last executing test programs:

34.844033636s ago: executing program 1 (id=186):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x1, 0x1, 'g'}, 0x0})
ioctl$HIDIOCSUSAGES(r1, 0x501c4814, 0x0)

32.058046756s ago: executing program 1 (id=208):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0003020000000203"], 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000205"], 0x0, 0x0, 0x0, 0x0}, 0x0)

29.333158491s ago: executing program 1 (id=218):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f00004a4000/0x800000)=nil, 0x800000, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)

28.873432229s ago: executing program 1 (id=221):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000100)='./file0\x00')

28.681548144s ago: executing program 1 (id=223):
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe"], 0x610)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000780)=ANY=[@ANYBLOB="03000000000000000a004e2300000009ff010000000000000000000000000001"], 0x90)

28.284061077s ago: executing program 1 (id=225):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

27.876562611s ago: executing program 32 (id=225):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

6.407941112s ago: executing program 4 (id=368):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x13, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x5}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.152498782s ago: executing program 4 (id=372):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)

5.692334261s ago: executing program 4 (id=377):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, [0x5, 0xffffffff]}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)

3.437860257s ago: executing program 4 (id=399):
r0 = io_uring_setup(0x355b, &(0x7f0000000140)={0x0, 0xa0ca, 0x40, 0x5, 0x4000020})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r1, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
close_range(r0, 0xffffffffffffffff, 0x0)

3.347610744s ago: executing program 4 (id=400):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}]}, &(0x7f00000002c0)=0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000000)={r3, @in={{0x2, 0x0, @empty}}}, 0x90)

3.050791729s ago: executing program 0 (id=401):
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

2.637117133s ago: executing program 0 (id=402):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x3, 0xfd, 0x7fc00100}]})
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000580)={<r1=>0x0})
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000003c0)={r1, 0xfffffffffffffa6f, 0xfffffffc})

2.439167369s ago: executing program 4 (id=403):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})

1.709737929s ago: executing program 0 (id=409):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x103, @empty, 0x20010}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)

1.523408725s ago: executing program 0 (id=413):
syz_usbip_server_init(0x3)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_io_uring_setup(0x88d, &(0x7f0000000400)={0x0, 0xaee2, 0x800, 0x2, 0x2b8}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

1.421949203s ago: executing program 3 (id=415):
r0 = socket$inet6(0xa, 0x3, 0x8)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58)
ioctl$SIOCGSTAMP(r0, 0x8906, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x10000, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @private0, 0x23}, 0x1c)

1.219688689s ago: executing program 2 (id=416):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000cce000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x2, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x2, 0x1, 0x2000, 0x1000, &(0x7f0000cd0000/0x1000)=nil})

1.205413061s ago: executing program 3 (id=417):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x21}, 0x94)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000001100)={0x0, <r2=>0x0}, 0x8)
r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040)=r2, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000440)={r3, r1}, 0xc)

953.735931ms ago: executing program 3 (id=418):
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x10000], 0x0, 0x0, 0x1, 0x1}}, 0x40)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)

874.270748ms ago: executing program 2 (id=419):
r0 = socket(0x2, 0x80805, 0x0)
close(0x3)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @rand_addr=' \x01\x00', 0x9}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000002100)={0xa, 0x4e22, 0x8001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}, 0x1c, &(0x7f0000002500)=[{&(0x7f0000002140)="cf", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r1, 0x1)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000180)=@assoc_value={0x0, 0x3}, &(0x7f0000000240)=0x8)

768.743837ms ago: executing program 3 (id=420):
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000)
read(r1, &(0x7f0000000200)=""/209, 0x128)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x2bd, @tick=0x5})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000400)={0x0, 0x1f000000})
tkill(r0, 0x7)

747.408588ms ago: executing program 2 (id=421):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x40, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/144, 0x90}, 0xc}], 0x1, 0x2131, 0x0)

647.501527ms ago: executing program 2 (id=422):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000000), 0x8)
listen(r1, 0x0)
listen(r0, 0x0)

549.560395ms ago: executing program 2 (id=423):
syz_mount_image$erofs(&(0x7f0000000400), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ed, &(0x7f00000008c0)="$eJzsmb+LE0EUx78zu9k7D1FsLGwsPPBEb7O7UbnmihMsBeEUtQzeepzuJZKskASEBBsbSwvB1sbSwsLKwr/AVgsVBAtT2gkjMzu7O9lsQgxixHsfyOx358ebeQ/yXdgFQRAHli+ff3x6cmnj2jkAh7GKJd3/zUqu4ujo/I/PHpx9unn5+asPL941jjx8U4zH5Box+/4OgLdbFmIwW+84sno1D5tqXAfHGa1vgMFN5E+hkLKPEAy39Jy7hm4e0iIK3dvNaOfOXhR6svFlE8imZu4vDzUcMOwAWFanE4IZ4+1u7149isJWUVREus/Y0O+KafVT59vi2ERaPSE4gJuPHw3kva4NPPCsfj44fK1rYNjWegNLcF03L4mR/wk7j2/Nkv9ixUsljq3/rU3Bk3L8C7n/x6LyR+KwYo/8Q2c9x4epB5pzvi489/mFMi4AY0PvV6LoypyRZcWckkJlIvcn6eynDX+yYWf+UY3371fb3d763n59N9wNG0FQu+id97wLQVUZUdJO8b9l5U8rRvzKhLkOc9Cpx3HL7wBxy8/ug6Q1HHf7dfO7WsOV/3GsnUpiMP3Myh6UBZj+cXWVas0qn9mfmBNBEARBEARBEARBEARBEEQ5J8GQfAkTTL8QLSO4qt5Q/goAAP//sOBmkQ==")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000005efe2100850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0)
fadvise64(r1, 0xe0ffff, 0x4101, 0x3)

453.591683ms ago: executing program 3 (id=424):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r1, &(0x7f0000000000)={0x23, 0x80, 0x2}, 0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r2, &(0x7f0000000000)={0x23, 0x20}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

335.763372ms ago: executing program 0 (id=425):
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)={0x8000200d})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000f2cff4)={0x77540947ed9a168d})

223.998171ms ago: executing program 3 (id=426):
r0 = userfaultfd(0x801)
timer_create(0x0, &(0x7f0000000380)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})

80.593613ms ago: executing program 0 (id=427):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x21, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="66ba2000b052b9820000c0b800000000ba000000800f30660f38813bb83e69bef10f23d00e312735000000010f23f8b99b0b0000b842166fe5ae2000e4000f308fe978d6b857648e2ade87014876aa0f210ab9bd0200000f32660f6e4c8fee362636ec", 0x63}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 2 (id=428):
r0 = fsopen(&(0x7f00000003c0)='virtiofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='\x00', &(0x7f00000001c0)='dE\x00', 0x0)
close(r0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts.
[   64.719457][ T5776] cgroup: Unknown subsys name 'net'
[   64.853057][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   66.193426][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   67.572935][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   67.581462][ T5792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   67.597458][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   67.605770][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   67.614335][ T5792] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   67.622448][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   67.630528][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   67.637219][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.638755][ T5792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.653578][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   67.660962][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.662188][ T5792] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   67.675947][ T5792] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   67.679699][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   67.683661][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.697552][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.698248][ T5792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   67.706371][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.726100][ T5799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.736408][ T5105] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.743938][ T5105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.754955][ T5105] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.773383][ T5799] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   67.781525][ T5799] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.010658][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   68.224122][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.232036][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.239743][ T5788] bridge_slave_0: entered allmulticast mode
[   68.247265][ T5788] bridge_slave_0: entered promiscuous mode
[   68.259968][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.267238][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.274890][ T5788] bridge_slave_1: entered allmulticast mode
[   68.282586][ T5788] bridge_slave_1: entered promiscuous mode
[   68.337036][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.354202][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.401628][ T5786] chnl_net:caif_netlink_parms(): no params data found
[   68.437871][ T5788] team0: Port device team_slave_0 added
[   68.444015][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   68.461688][ T5788] team0: Port device team_slave_1 added
[   68.545116][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.552940][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.578885][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.592655][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.599717][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.625781][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.658638][ T5785] chnl_net:caif_netlink_parms(): no params data found
[   68.708866][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.716580][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.723710][ T5786] bridge_slave_0: entered allmulticast mode
[   68.730774][ T5786] bridge_slave_0: entered promiscuous mode
[   68.774597][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.781793][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.790590][ T5786] bridge_slave_1: entered allmulticast mode
[   68.797436][ T5786] bridge_slave_1: entered promiscuous mode
[   68.813476][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.821375][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.828880][ T5787] bridge_slave_0: entered allmulticast mode
[   68.835655][ T5787] bridge_slave_0: entered promiscuous mode
[   68.871560][ T5788] hsr_slave_0: entered promiscuous mode
[   68.879997][ T5788] hsr_slave_1: entered promiscuous mode
[   68.887640][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.894833][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.902323][ T5787] bridge_slave_1: entered allmulticast mode
[   68.909170][ T5787] bridge_slave_1: entered promiscuous mode
[   68.933168][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.945270][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.985911][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.033312][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.065188][ T5786] team0: Port device team_slave_0 added
[   69.081960][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.091634][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.099063][ T5785] bridge_slave_0: entered allmulticast mode
[   69.107416][ T5785] bridge_slave_0: entered promiscuous mode
[   69.119999][ T5786] team0: Port device team_slave_1 added
[   69.152693][ T5787] team0: Port device team_slave_0 added
[   69.159106][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.166458][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.173610][ T5785] bridge_slave_1: entered allmulticast mode
[   69.181340][ T5785] bridge_slave_1: entered promiscuous mode
[   69.230884][ T5787] team0: Port device team_slave_1 added
[   69.263878][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.274576][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.282069][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.309612][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.325676][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.332668][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.358661][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.370764][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.378486][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.404779][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.417426][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.424388][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.450448][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.463263][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.529615][ T5785] team0: Port device team_slave_0 added
[   69.539428][ T5785] team0: Port device team_slave_1 added
[   69.620467][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.628140][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.654183][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.669651][ T5786] hsr_slave_0: entered promiscuous mode
[   69.678429][ T5786] hsr_slave_1: entered promiscuous mode
[   69.684549][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.693059][ T5786] Cannot create hsr debugfs directory
[   69.708601][ T5787] hsr_slave_0: entered promiscuous mode
[   69.715415][ T5787] hsr_slave_1: entered promiscuous mode
[   69.721851][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.729526][ T5787] Cannot create hsr debugfs directory
[   69.736238][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.743196][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.766624][ T5799] Bluetooth: hci3: command tx timeout
[   69.769413][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.775030][ T5799] Bluetooth: hci1: command tx timeout
[   69.845801][ T5799] Bluetooth: hci2: command tx timeout
[   69.845887][   T50] Bluetooth: hci0: command tx timeout
[   69.892169][ T5785] hsr_slave_0: entered promiscuous mode
[   69.899210][ T5785] hsr_slave_1: entered promiscuous mode
[   69.905655][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.913383][ T5785] Cannot create hsr debugfs directory
[   70.109368][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   70.148900][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   70.180919][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   70.199252][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   70.272359][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   70.282202][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   70.319091][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   70.339633][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   70.380474][ T5787] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   70.407615][ T5787] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.417810][ T5787] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.450776][ T5787] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.522615][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   70.546354][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   70.565192][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   70.583868][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   70.658076][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.684303][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.740107][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   70.772646][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.779946][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.791358][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.798515][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.817161][ T5786] 8021q: adding VLAN 0 to HW filter on device team0
[   70.854633][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.861776][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.891910][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.905617][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.912769][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.945037][ T5785] 8021q: adding VLAN 0 to HW filter on device team0
[   70.990449][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.020551][ T1317] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.027779][ T1317] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.057228][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   71.079558][ T4252] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.086907][ T4252] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.135407][ T4252] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.142638][ T4252] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.160612][ T4252] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.167843][ T4252] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.272244][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   71.511931][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.614793][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.629823][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.654944][ T5786] veth0_vlan: entered promiscuous mode
[   71.692018][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[   71.706357][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[   71.729007][ T5786] veth1_vlan: entered promiscuous mode
[   71.791361][ T5786] veth0_macvtap: entered promiscuous mode
[   71.801511][ T5786] veth1_macvtap: entered promiscuous mode
[   71.814147][ T5785] veth0_vlan: entered promiscuous mode
[   71.829273][ T5788] veth0_vlan: entered promiscuous mode
[   71.840188][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.847763][   T50] Bluetooth: hci1: command tx timeout
[   71.857702][   T50] Bluetooth: hci3: command tx timeout
[   71.862359][ T5785] veth1_vlan: entered promiscuous mode
[   71.872994][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.904364][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.926044][   T50] Bluetooth: hci0: command tx timeout
[   71.928223][ T5799] Bluetooth: hci2: command tx timeout
[   71.952983][ T5788] veth1_vlan: entered promiscuous mode
[   71.968734][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.979121][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.988394][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.997558][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.036177][ T5785] veth0_macvtap: entered promiscuous mode
[   72.058767][ T5787] veth0_vlan: entered promiscuous mode
[   72.065359][ T5788] veth0_macvtap: entered promiscuous mode
[   72.077872][ T5785] veth1_macvtap: entered promiscuous mode
[   72.102416][ T5788] veth1_macvtap: entered promiscuous mode
[   72.140250][ T5787] veth1_vlan: entered promiscuous mode
[   72.164686][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.176187][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.188286][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.205016][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.216821][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.226950][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.237914][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.249557][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.277587][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.288787][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.300334][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.335792][ T5787] veth0_macvtap: entered promiscuous mode
[   72.345066][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.356046][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.367504][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.377993][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.389128][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.402017][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.412374][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.421580][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.430566][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.444764][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.445142][ T1317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.457572][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.465615][ T1317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.480117][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.489593][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.502512][ T5787] veth1_macvtap: entered promiscuous mode
[   72.556834][ T4252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.564852][ T4252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.603570][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.631763][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.641821][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.652471][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.662531][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.672990][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.685202][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.742311][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.755203][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.765367][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.779919][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.790463][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.801226][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.812894][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.824489][ T5787] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.834233][ T5787] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.848033][ T5787] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.857174][ T5787] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.874327][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.895882][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.976734][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.984705][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.019219][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.050286][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.084058][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.116092][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.192411][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.211187][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.293445][ T1317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.319147][ T1317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.636909][ T5889] syz.2.7[5889]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   73.926422][ T5799] Bluetooth: hci3: command tx timeout
[   73.927097][   T50] Bluetooth: hci1: command tx timeout
[   74.006771][   T50] Bluetooth: hci2: command tx timeout
[   74.006836][ T5799] Bluetooth: hci0: command tx timeout
[   74.065961][    T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   74.260018][    T8] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   74.271807][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.284819][ T5910] loop0: detected capacity change from 0 to 512
[   74.294723][    T8] usb 2-1: config 0 descriptor??
[   74.307950][ T5910] EXT4-fs: Ignoring removed bh option
[   74.339917][ T5910] EXT4-fs error (device loop0): __ext4_iget:5053: inode #15: block 1803188595: comm syz.0.15: invalid block
[   74.353009][ T5910] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.15: couldn't read orphan inode 15 (err -117)
[   74.377031][ T5910] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.536016][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.723844][ T5916] veth0_to_hsr: entered promiscuous mode
[   74.756585][ T5916] veth0_to_hsr: entered allmulticast mode
[   74.788891][ T5916] veth0_to_hsr: left allmulticast mode
[   74.796153][ T5916] veth0_to_hsr: left promiscuous mode
[   75.091837][ T5930] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   75.540925][    T8] usb 2-1: Cannot set autoneg
[   75.556256][    T8] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[   75.580540][    T8] usb 2-1: USB disconnect, device number 2
[   75.785677][ T5840] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   75.949974][ T5954] mac80211_hwsim hwsim8 »»»»»»: renamed from wlan0 (while UP)
[   75.978430][ T5840] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.990458][ T5840] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.006142][ T5799] Bluetooth: hci3: command tx timeout
[   76.006169][   T50] Bluetooth: hci1: command tx timeout
[   76.025640][ T5840] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   76.040016][ T5840] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   76.050431][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.066955][ T5840] usb 4-1: config 0 descriptor??
[   76.085721][   T50] Bluetooth: hci2: command tx timeout
[   76.085942][ T5799] Bluetooth: hci0: command tx timeout
[   76.520284][ T5840] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[   76.547056][ T5840] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[   76.556299][ T5789] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   76.575994][   T23] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   76.767712][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   76.785899][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.789672][ T5789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.796753][   T23] usb 2-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00
[   76.818073][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.831103][   T23] usb 2-1: config 0 descriptor??
[   76.865997][ T5789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.879285][ T5789] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[   76.905620][ T5789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.932891][ T5789] usb 3-1: config 0 descriptor??
[   77.273018][   T23] hid-generic 0003:04F3:0754.0002: unknown main item tag 0x0
[   77.281273][   T23] hid-generic 0003:04F3:0754.0002: unknown main item tag 0x0
[   77.294336][   T23] hid-generic 0003:04F3:0754.0002: unknown main item tag 0x0
[   77.306091][   T23] hid-generic 0003:04F3:0754.0002: unknown main item tag 0x0
[   77.313750][   T23] hid-generic 0003:04F3:0754.0002: unknown main item tag 0x0
[   77.329719][   T23] hid-generic 0003:04F3:0754.0002: failed to start in urb: -90
[   77.351520][   T23] hid-generic 0003:04F3:0754.0002: hidraw1: USB HID v1.01 Device [HID 04f3:0754] on usb-dummy_hcd.1-1/input0
[   77.386073][ T5789] lenovo 0003:17EF:6047.0003: hidraw2: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[   77.670207][   T23] usb 2-1: USB disconnect, device number 3
[   77.725447][ T5826] usb 3-1: USB disconnect, device number 2
[   77.916721][ T5987] loop0: detected capacity change from 0 to 1024
[   77.942181][ T5987] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.036733][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.120375][ T5992] loop0: detected capacity change from 0 to 512
[   78.127937][ T5992] =======================================================
[   78.127937][ T5992] WARNING: The mand mount option has been deprecated and
[   78.127937][ T5992]          and is ignored by this kernel. Remove the mand
[   78.127937][ T5992]          option from the mount to silence this warning.
[   78.127937][ T5992] =======================================================
[   78.162829][    C0] vkms_vblank_simulate: vblank timer overrun
[   78.194120][ T5992] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.213885][ T5992] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   78.350959][ T5992] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.43: corrupted inode contents
[   78.368797][ T5992] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #2: comm syz.0.43: mark_inode_dirty error
[   78.391218][ T5992] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.43: corrupted inode contents
[   78.441437][ T5992] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.43: mark_inode_dirty error
[   78.463225][ T5998] loop2: detected capacity change from 0 to 4096
[   78.479887][ T6001] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #18: comm syz.0.43: directory missing '.'
[   78.516835][ T5998] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[   78.605487][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.704642][ T5998] ntfs3: loop2: ino=3, ntfs_set_state failed, -22.
[   78.759244][ T2131] usb 4-1: USB disconnect, device number 2
[   78.765133][ T6007] loop1: detected capacity change from 0 to 128
[   78.806028][   T12] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22.
[   78.840650][ T5998] ntfs3: loop2: ino=3, ntfs_set_state failed, -22.
[   78.861111][ T5998] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[   78.889161][ T6011] ntfs3: loop2: ino=5, "/" directory corrupted
[   78.899003][ T6007] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   78.916373][ T5998] ntfs3: loop2: ino=3, ntfs_set_state failed, -22.
[   78.924865][   T12] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22.
[   78.936562][ T6007] ext4 filesystem being mounted at /7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   78.991639][ T6007] EXT4-fs error (device loop1): dx_make_map:1328: inode #2: block 18: comm syz.1.49: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[   79.020592][ T6007] EXT4-fs (loop1): Remounting filesystem read-only
[   79.119384][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   79.325834][ T6015] syz.0.51 (6015) used greatest stack depth: 20976 bytes left
[   79.643056][ T6036] io-wq is not configured for unbound workers
[   79.946030][ T5789] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   80.145666][ T5789] usb 1-1: Using ep0 maxpacket: 32
[   80.176759][ T5789] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[   80.205726][ T5789] usb 1-1: config 0 has no interface number 0
[   80.230954][ T5789] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   80.260908][ T5789] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[   80.281990][ T5789] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.304086][ T5789] usb 1-1: Product: syz
[   80.315131][ T5789] usb 1-1: Manufacturer: syz
[   80.320194][ T5789] usb 1-1: SerialNumber: syz
[   80.333608][ T5789] usb 1-1: config 0 descriptor??
[   80.357152][ T5789] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[   80.377434][ T5789] em28xx 1-1:0.132: Video interface 132 found:
[   80.779313][ T5789] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[   81.013289][ T6064] Bluetooth: MGMT ver 1.22
[   81.019171][ T6064] Bluetooth: hci0: invalid len left 7, exp >= 13
[   81.210846][ T6067] netlink: 'syz.2.69': attribute type 30 has an invalid length.
[   81.241271][ T6067] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   81.250615][ T6067] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   81.259613][ T6067] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   81.268417][ T6067] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   81.312692][ T6067] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   81.322432][ T6067] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   81.333199][ T6067] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   81.342520][ T6067] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   81.418180][ T6067] Zero length message leads to an empty skb
[   81.550179][ T6070] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[   81.712608][ T6074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'.
[   81.944185][    T9] cfg80211: failed to load regulatory.db
[   82.006156][ T5789] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[   82.016283][ T5789] em28xx 1-1:0.132: board has no eeprom
[   82.040443][ T6081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.76'.
[   82.121671][ T5789] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[   82.134852][ T5789] em28xx 1-1:0.132: analog set to bulk mode.
[   82.162624][  T786] em28xx 1-1:0.132: Registering V4L2 extension
[   82.200452][ T5789] usb 1-1: USB disconnect, device number 2
[   82.210621][ T5789] em28xx 1-1:0.132: Disconnecting em28xx
[   82.447925][  T786] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[   82.461453][ T6083] loop3: detected capacity change from 0 to 8192
[   82.466021][  T786] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[   82.483476][ T6083] FAT-fs (loop3): Unrecognized mount option "appraise_type=imasig" or missing value
[   82.490304][  T786] em28xx 1-1:0.132: No AC97 audio processor
[   82.506098][ T6091] syz.2.79 uses obsolete (PF_INET,SOCK_PACKET)
[   82.541228][  T786] usb 1-1: Decoder not found
[   82.564671][  T786] em28xx 1-1:0.132: failed to create media graph
[   82.583179][  T786] em28xx 1-1:0.132: V4L2 device video103 deregistered
[   82.622429][  T786] em28xx 1-1:0.132: Remote control support is not available for this card.
[   82.645859][ T5789] em28xx 1-1:0.132: Closing input extension
[   82.719871][ T5789] em28xx 1-1:0.132: Freeing device
[   83.177459][ T6108] loop2: detected capacity change from 0 to 128
[   83.236076][ T6108] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   83.274792][ T6108] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.412370][ T5785] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   83.623949][ T6117] 9pnet_fd: p9_fd_create_unix (6117): problem connecting socket: ./file0: -5
[   83.833893][ T6126] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[   85.378119][ T6176] loop1: detected capacity change from 0 to 2048
[   85.452764][ T6176] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.475609][ T5840] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   85.495838][ T6176] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.593924][   T28] audit: type=1800 audit(1753831212.392:2): pid=6176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.106" name="file0" dev="loop1" ino=13 res=0 errno=0
[   85.625442][ T6176] fs-verity: sha512 using implementation "sha512-avx2"
[   85.675751][ T5840] usb 1-1: Using ep0 maxpacket: 32
[   85.688641][ T5840] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[   85.704077][ T5840] usb 1-1: config 0 has no interface number 0
[   85.711958][ T5840] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   85.733023][ T5840] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[   85.750015][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.780456][ T5840] usb 1-1: Product: syz
[   85.784675][ T5840] usb 1-1: Manufacturer: syz
[   85.816141][ T5840] usb 1-1: SerialNumber: syz
[   85.826224][ T6176] syz.1.106 (6176) used greatest stack depth: 20912 bytes left
[   85.833420][ T5840] usb 1-1: config 0 descriptor??
[   85.854490][ T5840] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[   85.884904][ T5840] em28xx 1-1:0.132: Video interface 132 found:
[   85.903924][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.265989][ T5840] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[   86.582579][ T6193] loop2: detected capacity change from 0 to 32768
[   87.311724][ T6227] loop2: detected capacity change from 0 to 512
[   87.448463][ T5840] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[   87.472367][ T6173] em28xx 1-1:0.132: failed to trigger write to i2c address 0xba (error=-5)
[   87.486505][ T5840] em28xx 1-1:0.132: board has no eeprom
[   87.557767][ T6227] EXT4-fs (loop2): Test dummy encryption mode enabled
[   87.564630][ T6227] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   87.587072][ T5840] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[   87.594955][ T5840] em28xx 1-1:0.132: analog set to bulk mode.
[   87.595740][ T6227] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   87.633611][ T6227] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.120: bad orphan inode 131083
[   87.650208][ T5826] em28xx 1-1:0.132: Registering V4L2 extension
[   87.672998][ T5840] usb 1-1: USB disconnect, device number 3
[   87.701431][ T6227] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.740959][ T5840] em28xx 1-1:0.132: Disconnecting em28xx
[   87.821277][ T6227] EXT4-fs (loop2): shut down requested (2)
[   87.925121][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.935200][ T5826] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[   87.946688][ T5826] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[   87.966227][ T5826] em28xx 1-1:0.132: No AC97 audio processor
[   87.996395][ T5826] usb 1-1: Decoder not found
[   88.001037][ T5826] em28xx 1-1:0.132: failed to create media graph
[   88.045607][ T5826] em28xx 1-1:0.132: V4L2 device video103 deregistered
[   88.058587][ T5826] em28xx 1-1:0.132: Remote control support is not available for this card.
[   88.095011][ T5840] em28xx 1-1:0.132: Closing input extension
[   88.131432][ T5840] em28xx 1-1:0.132: Freeing device
[   88.324006][ T6258] loop3: detected capacity change from 0 to 256
[   88.450719][ T6258] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[   88.492260][ T6262] veth3: entered allmulticast mode
[   88.582938][ T5788] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008)
[   88.920117][ T6276] loop3: detected capacity change from 0 to 4096
[   89.077884][ T6279] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   89.350941][ T6276] syz.3.137 (6276) used greatest stack depth: 19440 bytes left
[   89.591721][ T6267] loop2: detected capacity change from 0 to 32768
[   89.661632][ T6267] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   89.769453][ T6267] XFS (loop2): Ending clean mount
[   89.810623][ T6267] XFS (loop2): Quotacheck needed: Please wait.
[   89.968317][ T6267] XFS (loop2): Quotacheck: Done.
[   89.990512][   T28] audit: type=1326 audit(1753831216.782:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.3.148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3d9d8e9a9 code=0x0
[   90.193144][ T5785] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   90.687391][ T6323] loop2: detected capacity change from 0 to 8192
[   90.716726][ T6323] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   90.755653][ T6323] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[   90.764990][ T6323] REISERFS (device loop2): using ordered data mode
[   90.825280][ T6323] reiserfs: using flush barriers
[   90.869081][ T6323] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   90.909135][ T6323] REISERFS (device loop2): checking transaction log (loop2)
[   90.914592][ T6316] loop1: detected capacity change from 0 to 32768
[   90.936019][ T6323] REISERFS (device loop2): Using r5 hash to sort names
[   90.947302][ T6323] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[   91.013418][ T6316] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.150 (6316)
[   91.088194][ T6316] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   91.135802][ T6316] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[   91.171141][ T6316] BTRFS info (device loop1): using free space tree
[   91.431547][ T6316] BTRFS info (device loop1): enabling ssd optimizations
[   91.458305][ T6316] BTRFS info (device loop1): auto enabling async discard
[   91.735895][ T2131] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   91.766944][ T5799] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260
[   91.986735][ T2131] usb 3-1: config 0 has no interfaces?
[   92.024808][ T5786] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   92.045602][ T2131] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[   92.077827][ T2131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.148004][ T2131] usb 3-1: config 0 descriptor??
[   92.471583][ T2131] usb 3-1: USB disconnect, device number 3
[   93.306295][ T6383] dccp_v6_rcv: dropped packet with invalid checksum
[   94.271052][ T6391] loop0: detected capacity change from 0 to 32768
[   94.285712][  T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   94.322511][ T6399] loop2: detected capacity change from 0 to 1024
[   94.426814][ T6393] loop1: detected capacity change from 0 to 32768
[   94.446025][ T6399] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.497884][ T6391] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   94.521867][  T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.549422][  T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.585613][  T786] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   94.635710][  T786] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   94.665335][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.668617][  T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.700615][   T28] audit: type=1800 audit(1753831221.492:4): pid=6405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.173" name="file1" dev="loop1" ino=7 res=0 errno=0
[   94.734607][  T786] usb 4-1: config 0 descriptor??
[   95.103231][ T6414] loop2: detected capacity change from 0 to 1024
[   95.128779][ T5787] ocfs2: Unmounting device (7,0) on (node local)
[   95.209202][  T786] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[   95.286302][  T786] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[   95.418738][   T28] audit: type=1800 audit(1753831222.212:5): pid=6414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.179" name=8F dev="loop2" ino=26 res=0 errno=0
[   95.524168][   T11] hfsplus: b-tree write err: -5, ino 4
[   95.836759][  T786] usb 4-1: USB disconnect, device number 3
[   95.950766][ T6433] loop0: detected capacity change from 0 to 1024
[   96.005879][ T5789] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   96.028470][ T6433] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.107388][   T28] audit: type=1800 audit(1753831222.912:6): pid=6433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.185" name="file1" dev="loop0" ino=15 res=0 errno=0
[   96.178964][   T28] audit: type=1804 audit(1753831222.982:7): pid=6436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.185" name="/newroot/49/file1/file1" dev="loop0" ino=15 res=1 errno=0
[   96.205170][   T28] audit: type=1800 audit(1753831222.982:8): pid=6436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.185" name="file1" dev="loop0" ino=15 res=0 errno=0
[   96.205836][ T5789] usb 3-1: Using ep0 maxpacket: 16
[   96.257720][ T5789] usb 3-1: config 0 has no interfaces?
[   96.263271][ T5789] usb 3-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[   96.295685][ T5789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.317010][ T5789] usb 3-1: config 0 descriptor??
[   96.408772][ T6433] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4036: comm syz.0.185: Allocating blocks 497-513 which overlap fs metadata
[   96.523551][ T6432] EXT4-fs (loop0): pa ffff888077aedcb0: logic 32, phys. 161, len 22
[   96.532151][ T6432] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 1
[   96.628652][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.765647][ T5826] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   96.838989][  T786] usb 3-1: USB disconnect, device number 4
[   96.985361][ T5826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.005870][ T5826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.022877][   T28] audit: type=1326 audit(1753831223.822:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d9d8e9a9 code=0x7ffc0000
[   97.052661][ T6451] loop3: detected capacity change from 0 to 512
[   97.059060][ T5826] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   97.069780][   T28] audit: type=1326 audit(1753831223.822:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d9d8e9a9 code=0x7ffc0000
[   97.079405][ T5826] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   97.128969][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.132769][   T28] audit: type=1326 audit(1753831223.842:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb3d9d8e9a9 code=0x7ffc0000
[   97.145093][ T6451] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.163530][   T28] audit: type=1326 audit(1753831223.852:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb3d9d8e9e3 code=0x7ffc0000
[   97.186883][ T5826] usb 2-1: config 0 descriptor??
[   97.194468][   T28] audit: type=1326 audit(1753831223.852:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6450 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb3d9d8d45f code=0x7ffc0000
[   97.233035][ T6451] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.468941][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.667653][ T5826] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[   97.679978][ T5826] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   97.780653][ T6464] input: syz1 as /devices/virtual/input/input5
[   98.415794][    C1] plantronics 0003:047F:FFFF.0005: hid_field_extract() called with n (132) > 32! (syz.1.186)
[   98.615635][ T5826] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   98.639903][ T2131] usb 2-1: USB disconnect, device number 4
[   98.820979][ T5826] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[   98.854313][ T5826] usb 4-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   98.875689][ T5826] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   98.884772][ T5826] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.922613][ T5826] usb 4-1: Quirk or no altest; falling back to MIDI 1.0
[   99.055713][ T5826] snd-usb-audio: probe of 4-1:27.0 failed with error -2
[   99.300292][   T23] usb 4-1: USB disconnect, device number 4
[   99.397271][ T6496] loop2: detected capacity change from 0 to 256
[   99.425682][ T5826] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   99.605753][ T5840] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   99.629467][ T5826] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   99.644083][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.662960][ T5826] usb 1-1: config 0 descriptor??
[   99.823242][ T5840] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.838420][ T6498] loop2: detected capacity change from 0 to 32768
[   99.847272][ T5840] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.874133][ T6498] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.210 (6498)
[   99.898837][ T5840] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   99.943348][ T5840] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.953481][ T6498] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   99.987205][ T5840] usb 2-1: config 0 descriptor??
[   99.990267][ T6500] loop3: detected capacity change from 0 to 1024
[  100.004666][ T6498] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  100.034335][ T6498] BTRFS info (device loop2): enabling auto defrag
[  100.052233][ T6498] BTRFS info (device loop2): doing ref verification
[  100.062386][ T6500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.082330][ T6500] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.082369][ T6498] BTRFS info (device loop2): use no compression
[  100.108176][ T6500] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  100.127080][ T6500] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[  100.140594][ T6500] EXT4-fs (loop3): This should not happen!! Data will be lost
[  100.140594][ T6500] 
[  100.150472][ T6500] EXT4-fs (loop3): Total free blocks count 0
[  100.156736][ T6500] EXT4-fs (loop3): Free/Dirty block details
[  100.158248][ T6498] BTRFS info (device loop2): force clearing of disk cache
[  100.163782][ T6500] EXT4-fs (loop3): free_blocks=4293918720
[  100.177438][ T6500] EXT4-fs (loop3): dirty_blocks=16
[  100.182601][ T6500] EXT4-fs (loop3): Block reservation details
[  100.188744][ T6500] EXT4-fs (loop3): i_reserved_data_blocks=1
[  100.195955][ T6498] BTRFS info (device loop2): max_inline at 4096
[  100.202274][ T6498] BTRFS info (device loop2): disabling free space tree
[  100.256953][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.331302][ T6520] loop3: detected capacity change from 0 to 64
[  100.337038][ T6498] BTRFS info (device loop2): enabling ssd optimizations
[  100.354132][ T6498] BTRFS info (device loop2): auto enabling async discard
[  100.402514][ T6498] BTRFS info (device loop2): rebuilding free space tree
[  100.537179][ T6498] BTRFS info (device loop2): disabling free space tree
[  100.544577][ T6498] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  100.561881][ T6498] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  100.622446][ T5840] usb 2-1: language id specifier not provided by device, defaulting to English
[  100.833721][ T5785] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  100.917711][ T5826] usb 1-1: Cannot set autoneg
[  100.926548][ T5826] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71
[  100.967485][ T5826] usb 1-1: USB disconnect, device number 4
[  101.058702][ T5840] input: HID 256c:006d as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0006/input/input6
[  101.217602][ T5840] input: HID 256c:006d as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0006/input/input7
[  101.282702][ T5840] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0006/input/input8
[  101.386381][ T5840] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0006/input/input9
[  101.492739][   T12] kworker/u4:1: attempt to access beyond end of device
[  101.492739][   T12] loop3: rw=1, sector=65, nr_sectors = 1 limit=64
[  101.517438][ T5840] uclogic 0003:256C:006D.0006: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[  101.601603][   T12] Buffer I/O error on dev loop3, logical block 65, lost async page write
[  101.613918][ T5840] usb 2-1: USB disconnect, device number 5
[  101.644839][   T12] kworker/u4:1: attempt to access beyond end of device
[  101.644839][   T12] loop3: rw=1, sector=66, nr_sectors = 1 limit=64
[  101.717884][   T12] Buffer I/O error on dev loop3, logical block 66, lost async page write
[  101.727990][   T12] kworker/u4:1: attempt to access beyond end of device
[  101.727990][   T12] loop3: rw=1, sector=67, nr_sectors = 1 limit=64
[  101.789102][   T12] Buffer I/O error on dev loop3, logical block 67, lost async page write
[  101.792237][ T6532] fido_id[6532]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  101.821157][   T12] kworker/u4:1: attempt to access beyond end of device
[  101.821157][   T12] loop3: rw=1, sector=68, nr_sectors = 1 limit=64
[  101.862512][   T12] Buffer I/O error on dev loop3, logical block 68, lost async page write
[  101.920101][   T12] kworker/u4:1: attempt to access beyond end of device
[  101.920101][   T12] loop3: rw=1, sector=72, nr_sectors = 1 limit=64
[  101.955429][   T12] Buffer I/O error on dev loop3, logical block 72, lost async page write
[  101.965161][   T12] kworker/u4:1: attempt to access beyond end of device
[  101.965161][   T12] loop3: rw=1, sector=73, nr_sectors = 1 limit=64
[  102.010303][   T12] Buffer I/O error on dev loop3, logical block 73, lost async page write
[  102.035029][   T12] kworker/u4:1: attempt to access beyond end of device
[  102.035029][   T12] loop3: rw=1, sector=76, nr_sectors = 1 limit=64
[  102.083494][   T12] Buffer I/O error on dev loop3, logical block 76, lost async page write
[  102.105714][   T12] kworker/u4:1: attempt to access beyond end of device
[  102.105714][   T12] loop3: rw=1, sector=77, nr_sectors = 1 limit=64
[  102.139563][   T12] Buffer I/O error on dev loop3, logical block 77, lost async page write
[  102.175208][   T12] kworker/u4:1: attempt to access beyond end of device
[  102.175208][   T12] loop3: rw=1, sector=78, nr_sectors = 4088 limit=64
[  102.224279][   T12] kworker/u4:1: attempt to access beyond end of device
[  102.224279][   T12] loop3: rw=1, sector=4166, nr_sectors = 1 limit=64
[  102.261989][   T12] Buffer I/O error on dev loop3, logical block 4166, lost async page write
[  102.293918][   T12] Buffer I/O error on dev loop3, logical block 4167, lost async page write
[  103.112494][ T3461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.334998][ T3461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.508705][ T3461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.670170][ T3461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.951485][ T6570] netlink: 96 bytes leftover after parsing attributes in process `syz.0.230'.
[  104.080723][ T6572] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.139748][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  104.151444][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  104.161466][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  104.177296][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  104.186839][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  104.194495][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  104.845658][ T6605] netlink: 32 bytes leftover after parsing attributes in process `syz.0.238'.
[  104.911532][ T6608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.240'.
[  105.021736][ T6608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.240'.
[  105.303771][ T6573] chnl_net:caif_netlink_parms(): no params data found
[  105.312763][ T6620] mmap: syz.0.243 (6620) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  105.883960][ T6573] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.901589][ T6573] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.921458][ T6573] bridge_slave_0: entered allmulticast mode
[  105.945228][ T6573] bridge_slave_0: entered promiscuous mode
[  105.967358][ T6573] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.988796][ T6573] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.024188][ T6573] bridge_slave_1: entered allmulticast mode
[  106.056899][ T6573] bridge_slave_1: entered promiscuous mode
[  106.087974][ T5826] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  106.197109][ T6650] xt_CT: No such helper "pptp"
[  106.246625][ T5799] Bluetooth: hci0: command tx timeout
[  106.302883][ T5826] usb 1-1: Using ep0 maxpacket: 32
[  106.345816][ T5826] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.394173][ T6573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.406330][ T5826] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.435291][ T5826] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  106.439678][ T6573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.467247][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.518071][ T5826] usb 1-1: config 0 descriptor??
[  106.548193][ T5826] hub 1-1:0.0: USB hub found
[  106.657384][ T6573] team0: Port device team_slave_0 added
[  106.767020][ T5826] hub 1-1:0.0: 1 port detected
[  106.808014][ T6573] team0: Port device team_slave_1 added
[  106.992679][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.016059][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.044685][ T6573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.060807][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.068400][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.098423][ T6573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.307384][ T3461] hsr_slave_0: left promiscuous mode
[  107.320198][ T3461] hsr_slave_1: left promiscuous mode
[  107.346617][ T3461] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.354138][ T3461] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.393751][ T3461] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.423489][ T3461] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.432601][ T5826] hub 1-1:0.0: activate --> -90
[  107.441147][ T3461] bridge_slave_1: left allmulticast mode
[  107.450127][ T3461] bridge_slave_1: left promiscuous mode
[  107.460690][ T3461] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.506390][ T3461] bridge_slave_0: left allmulticast mode
[  107.516178][ T3461] bridge_slave_0: left promiscuous mode
[  107.529478][ T3461] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.577125][ T3461] veth1_macvtap: left promiscuous mode
[  107.583822][ T3461] veth0_macvtap: left promiscuous mode
[  107.591160][ T3461] veth1_vlan: left promiscuous mode
[  107.598433][ T3461] veth0_vlan: left promiscuous mode
[  107.839647][ T5937] usb 1-1: USB disconnect, device number 5
[  108.325771][ T5799] Bluetooth: hci0: command tx timeout
[  108.516265][ T3461] team0 (unregistering): Port device team_slave_1 removed
[  108.605106][ T3461] team0 (unregistering): Port device team_slave_0 removed
[  108.744400][ T3461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.848893][ T3461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.319538][ T6677] loop3: detected capacity change from 0 to 32768
[  109.439268][ T6677] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  109.602939][ T6677] XFS (loop3): Ending clean mount
[  109.955467][   T28] kauditd_printk_skb: 24 callbacks suppressed
[  109.955482][   T28] audit: type=1800 audit(1753831236.762:38): pid=6677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.258" name="file3" dev="overlay" ino=9287 res=0 errno=0
[  109.985238][ T3461] bond0 (unregistering): Released all slaves
[  110.072482][ T5788] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  110.216312][ T6675] netlink: 'syz.0.257': attribute type 10 has an invalid length.
[  110.304935][ T6675] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.335148][ T6675] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  110.356328][ T6678] netlink: 'syz.0.257': attribute type 10 has an invalid length.
[  110.364115][ T6678] netlink: 40 bytes leftover after parsing attributes in process `syz.0.257'.
[  110.386014][ T6678] batadv0: entered promiscuous mode
[  110.391270][ T6678] batadv0: entered allmulticast mode
[  110.405728][ T5799] Bluetooth: hci0: command tx timeout
[  110.416725][ T6678] bond0: (slave batadv0): Releasing backup interface
[  110.445372][ T6678] bridge0: port 3(batadv0) entered blocking state
[  110.463083][ T6678] bridge0: port 3(batadv0) entered disabled state
[  110.560490][ T6689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.259'.
[  110.597922][   T11] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  110.607670][   T11] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  111.193704][ T6573] hsr_slave_0: entered promiscuous mode
[  111.202935][ T6573] hsr_slave_1: entered promiscuous mode
[  111.212001][ T6573] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.222572][ T6573] Cannot create hsr debugfs directory
[  111.793767][ T6573] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  111.821944][ T6573] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  111.862982][ T6573] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  111.916989][ T6573] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  112.233913][ T6573] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.298217][ T6573] 8021q: adding VLAN 0 to HW filter on device team0
[  112.454686][ T1317] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.462479][ T1317] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.485942][ T5799] Bluetooth: hci0: command tx timeout
[  112.521662][ T1317] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.528861][ T1317] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.274857][ T6763] Bluetooth: MGMT ver 1.22
[  113.317425][ T6763] Bluetooth: hci0: invalid length 0, exp 2 for type 9
[  113.420875][ T6573] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.968296][ T6786] netlink: 4 bytes leftover after parsing attributes in process `syz.3.279'.
[  114.040504][ T6786] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  114.049737][ T6786] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  114.058604][ T6786] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  114.067430][ T6786] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  114.101529][ T6786] vxlan0: entered promiscuous mode
[  114.281250][ T6573] veth0_vlan: entered promiscuous mode
[  114.318704][ T6573] veth1_vlan: entered promiscuous mode
[  114.333184][ T6771] loop2: detected capacity change from 0 to 32768
[  114.401392][ T6771] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  114.424255][ T6573] veth0_macvtap: entered promiscuous mode
[  114.439190][ T6573] veth1_macvtap: entered promiscuous mode
[  114.550756][ T6771] XFS (loop2): Starting recovery (logdev: internal)
[  114.598381][ T6573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.622226][ T6771] XFS (loop2): Ending recovery (logdev: internal)
[  114.633800][ T6573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.653632][ T6573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.666710][ T6573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.695558][ T6573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.725615][ T6573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.759936][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.823112][ T6573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.858548][ T6573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.881376][ T6573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.894852][ T6573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.904973][ T6573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.923599][ T6573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.940213][ T5785] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  114.958619][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.993928][ T6812] warning: `syz.3.282' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  115.055292][ T6573] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.085656][ T6573] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.113829][ T6573] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.143314][ T6573] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.459756][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.493931][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.756930][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.764857][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.513289][ T6895] loop4: detected capacity change from 0 to 40427
[  118.572927][ T6895] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  118.613275][ T6895] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  118.675356][ T6895] F2FS-fs (loop4): invalid crc_offset: 33558524
[  118.738361][ T6895] F2FS-fs (loop4): Found nat_bits in checkpoint
[  118.991367][ T6895] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  119.008013][ T6895] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  119.547144][ T6960] input: syz0 as /devices/virtual/input/input10
[  120.546382][ T6986] loop3: detected capacity change from 0 to 1024
[  120.553815][ T6986] EXT4-fs: Ignoring removed nobh option
[  120.590605][ T6986] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  120.609970][ T6988] geneve2: entered promiscuous mode
[  120.615238][ T6988] geneve2: entered allmulticast mode
[  120.659461][ T6986] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal
[  121.074238][ T6998] Driver unsupported XDP return value 0 on prog  (id 52) dev N/A, expect packet loss!
[  121.091153][ T6980] loop2: detected capacity change from 0 to 32768
[  121.103441][ T6980] XFS: noikeep mount option is deprecated.
[  121.164529][ T6980] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  121.341909][ T6980] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  121.374586][ T6980] XFS (loop2): Starting recovery (logdev: internal)
[  121.405949][ T6980] XFS (loop2): Ending recovery (logdev: internal)
[  121.588218][ T7018] loop0: detected capacity change from 0 to 1024
[  121.617416][ T7018] EXT4-fs: Ignoring removed nobh option
[  121.638626][ T7018] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  121.725355][ T7018] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.949154][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.988938][ T5785] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  122.836714][    T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  123.042039][    T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  123.065671][    T8] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  123.113327][    T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  123.175614][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.211802][ T7047] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  123.281330][    T8] usb 5-1: Quirk or no altest; falling back to MIDI 1.0
[  123.614008][    T8] usb 5-1: USB disconnect, device number 2
[  124.106951][ T7079] process 'syz.2.359' launched './file1' with NULL argv: empty string added
[  124.814309][ T7096] netlink: 96 bytes leftover after parsing attributes in process `syz.2.366'.
[  124.899116][ T7099] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  125.358443][ T7119] netlink: 'syz.2.373': attribute type 9 has an invalid length.
[  125.376636][ T7119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.373'.
[  125.394260][ T7119] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  125.403478][ T7119] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  125.412387][ T7119] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  125.421174][ T7119] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  125.437068][ T7119] netlink: 'syz.2.373': attribute type 9 has an invalid length.
[  125.468589][ T7119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.373'.
[  126.209950][ T7125] loop3: detected capacity change from 0 to 32768
[  126.268327][ T7125] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  126.363992][ T5788] ocfs2: Unmounting device (7,3) on (node local)
[  127.176770][ T7167] bridge0: entered allmulticast mode
[  127.184968][ T7167] bridge0: left allmulticast mode
[  127.207866][ T7157] loop2: detected capacity change from 0 to 32768
[  127.270113][ T7157]  loop2: p9 p11 p16
[  127.315605][    T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  127.436850][ T5789] Process accounting resumed
[  127.523720][ T7176] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  127.535642][    T8] usb 4-1: Using ep0 maxpacket: 32
[  127.562530][    T8] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  127.579814][ T6527] udevd[6527]: inotify_add_watch(7, /dev/loop2p11, 10) failed: No such file or directory
[  127.579981][ T5985] udevd[5985]: inotify_add_watch(7, /dev/loop2p9, 10) failed: No such file or directory
[  127.603661][ T5780] udevd[5780]: inotify_add_watch(7, /dev/loop2p16, 10) failed: No such file or directory
[  127.614938][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.628006][    T8] usb 4-1: config 0 descriptor??
[  127.645161][    T8] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  127.766030][ T5799] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  127.770250][   T50] Bluetooth: hci4: command 0x1003 tx timeout
[  127.905609][ T5826] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  128.085746][ T5826] usb 3-1: Using ep0 maxpacket: 32
[  128.093636][ T5826] usb 3-1: config 0 has no interfaces?
[  128.099498][ T5826] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  128.109779][ T5826] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.126331][ T5826] usb 3-1: config 0 descriptor??
[  128.863139][    T8] gspca_vc032x: reg_w err -71
[  128.883469][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.890003][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.897688][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.898908][ T5840] usb 3-1: USB disconnect, device number 5
[  128.907333][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.915234][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.934788][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.945017][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.966844][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.976666][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.982012][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.989261][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  128.997860][ T7193] loop2: detected capacity change from 0 to 164
[  129.006988][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.012323][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.020278][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.027105][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.040226][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.052599][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.061225][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  129.067942][    T8] gspca_vc032x: Unknown sensor...
[  129.073165][    T8] vc032x: probe of 4-1:0.0 failed with error -22
[  129.093174][    T8] usb 4-1: USB disconnect, device number 5
[  129.135805][ T5826] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  129.349003][ T5826] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  129.366300][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.381957][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.394221][ T5826] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  129.430516][ T5826] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  129.439403][ T7199] input: syz1 as /devices/virtual/input/input11
[  129.445474][ T5826] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  129.464183][ T5826] usb 5-1: Manufacturer: syz
[  129.486154][ T5826] usb 5-1: config 0 descriptor??
[  129.855785][ T7214] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  129.862900][ T7214] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  129.899505][ T7214] vhci_hcd vhci_hcd.0: Device attached
[  129.941238][ T5826] appleir 0003:05AC:8243.0007: unknown main item tag 0x0
[  129.961708][ T5826] appleir 0003:05AC:8243.0007: No inputs registered, leaving
[  129.995200][ T5826] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  130.185852][ T2131] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  130.304322][ T7215] vhci_hcd: connection reset by peer
[  130.345797][   T42] vhci_hcd: stop threads
[  130.351479][   T42] vhci_hcd: release socket
[  130.384627][   T42] vhci_hcd: disconnect device
[  130.467954][ T7238] sctp: [Deprecated]: syz.2.419 (pid 7238) Use of struct sctp_assoc_value in delayed_ack socket option.
[  130.467954][ T7238] Use struct sctp_sack_info instead
[  130.802006][ T7256] loop2: detected capacity change from 0 to 16
[  130.884896][ T7256] erofs: (device loop2): mounted with root inode @ nid 36.
[  130.959740][ T7256] bio_check_eod: 80 callbacks suppressed
[  130.959755][ T7256] syz.2.423: attempt to access beyond end of device
[  130.959755][ T7256] loop2: rw=0, sector=8, nr_sectors = 16 limit=16
[  131.089103][ T7256] syz.2.423: attempt to access beyond end of device
[  131.089103][ T7256] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16
[  131.126572][ T7256] syz.2.423: attempt to access beyond end of device
[  131.126572][ T7256] loop2: rw=524288, sector=8, nr_sectors = 16 limit=16
[  131.241928][ T5785] BUG: Bad page state in process syz-executor  pfn:7657a
[  131.249870][ T5785] page:ffffea0001d95e80 refcount:0 mapcount:0 mapping:ffff88805db187c8 index:0x2 pfn:0x7657a
[  131.260439][ T5785] aops:z_erofs_cache_aops ino:0
[  131.265769][ T5785] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  131.274049][ T5785] page_type: 0xffffffff()
[  131.278772][ T5785] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805db187c8
[  131.287662][ T5785] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  131.296423][ T5785] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  131.303772][ T5785] page_owner tracks the page as allocated
[  131.310072][ T5785] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7256, tgid 7254 (syz.2.423), ts 130959615676, free_ts 130806776762
[  131.331967][    C1] vkms_vblank_simulate: vblank timer overrun
[  131.338164][ T5785]  post_alloc_hook+0x1cd/0x210
[  131.342969][ T5785]  get_page_from_freelist+0x195c/0x19f0
[  131.348616][ T5785]  __alloc_pages+0x1e3/0x460
[  131.353226][ T5785]  z_erofs_do_read_page+0x20c0/0x3680
[  131.358731][ T5785]  z_erofs_pcluster_readmore+0x2cf/0x450
[  131.364404][ T5785]  z_erofs_read_folio+0x208/0x540
[  131.369643][ T5785]  filemap_read_folio+0x167/0x760
[  131.374708][ T5785]  do_read_cache_folio+0x470/0x7e0
[  131.379900][ T5785]  erofs_bread+0x16f/0x630
[  131.384379][ T5785]  erofs_namei+0x28c/0xf00
[  131.388913][ T5785]  erofs_lookup+0x135/0x310
[  131.393442][ T5785]  __lookup_slow+0x281/0x3b0
[  131.398119][ T5785]  lookup_slow+0x53/0x70
[  131.402396][ T5785]  link_path_walk+0x970/0xe00
[  131.407133][ T5785]  __filename_parentat+0x205/0x610
[  131.412271][ T5785]  filename_create+0xd0/0x460
[  131.417037][ T5785] page last free stack trace:
[  131.421727][ T5785]  free_unref_page_prepare+0x7ce/0x8e0
[  131.427253][ T5785]  free_unref_page_list+0xbe/0x860
[  131.432437][ T5785]  release_pages+0x1fa0/0x2220
[  131.437326][ T5785]  tlb_flush_mmu+0x368/0x4f0
[  131.441942][ T5785]  tlb_finish_mmu+0xc3/0x1d0
[  131.446644][ T5785]  exit_mmap+0x3f0/0xb50
[  131.450953][ T5785]  __mmput+0x118/0x3c0
[  131.455043][ T5785]  exit_mm+0x1da/0x2c0
[  131.459195][ T5785]  do_exit+0x88e/0x23c0
[  131.463378][ T5785]  do_group_exit+0x21b/0x2d0
[  131.468062][ T5785]  get_signal+0x12fc/0x1400
[  131.472593][ T5785]  arch_do_signal_or_restart+0x96/0x780
[  131.478234][ T5785]  exit_to_user_mode_loop+0x70/0x110
[  131.483583][ T5785]  exit_to_user_mode_prepare+0xb1/0x140
[  131.489209][ T5785]  syscall_exit_to_user_mode+0x1a/0x50
[  131.494697][ T5785]  do_syscall_64+0x61/0xb0
[  131.499273][ T5785] Modules linked in:
[  131.503259][ T5785] CPU: 1 PID: 5785 Comm: syz-executor Not tainted 6.6.100-syzkaller #0
[  131.511527][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  131.521616][ T5785] Call Trace:
[  131.524894][ T5785]  <TASK>
[  131.527825][ T5785]  dump_stack_lvl+0x16c/0x230
[  131.532510][ T5785]  ? show_regs_print_info+0x20/0x20
[  131.537703][ T5785]  ? swiotlb_print_info+0x70/0x70
[  131.542731][ T5785]  bad_page+0x14b/0x170
[  131.546884][ T5785]  free_unref_page_prepare+0x887/0x8e0
[  131.552349][ T5785]  free_unref_page+0x32/0x2e0
[  131.557023][ T5785]  ? __folio_put+0xef/0x210
[  131.561518][ T5785]  erofs_try_to_free_all_cached_pages+0x295/0x600
[  131.567930][ T5785]  erofs_shrink_workstation+0x118/0x290
[  131.573476][ T5785]  ? erofs_shrinker_unregister+0x170/0x170
[  131.579281][ T5785]  ? io_schedule+0xd0/0xd0
[  131.583693][ T5785]  ? kobject_put+0x43c/0x470
[  131.588281][ T5785]  erofs_shrinker_unregister+0x5d/0x170
[  131.593826][ T5785]  erofs_put_super+0x4e/0x150
[  131.598503][ T5785]  ? erofs_free_inode+0xb0/0xb0
[  131.603347][ T5785]  generic_shutdown_super+0x134/0x2b0
[  131.608725][ T5785]  kill_block_super+0x44/0x90
[  131.613398][ T5785]  erofs_kill_sb+0x4c/0x140
[  131.617898][ T5785]  deactivate_locked_super+0x97/0x100
[  131.623271][ T5785]  cleanup_mnt+0x429/0x4c0
[  131.627684][ T5785]  task_work_run+0x1ce/0x250
[  131.632271][ T5785]  ? task_work_cancel+0x240/0x240
[  131.637358][ T5785]  ? exit_to_user_mode_loop+0x3b/0x110
[  131.642814][ T5785]  exit_to_user_mode_loop+0xe6/0x110
[  131.648093][ T5785]  exit_to_user_mode_prepare+0xb1/0x140
[  131.653632][ T5785]  syscall_exit_to_user_mode+0x1a/0x50
[  131.659088][ T5785]  do_syscall_64+0x61/0xb0
[  131.663501][ T5785]  ? clear_bhb_loop+0x40/0x90
[  131.668170][ T5785]  ? clear_bhb_loop+0x40/0x90
[  131.672845][ T5785]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  131.678738][ T5785] RIP: 0033:0x7fe27238fcd7
[  131.683157][ T5785] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  131.702772][ T5785] RSP: 002b:00007ffce9adcf68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  131.711205][ T5785] RAX: 0000000000000000 RBX: 00007fe272410b55 RCX: 00007fe27238fcd7
[  131.719182][ T5785] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce9add020
[  131.727235][ T5785] RBP: 00007ffce9add020 R08: 0000000000000000 R09: 0000000000000000
[  131.735199][ T5785] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffce9ade0b0
[  131.743171][ T5785] R13: 00007fe272410b55 R14: 0000000000020039 R15: 00007ffce9ade0f0
[  131.751157][ T5785]  </TASK>
[  131.754243][    C1] vkms_vblank_simulate: vblank timer overrun
[  131.760721][ T5785] Disabling lock debugging due to kernel taint
[  132.216287][    T8] usb 5-1: USB disconnect, device number 3
[  133.130375][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  133.136739][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  135.375674][ T2131] vhci_hcd: vhci_device speed not set