bcachefs (loop0): shutting down
[  131.374781][ T5876] bcachefs (loop0): going read-only
[  131.378851][ T5876] bcachefs (loop0): finished waiting for writes to stop
[  131.383594][ T5876] bcachefs (loop0): flushing journal and stopping allocators, journal seq 2
[  131.387416][ T7256] 9pnet: bogus RWRITE count (2 > 1)
[  131.408731][ T5876] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  131.427059][ T5876] bcachefs (loop0): clean shutdown complete, journal seq 4
[  131.429839][ T5876] bcachefs (loop0): marking filesystem clean
[  131.444205][ T5876] bcachefs (loop0): shutdown complete
[  132.311397][ T7269] loop2: detected capacity change from 0 to 128
[  132.326845][ T7269] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  132.332640][ T7269] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  132.492192][ T7273] netlink: 'syz.1.532': attribute type 21 has an invalid length.
[  132.685370][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.688485][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.899237][ T7291] loop1: detected capacity change from 0 to 2048
[  133.530701][ T7296] loop2: detected capacity change from 0 to 4096
[  133.581464][ T7302] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  133.605294][   T33] audit: type=1800 audit(1757665968.443:16): pid=7296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.541" name="file1" dev="loop2" ino=15 res=0 errno=0
[  133.617198][ T7296] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  133.631558][ T7296] Remounting filesystem read-only
[  133.654890][ T5879] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  134.512306][ T7328] comedi comedi3: pcl818: I/O port conflict (0x4f27,16)
[  134.523860][ T7328] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
[  134.528480][ T7328] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[  134.532344][ T7328] CPU: 1 UID: 0 PID: 7328 Comm: syz.0.552 Not tainted syzkaller #0 PREEMPT(full) 
[  134.536205][ T7328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  134.539941][ T7328] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  134.541953][ T7328] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c9 d8 35 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 a8 d8 35 f9 4d 8b 24 24 48 83 c3
[  134.549057][ T7328] RSP: 0018:ffffc900079079f8 EFLAGS: 00010206
[  134.551404][ T7328] RAX: 0000000000000005 RBX: ffff8880244dea80 RCX: 0000000000080000
[  134.554381][ T7328] RDX: ffffc90007069000 RSI: 00000000000009ee RDI: 00000000000009ef
[  134.557254][ T7328] RBP: 0000000000000001 R08: ffff88801ffd912f R09: 1ffff11003ffb225
[  134.560247][ T7328] R10: dffffc0000000000 R11: ffffffff88ed2210 R12: 0000000000000028
[  134.563269][ T7328] R13: dffffc0000000000 R14: ffff88801ffd9000 R15: dffffc0000000000
[  134.566223][ T7328] FS:  00007f113c6556c0(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
[  134.569865][ T7328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  134.572289][ T7328] CR2: 0000001b34323ffc CR3: 000000010fa06000 CR4: 00000000000006f0
[  134.575269][ T7328] Call Trace:
[  134.576605][ T7328]  <TASK>
[  134.577850][ T7328]  pcl818_detach+0x66/0xd0
[  134.579594][ T7328]  comedi_device_detach_locked+0x178/0x750
[  134.581855][ T7328]  comedi_device_attach+0x5d4/0x720
[  134.583929][ T7328]  comedi_unlocked_ioctl+0x5ff/0x1020
[  134.585989][ T7328]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  134.588272][ T7328]  ? __lock_acquire+0xab9/0xd20
[  134.590182][ T7328]  ? __fget_files+0x2a/0x420
[  134.591931][ T7328]  ? __fget_files+0x2a/0x420
[  134.593795][ T7328]  ? __fget_files+0x3a0/0x420
[  134.595625][ T7328]  ? __fget_files+0x2a/0x420
[  134.597465][ T7328]  ? bpf_lsm_file_ioctl+0x9/0x20
[  134.599443][ T7328]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  134.601720][ T7328]  __se_sys_ioctl+0xfc/0x170
[  134.603484][ T7328]  do_syscall_64+0xfa/0x3b0
[  134.605377][ T7328]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.607469][ T7328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.610017][ T7328]  ? exc_page_fault+0x9f/0xf0
[  134.611999][ T7328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.614332][ T7328] RIP: 0033:0x7f113b78eba9
[  134.616150][ T7328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.623810][ T7328] RSP: 002b:00007f113c655038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.627030][ T7328] RAX: ffffffffffffffda RBX: 00007f113b9d5fa0 RCX: 00007f113b78eba9
[  134.630101][ T7328] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[  134.633168][ T7328] RBP: 00007f113b811e19 R08: 0000000000000000 R09: 0000000000000000
[  134.636418][ T7328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  134.639474][ T7328] R13: 00007f113b9d6038 R14: 00007f113b9d5fa0 R15: 00007ffef0216138
[  134.642619][ T7328]  </TASK>
[  134.643842][ T7328] Modules linked in:
[  134.646197][ T7328] ---[ end trace 0000000000000000 ]---
[  134.714023][ T7328] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  134.722176][ T7328] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c9 d8 35 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 a8 d8 35 f9 4d 8b 24 24 48 83 c3
[  134.729507][ T7328] RSP: 0018:ffffc900079079f8 EFLAGS: 00010206
[  134.756908][ T7328] RAX: 0000000000000005 RBX: ffff8880244dea80 RCX: 0000000000080000
[  134.760547][ T7328] RDX: ffffc90007069000 RSI: 00000000000009ee RDI: 00000000000009ef
[  134.763777][ T7328] RBP: 0000000000000001 R08: ffff88801ffd912f R09: 1ffff11003ffb225
[  134.767971][ T7328] R10: dffffc0000000000 R11: ffffffff88ed2210 R12: 0000000000000028
[  134.771075][ T7328] R13: dffffc0000000000 R14: ffff88801ffd9000 R15: dffffc0000000000
[  134.774279][ T7328] FS:  00007f113c6556c0(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
[  134.778413][ T7328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  134.781103][ T7328] CR2: 00005555903f15c8 CR3: 000000010fa06000 CR4: 00000000000006f0
[  134.784246][ T7328] Kernel panic - not syncing: Fatal exception
[  134.787390][ T7328] Kernel Offset: disabled
[  134.789089][ T7328] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:32:49  Registers:
info registers vcpu 0

CPU#0
RAX=1ffff11004719b30 RBX=0000000000000000 RCX=dffffc0000000000 RDX=0000000000000001
RSI=0000000000000004 RDI=ffffc90007966f60 RBP=ffff88810a7e0220 RSP=ffffc90007967080
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=fffff52000f2cdec
R12=ffff8880238cd980 R13=ffff888123ce3000 R14=1ffff11004719b2d R15=ffff8880238cd968
RIP=ffffffff84d08c2e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3d8a4226c0 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f113c654fc8 CR3=0000000027acc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8167993b ffffffff8167993b
XMM02=ffffffff8167993b ffffffff8167993b XMM03=ffffffff8167993b ffffffff8167993b
XMM04=00007fd37b70d100 00007fd37aba7460 XMM05=00007fd37aba7478 00007fd37aba74c0
XMM06=00007fd37aba74b8 00007fd37aba74b0 XMM07=00007fd37aba74a8 00007fd37aba74a0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007fd37aa12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001b11 RDI=0000000000001b12 RBP=00000000000003f8 RSP=ffffc90007907190
R8 =ffff888020ae0237 R9 =1ffff1100415c046 R10=dffffc0000000000 R11=ffffffff854f6e40
R12=dffffc0000000000 R13=ffffffff99b008c3 R14=ffffffff99df5420 R15=0000000000000000
RIP=ffffffff854f6ebc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f113c6556c0 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b34323ffc CR3=000000010fa06000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f113b812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
