last executing test programs:

24.784206421s ago: executing program 3 (id=1534):
open(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(0xffffffffffffffff, 0x40189429, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x4109841, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, <r2=>0x0}, &(0x7f00000000c0)=0x5)
setuid(r2)
quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000201, 0x0, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioperm(0x0, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0)
vmsplice(r4, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000000000)={[{@noblock_validity}, {@noload}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}, {@noload}, {@nobarrier}, {@nodiscard}]}, 0xfe, 0x470, &(0x7f0000000940)="$eJzs3MtvVFUYAPDvTqel5WER8QGCVtFIfLS0PGThRqOJC40musC4qtNCkIEaWhMhRNEFxrgwJO6NSxP/Ale6MerKxC3uDYkxbEBXY87MvdAOM7WPaac4v19y4Zx773DOd889M+eeM0MAPWsk/ZFFbI2IKxExHBHl5hNGGn/duHah8ve1C5UsarU3/srSy+L6tQuV/J+ob8mWxo5aLc9valHupbcjJqvV6bN5fmzu9Htjs+fOP3Py9OSJ6RPTZyaOHj10cO/AkYnDHYkzxXV994cze3a9/NblVyvHLr/z87epvlvz40UcnTTSuLotPd7pwrps27x0Vu5iRViW1G79+XYlhqMvhm4eG46XPulq5YA1VavVaq0+n3MXa8D/WBbdrgHQHcUHfXr+LbZ1GnpsCH8+35jwSHHfyLfGkXKU8nP6m55vO2kwIo5d/OertMUazUMAAMz3fRr/PN1q/FeK++add1e+hrI9Iu6OiB0RcU9E7IyIeyPq594fEQ8ss/zmFZLbxz+lqysKbInS+O+5fG1r4fivGP3F9r48t60ef392/GR1+kB+TfZH/6aUH1/wkoV+ePG3L5r3fZ5Ps4/MG/+lLZVfjAXzelwtN03QTU3OTXYk+BT/xxG7y63iz26uA2YRsSsidq+wjJNPfrOn3bH/jn8RHVhnqn0d8USj/S9GU/yFrO365PizRyYOjw1GdfrAWHFX3O6XXy+93q78VcXfAan9N7e8/xvxp2fEbDBi9tz5U/X12tnll3Hp908rWZtjO1d4/w9kb9bTA/m+Dybn5s6ORwxkr6Ts0IL9E7deW+SL81P8+/e17v87Go9n9SvxYESkm3hvRDwUEQ/nbfdIRDwaEfsWif+nFx57t92x9u2/yKx8B6X4pxZp//SWl1K32n/5ib5TP37Xrvzaktr/UD21P9+zlPe/pVZwNdcOAAAA7hSl+nfgs9LozXSpNDra+A7/zthcqs7Mzj11fOb9M1ON78pvj/5SMdM1PG8+dDyfGy7yE035g/m88Zd9Q/X8aGWmOtXt4KHHbWnT/5M/+rpdO2DN+b0W9C79H3qX/g+9S/+H3qX/Q48aaL37o/WuB9AVy//8H1yTegDrz/gfepf+D71L/4ee1Pa38aVV/eT/Tk2UN0Y1WiaGNkY1ikSUNkQ1Opd47bNGl9go9SkS5SX/ZxYrTGxqeajb70wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//z8/5no=")
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r6}, 0x10)

21.236770243s ago: executing program 3 (id=1555):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0)

19.653166605s ago: executing program 1 (id=1561):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x20000000, 0x36a8, 0x0, 0x0, {0x2}})
munmap(&(0x7f0000001000/0x2000)=nil, 0x2000)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000))

19.455393749s ago: executing program 1 (id=1562):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000340)=@gcm_256={{0x304}, "00cd83f39500", "7979c06f94e1f3ed1945a2b2c7ff1bd557b28d5a73226a963826af565862c109", '\vv?\f', "dbdf3ad7d6801cf6"}, 0x38)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x11a, 0x4, 0x0, 0x0)

19.287893822s ago: executing program 3 (id=1564):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r2, 0xc00464c9, &(0x7f0000000280))

19.151458946s ago: executing program 3 (id=1566):
r0 = syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc0e85667, &(0x7f0000000000))

19.033449874s ago: executing program 1 (id=1567):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@newsa={0x1000, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@XFRMA_IF_ID={0x8, 0x1f, 0x3}, @mark={0xc, 0x15, {0x0, 0x4}}, @XFRMA_SET_MARK={0x8}, @algo_auth={0xecd, 0x1, {{'sha256\x00'}, 0x7428, "c0be23fa9c0855a83c337a3c7077eb0828b79dfae7329500880e4633afa6bd513ea24b96862e586adce6b9122acb6941df9ee2c561afdc8e41793aa412aefdf1878192c0605b4be23aa1946bdd28ceb0c3d04b18a3baa73e901531a6e111cff7116039f44b7770ad3a99ede4c1e770c9f4aba8c5e0e8518e441c0cbd0bbfd7c58837a3f687e467da96f2abd13a298c57aed44c96f224f1d1ccad9c53c13a3765f1b8c7028d167689c23966b8eed35360e817aeb16ed161a5e24e1a1b3f3d484f39c977752dc9e26ea11bc51258ec09129d082cd4e8e2119bdf02654a33134f2e79130562a2ace974cd3bf04369f4e79447f41216224fafef9ab18169687bac4d58e1a55b84875f69030fb4095f6a178ffe9ecaac8e011c360eff1ba0cb7c4c757c91c12fb4cdfffb8929346f6bc4af2177d8b088c924fe3e8c864c034090f5593e2958a11832430d3144929e07cf2e161587903da6fc0d246408c622804bfe9f3d93c7b75d7390447a5f8efb9eedfc2d716eeec5ac53b2762d07b62ffe9e890f7d0de2828133877fecb2219af2dabb63984f65d3699b9f4dab7e14144750177f08cd2381fb203988d3f7fce9a8e3bb6d99274efbde27bf2d83793c90cec0991b375f52c93c427ab0859c6e282cf586ce26d55fd0f173d4503df968b71550c01dd995fa6c46f790b58992458a0edcadf2135e2d2aaf0930b5d320b9107a390ef81963dd9654e9ce144e259f68423eb37d2cbf445ea351f34bc24913cb08abf585d263d4ca3408dc79b409db93f6dc303d91d978bcb9cde273cb75c099f38205c20d1ef46fb52f0b7b0131e9fce39b8c007fc31cd9ddfb143934bf21608b1a67eed538812d45fca44a58de44369a6b542756db8eaee9f3741953c0923da25c3e3ad0bc0475f305be8e5ce61ae1fb67e068ad5fd343325dc1c9f827573348f0cc42e42b0fc62fb47ddaef3feaf13d1601db5054e5c73ba25fca9e049ddefb77daccced21c9a734fd4f9c7705efe773e898ec6df2432b18dd1bfcc915a7ae803bb0e06cacce7b5584e6b43e9caa2e1a2a86ef2262bed9138c95c6325e607c546429faadb61bb412692f3ee3ad8a8e4cd99f70fc8154b67b58fb1626841dea68a8eec47a435712885c09567875b6cb811bd928eff38bcac45a3bc7c1a540fa6450aaa51973b1a69a241b0afbbb92a8dda164db7203517be651ea62d839b52778fe8e5e2241ea0603c641849e9c980caa2aa668d9fe40f2e6232b249737f0fb3e6e1d1b8180a427ce9eefd43882ffe01517db6128144ce99f1444b15a9e95a71f1c01f920601eb76756bf20d8bc55f037607e1ca7568b5c23dd9e1e3b5616a3d3cb53e6e170b433acce7d9292c003bcbf7a54b3abc98c9ee25c501007ea05c9d014e079ca961a565390cbd72ed2c4c54a367545d6b9d358255a6f9e957fe12f3f822b13b15a7260dcbc09c535f0f8eea80b3dbc6f9d740e20054166d2bcaa6687de9d0576291518ee265144ed0916dd42c59b5c2a77427e5fcd6fe8ecf3f71bc792e9628886c7fb43dfb2d4fc2a463ec54381e087fc1ea249a5714d069cc33649cd22fb195b689018d796dccccecde912b0d15a52683c2f2548826615cb5d12bc0287dca626919180bdce7bc240775ebe32472aa31d4c40f5f5cb9730421228007148ad507f0f9fea56d467cffa5ccf6fef240e2afe0dfe68bafa0b22eeb50796b65dc1a4ba3aeb1668731c027ecfcd691630c19fdc6f536afe63a99bc69a2980a3276073f318bceacb322e71b5f9cc37d6afc676fec9303270205e5c921753d20e64c7f6c31cde900309538d4483b29f4d4720521dce3c96c955ea1f13d0a06c44d81aee3934a8fb6f91b87cb2942e5f20cb0af7c9443de5fa232a6a84a7971903a5f7f8e8e2a7f336719e85971201364e820bd5475fdb77d995e5235c96aa92ef3e2fa6a3a0211b78d464ea911b001fd94e2f7c6e01e3f903edbd50dab92691f1855b9da98ab47b2e9efaebcc86ee2e953b67c021f165ebcc758011034adbbf68d7609e64c3e66510f0b752c2faffd9655cbab0a1faf5f1d4c9aca18511d5cdfe3d465014f401c4ba3f8897bafb6f323d2f27bff5bd111e419d0a540369fe2b7631c24243f43de25ad2ac3c8ba6bf415c044f74c0eca7d12f7c9cbd175d18d849dfd02685a63096e190f90aa2824ec4402b0c1e822f40ac2e2134b9a3f8578de33438a106517b0b046bf8aa22d0902ac10873d46ac826f55b8fa992827c64333f9a8591122fa7ceb1d1420d2f59f1dd8e497cb1cc31180262d5170e66c641935152435647b83c9781aedbe61c4b4eb5c09b9dbd1aa1c0365cdfa7119507a2eebcdeb4489176f01a5a48cac677b80bec2d4dbfc2e017da81eb178bfed2d85e710807b3fe881d3535ae9171ba6732001f31496f5cbd070d8be66e0744260934bcfc606606194203cd88a1867b6f6e2496af489fae8c34295a47105543e4cdb761ba19c55e51874dcedcbd5f4acb62283072a0e4ef9e84fa23adf202fe4eb3a7308a0954ce7460c70ea5974c8719d6ccf7fc480ace24741eeb90ecc3d7cfba29051211cfc6496d35a91f4a33a38961517dbeb4d4050059cc697ebdf7bf445c513342218c76fd17b2e2377a015f9c4eb44ad30601746a525217ef002de414732c003246404fde9ad11b0bc6525b9229559eda81a46114844f05ed7bbdffc6cca7838deb89d6f1b39d2fd8054c69b5b356d3a9b7d67d8ccf6cea3d74b35f7e0ec10f82253698b5981b00f3799d2300e41e9cf313dd0b4e63951edb83b4ce5101c4ef5d60e002fcee1276504b58a86f26290dfb2becc4180d3b07bb45f2612485f0262bfae6392940bf47f941fc21dac2fc4cad11d9f74fc7630a446cce5285a7118117d34f49a384fa0b246544d5e94e8d0c8d44ba06b97a529bc85238c198ffa4bb3542981fb23638c92b19847ed33eec662449c1b5836a7b8736199e371d879cd7bf810718093e3c173c1aea8366039dad3791a64d5394f8e26ec43718bca516fe1aa33c972a9af943b8e81ac07663477c2b3e64c26f1f470f4c307ff653f9a748d30322bab28f9f4361e625d0d056e7789c01cfe49f28a8e8bf81a7cee629f6966e3f58f89d349e1ecb7f71e2a97fdc4f590ee702d9cd9a7dd61a77f3e952877fff366a24b38afb16bdb779d1199fb7958afb2e0ab4bd147f46076ceda01214d5ecbf647e3b08179550861c7a1920722d63dbbdd65103c29a6f8530df0a294404445100620474fd119bb617359485c652da872ffc50a100d0693bb96aef2dfb897ce35ad358cd37eb3d4ecd983fcd964403c4e12443db908fe9806d694c8aa0a67fe998233cc13958349554599935b80f88946095acf351ea194f0939470d3427b69c502abe1aa3ae79bb4b40ff79ad13461561611b39868a307ccfea8a9f68598deaf4be3fa4c856497fd3f967a57765fda71823048ef90df169a56a2d218a299a1878bd0c521ae062b0d1341d9a64d9ac7fb3b35aff5c7d2ef9539665d5701e95995eb5adbae8964438761a2d4ef161f1a3978ea90290e8826ba7409dc123458104c22fbe51ecec74926112a106e5ce9dc32cf14da7f2450a13d59a78da3ff442aa64636e7c14c6040ca841c318c63718115c5ed5a993d8a540846837697513b3ca9a2cda7317612bb1d42891082bf6a559a762d093c4f3313faff21e2fe3b23eea0e1a64f32389c1d5a2383c38c74db859d0e7eaafcb7db502e7ea00bac6dfe2c7de041aa70e865f5e14f277d419c17c60a3199500b66bf0a28cd4409434d255ee3523975402b193b4fb932967059ca35fa07818bb2c0e6fe7b6f180f48d26e6f4cf116140962528ebfd0b7dcadec1bb4065dc51f53479a499c99de924988f8cd916de5e4433155549b9c9f9ad419b4cfa6bcdc4e4ba24c6b43eca03c487c475145e5a1e384602dea84c77977539bf4740e96148674a9c6e2c61574c97ad53fde6cbca25dbc6bdc48bf67f0a5529890329bd4e30f8f9fad08c0091a45a88c57d82361fe9d0b041901f11adf7ff0ef00ee1c54ed9fee26d6888af843aa5ee18a619c7e27af82925794da9c922805d578dfcc05f2e278d930f02b4ac61703d1baec8cbe55ce7b15733cc388c7fc70da15712b43eb52b7767b218c90410635d86a4c7440bd6dcfbf3bace3abca1d6e838a74702890f37d3ec41f12e381dca0d75764b82ed4942036093c4414037390405bb579a7c04c33abf6432153408b1e2856e1b6b13e6f593ae34efeab9178647dea4fe3a2217e4de6382253444696206df8641b89b629d4b03a4aabd967f7b2a756b8d4762d90746476c741269a921aed3d7bffde5b35347ad4d4f607ee1b17159c3a19a16b98258e5a728125c447a73bf2251ef6af9199f3e2356962dd095bc7a691500ef127ac942bd475faf6f1b348004c1018390c6db56ffd9ab408b20647bebd30b159a6d3d33394ed8229352849001f2602edb32fd919fb75487c527b7552cfb27918ee0c066a7c8347fe5e4dac17be13f9ea1cc8ca32986316a1c4c6a02d05c3a249fabc02d235ab058ec85991722a561677c32b1a5c1e4395a70d517c5df57236d9d04cfc8737bbe420afe08e6cd996bb51303498a1d89248d0822736ef61124f024ad519440b1c42b5d4c589dbcea11d1761a9662288db85dab7efeaa2f26c9c1569e9baafb5b9c3e9afc92117a3a9ea8b37f3c6f33697f902487f36a143d9c4feae7dcec3716ed49a37a30fe22da7fe86afc97ae3f60e21bf99605c0b98e1fb45fb34e65e25220a9e2586a219ec76f2f27687d97faf9cef72498da7bc0ee3249eadb5349835120f7e838746262a79d30e1512af1bf2fcdd287bceb97c9bf309127c52dde2d9048f8d25ded34d7631b01624f325075b9663c7ee4e4e9b34120098d8429f53bc90a7c1ffa65002ca83ea51cc8c1396add13e2e939dd1713e3048f9f09c5c0a876909adaadf0b69e9b4c80455e5c0384ac082e0918af5ff981c810d08a7afba2d68d44f065a928264a1cfbcd10910c628b6e660235850fd4bf63210949f6d86346b5c627b8e474f5b21403135a0f2f6f3cabd3779f025d6914a6936bee2e9091489d8842170d51757f5173358e8601dc21c004cfeb58e5ec6d0c87cd396029d363a55b8e00658c02622982419ab6f300afe890151cddd5aed62a48366dbfea0c1d536818c36ca23bbed3e5ad3288a098e3d012a959823813fcce56b33a46d219c18c124cfb7c1df9b92a39bab6f34"}}, @lifetime_val={0x24}]}, 0x1000}}, 0x0)

18.993921106s ago: executing program 3 (id=1568):
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000180)=[0x0, <r3=>0x0], &(0x7f0000000040), 0x2, r2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f00000003c0)=[r2], &(0x7f0000000200), &(0x7f0000000300)=[r3], &(0x7f0000000340)})

18.74966547s ago: executing program 3 (id=1569):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001f00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000001f80)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000001fc0)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_SEC_DEVKEY={0x30, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x4c}}, 0x0)

18.637171636s ago: executing program 1 (id=1570):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
fsopen(&(0x7f0000002200)='erofs\x00', 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0)

16.824573805s ago: executing program 1 (id=1579):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)={0x1190, 0x3b, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\b\x00'}]}, @typed={0xc, 0x129, 0x0, 0x0, @u64=0x8}, @nested={0x1111, 0x83, 0x0, 0x1, [@generic="7ecaee46de67c5ecb859fbf22173ef8385b04c4aec7b9f0f37bc141a218319a8d761a2", @typed={0x5, 0x1, 0x0, 0x0, @binary="9f"}, @generic="f4c8ef57fa33e0dda6cbce83055d3a16456c0cbf91f56290d8ceb4c7db30a0e5c0d72f706a3ed4a47c718d50694faae86d49373e86941a7c148030b15a5fb6563df0d919c44cf968ed140c165274ac08566640b4395820c1d504ad6436097b82883af419e2ca357878ba4e991ea0271edbe74cca3776050e4adb9275429063e670b1ff8d4168bde125292a565ff753789e498206d0179e836fa7dfd7088a88afe027d014dc0b2faefaa3db847e25fef7b7eb077b78e6bd7b33e4ef979db972ca26b0bdeec128c48a41b344fa77efaa3e667dc5d216165b6c04cc23c9069979540d45", @generic="94fc7b492b7abd9e6c23ddb00af0a5f2938d0ea6ad3c31fbc331f8c1b6526d71284c66772d5fb08c45000588a6c8d810eaec0854ecdccc4f1cf51c2d361b9bcd65577d8622a44619d91fb1b81379e227202f0ed9883cffb7b6cddc9086c25ea6b67dc508540e7d10ebfa96b379a2367e82c43e3438375c16cb6bd72c666e026a02aab254aa203f15ec5dadc8e614f2e456b344a031c69a17d383fbb7c85f35270f146680a3eddf05326809f3f7290fafaec5e71b5a67f29a3cae0d4aedda7ddd38f2cfbd46cbfa4a5b5fee5b77789ea58f3f6711db2cd495bf18e9034ceed00fcf9c95a9b3c334ea1c71ba3287fa99e3427e14967b0593d0d217cefe9245386d71a8bcfbc5a2b6fed2fcf2e8073d77d4a2cf13c1b5373a4f94cfb3b67fbfb780233373ce7dddac9c3997d5753243a3d6c0d235d4c0659d3720607c1908d7793270a1424645c6f5919c165e09414332ee411160d3ec63597f72f9e186bdc1de18309cb196137d56e181eb45554bd45c7c46dd9ba0efa1d9b587f109e08f0b18790fe6abafe637c49d7f884cfc5590c462615622509d2d260f2c8be11d70c6ecfa6fde6325c801da76220332f55ba4e3b44c0d0b1e6baa6858ebf0e33dd7e6c1ad6920900dcb1855b3c300384efd32d5f5cce231363b0c9d1060b6ccf2279b41a43e099475565d9c450ad3e7350865ddba1ac8baeb7325d1f5f1152c4e481061c0efafb045eefc22f770c6db965758226f4de5e10b3e8c42ccba6750ecbcbe85d8d5eebd873c4f0330c4a8981cd54144689b2dd7ff4553dffcd35276f9ad738b2df5535002e15add246a1e5365b912f07b09769df5a5496412a6df52cdfd1088c6eabd5a8b4eaa02c6a34faaeb7662b471a63f425fd245781a137aadfca7b94685c9ad55c900a02e1eb58c79b0a9681c0265173b988bb387e1939cb68318f05e29b9dfdc45f5e346ff2fdd43f59653ed0d297db7eb62c7b99044fe94b9b8b94b9a311116602ce9bb545382a45de00e654371a755c844272e211f9a2c9ebcff9cd89f7e37dc567b218a6e0e7fb2071a7f975783aac53bf17570c9058bb0953e8cecce81485dd8532a045efa08247858c00f85d7ca0aade0975ea57d10c871d5355b621da328d638d79d2ba8c2c7645b6315173dff99b410e4c249aeace40aa550130530d78bc27a3dfb6d8e85fdf34656cdab0ae9cb08752bb03c391de6aaf1806124c67163975c48370f99c85a0a74e52a95fd7e10c388f99695570629ab2ee3d7a4190dc03c7fe1b2b1e8f0df404b900657fe81162f9dd84f7e32a58187229b8ca4a85d805e814423f7f1a5f8c64bdea03b1ab3c9a84e63b9f9106401b6746b1ea9db13cb68b8a93a7c8953e08e14369278cdb20501069e42455c633369f88774291d563b0009c5aeaa6b97822f8162fe2ec1cfd4097c8b4e15502bef79f414ef76baa872c716679773fcfbe65578f3d8fada9fb40741ac16f44237e00a3905293015e4962203945a5fddcc0dfa47ca013d9353de3474493754f89be962a6ffa21eacb256f75055ee9631e3b549e8606bdcbf1c4bb094702e119addce0e5506467c5b50d8c82a6d9b7617d0753ecd61cd4705d2b0efda28029e5f8584188f4dba185385ba5fc6b9be3f2d74db6bef967e057b1853131c7bb40528e19d53cb78865aa80163700dc1426dd2975f94779ea503419d03c9c393ea024abea2094e11c95d95a50273aa140609a3fcda636be6125deb3be610e0d2bcb52986fb99d499ff3fcd97b2a62f2453cebe0c0c9b85fbed8c64b5e1ef87ea584a60efaf738daa1bde0b07c4b8507cba2b5945c24266013e6c2ea60a3a80a7ab9607b6b4a0a01324ea103acc9dc395ff99989f17ee6f7d77d085de29be5124b3f48c7c880d971f6980746fa95a56feb846d3aaa204e13e5725c871ee476cc11ff421e178f4d5d52eec251cf59fdb99ce2919be5526ce648c1d4766fdb85f89121987e0424a7428c3eaea2ea8e9c77854ab6026eae07ba465f718ed39ca4389026cec127f81bb039bafdd06dbcd5117e9438b25d5e4a9992391447309d99cbefd7c8ab9425014d8c26b74a4355f11faa283caa4c917ee79a7c7dca5688a6d41aa5d0fcda70947428a2c6bac7865f19384a5a509c6472adbf1fec1e3c7507e7ea3857440932e36129f95eae5136333abe249ef59b6fa522de53592d4af131c0975ca8f5afc37ae85aa197ff90ec3e3bb2435eae845c8d6328bf29d163cd33b05da5cfccc091076e4a79426c0de3283ffce1f8b0eab0a6f964e2b4f497926e5a4140971c3239618d1b411ce3a3904af03341cf00836f1e7aed0098cd924364bf18e1061f9c88f2cf794a102dd89014db9e9f0e595db89157566573ec9621d33fecc4c464a8891df1dc311aa6ee4892032203350a15b67e126e05acc28b7703d8029832059342aeaf0157fe21c3b34463834154cfff710b1e120c83d25940f87149801094fbd5865a992fb4c96052f432c81d7d1ea3997a0c6480644bec094e1a698ac86425c91bfb03599002554d412c1ec761dd3d40bccdb15e133edafd7f61ead2d089262050c1c8a7bdb94485a28221319c66abe671dc0e39655660aef969f714dbbe5811962d672598a50bd6cf78fd3996908688e0b63700c4908b0651ddb4a2f0e3b8138b48b7559321302c9a29fd06d4e34058a98573de3b8d975baac5a9a3cd3a4a8d7050c99e0435977e7cc4a8b26b079e7380ca3c8197f2b9bda2501ad756d6ea273a87ff6dbc7e823b91cec44a0f7e94e6acf36438b8398b5514a40264215c995313d10130577c1c892090ba942417680038f760d5de5e0d59abe5951bcf68f4a6b3975cc0af6e60f5b87dbbff827f42f38fdcaa0aae8866148b946986dea506bf59b3b76250d208b11accbe923d25c26062ae342790d0afef092103e772f6024e8e38f478986684cc0d199a178d1d1aa507eb4e36621441eb69bd28022e76e7406aaa8ec4e42cdcbfb831a441656812dacf554d5333c51a03beb9b1548d9fd379fa0aaf95bf15d6be310ff253a88c535d3669ac1072ee2261ed3176960c84a6bb3104271bdddc79d5876d0908424186d7f0a90ff37f77f2cb2eca7a787f3b9895d1db337efda5d5e1edaf42039831978120af6aa4525400e085d30f5b6631a80663b844812c6bc9d64547f5d164a4cbb7de00d19a0df9bf81384971c0a3b0a05adfb24180f3a6ee12254a84a3651d1185fe19fcc0bd45903425a53270642b0850f56c1db4b18cd10827bd97ae90e46b84d1c7b96424ec490c991d54e0a7d068711f640622496493f4528c7258b772770d5ca035884af1a77d3d56a9babc88e2a10f911af30fd267362e21caa520d200514cdf2ae310c0261ada21bc7cb59b313ec5c2aeed5599026b2fdd712321bad08047bb58b2c48a0346201be2c2dcdeaca42f0f1169c9b763c4e41e63130cb87b18974f3d9c623e7b733f8e71e4b6aa632cf557cea8987b4ec2442c04010905b4895c18ebf81f88ac37bf925242f7405522c9e7f50dd58270ab0a72e9e43ea68a518be786700eb3b774abfeebc30bbf323c0897aee5cf95682c45e0fbecc8423431250c33e973bd6490624011db7a4f445c1ded77b94f3f8121f2e9ff31ef0901a5545994d5fe3ce1e5ac2a11b90b2a478f65d2f810d0316569ad53a179080fe091688049d47046be4fd9e7a831b1ac193a94b970e4f6bbe76ffaf9562c39ff8c728da9abb98b75f6f2ca97a8a94a37915a04f4317bc5298140e788b3f992880b93ecf9ea4fbdf5781b8c23b4e41923f96ec94c23f1194956106fca337feff783b49f6d35837e0ba2cd821c109189e3f8e5b3161411c93efe23a4e3dfd75cd975227242ab026db27f0d7c05708190ec8fbe83fbae9b1de646ed47b1f5facf4a9d9b8c75f877ebf7f45dec8118e678e561cb55b2f3545c88994ed1a4f73e14828722e5188b1e5dc26096f6b0597b2860d8160c588b319f599f423fb443ba1d01d064fb7891ca0d5010070502456573970f755d98eac141b813273da20b865dc6d21580377cf60a9fb2ada31f145539b85ab053ba013d8b6e58e38a5e9b0d4ed3221744918a2e3a86e01d152d69ba57324071deab6e5d466c7e1ea05236398da5bc6311ce6856680e361a5e3c796bca0af91b07e31c33a451e9caa80e8c6c568031560f0ec47ef2c0b683670974eff8d2a88345aa604555d541c0ef4cb131639a3535b4ee0934e1ff59c855515095728e183af52120009b701daedaed28924c716cc769ecbe6315113c67093a84d2c97bfecc9a9ddfc23f4fcce87c5fa4159ee40df91a934f5592c7fbc8cd4399bdd877af7c8aa3b123899c84a4b30ac16280dcea242ee8509aba3b915ee481f74afa62249a5cf076775c8e0b2a89eee6841bfdf88b5ce418e974f92cbf26296507359002daad3f1d4c9b62cc088eaf0bec977de97fbc879384faeffecb23ac3a055c832f3ff4cc4ac95dbbb8e307046f58b368d7a4db73715c9a28422a48c21b4163d525124619df4897dd77d36e0fb5816baaac61ab41c79c7a6291c3b240304e087fbac60f8ff3bb2ada30b18ccd35aedf7545363ce163ebbb4cd80c6897e60b68f4e44a39e669ce5e73303151195af31d7e21f534ef60edf6138ba9d29fd131c635e036039dedd7ac6b219c213caa74ca4d208e29d0114dddd21d4ef48ce12df997d9c10f2eb5089480fb90ac9d1ae6874daa21bf25b61ed608aa00aa238c625f009b7e2fcd737e70f128d900da8cc69597fdb1104568627f50dbe7bba2d56f797dc95e4e504865720e480e641d577999bcb2e7e3385d7b0efc09b2c8e81a244d7f83f5d847b922ee8a223e7f775647172cf82ab8969648197dc2cde54c79e2ffc2ee353db634b314ad5f8fcc4458790835eab559b31fd9d84a7b2af28264ef39c65af01bac8f42fad3461c224d5d8f113a870f5789ae2e421af745def6779cd12ff723d19b4eaa48296b786e9ed173a125580608a24cc1dc949d8e7dca75150e069929e85123153fefde33a85efc37c1f78bff34d80ce0a862fe98a5a62c934772d076288a1577231fa30c9bb5ce44b83ecd8eaf1863a6f7fe4940f20d228d749f88af42ef26519ee3b774fdd2c5c8e3cbd7f56aee30988fbd68220395ad56328454984ef017a7a23c4958375fb874537776d3e18db5db2d6dd70541fdcb3ff149393d9b945be7179390bcbd8a4a9b013793a2ee38d2736e7fe916c076b240a94bc7451b3f1df2d614a84cbcdbc085d0e85e4b2956afb9bc415c85b9315b9e091b1097f466ffab4c9452f9ca0e6efc5d23361787bf317a32e99e79b85c52ba12406a8bcba252fbda0afdfe5a4e4f3af5b8d4c2a742f7d8d29a53b44a89d03548d647ae1fd7ead4af54780b9e234bd0cfaa78346bbffd9d87c1b38073e89d04a78ccd9b7f389337cae9148b55db450c189ca90d678c75d0c3fb2c0b9481b13749ac79076518e6c21a383faa5a4d00400b9694cd9eb3cd2c652a8d8a04cf149c0ec3f1eb8358c5dd03b159996ebe0a779363027e68603de579cf8b4dd5288db20c2d488602a6964a5c290e83a26cd4527dab6af86351b331ffb1a44ad049eca9ab9ca5c37061a753748758f9f14d3d47d8a6fce79a83918d53b20c53ff923b3a03aa369c9b61cc11c7f44fc09310bae54abc02f3d041e20e9746571bd1d422bc6be1291e5f40d21ff465281de10e9369e70a6b232261fa7c799cd8e33ac4213f0dd3fe0288ebf61c76322a1ff892f2e86b339b91513fb1c32f1a7f6a8df31285971aaa93e0eaf2e"]}, @generic="3058811d639ff3c3c759c5dd36df73384f43c7a015bb9453f9d3b64860004bee747a99ccf67514c8681fc285b01a0aa48c77", @typed={0x8, 0x7c, 0x0, 0x0, @fd=r2}, @nested={0xd, 0x38, 0x0, 0x1, [@generic="1802d706fcb25f049e"]}]}, 0x1190}}, 0x0)

16.341358889s ago: executing program 1 (id=1582):
r0 = socket(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(0xffffffffffffffff, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
write(r0, &(0x7f0000000000)='\"', 0x1)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

8.799526206s ago: executing program 2 (id=1604):
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000500)=""/4096)
r0 = shmget$private(0x0, 0x3000, 0x4, &(0x7f0000ffa000/0x3000)=nil)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000140)=""/128)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000100)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x7fffffff, 0x6, 0x32}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000001b80), &(0x7f0000001940)=0xe2)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000001980), 0xc)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000080)=""/42)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000001600)={<r4=>0x0, 0xd6, "ab347fb1151edfaf5db4405a5ad6601fbfe4211b8a4d01717c0ba9ef1bf00ce24a3fcf4be6c59bf12287a13534a563c3d6f3b9f213344b02b0a1493daf3f098bd2a07ac52e554c32e2239f671285ebf093b85bc64a7827542634d44bda767e7495e319ab0779b35eb558c15f962b2f61cd74d547bcca8b1c5a054d52aefee632bf0a142fe00d80168be67c33b4752a8a12da8b881e4cda288d8f52332a68cb14b915d95e6b9609adcde77c7bb9dcc7bca72d86032ca797f5e136c285328feb78519b3e0694e4874570435155157392a624f85b7c5c56"}, &(0x7f0000001700)=0xde)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000001740)={r4, @in6={{0xa, 0x4e23, 0x3, @private1, 0xd03}}, 0x6, 0x9e2, 0x2, 0x4, 0xfffffffd}, &(0x7f0000001800)=0x98)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000300)={0x20, 0x4, 0x20, 0xff, 0xf1, 0x2, 0xe, 0x20, 0xfb, 0x1, 0x80, 0x40, 0x94, 0xd5}, 0xe)
r5 = socket$nl_route(0x10, 0x3, 0x0)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000200)=""/86)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0xd01591ce27e4290}, 0x0)
quotactl_fd$Q_SETINFO(r5, 0xffffffff80000601, 0xee00, &(0x7f00000000c0)={0x7, 0x1, 0x0, 0x2})
ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000440))
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000000)={0x6, 0x1e, 0x6, 0xda, 0x0, 0x16, 0x24, 0x7f, 0x3f, 0x3, 0x0, 0x7, 0x80, 0x6}, 0xe)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000340)=@ethtool_eeprom={0x43, 0xd29, 0x10000, 0xac, "2c25883baf75d02d6d6cc79f60a74529682c001c4993646a9aaf2dfd8830042cf95d59ce3bb028aad9fe7c7d4b6f6b82439683511971a669b6c496cca4bb720e75696d8fc41089807080373bf415af10ff109e130ff229eb8310966dcb3deac22b766f0339d81683dd7adeab7ae447ac4a5d3294e98bc53d54c8556ae2a2edb694fd5ee9661c0f6265e8c26cc5a649eea8482e2ff24530f5dffafc16606021b687b3c86a22fcd02a84b97889"}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001a40)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000001b40)={&(0x7f0000001a00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001b00)={&(0x7f0000001a80)=@ipv6_deladdrlabel={0x60, 0x49, 0x200, 0x70bd2a, 0x25dfdbfc, {0xa, 0x0, 0x3f, 0x0, r7, 0x8000}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @empty}, @IFAL_ADDRESS={0x14, 0x1, @empty}, @IFAL_ADDRESS={0x14, 0x1, @private0}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x40)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r1)
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x58, r8, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x90, 0x70}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x58}}, 0x4000051)
syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="040e050039200317b4966dd30f1cadd7ee12e06c79950679db79bfb2ed6b5ed3bce16d2376d4cbff956f91b60c548b74b4f7699f893451e2f73385ea067811e4b979a90023f2c66a8b15b2d25b42fc9c2ceae02f8d4ea8a3ff891fb3a8e1e7954993ab"], 0x7)

6.873510556s ago: executing program 2 (id=1606):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$cont(0x7, r0, 0x0, 0x97f)

6.573542446s ago: executing program 2 (id=1609):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x100)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
r2 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0x5e0, &(0x7f0000000300), &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
socketpair$unix(0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$unix(0x1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB], 0xd)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0xe, 0x4, 0x4, 0x36e}, 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x7, [@fwd, @func_proto={0x0, 0x0, 0x0, 0xd, 0x3}, @const={0x0, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x43}, 0x20)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
pipe(&(0x7f00000000c0)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0)

5.441759035s ago: executing program 2 (id=1614):
socket$kcm(0x21, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000240), &(0x7f0000000380)=0x4)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
read$dsp(r3, &(0x7f00000000c0)=""/108, 0x6c)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
read$dsp(r3, &(0x7f0000000200)=""/168, 0xa8)

4.407099013s ago: executing program 2 (id=1615):
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x2, 0x1, 0x0, 0x0, 0x0, {}, [@CTA_ZONE={0x6}, @CTA_STATUS={0x8}, @CTA_STATUS_MASK={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0x3c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x30, 0x0, 0x1, 0x0, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote={0xac, 0x3}}}}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x30}}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000008"], 0x24d8}], 0x1}, 0x0)

2.841503465s ago: executing program 0 (id=1618):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r2=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000005180)={0x38, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r2}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}, @nested={0x14, 0x1, 0x0, 0x1, [@generic="cd58877919b1363f7db58622a5a46a8b"]}]}, 0x38}], 0x1}, 0x0)

2.75507916s ago: executing program 0 (id=1619):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$cont(0x7, r0, 0x0, 0x97f)

2.631464835s ago: executing program 0 (id=1620):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/121, 0x79}], 0x1)

2.504545459s ago: executing program 0 (id=1621):
socket$caif_stream(0x25, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000080)={'ip6erspan0\x00', @random="201a4847569b"})
socket$tipc(0x1e, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00')
read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020)
ioperm(0x7, 0x0, 0x2)
futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2004c840}, 0x4000044)
socket(0x40000000015, 0x5, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
bind$nfc_llcp(r4, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d929849825e6573561bd1ca44c226af5160e000000007760760beeab91e81597c80004da000000020000000000000000b0d800000000005bc42ffdd2b6b9c2"}, 0x60)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4)
ioctl$UFFDIO_CONTINUE(r3, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

2.237587884s ago: executing program 2 (id=1622):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
fsopen(&(0x7f0000002200)='erofs\x00', 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0)

1.832827533s ago: executing program 4 (id=1623):
socket$kcm(0x21, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000240), &(0x7f0000000380)=0x4)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
read$dsp(r3, &(0x7f00000000c0)=""/108, 0x6c)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
read$dsp(r3, &(0x7f0000000200)=""/168, 0xa8)

828.510181ms ago: executing program 4 (id=1624):
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x14, 0x110, 0xd, {[@rr={0x7, 0x3}]}}}], 0x18}, 0x0)

622.707519ms ago: executing program 4 (id=1625):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
execveat(r0, &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x1000)

481.200816ms ago: executing program 0 (id=1626):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x3}]}]}, 0x38}}, 0x0)

297.699985ms ago: executing program 4 (id=1627):
seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f00000001c0))

281.26714ms ago: executing program 0 (id=1628):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@multicast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@loopback, 0x0, 0x6c}}}, 0xe8)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
socket(0x0, 0x6, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802)
writev(r2, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00'})
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000480)=""/250, 0xfa, &(0x7f00000001c0)={&(0x7f0000000080)={'wp512-generic\x00'}})
close(r0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

191.429262ms ago: executing program 4 (id=1629):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/121, 0x79}], 0x1)

0s ago: executing program 4 (id=1630):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000002c0)={[{@grpquota}, {@data_ordered}, {@resuid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@resgid}, {@usrquota}, {@data_err_abort}, {@usrjquota}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000200)='./bus\x00', 0x10103e, 0x0)
mmap(&(0x7f0000298000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
ftruncate(r1, 0x8)
ftruncate(r0, 0x6)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152)

kernel console output (not intermixed with test programs):

][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.739803][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.750739][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.761262][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.772227][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.790195][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.813068][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.843576][ T8656] EXT4-fs error (device loop3): empty_inline_dir:1833: inode #12: block 7: comm syz.3.968: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0
[  297.182105][ T5106] Bluetooth: hci0: command tx timeout
[  297.317533][ T8656] EXT4-fs warning (device loop3): empty_inline_dir:1840: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60
[  297.404889][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.436840][ T8456] batman_adv: batadv0: Interface activated: batadv_slave_0
[  297.516093][ T8641] netlink: 'syz.1.967': attribute type 5 has an invalid length.
[  297.545155][ T8651] netlink: 'syz.1.967': attribute type 1 has an invalid length.
[  297.557510][ T8651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.967'.
[  297.748945][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.814490][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.877504][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.916932][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.942201][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.956013][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.966110][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.977643][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.988192][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  298.002128][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.015071][ T8456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  298.027874][ T8456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.045782][ T8456] batman_adv: batadv0: Interface activated: batadv_slave_1
[  298.117800][ T8456] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  298.137422][ T8456] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  298.154946][ T8456] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  298.197856][ T8456] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  298.715560][   T61] hsr_slave_0: left promiscuous mode
[  298.743636][   T61] hsr_slave_1: left promiscuous mode
[  298.750313][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.762116][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.776008][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.787901][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.865691][   T61] veth1_macvtap: left promiscuous mode
[  298.871517][   T61] veth0_macvtap: left promiscuous mode
[  298.877391][   T61] veth1_vlan: left promiscuous mode
[  298.883510][   T61] veth0_vlan: left promiscuous mode
[  299.181847][ T8321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.941257][   T61] team0 (unregistering): Port device team_slave_1 removed
[  300.010178][   T61] team0 (unregistering): Port device team_slave_0 removed
[  301.151475][   T51] vhci_hcd: vhci_device speed not set
[  302.219002][ T8703] netlink: 'syz.1.979': attribute type 5 has an invalid length.
[  302.262287][   T29] audit: type=1326 audit(1721225065.128:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.1.979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff95e775a99 code=0x0
[  302.371355][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.403957][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.523162][ T8714] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  302.529806][ T8714] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  302.611814][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.639490][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.670886][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  302.682939][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  302.693530][ T8714] vhci_hcd vhci_hcd.0: Device attached
[  302.722967][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  302.762553][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  302.773280][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  302.780648][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  302.840562][ T8549] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  302.918889][    T9] vhci_hcd: vhci_device speed not set
[  302.964340][ T8714] netlink: 'syz.1.979': attribute type 1 has an invalid length.
[  303.003603][ T8714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.979'.
[  303.016909][    T9] usb 11-1: new full-speed USB device number 4 using vhci_hcd
[  303.031416][ T8549] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  303.045911][ T8549] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  303.069963][ T8549] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  303.262218][ T5156] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  303.301852][ T8718] vhci_hcd: connection reset by peer
[  303.342211][   T52] vhci_hcd: stop threads
[  303.351257][   T52] vhci_hcd: release socket
[  303.377695][   T52] vhci_hcd: disconnect device
[  303.482270][ T5156] usb 1-1: Using ep0 maxpacket: 8
[  303.493196][ T5156] usb 1-1: New USB device found, idVendor=12ef, idProduct=0100, bcdDevice=8c.b6
[  303.497266][ T8722] chnl_net:caif_netlink_parms(): no params data found
[  303.550488][ T8549] 8021q: adding VLAN 0 to HW filter on device bond0
[  303.563408][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.611723][ T5156] usb 1-1: config 0 descriptor??
[  303.658466][ T5156] usb 1-1: active config #0 != 1 ??
[  303.881491][   T51] usb 1-1: USB disconnect, device number 9
[  303.925231][ T8549] 8021q: adding VLAN 0 to HW filter on device team0
[  304.037447][ T8722] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.070817][ T8722] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.092527][ T8722] bridge_slave_0: entered allmulticast mode
[  304.121598][ T8722] bridge_slave_0: entered promiscuous mode
[  304.157159][ T8722] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.173083][ T8722] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.192920][ T8722] bridge_slave_1: entered allmulticast mode
[  304.200309][ T8722] bridge_slave_1: entered promiscuous mode
[  304.380734][ T8722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.410268][ T8722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.443378][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.450568][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state
[  304.607403][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.614667][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state
[  304.736171][ T8722] team0: Port device team_slave_0 added
[  304.788906][ T8722] team0: Port device team_slave_1 added
[  304.837307][   T54] Bluetooth: hci3: command tx timeout
[  306.127771][ T8781] loop2: detected capacity change from 0 to 64
[  306.136403][ T8722] batman_adv: batadv0: Adding interface: batadv_slave_0
[  306.172785][ T8722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.226199][ T8722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  306.323704][ T8722] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.330697][ T8722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.376589][ T8781] Process accounting resumed
[  306.394812][ T8781] program syz.2.989 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  306.479478][ T8722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.902612][   T54] Bluetooth: hci3: command tx timeout
[  307.052819][ T8722] hsr_slave_0: entered promiscuous mode
[  307.278988][ T8722] hsr_slave_1: entered promiscuous mode
[  307.297649][ T5106] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  307.315339][ T5106] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  307.326593][ T5106] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  307.337432][ T5106] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  307.359081][ T5106] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  307.383110][ T5106] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  307.400669][ T8722] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  307.441078][ T8722] Cannot create hsr debugfs directory
[  307.556444][ T8804] input: syz0 as /devices/virtual/input/input10
[  308.192403][    T9] vhci_hcd: vhci_device speed not set
[  308.204969][ T8818] loop7: detected capacity change from 0 to 1036
[  308.231057][ T2845] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.308378][ T2845] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  308.587283][ T8818] netlink: 'syz.2.995': attribute type 39 has an invalid length.
[  308.644060][ T2845] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.660734][ T2845] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  308.926380][ T8825] loop2: detected capacity change from 0 to 128
[  308.949726][ T2845] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.970460][ T8825] msdos: Unknown parameter 'usefRee'
[  308.982960][   T54] Bluetooth: hci3: command tx timeout
[  308.999731][ T2845] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  309.178503][ T8549] 8021q: adding VLAN 0 to HW filter on device batadv0
[  309.463796][   T54] Bluetooth: hci5: command tx timeout
[  310.012758][ T8825] loop2: detected capacity change from 0 to 4096
[  310.072568][ T8825] ntfs3: Unknown parameter 'dots'
[  310.169407][ T8722] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.365354][ T2845] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.395034][ T2845] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  310.885396][ T8722] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.063102][   T54] Bluetooth: hci3: command tx timeout
[  311.187030][ T8722] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.361427][ T8851] loop2: detected capacity change from 0 to 1024
[  311.496292][ T8851] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.1000: bad orphan inode 2097152
[  311.531670][ T8851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.542193][   T54] Bluetooth: hci5: command tx timeout
[  311.562473][ T8722] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.786770][ T2845] bridge_slave_1: left allmulticast mode
[  311.805111][ T2845] bridge_slave_1: left promiscuous mode
[  311.828449][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.833415][ T2845] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.874058][ T2845] bridge_slave_0: left allmulticast mode
[  311.887749][ T2845] bridge_slave_0: left promiscuous mode
[  311.910420][ T2845] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.984744][ T8862] loop2: detected capacity change from 0 to 64
[  312.127743][ T8862] Process accounting resumed
[  312.133764][ T8862] program syz.2.1002 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  313.508935][ T2845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  313.530960][ T2845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  313.531509][ T8874] loop2: detected capacity change from 0 to 128
[  313.563518][ T8874] msdos: Unknown parameter 'usefRee'
[  313.576828][ T2845] bond0 (unregistering): Released all slaves
[  313.622605][   T54] Bluetooth: hci5: command tx timeout
[  313.707702][ T8869] vlan2: entered allmulticast mode
[  313.743730][ T8869] bond0: entered allmulticast mode
[  313.750045][ T8869] bond_slave_0: entered allmulticast mode
[  313.781430][ T8869] bond_slave_1: entered allmulticast mode
[  313.817979][ T8874] loop2: detected capacity change from 0 to 4096
[  313.819180][ T8869] bond0: left allmulticast mode
[  313.830475][ T8874] ntfs3: Unknown parameter 'dots'
[  313.859227][ T8869] bond_slave_0: left allmulticast mode
[  313.886194][ T8869] bond_slave_1: left allmulticast mode
[  314.114936][ T8549] veth0_vlan: entered promiscuous mode
[  314.138576][ T8880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.143802][ T8798] chnl_net:caif_netlink_parms(): no params data found
[  314.222369][ T8880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.227892][ T8883] loop2: detected capacity change from 0 to 256
[  314.286546][ T8883] vfat: Unknown parameter '�9-�gq��#l>���4��I�
�SbF�#7A�[D���3�)�W��1��*2'
[  314.660480][ T8722] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  314.690940][ T8722] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  314.715475][ T8549] veth1_vlan: entered promiscuous mode
[  314.794342][ T2845] hsr_slave_0: left promiscuous mode
[  314.803244][ T2845] hsr_slave_1: left promiscuous mode
[  314.820972][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  314.882132][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_0
[  314.923062][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  314.952229][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_1
[  315.026519][ T2845] veth1_macvtap: left promiscuous mode
[  315.054140][ T2845] veth0_macvtap: left promiscuous mode
[  315.059824][ T2845] veth1_vlan: left promiscuous mode
[  315.085993][ T2845] veth0_vlan: left promiscuous mode
[  315.703045][   T54] Bluetooth: hci5: command tx timeout
[  316.375427][ T2845] team0 (unregistering): Port device team_slave_1 removed
[  316.506851][ T2845] team0 (unregistering): Port device team_slave_0 removed
[  317.561579][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  317.568197][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  318.497355][ T8722] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  318.536672][ T8722] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  318.867307][ T8798] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.902254][ T8798] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.909547][ T8798] bridge_slave_0: entered allmulticast mode
[  318.943436][ T8798] bridge_slave_0: entered promiscuous mode
[  318.963860][ T8798] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.971710][ T8798] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.003101][ T8798] bridge_slave_1: entered allmulticast mode
[  319.010592][ T8798] bridge_slave_1: entered promiscuous mode
[  319.023903][   T54] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  319.215062][ T8915] netlink: 'syz.0.1013': attribute type 5 has an invalid length.
[  319.216428][   T29] audit: type=1326 audit(1721225082.098:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8914 comm="syz.0.1013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x0
[  319.260226][ T8549] veth0_macvtap: entered promiscuous mode
[  319.303485][ T8798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.321664][ T8915] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  319.328215][ T8915] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  319.339526][ T8798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.358275][ T8915] vhci_hcd vhci_hcd.0: Device attached
[  319.572312][    T9] vhci_hcd: vhci_device speed not set
[  319.643401][ T8549] veth1_macvtap: entered promiscuous mode
[  319.652199][    T9] usb 9-1: new full-speed USB device number 2 using vhci_hcd
[  319.721733][ T8798] team0: Port device team_slave_0 added
[  319.740492][ T8922] netlink: 'syz.0.1013': attribute type 1 has an invalid length.
[  319.752925][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1013'.
[  319.777242][ T8922] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  319.791783][ T8922] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  319.802586][ T8922] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  319.812144][ T8922] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  319.890495][ T8918] vhci_hcd: connection closed
[  319.910640][ T2880] vhci_hcd: stop threads
[  319.952344][ T2880] vhci_hcd: release socket
[  319.954627][ T8798] team0: Port device team_slave_1 added
[  319.962317][ T2880] vhci_hcd: disconnect device
[  320.081051][ T8798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.116109][ T8798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.181333][ T8798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.210925][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.232225][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.254712][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.287224][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.321810][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.342108][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.382079][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.412332][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.432227][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.462247][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.500409][ T8549] batman_adv: batadv0: Interface activated: batadv_slave_0
[  320.538360][ T8798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.562717][ T8798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.632198][ T8798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.701971][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.740826][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.772101][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.792313][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.812191][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.851425][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.875703][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.896460][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.922165][ T8549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.942096][ T8549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.964539][ T8549] batman_adv: batadv0: Interface activated: batadv_slave_1
[  321.121918][ T8938] loop2: detected capacity change from 0 to 128
[  321.145044][ T8798] hsr_slave_0: entered promiscuous mode
[  321.153235][ T8938] msdos: Unknown parameter 'usefRee'
[  321.182955][ T8798] hsr_slave_1: entered promiscuous mode
[  321.195753][ T8798] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  321.203889][ T8798] Cannot create hsr debugfs directory
[  321.234392][ T8549] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  321.272150][ T8549] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  321.281683][ T8549] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  321.310852][ T8549] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  321.350411][ T8938] loop2: detected capacity change from 0 to 4096
[  321.372897][ T8938] ntfs3: Unknown parameter 'dots'
[  321.967863][ T8951] loop2: detected capacity change from 0 to 256
[  322.003513][ T8951] exfat: Deprecated parameter 'utf8'
[  322.026013][ T8951] exfat: Unknown parameter 'dmaskW��Mm�|'
[  322.148200][ T2845] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.182993][ T2845] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.317799][ T8722] 8021q: adding VLAN 0 to HW filter on device bond0
[  322.366530][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.414767][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.529956][ T8722] 8021q: adding VLAN 0 to HW filter on device team0
[  322.595250][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state
[  322.602489][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  322.918807][ T1628] bridge0: port 2(bridge_slave_1) entered blocking state
[  322.926054][ T1628] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.531846][ T8968] loop4: detected capacity change from 0 to 1024
[  323.562495][ T8968] EXT4-fs (loop4): bad geometry: first data block 100663296 is beyond end of filesystem (512)
[  323.574721][ T8971] loop2: detected capacity change from 0 to 64
[  325.108537][ T8974] netlink: 277 bytes leftover after parsing attributes in process `syz.4.944'.
[  325.223211][    T9] vhci_hcd: vhci_device speed not set
[  326.016419][ T8722] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  326.183033][ T8986] binder: BINDER_SET_CONTEXT_MGR already set
[  326.252440][ T8986] binder: 8985:8986 ioctl 4018620d 20000100 returned -16
[  326.456590][ T8798] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  326.526889][ T8798] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  326.550441][ T8798] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  326.652341][ T8798] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  326.726339][ T8977] loop2: detected capacity change from 0 to 2048
[  326.874540][ T8722] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.069090][ T9001] loop4: detected capacity change from 0 to 4096
[  327.113524][ T9001] ntfs3: Bad value for 'gid'
[  327.118180][ T9001] ntfs3: Bad value for 'gid'
[  327.236200][ T8722] veth0_vlan: entered promiscuous mode
[  327.309562][ T8798] 8021q: adding VLAN 0 to HW filter on device bond0
[  328.310250][ T8722] veth1_vlan: entered promiscuous mode
[  328.399351][ T9019] loop4: detected capacity change from 0 to 1024
[  328.428434][ T9019] EXT4-fs: Ignoring removed nomblk_io_submit option
[  328.496410][ T9019] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  328.497004][ T9019] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  328.514594][ T8798] 8021q: adding VLAN 0 to HW filter on device team0
[  328.537315][ T9019] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz.4.1030: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  328.540398][ T9019] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1030: couldn't read orphan inode 11 (err -117)
[  328.545465][ T9019] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.571669][ T8722] veth0_macvtap: entered promiscuous mode
[  328.636402][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.636472][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  328.669724][ T5230] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.747791][ T5230] bridge0: port 2(bridge_slave_1) entered forwarding state
[  328.778636][ T9019] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.1030: Invalid block bitmap block 0 in block_group 0
[  328.787661][ T9019] Quota error (device loop4): write_blk: dquota write failed
[  328.787909][ T9019] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  328.790154][ T9019] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.1030: Failed to acquire dquot type 0
[  328.829712][ T8722] veth1_macvtap: entered promiscuous mode
[  328.936678][ T9019] netlink: 'syz.4.1030': attribute type 10 has an invalid length.
[  328.987737][ T9019] team0: Device ipvlan1 failed to register rx_handler
[  329.014912][ T9035] loop2: detected capacity change from 0 to 256
[  329.029381][ T9035] vfat: Unknown parameter '�9-�gq��#l>���4��I�
�SbF�#7A�[D���3�)�W��1��*2'
[  329.146282][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.219396][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.258004][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.258386][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.258410][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.259136][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.259156][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.259171][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.260331][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.260353][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.260369][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.260381][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.266364][ T8722] batman_adv: batadv0: Interface activated: batadv_slave_0
[  329.420285][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.420312][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.420323][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.420337][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.420348][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.420361][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.420373][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.420385][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.420396][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.420410][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.420422][ T8722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.420436][ T8722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.421888][ T8722] batman_adv: batadv0: Interface activated: batadv_slave_1
[  329.513350][ T8549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.628887][ T8722] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.628927][ T8722] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.628954][ T8722] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.628979][ T8722] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.309457][ T9067] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1041'.
[  330.452796][ T9070] bond0: option all_slaves_active: invalid value (209)
[  330.505910][    C0] eth0: bad gso: type: 1, size: 1408
[  330.639990][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.672232][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.817586][ T8798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  330.866355][ T2799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.902924][ T2799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.012511][ T8798] veth0_vlan: entered promiscuous mode
[  331.217128][ T8798] veth1_vlan: entered promiscuous mode
[  331.959176][ T8798] veth0_macvtap: entered promiscuous mode
[  332.004743][ T8798] veth1_macvtap: entered promiscuous mode
[  332.081583][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.101855][ T9096] loop2: detected capacity change from 0 to 256
[  332.141970][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.252491][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.322236][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.367425][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.402344][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.429733][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.462306][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.514044][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.554704][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.591293][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.638956][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.667586][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.711562][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.750845][ T8798] batman_adv: batadv0: Interface activated: batadv_slave_0
[  332.830898][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  332.895543][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.936640][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  332.959532][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  332.976652][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  332.992188][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.010317][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.048396][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.058817][ T9120] loop3: detected capacity change from 0 to 1024
[  333.067451][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.096086][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.140066][ T9120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  333.166358][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.203902][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.227929][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.254112][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.307247][ T8798] batman_adv: batadv0: Interface activated: batadv_slave_1
[  333.386202][ T9121] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1051'.
[  333.444864][ T9121] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1051'.
[  333.491109][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1051'.
[  333.546151][ T8798] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  333.558414][   T29] audit: type=1800 audit(1721225096.438:146): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1050" name="bus" dev="loop3" ino=864 res=0 errno=0
[  333.623839][ T8798] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  333.639258][ T8798] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  333.650194][ T8798] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.661339][   T29] audit: type=1804 audit(1721225096.528:147): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1050" name="/newroot/3/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=864 res=1 errno=0
[  334.915452][ T9140] loop4: detected capacity change from 0 to 1024
[  334.969198][ T9140] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  335.182636][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.190603][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.336917][ T9155] binder: 9151:9155 ioctl c018620c 20000180 returned -1
[  335.352621][   T54] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  335.386818][ T2799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.392744][ T9156] netlink: 'syz.0.1060': attribute type 5 has an invalid length.
[  335.402329][ T2799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.687212][   T29] audit: type=1326 audit(1721225098.568:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9154 comm="syz.0.1060" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x0
[  335.793305][ T9156] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  335.799871][ T9156] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  335.808152][ T9156] vhci_hcd vhci_hcd.0: Device attached
[  336.055442][    T9] vhci_hcd: vhci_device speed not set
[  336.163188][ T9185] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1067'.
[  336.172971][    T9] usb 9-1: new full-speed USB device number 3 using vhci_hcd
[  336.227181][ T9185] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1067'.
[  336.304345][ T9181] netlink: 'syz.0.1060': attribute type 1 has an invalid length.
[  336.327851][ T9181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'.
[  336.508270][ T9172] vhci_hcd: connection closed
[  336.518823][ T9189] loop3: detected capacity change from 0 to 4096
[  336.540737][ T2845] vhci_hcd: stop threads
[  336.547122][ T9189] ntfs3: Bad value for 'gid'
[  336.551761][ T9189] ntfs3: Bad value for 'gid'
[  336.559211][ T2845] vhci_hcd: release socket
[  336.563933][ T2845] vhci_hcd: disconnect device
[  336.776609][ T9199] loop3: detected capacity change from 0 to 1024
[  336.810423][ T9199] EXT4-fs: Ignoring removed nomblk_io_submit option
[  336.830381][ T9199] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  336.894695][ T9199] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  336.971265][ T9199] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.1066: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  337.023771][ T9199] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1066: couldn't read orphan inode 11 (err -117)
[  337.164121][ T9199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.352690][ T9199] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1066: Invalid block bitmap block 0 in block_group 0
[  337.372387][ T9199] Quota error (device loop3): write_blk: dquota write failed
[  337.429563][ T9199] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  337.440221][ T9199] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.1066: Failed to acquire dquot type 0
[  337.612914][ T9189] netlink: 'syz.3.1066': attribute type 10 has an invalid length.
[  337.675822][ T9189] team0: Device ipvlan1 failed to register rx_handler
[  337.989955][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.417794][ T9228] loop1: detected capacity change from 0 to 1024
[  338.521481][ T9228] EXT4-fs (loop1): bad geometry: first data block 100663296 is beyond end of filesystem (512)
[  338.887045][ T9236] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1084'.
[  340.027289][ T9245] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1080'.
[  340.118430][   T54] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  340.364215][ T9243] netlink: 'syz.0.1086': attribute type 5 has an invalid length.
[  340.663589][   T29] audit: type=1326 audit(1721225103.548:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9242 comm="syz.0.1086" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x0
[  340.807128][ T9254] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  340.813767][ T9254] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  340.930486][ T9254] vhci_hcd vhci_hcd.0: Device attached
[  341.036679][ T9261] loop3: detected capacity change from 0 to 1024
[  341.106002][ T9261] syz.3.1090: attempt to access beyond end of device
[  341.106002][ T9261] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  341.109802][ T9252] loop4: detected capacity change from 0 to 512
[  341.153988][ T9257] netlink: 'syz.0.1086': attribute type 1 has an invalid length.
[  341.172374][ T9261] hfsplus: cannot replace xattr
[  341.184185][ T9257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1086'.
[  341.242457][ T9252] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  341.353486][ T9252] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e018, mo2=0006]
[  341.402825][ T9252] System zones: 0-2, 18-18, 34-35
[  341.422437][ T9255] vhci_hcd: connection closed
[  341.424851][ T2799] vhci_hcd: stop threads
[  341.471159][ T2799] vhci_hcd: release socket
[  341.490583][ T9252] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.522334][ T9274] binder: 9270:9274 ioctl c018620c 20000180 returned -1
[  341.540321][ T2799] vhci_hcd: disconnect device
[  341.582370][    T9] vhci_hcd: vhci_device speed not set
[  342.048070][ T8549] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000.
[  342.137552][ T9288] loop2: detected capacity change from 0 to 512
[  342.243092][ T9288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.246895][ T9291] ieee802154 phy0 wpan0: encryption failed: -22
[  342.351517][ T9288] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  342.579037][ T9288] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.1101: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled
[  342.762226][ T9288] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1101: bg 0: block 18: invalid block bitmap
[  342.859174][ T9288] Quota error (device loop2): write_blk: dquota write failed
[  342.877577][ T9258] loop1: detected capacity change from 0 to 2048
[  342.926191][ T9288] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  342.993502][ T9288] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1101: Failed to acquire dquot type 1
[  343.141154][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.224189][ T5106] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  343.247355][ T5106] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  343.262461][ T5106] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  343.270582][ T5106] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  343.281592][ T5106] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  343.300647][ T5106] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  343.540725][ T9309] loop3: detected capacity change from 0 to 4096
[  343.581257][ T9309] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  343.659437][ T9309] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  343.679257][ T5106] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  343.696461][ T9309] ntfs3: loop3: Failed to load $Extend (-22).
[  343.721493][ T9313] binder: 9312:9313 ioctl c018620c 20000180 returned -1
[  343.742310][ T9309] ntfs3: loop3: Failed to initialize $Extend.
[  343.794711][ T2880] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.905599][ T9315] netlink: 'syz.2.1110': attribute type 5 has an invalid length.
[  343.952126][   T29] audit: type=1800 audit(1721225106.818:150): pid=9309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1108" name="bus" dev="loop3" ino=33 res=0 errno=0
[  344.077383][   T29] audit: type=1326 audit(1721225106.898:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9314 comm="syz.2.1110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd22e575a99 code=0x0
[  344.082345][ T2880] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.182989][ T9317] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  344.189795][ T9317] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  344.266228][ T9317] vhci_hcd vhci_hcd.0: Device attached
[  344.458935][ T9334] loop1: detected capacity change from 0 to 1024
[  344.494333][ T5230] vhci_hcd: vhci_device speed not set
[  344.590332][ T5230] usb 13-1: new full-speed USB device number 2 using vhci_hcd
[  344.656157][ T2880] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.716512][ T9334] hfsplus: request for non-existent node 3 in B*Tree
[  344.741065][ T9334] hfsplus: request for non-existent node 3 in B*Tree
[  344.761719][ T9326] vhci_hcd: connection closed
[  344.766508][   T35] vhci_hcd: stop threads
[  344.842074][   T35] vhci_hcd: release socket
[  344.892825][   T35] vhci_hcd: disconnect device
[  344.944522][ T9331] netlink: 'syz.2.1110': attribute type 1 has an invalid length.
[  344.970356][ T9340] loop3: detected capacity change from 0 to 512
[  344.988684][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1110'.
[  345.049863][ T9331] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  345.064116][ T9331] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  345.085530][ T9340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.108538][ T9331] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  345.117786][ T9340] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  345.139537][ T9331] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  345.194540][ T9340] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.1116: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled
[  345.303818][ T9340] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.1116: bg 0: block 18: invalid block bitmap
[  345.358157][ T9340] Quota error (device loop3): write_blk: dquota write failed
[  345.370492][ T2880] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.392228][ T5106] Bluetooth: hci0: command tx timeout
[  345.402587][ T9340] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  345.429170][ T9338] netlink: 'syz.0.1114': attribute type 10 has an invalid length.
[  345.437605][ T9340] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.1116: Failed to acquire dquot type 1
[  345.506855][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.610390][ T9338] team0: Device ipvlan1 failed to register rx_handler
[  345.663003][ T9348] loop3: detected capacity change from 0 to 1024
[  345.774925][ T9348] syz.3.1118: attempt to access beyond end of device
[  345.774925][ T9348] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  345.848870][ T9303] chnl_net:caif_netlink_parms(): no params data found
[  345.857797][ T9348] hfsplus: cannot replace xattr
[  346.204271][ T9364] loop3: detected capacity change from 0 to 4096
[  346.217588][ T9364] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  346.338305][ T9364] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  346.371640][ T9364] ntfs3: loop3: Failed to load $Extend (-22).
[  346.396873][ T9303] bridge0: port 1(bridge_slave_0) entered blocking state
[  346.399086][ T9364] ntfs3: loop3: Failed to initialize $Extend.
[  346.468758][ T9303] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.498203][ T9303] bridge_slave_0: entered allmulticast mode
[  346.530462][ T9303] bridge_slave_0: entered promiscuous mode
[  346.557315][ T2880] bridge_slave_1: left allmulticast mode
[  346.573078][ T2880] bridge_slave_1: left promiscuous mode
[  346.585791][ T2880] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.597785][   T29] audit: type=1800 audit(1721225109.478:152): pid=9364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1123" name="bus" dev="loop3" ino=33 res=0 errno=0
[  346.636182][ T2880] bridge_slave_0: left allmulticast mode
[  346.653342][ T2880] bridge_slave_0: left promiscuous mode
[  346.660205][ T2880] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.897487][ T9376] loop1: detected capacity change from 0 to 512
[  346.975528][ T9353] loop2: detected capacity change from 0 to 2048
[  347.177702][ T9376] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  347.230977][ T9376] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e018, mo2=0006]
[  347.273852][ T9376] System zones: 0-2, 18-18, 34-35
[  347.288634][ T9376] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.462572][ T5106] Bluetooth: hci0: command tx timeout
[  348.012619][ T9387] loop2: detected capacity change from 0 to 4096
[  348.024316][ T9387] ntfs3: Bad value for 'gid'
[  348.028975][ T9387] ntfs3: Bad value for 'gid'
[  348.077176][ T8798] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000.
[  348.335440][ T9389] loop2: detected capacity change from 0 to 1024
[  348.351579][ T9389] EXT4-fs: Ignoring removed nomblk_io_submit option
[  348.379494][ T9389] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  348.390155][ T9389] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  348.443273][ T9389] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz.2.1130: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  348.477157][ T9393] binder: 9390:9393 ioctl c018620c 20000180 returned -1
[  348.504310][ T9389] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1130: couldn't read orphan inode 11 (err -117)
[  348.566221][ T9389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.747326][ T9389] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1130: Invalid block bitmap block 0 in block_group 0
[  348.802964][ T9389] Quota error (device loop2): write_blk: dquota write failed
[  348.857160][ T9389] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  348.872944][ T9389] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1130: Failed to acquire dquot type 0
[  348.936220][ T2880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  348.965235][ T2880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  348.989803][ T2880] bond0 (unregistering): Released all slaves
[  349.045692][ T9303] bridge0: port 2(bridge_slave_1) entered blocking state
[  349.082345][ T9303] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.122338][ T9303] bridge_slave_1: entered allmulticast mode
[  349.165087][ T9303] bridge_slave_1: entered promiscuous mode
[  349.358296][ T9389] netlink: 'syz.2.1130': attribute type 10 has an invalid length.
[  349.419978][ T9389] team0: Device ipvlan1 failed to register rx_handler
[  349.544232][ T5106] Bluetooth: hci0: command tx timeout
[  349.570383][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.635211][ T9303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  349.694753][ T9303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  349.712411][ T5230] vhci_hcd: vhci_device speed not set
[  349.866310][ T9421] netlink: 'syz.2.1137': attribute type 1 has an invalid length.
[  349.902340][ T9421] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.1137'.
[  349.919777][ T9421] netlink: 'syz.2.1137': attribute type 1 has an invalid length.
[  349.932616][ T9421] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1137'.
[  350.089892][ T2880] hsr_slave_0: left promiscuous mode
[  350.111610][ T2880] hsr_slave_1: left promiscuous mode
[  350.166572][ T2880] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  350.195549][ T2880] batman_adv: batadv0: Removing interface: batadv_slave_0
[  350.231220][ T2880] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  350.252197][ T2880] batman_adv: batadv0: Removing interface: batadv_slave_1
[  350.358287][ T2880] veth1_macvtap: left promiscuous mode
[  350.376987][ T2880] veth0_macvtap: left promiscuous mode
[  350.390751][ T2880] veth1_vlan: left promiscuous mode
[  350.400463][ T2880] veth0_vlan: left promiscuous mode
[  350.885227][ T9426] loop2: detected capacity change from 0 to 2048
[  351.498601][   T51] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  351.627363][ T5106] Bluetooth: hci0: command tx timeout
[  351.686544][   T51] usb 3-1: Using ep0 maxpacket: 32
[  351.718104][   T51] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  351.728368][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.760946][   T51] usb 3-1: config 0 descriptor??
[  351.783168][   T51] gspca_main: sunplus-2.14.0 probing 0458:7006
[  351.790647][ T2880] team0 (unregistering): Port device team_slave_1 removed
[  351.917736][ T2880] team0 (unregistering): Port device team_slave_0 removed
[  351.927128][ T9448] binder: 9447:9448 ioctl c018620c 20000180 returned -1
[  353.064074][ T9303] team0: Port device team_slave_0 added
[  353.103637][   T51] gspca_sunplus: reg_w_riv err -110
[  353.115888][   T51] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  353.138258][ T9432] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1141'.
[  353.168035][ T9303] team0: Port device team_slave_1 added
[  353.302489][   T51] usb 3-1: USB disconnect, device number 12
[  353.412851][ T9303] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.431772][ T9303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.437021][ T9454] loop1: detected capacity change from 0 to 32768
[  353.496293][ T9303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.551339][ T9303] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.559501][ T9303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.587287][ T9303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.733077][ T9454] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  353.925321][ T9303] hsr_slave_0: entered promiscuous mode
[  353.941231][ T9303] hsr_slave_1: entered promiscuous mode
[  353.951136][ T9303] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  353.959409][ T9303] Cannot create hsr debugfs directory
[  354.120979][ T9454] XFS (loop1): Ending clean mount
[  354.417914][    C0] eth0: bad gso: type: 1, size: 1408
[  354.426294][ T9491] loop3: detected capacity change from 0 to 1024
[  354.546261][ T9454] overlay: ./file2 is not a directory
[  354.589552][ T9491] syz.3.1151: attempt to access beyond end of device
[  354.589552][ T9491] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  354.644498][ T9491] hfsplus: cannot replace xattr
[  354.698185][ T9498] loop2: detected capacity change from 0 to 4096
[  354.724160][ T9498] ntfs3: Bad value for 'gid'
[  354.728944][ T9498] ntfs3: Bad value for 'gid'
[  354.935383][ T9505] binder: 9503:9505 ioctl c018620c 20000180 returned -1
[  354.973363][ T8798] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  354.989724][ T9504] loop2: detected capacity change from 0 to 1024
[  355.053222][ T9504] EXT4-fs: Ignoring removed nomblk_io_submit option
[  355.101793][ T9504] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  355.146830][ T9504] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  355.265776][ T9504] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz.2.1154: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  355.332648][ T9504] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1154: couldn't read orphan inode 11 (err -117)
[  355.427941][ T9504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.487495][ T9504] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1154: Invalid block bitmap block 0 in block_group 0
[  355.578869][ T9504] Quota error (device loop2): write_blk: dquota write failed
[  355.652608][ T9504] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  355.699977][ T9506] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1155'.
[  355.725866][ T9504] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1154: Failed to acquire dquot type 0
[  355.787878][ T9522] netlink: 'syz.2.1154': attribute type 10 has an invalid length.
[  355.846429][ T9522] team0: Device ipvlan1 failed to register rx_handler
[  356.266627][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.361366][ T9303] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  356.440211][ T9546] loop3: detected capacity change from 0 to 1024
[  356.447932][ T5106] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  356.534292][ T9546] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  356.603900][ T9543] netlink: 'syz.1.1157': attribute type 5 has an invalid length.
[  356.644438][ T9303] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  356.682610][ T9303] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  356.693797][   T29] audit: type=1800 audit(1721225119.568:153): pid=9546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1162" name="bus" dev="loop3" ino=864 res=0 errno=0
[  356.748929][   T29] audit: type=1804 audit(1721225119.608:154): pid=9546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1162" name="/newroot/29/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=864 res=1 errno=0
[  356.843454][   T29] audit: type=1326 audit(1721225119.608:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9542 comm="syz.1.1157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x0
[  356.868650][ T9303] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  356.876714][ T9550] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  356.883252][ T9550] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  356.898692][ T9550] vhci_hcd vhci_hcd.0: Device attached
[  357.102933][ T9553] block device autoloading is deprecated and will be removed.
[  357.112113][ T5230] vhci_hcd: vhci_device speed not set
[  357.150689][ T9553] syz.2.1164: attempt to access beyond end of device
[  357.150689][ T9553] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[  357.183101][ T5230] usb 11-1: new full-speed USB device number 5 using vhci_hcd
[  357.428478][ T9563] netlink: 'syz.1.1157': attribute type 1 has an invalid length.
[  357.436528][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1157'.
[  357.505632][ T9563] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  357.539302][ T9563] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  357.629310][ T9563] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  357.634428][ T9554] vhci_hcd: connection closed
[  357.642551][   T61] vhci_hcd: stop threads
[  357.661045][   T61] vhci_hcd: release socket
[  357.671827][ T9563] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  357.687543][   T61] vhci_hcd: disconnect device
[  358.004254][ T9303] 8021q: adding VLAN 0 to HW filter on device bond0
[  358.094882][ T9303] 8021q: adding VLAN 0 to HW filter on device team0
[  358.175432][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.182633][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  358.220269][ T9588] usb usb6: usbfs: process 9588 (syz.3.1175) did not claim interface 0 before use
[  358.277799][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.285016][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.546003][ T9596] syz.2.1177: attempt to access beyond end of device
[  358.546003][ T9596] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[  358.789325][ T9605] loop3: detected capacity change from 0 to 1024
[  358.901226][ T9605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.154431][ T9303] 8021q: adding VLAN 0 to HW filter on device batadv0
[  359.175349][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.453059][ T9632] usb usb6: usbfs: process 9632 (syz.0.1187) did not claim interface 0 before use
[  359.660366][ T9643] Driver unsupported XDP return value 0 on prog  (id 167) dev N/A, expect packet loss!
[  359.972272][ T9654] syz.3.1192: attempt to access beyond end of device
[  359.972272][ T9654] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[  360.060986][ T9303] veth0_vlan: entered promiscuous mode
[  360.098889][ T9303] veth1_vlan: entered promiscuous mode
[  360.219736][ T9303] veth0_macvtap: entered promiscuous mode
[  360.239384][ T5151] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  360.268013][ T9303] veth1_macvtap: entered promiscuous mode
[  360.359665][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.400627][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.438635][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.462117][ T5151] usb 1-1: Using ep0 maxpacket: 16
[  360.464912][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.477223][ T5151] usb 1-1: no configurations
[  360.477245][ T5151] usb 1-1: can't read configurations, error -22
[  360.497687][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.566141][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.586420][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.608922][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.642145][ T5151] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  360.651084][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.693785][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.718494][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.740237][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.761690][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.794584][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.852980][ T9303] batman_adv: batadv0: Interface activated: batadv_slave_0
[  360.872152][ T5151] usb 1-1: Using ep0 maxpacket: 16
[  360.913007][ T5151] usb 1-1: no configurations
[  360.930765][ T5151] usb 1-1: can't read configurations, error -22
[  360.958488][ T5151] usb usb1-port1: attempt power cycle
[  360.999444][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.008477][ T9609] loop1: detected capacity change from 0 to 32768
[  361.042146][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.074666][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.142258][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.190405][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.201813][ T9609] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  361.252652][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.279688][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.303780][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.330755][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.402294][ T5151] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  361.462994][ T9609] XFS (loop1): Ending clean mount
[  361.539796][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.602461][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.640493][ T5151] usb 1-1: Using ep0 maxpacket: 16
[  361.642563][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.646632][ T5151] usb 1-1: no configurations
[  361.660297][ T5151] usb 1-1: can't read configurations, error -22
[  361.668355][ T9303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.680363][ T9303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.699664][ T9303] batman_adv: batadv0: Interface activated: batadv_slave_1
[  361.779891][ T9705] x_tables: duplicate underflow at hook 1
[  361.832777][ T5151] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  362.015421][ T5151] usb 1-1: Using ep0 maxpacket: 16
[  362.124005][ T5151] usb 1-1: no configurations
[  362.240925][ T5151] usb 1-1: can't read configurations, error -22
[  362.286169][ T9303] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.325072][ T5151] usb usb1-port1: unable to enumerate USB device
[  362.352449][ T9303] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.361283][ T9303] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.426064][ T9303] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.503161][ T5230] vhci_hcd: vhci_device speed not set
[  362.511530][ T8798] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  362.553391][ T9709] loop3: detected capacity change from 0 to 256
[  362.588335][ T9709] exfat: Unknown parameter '��'
[  362.923392][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.956457][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.050392][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.078035][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.613559][ T9727] loop2: detected capacity change from 0 to 1024
[  363.764002][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  363.782504][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  363.822444][ T9741] usb usb6: usbfs: process 9741 (syz.0.1209) did not claim interface 0 before use
[  363.924357][ T9742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  364.003320][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  364.279336][ T9757] x_tables: duplicate underflow at hook 1
[  365.140083][ T9756] syz.0.1213: attempt to access beyond end of device
[  365.140083][ T9756] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[  365.816974][ T9787] usb usb6: usbfs: process 9787 (syz.2.1222) did not claim interface 0 before use
[  365.890177][ T9790] loop3: detected capacity change from 0 to 2048
[  365.915410][ T9790] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  365.989395][ T9790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  366.144168][ T9798] syz.1.1227: attempt to access beyond end of device
[  366.144168][ T9798] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[  367.086464][ T9828] loop2: detected capacity change from 0 to 128
[  367.172935][ T9832] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1240'.
[  367.187041][ T9831] loop4: detected capacity change from 0 to 2048
[  367.237007][ T9831] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  367.280822][ T9831] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  367.443251][ T9836] loop1: detected capacity change from 0 to 256
[  367.516274][ T9836] exfat: Unknown parameter '��'
[  369.155790][ T9875] x_tables: duplicate underflow at hook 1
[  369.737637][ T9889] loop2: detected capacity change from 0 to 512
[  369.806704][ T9889] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  369.872978][ T9893] loop4: detected capacity change from 0 to 1024
[  369.909211][ T9889] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1256: invalid indirect mapped block 83886080 (level 1)
[  369.993602][ T9889] EXT4-fs (loop2): 1 orphan inode deleted
[  370.010636][ T9893] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.023954][ T9889] EXT4-fs (loop2): 1 truncate cleaned up
[  370.031567][ T9889] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  370.079684][ T9889] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1256: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  370.117401][ T9889] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1256: directory missing '..'
[  370.369773][ T9303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.419196][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.143730][ T9926] x_tables: duplicate underflow at hook 1
[  371.615346][ T9932] loop3: detected capacity change from 0 to 512
[  371.642724][ T9932] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  371.976339][ T9941] loop3: detected capacity change from 0 to 256
[  372.076597][   T29] audit: type=1800 audit(1721225134.948:156): pid=9941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1274" name="file0" dev="loop3" ino=1048741 res=0 errno=0
[  372.256913][ T9947] loop2: detected capacity change from 0 to 512
[  372.297665][ T9947] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  372.355933][ T9950] MPI: mpi too large (187200 bits)
[  372.463959][ T9947] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1275: invalid indirect mapped block 83886080 (level 1)
[  372.549900][ T9947] EXT4-fs (loop2): 1 orphan inode deleted
[  372.559863][ T9947] EXT4-fs (loop2): 1 truncate cleaned up
[  372.617561][ T9947] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  372.639511][ T9950] loop4: detected capacity change from 0 to 1024
[  372.690982][ T9950] hfsplus: bad catalog entry used to create inode
[  372.729460][ T9950] hfsplus: failed to load root directory
[  372.814134][ T9947] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1275: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  372.852479][ T9947] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1275: directory missing '..'
[  372.937181][ T5153] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  372.985421][    C0] eth0: bad gso: type: 1, size: 1408
[  373.163610][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.259923][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  373.281841][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  373.330675][ T9967] loop2: detected capacity change from 0 to 512
[  373.348219][ T5153] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  373.382943][ T9967] EXT4-fs: Ignoring removed mblk_io_submit option
[  373.391047][ T5153] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  373.409936][ T9967] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  373.419607][ T5153] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.457878][ T9967] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  373.480030][ T9967] System zones: 1-12
[  373.494016][ T5153] usb 2-1: config 0 descriptor??
[  373.516668][ T9967] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1284: corrupted in-inode xattr: e_value size too large
[  373.536781][ T9972] loop3: detected capacity change from 0 to 1024
[  373.576757][ T9967] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1284: couldn't read orphan inode 15 (err -117)
[  373.615126][ T9967] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  373.637281][ T9972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.051773][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.127798][ T9988] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  374.146376][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.172895][ T5153] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  374.191747][ T5153] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  374.213519][ T5153] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  374.224455][ T9988] overlayfs: conflicting lowerdir path
[  374.604347][ T9998] loop2: detected capacity change from 0 to 1024
[  374.676422][ T9998] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  374.694094][T10002] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1294'.
[  375.062529][   T29] audit: type=1800 audit(1721225137.918:157): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1291" name="bus" dev="loop2" ino=864 res=0 errno=0
[  375.145983][   T29] audit: type=1804 audit(1721225137.978:158): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1291" name="/newroot/79/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=864 res=1 errno=0
[  375.826131][T10021] loop2: detected capacity change from 0 to 512
[  375.848117][T10021] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent
[  376.002240][   T51] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  376.253435][   T51] usb 5-1: Using ep0 maxpacket: 32
[  376.274911][   T51] usb 5-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config
[  376.300423][   T51] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  376.538339][   T51] usb 5-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab
[  376.552506][ T5126] usb 2-1: USB disconnect, device number 7
[  376.567840][T10032] loop2: detected capacity change from 0 to 1024
[  376.567978][   T51] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.620898][   T51] usb 5-1: Product: syz
[  376.627105][   T51] usb 5-1: Manufacturer: syz
[  376.649323][   T51] usb 5-1: SerialNumber: syz
[  376.897293][   T51] usb 5-1: config 0 descriptor??
[  377.163930][T10032] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.428508][    C0] eth0: bad gso: type: 1, size: 1408
[  377.548604][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.977091][T10047] loop2: detected capacity change from 0 to 256
[  378.115521][   T29] audit: type=1800 audit(1721225140.998:159): pid=10047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1307" name="file0" dev="loop2" ino=1048755 res=0 errno=0
[  378.223275][T10050] loop1: detected capacity change from 0 to 1024
[  378.435148][T10050] hfsplus: request for non-existent node 3 in B*Tree
[  378.454469][T10050] hfsplus: request for non-existent node 3 in B*Tree
[  378.634724][   T51] usb 5-1: USB disconnect, device number 4
[  378.801673][T10067] loop4: detected capacity change from 0 to 512
[  378.868089][T10067] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent
[  378.988373][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  379.002424][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  379.849042][T10089] MPI: mpi too large (187200 bits)
[  380.027116][T10089] loop1: detected capacity change from 0 to 1024
[  380.144061][T10089] hfsplus: bad catalog entry used to create inode
[  380.206405][T10089] hfsplus: failed to load root directory
[  380.223098][    C0] eth0: bad gso: type: 1, size: 1408
[  380.263054][ T5106] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10
[  380.627140][T10111] loop3: detected capacity change from 0 to 512
[  380.722231][ T1628] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  380.748390][T10111] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  380.923278][ T1628] usb 3-1: Using ep0 maxpacket: 32
[  380.957167][ T1628] usb 3-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config
[  380.984185][T10118] loop1: detected capacity change from 0 to 1024
[  381.009886][ T1628] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  381.041025][ T1628] usb 3-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab
[  381.088235][ T1628] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.116753][ T1628] usb 3-1: Product: syz
[  381.137823][ T1628] usb 3-1: Manufacturer: syz
[  381.153032][ T1628] usb 3-1: SerialNumber: syz
[  381.174747][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'.
[  381.186263][ T1628] usb 3-1: config 0 descriptor??
[  381.208096][T10124] netlink: 'syz.3.1331': attribute type 23 has an invalid length.
[  381.232408][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'.
[  381.241858][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'.
[  381.276460][T10124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1331'.
[  381.502521][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'.
[  381.892130][ T5126] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  381.936335][T10135] loop6: detected capacity change from 0 to 16384
[  382.104279][ T5126] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  382.130245][T10135] I/O error, dev loop6, sector 2048 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  382.182147][ T5126] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.188615][T10143] loop1: detected capacity change from 0 to 1024
[  382.200221][T10135] I/O error, dev loop6, sector 2304 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  382.219082][ T5126] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  382.254865][ T5126] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  382.294161][T10135] I/O error, dev loop6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  382.301468][ T5126] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.349400][ T5126] usb 1-1: config 0 descriptor??
[  382.352476][ T5106] Bluetooth: hci0: command tx timeout
[  382.368309][ T5126] usb-storage 1-1:0.0: USB Mass Storage device detected
[  382.444585][T10143] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  382.471329][ T5126] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  382.479486][T10135] Buffer I/O error on dev loop6, logical block 256, async page read
[  382.643861][ T5126] usb 1-1: USB disconnect, device number 14
[  382.892676][   T29] audit: type=1800 audit(1721225145.768:160): pid=10143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1337" name="bus" dev="loop1" ino=864 res=0 errno=0
[  382.980236][  T927] usb 3-1: USB disconnect, device number 13
[  382.989527][   T29] audit: type=1804 audit(1721225145.828:161): pid=10143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1337" name="/newroot/40/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop1" ino=864 res=1 errno=0
[  383.237951][    C0] eth0: bad gso: type: 1, size: 1408
[  383.544007][T10164] netlink: 'syz.1.1344': attribute type 23 has an invalid length.
[  383.612302][T10164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1344'.
[  383.633115][T10167] loop2: detected capacity change from 0 to 512
[  383.671253][T10167] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent
[  384.212809][T10178] vxcan0: tx drop: invalid da for name 0x0000000000000004
[  384.344735][T10182] loop2: detected capacity change from 0 to 1024
[  384.455797][T10182] hfsplus: request for non-existent node 3 in B*Tree
[  384.477992][T10182] hfsplus: request for non-existent node 3 in B*Tree
[  384.732249][T10159] loop3: detected capacity change from 0 to 32768
[  384.902680][  T927] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  385.001406][T10159] find_entry called with index >= next_index
[  385.051755][T10159] find_entry called with index >= next_index
[  385.062496][ T5126] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  385.072283][T10159] find_entry called with index >= next_index
[  385.102178][  T927] usb 1-1: Using ep0 maxpacket: 16
[  385.121037][  T927] usb 1-1: no configurations
[  385.132155][  T927] usb 1-1: can't read configurations, error -22
[  385.322129][  T927] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  385.322164][ T5126] usb 2-1: Using ep0 maxpacket: 32
[  385.383185][ T5126] usb 2-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config
[  385.420590][ T5126] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  385.430641][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805aec1000: rx timeout, send abort
[  385.441905][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805aec1000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  385.520241][T10194] loop2: detected capacity change from 0 to 1024
[  385.554616][ T5126] usb 2-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab
[  385.576774][  T927] usb 1-1: Using ep0 maxpacket: 16
[  385.593991][ T5126] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.602501][  T927] usb 1-1: no configurations
[  385.608637][T10194] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  385.612625][  T927] usb 1-1: can't read configurations, error -22
[  385.625637][ T5126] usb 2-1: Product: syz
[  385.644685][ T5126] usb 2-1: Manufacturer: syz
[  385.657758][ T5126] usb 2-1: SerialNumber: syz
[  385.667116][ T5126] usb 2-1: config 0 descriptor??
[  385.686333][  T927] usb usb1-port1: attempt power cycle
[  385.822110][   T29] audit: type=1800 audit(1721225148.688:162): pid=10194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1355" name="bus" dev="loop2" ino=864 res=0 errno=0
[  385.922218][   T29] audit: type=1804 audit(1721225148.768:163): pid=10194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1355" name="/newroot/93/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=864 res=1 errno=0
[  386.172222][  T927] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  386.214983][  T927] usb 1-1: Using ep0 maxpacket: 16
[  386.221955][  T927] usb 1-1: no configurations
[  386.247150][  T927] usb 1-1: can't read configurations, error -22
[  386.424985][  T927] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  386.488915][T10202] loop2: detected capacity change from 0 to 2048
[  386.503170][  T927] usb 1-1: Using ep0 maxpacket: 16
[  386.513574][  T927] usb 1-1: no configurations
[  386.518177][  T927] usb 1-1: can't read configurations, error -22
[  386.537465][T10202] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  386.558617][  T927] usb usb1-port1: unable to enumerate USB device
[  386.749508][T10209] loop3: detected capacity change from 0 to 256
[  386.801739][   T29] audit: type=1800 audit(1721225149.678:164): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1361" name="file0" dev="loop3" ino=1048756 res=0 errno=0
[  386.864411][T10211] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1362'.
[  387.260459][T10219] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  387.286182][T10221] loop2: detected capacity change from 0 to 512
[  387.356051][T10221] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  387.477191][T10221] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1363: invalid indirect mapped block 83886080 (level 1)
[  387.482568][T10230] capability: warning: `syz.3.1368' uses deprecated v2 capabilities in a way that may be insecure
[  387.531610][    T8] usb 2-1: USB disconnect, device number 8
[  387.553346][T10221] EXT4-fs (loop2): 1 orphan inode deleted
[  387.559373][T10221] EXT4-fs (loop2): 1 truncate cleaned up
[  387.567444][T10221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  387.707047][T10233] loop4: detected capacity change from 0 to 1024
[  387.752763][T10233] hfsplus: request for non-existent node 3 in B*Tree
[  387.765291][T10233] hfsplus: request for non-existent node 3 in B*Tree
[  387.780162][T10221] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1363: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  387.794758][T10236] netlink: 'syz.1.1369': attribute type 11 has an invalid length.
[  387.826599][T10221] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1363: directory missing '..'
[  387.854757][T10236] netlink: 211132 bytes leftover after parsing attributes in process `syz.1.1369'.
[  388.097042][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.518246][T10247] loop2: detected capacity change from 0 to 2048
[  388.541084][ T5106] Bluetooth: hci0: link tx timeout
[  388.548479][ T5106] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  388.590209][T10247] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  389.044274][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802e14e400: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated.
[  389.243434][T10274] loop4: detected capacity change from 0 to 1024
[  389.309335][T10274] hfsplus: request for non-existent node 3 in B*Tree
[  389.318968][T10274] hfsplus: request for non-existent node 3 in B*Tree
[  389.611369][T10285] netlink: 'syz.0.1392': attribute type 11 has an invalid length.
[  389.633229][T10285] netlink: 211132 bytes leftover after parsing attributes in process `syz.0.1392'.
[  390.074854][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880781c0c00: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated.
[  390.109469][T10296] loop2: detected capacity change from 0 to 1024
[  390.258204][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'.
[  390.291319][T10302] Bluetooth: MGMT ver 1.23
[  390.302553][T10302] Bluetooth: hci3: unsupported parameter 65535
[  390.311189][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'.
[  390.335779][T10302] Bluetooth: hci3: unsupported parameter 65535
[  390.336246][T10296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'.
[  390.412607][T10304] syz.4.1400 uses obsolete (PF_INET,SOCK_PACKET)
[  390.419587][T10305] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'.
[  390.582173][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  390.930637][ T5106] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10
[  391.653761][T10333] Bluetooth: hci3: unsupported parameter 65535
[  391.691658][T10333] Bluetooth: hci3: unsupported parameter 65535
[  392.034344][T10347] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  392.293180][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802d385c00: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated.
[  392.489154][T10365] loop2: detected capacity change from 0 to 1024
[  392.614749][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'.
[  392.639574][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'.
[  392.649857][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'.
[  392.688130][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'.
[  392.982518][ T5106] Bluetooth: hci3: command tx timeout
[  393.701834][T10392] loop4: detected capacity change from 0 to 2048
[  393.773883][T10392] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  394.040256][T10397] loop3: detected capacity change from 0 to 8192
[  394.101086][T10397] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  394.701690][T10415] loop1: detected capacity change from 0 to 1024
[  394.730017][ T5106] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10
[  394.880869][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'.
[  394.979352][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'.
[  395.016518][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'.
[  395.097493][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'.
[  395.364884][T10429] loop3: detected capacity change from 0 to 512
[  395.405368][T10429] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  395.507434][T10429] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.1448: invalid indirect mapped block 83886080 (level 1)
[  395.530793][T10429] EXT4-fs (loop3): 1 orphan inode deleted
[  395.537977][T10429] EXT4-fs (loop3): 1 truncate cleaned up
[  395.547371][T10429] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.586066][T10429] EXT4-fs error (device loop3): ext4_empty_dir:3103: inode #2: block 13: comm syz.3.1448: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  395.618889][T10429] EXT4-fs warning (device loop3): ext4_empty_dir:3105: inode #2: comm syz.3.1448: directory missing '..'
[  395.862858][T10434] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  396.034939][T10445] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.069167][ T8722] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.169641][T10445] bridge_slave_1: left allmulticast mode
[  396.199141][T10445] bridge_slave_1: left promiscuous mode
[  396.222921][T10445] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.602145][ T5126] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  396.669727][T10466] bridge_slave_0: left allmulticast mode
[  396.723840][T10466] bridge_slave_0: left promiscuous mode
[  396.742426][ T5106] Bluetooth: hci1: command 0x0406 tx timeout
[  396.767586][T10466] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.833646][ T5126] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  397.003949][ T5126] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  397.014839][ T5126] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  397.031318][ T5126] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  397.040818][ T5126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.087741][ T5126] usb 5-1: config 0 descriptor??
[  397.110390][ T5126] usb-storage 5-1:0.0: USB Mass Storage device detected
[  397.126661][T10466] bond0: (slave bond_slave_0): Releasing backup interface
[  397.160495][ T5126] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  397.273136][T10466] bond0: (slave bond_slave_1): Releasing backup interface
[  397.322185][   T51] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  397.392881][ T5126] usb 5-1: USB disconnect, device number 5
[  397.512217][   T51] usb 3-1: Using ep0 maxpacket: 32
[  397.538123][   T51] usb 3-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config
[  397.567174][   T51] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  397.628708][   T51] usb 3-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab
[  397.663897][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.689701][   T51] usb 3-1: Product: syz
[  397.706235][   T51] usb 3-1: Manufacturer: syz
[  397.716299][   T51] usb 3-1: SerialNumber: syz
[  397.746213][   T51] usb 3-1: config 0 descriptor??
[  397.754691][T10466] team0: Port device team_slave_0 removed
[  397.781868][T10462] loop3: detected capacity change from 0 to 32768
[  397.856186][T10462] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1460 (10462)
[  397.989677][T10466] team0: Port device team_slave_1 removed
[  398.004789][T10462] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  398.052794][T10462] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  398.066040][T10466] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  398.095569][T10462] BTRFS info (device loop3): using free-space-tree
[  398.152596][T10466] batman_adv: batadv0: Removing interface: batadv_slave_0
[  398.270818][T10466] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  398.319416][T10466] batman_adv: batadv0: Removing interface: batadv_slave_1
[  398.663886][T10471] 8021q: adding VLAN 0 to HW filter on device bond0
[  398.711954][T10471] team0: Port device bond0 added
[  398.714996][T10503] loop4: detected capacity change from 0 to 512
[  398.798567][T10503] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1464: bg 0: block 393: padding at end of block bitmap is not set
[  398.869487][T10503] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  398.948426][T10503] EXT4-fs (loop4): 2 truncates cleaned up
[  398.980693][T10503] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.016688][T10510] libceph: resolve '0' (ret=-3): failed
[  399.209766][ T9303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.559748][T10523] loop4: detected capacity change from 0 to 1024
[  399.681376][  T927] usb 3-1: USB disconnect, device number 14
[  399.685635][T10523] hfsplus: request for non-existent node 3 in B*Tree
[  399.695554][T10525] overlayfs: missing 'lowerdir'
[  399.716834][T10523] hfsplus: request for non-existent node 3 in B*Tree
[  399.730858][ T8722] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  399.763645][T10525] syzkaller1: entered promiscuous mode
[  399.798376][T10525] syzkaller1: entered allmulticast mode
[  400.177700][T10533] loop2: detected capacity change from 0 to 512
[  400.206090][T10533] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  400.289460][T10533] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1476: invalid indirect mapped block 83886080 (level 1)
[  400.320328][ T5126] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  400.335599][T10533] EXT4-fs (loop2): 1 orphan inode deleted
[  400.341620][T10533] EXT4-fs (loop2): 1 truncate cleaned up
[  400.353390][T10533] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  400.455817][T10533] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1476: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  400.570932][T10533] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1476: directory missing '..'
[  400.646755][ T5126] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  400.667580][T10541] libceph: resolve '0' (ret=-3): failed
[  400.733333][ T5126] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  400.782435][ T5126] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  400.798332][ T5126] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  400.808771][ T5126] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.827466][ T5126] usb 2-1: config 0 descriptor??
[  400.839292][ T5126] usb-storage 2-1:0.0: USB Mass Storage device detected
[  400.879350][ T5126] usb-storage 2-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  401.007111][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.235061][  T927] usb 2-1: USB disconnect, device number 9
[  401.379056][    C0] eth0: bad gso: type: 1, size: 1408
[  401.542188][   T54] Bluetooth: hci6: command 0x0406 tx timeout
[  401.573468][T10553] loop4: detected capacity change from 0 to 64
[  402.402900][ T5151] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  402.602626][ T5151] usb 4-1: Using ep0 maxpacket: 32
[  402.645015][ T5151] usb 4-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config
[  402.710621][ T5151] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  402.763058][ T5151] usb 4-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab
[  402.819181][ T5151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.848120][ T5151] usb 4-1: Product: syz
[  402.867053][ T5151] usb 4-1: Manufacturer: syz
[  402.900248][ T5151] usb 4-1: SerialNumber: syz
[  402.932573][ T5106] Bluetooth: hci0: SCO packet for unknown connection handle 768
[  402.939007][ T5151] usb 4-1: config 0 descriptor??
[  404.251395][T10639] loop4: detected capacity change from 0 to 64
[  404.829362][ T5153] usb 4-1: USB disconnect, device number 13
[  405.582097][ T5151] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  405.812409][ T5153] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  405.869303][ T5151] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  405.926138][ T5151] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  405.964686][ T5151] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  405.998798][ T5151] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  406.029250][ T5151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.042221][ T5153] usb 5-1: Using ep0 maxpacket: 16
[  406.064343][ T5153] usb 5-1: no configurations
[  406.068573][ T5151] usb 1-1: config 0 descriptor??
[  406.068971][ T5153] usb 5-1: can't read configurations, error -22
[  406.102471][   T51] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  406.147167][ T5151] usb-storage 1-1:0.0: USB Mass Storage device detected
[  406.202147][ T5151] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  406.262320][ T5153] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  406.346384][   T51] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  406.380072][    T8] usb 1-1: USB disconnect, device number 19
[  406.420821][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.472354][ T5153] usb 5-1: Using ep0 maxpacket: 16
[  406.490503][ T5153] usb 5-1: no configurations
[  406.498149][ T5153] usb 5-1: can't read configurations, error -22
[  406.522690][ T5153] usb usb5-port1: attempt power cycle
[  406.583573][   T51] usb 3-1: config 0 descriptor??
[  406.888255][T10685] batadv_slave_1: entered promiscuous mode
[  406.942228][ T5153] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  406.996675][ T5153] usb 5-1: Using ep0 maxpacket: 16
[  407.017079][ T5153] usb 5-1: no configurations
[  407.048871][ T5153] usb 5-1: can't read configurations, error -22
[  407.102940][T10714] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  407.235496][ T5153] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  407.330175][ T5153] usb 5-1: Using ep0 maxpacket: 16
[  407.351777][ T5153] usb 5-1: no configurations
[  407.369185][ T5153] usb 5-1: can't read configurations, error -22
[  407.398833][ T5153] usb usb5-port1: unable to enumerate USB device
[  407.480882][T10714] batadv_slave_1 (unregistering): left promiscuous mode
[  407.535498][T10714] batman_adv: batadv0: Removing interface: batadv_slave_1
[  407.664512][   T51] pegasus 3-1:0.0: probe with driver pegasus failed with error -32
[  407.782623][    T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  407.897895][ T5230] usb 3-1: USB disconnect, device number 15
[  407.992741][    T8] usb 4-1: Using ep0 maxpacket: 32
[  408.024235][    T8] usb 4-1: config 0 has an invalid descriptor of length 86, skipping remainder of the config
[  408.051762][    T8] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  408.089590][    T8] usb 4-1: New USB device found, idVendor=0e8d, idProduct=0023, bcdDevice=3a.ab
[  408.101680][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.113136][    T8] usb 4-1: Product: syz
[  408.135249][    T8] usb 4-1: Manufacturer: syz
[  408.139872][    T8] usb 4-1: SerialNumber: syz
[  408.186656][    T8] usb 4-1: config 0 descriptor??
[  408.469395][T10728] bridge_slave_0: left allmulticast mode
[  408.511575][T10728] bridge_slave_0: left promiscuous mode
[  408.526761][T10728] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.589603][T10728] bridge_slave_1: left allmulticast mode
[  408.609032][T10728] bridge_slave_1: left promiscuous mode
[  408.660247][T10728] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.733351][T10728] bond0: (slave bond_slave_0): Releasing backup interface
[  408.886722][T10728] bond0: (slave bond_slave_1): Releasing backup interface
[  409.056038][T10741] loop2: detected capacity change from 0 to 512
[  409.109137][T10741] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1522: bg 0: block 393: padding at end of block bitmap is not set
[  409.124536][T10728] team0: Port device team_slave_0 removed
[  409.158705][T10741] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  409.205322][T10728] team0: Port device team_slave_1 removed
[  409.219481][T10728] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  409.219631][T10741] EXT4-fs (loop2): 2 truncates cleaned up
[  409.227364][T10728] batman_adv: batadv0: Removing interface: batadv_slave_0
[  409.243467][T10728] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  409.250920][T10728] batman_adv: batadv0: Removing interface: batadv_slave_1
[  409.339544][T10741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.356871][T10732] 8021q: adding VLAN 0 to HW filter on device bond0
[  409.417991][T10732] team0: Port device bond0 added
[  409.678209][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.768585][   T51] usb 4-1: USB disconnect, device number 14
[  409.987704][T10762] ptrace attach of "./syz-executor exec"[8798] was attempted by "./syz-executor exec"[10762]
[  410.133741][T10765] loop2: detected capacity change from 0 to 1024
[  410.144246][T10762] loop1: detected capacity change from 0 to 512
[  410.191931][T10762] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  410.256569][T10765] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  410.294798][T10765] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  410.316374][T10762] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.1527: iget: bad i_size value: -67835469387268086
[  410.394886][T10770] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  410.406396][T10762] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1527: couldn't read orphan inode 15 (err -117)
[  410.473853][T10762] EXT4-fs (loop1): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  410.551792][T10762] ext2 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  410.640708][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.750772][T10755] EXT4-fs error (device loop1): ext4_add_entry:2435: inode #2: comm syz.1.1527: Directory hole found for htree leaf block 0
[  410.854239][   T29] audit: type=1326 audit(1721225173.738:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  410.873754][T10753] loop4: detected capacity change from 0 to 32768
[  410.941927][T10753] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1526 (10753)
[  410.951669][   T29] audit: type=1326 audit(1721225173.768:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  410.977456][   T29] audit: type=1326 audit(1721225173.768:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.003634][   T29] audit: type=1326 audit(1721225173.778:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.056486][   T29] audit: type=1326 audit(1721225173.778:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.086627][T10753] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  411.157075][   T29] audit: type=1326 audit(1721225173.778:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.192448][T10753] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  411.212674][T10783] loop3: detected capacity change from 0 to 512
[  411.258924][   T29] audit: type=1326 audit(1721225173.778:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.293663][T10753] BTRFS info (device loop4): using free-space-tree
[  411.318646][T10788] loop2: detected capacity change from 0 to 64
[  411.354202][   T29] audit: type=1326 audit(1721225173.778:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.461844][   T29] audit: type=1326 audit(1721225173.808:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.570435][T10783] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1534: bad orphan inode 15
[  411.607653][   T29] audit: type=1326 audit(1721225173.818:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10752 comm="syz.1.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb718775a99 code=0x7ffc0000
[  411.632838][T10783] ext4_test_bit(bit=14, block=5) = 0
[  411.651434][ T8798] EXT4-fs (loop1): unmounting filesystem f7ff0000-0000-0000-0000-000000000000.
[  411.971807][T10809] pim6reg0: tun_chr_ioctl cmd 1074025677
[  411.979536][T10809] pim6reg0: linktype set to 778
[  412.218023][T10783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  412.361934][T10783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.581968][ T9303] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  412.828166][T10814] overlayfs: missing 'lowerdir'
[  412.841525][T10818] loop2: detected capacity change from 0 to 1024
[  412.978250][T10818] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  413.076864][T10814] syzkaller1: entered promiscuous mode
[  413.109884][T10818] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  413.132551][T10814] syzkaller1: entered allmulticast mode
[  413.545419][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.395747][T10844] loop2: detected capacity change from 0 to 512
[  414.533839][T10844] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  414.790638][T10844] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.1552: invalid indirect mapped block 83886080 (level 1)
[  414.826503][T10856] pim6reg0: tun_chr_ioctl cmd 1074025677
[  414.833394][T10856] pim6reg0: linktype set to 778
[  414.921054][T10844] EXT4-fs (loop2): 1 orphan inode deleted
[  414.927075][T10844] EXT4-fs (loop2): 1 truncate cleaned up
[  414.987263][T10844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  414.996276][T10855] loop6: detected capacity change from 0 to 16384
[  415.282484][T10844] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #2: block 13: comm syz.2.1552: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  415.322664][T10844] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #2: comm syz.2.1552: directory missing '..'
[  415.420356][T10855] I/O error, dev loop6, sector 4608 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0
[  415.504188][T10855] I/O error, dev loop6, sector 4864 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  415.590758][T10855] I/O error, dev loop6, sector 4608 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  415.698367][T10855] Buffer I/O error on dev loop6, logical block 576, async page read
[  415.859017][ T8456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  416.072533][T10866] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  416.076159][T10870] overlayfs: failed to resolve './file0': -2
[  416.636553][T10879] ptrace attach of "./syz-executor exec"[5408] was attempted by "./syz-executor exec"[10879]
[  416.805153][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  416.805170][   T29] audit: type=1326 audit(1721225179.688:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  416.873958][   T29] audit: type=1326 audit(1721225179.718:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  416.957644][   T29] audit: type=1326 audit(1721225179.718:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.022414][   T29] audit: type=1326 audit(1721225179.718:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.121921][   T29] audit: type=1326 audit(1721225179.718:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.214866][   T29] audit: type=1326 audit(1721225179.718:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.314659][   T29] audit: type=1326 audit(1721225179.718:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.460436][   T29] audit: type=1326 audit(1721225179.718:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.526020][T10902] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  417.597344][   T29] audit: type=1326 audit(1721225179.718:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.685525][   T29] audit: type=1326 audit(1721225179.718:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0555975a99 code=0x7ffc0000
[  417.952824][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  417.965797][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  417.986610][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  418.006614][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  418.023731][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  418.043815][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  418.530402][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.764885][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.776603][T10907] loop2: detected capacity change from 0 to 32768
[  418.812490][T10907] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1574 (10907)
[  418.891650][T10907] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  418.912600][T10907] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  418.940705][T10907] BTRFS info (device loop2): using free-space-tree
[  419.089287][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.138638][T10928] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1579'.
[  419.201735][T10928] openvswitch: netlink: Missing key (keys=40, expected=80)
[  419.425700][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.512103][ T1628] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  419.584726][T10907] BTRFS info (device loop2 state M): max_inline set to 0
[  419.713340][ T1628] usb 5-1: Using ep0 maxpacket: 8
[  419.720457][ T1628] usb 5-1: config 0 has an invalid interface number: 176 but max is 2
[  419.728909][ T1628] usb 5-1: config 0 has an invalid interface number: 49 but max is 2
[  419.740253][ T1628] usb 5-1: config 0 has no interface number 1
[  419.746829][ T1628] usb 5-1: config 0 has no interface number 2
[  419.753166][ T1628] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  419.755341][ T8456] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  419.762399][ T1628] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.771909][ T1628] usb 5-1: config 0 descriptor??
[  419.797490][ T1628] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22
[  419.996469][T10909] chnl_net:caif_netlink_parms(): no params data found
[  420.019663][ T1628] qcserial 5-1:0.49: Qualcomm USB modem converter detected
[  420.104837][ T5106] Bluetooth: hci3: command tx timeout
[  420.224447][   T12] bridge_slave_1: left allmulticast mode
[  420.230166][   T12] bridge_slave_1: left promiscuous mode
[  420.292568][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.329869][   T12] bridge_slave_0: left allmulticast mode
[  420.373181][   T12] bridge_slave_0: left promiscuous mode
[  420.389325][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.539495][T10956] input: syz1 as /devices/virtual/input/input12
[  422.185601][ T5106] Bluetooth: hci3: command tx timeout
[  422.412642][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  422.440826][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  422.486690][   T12] bond0 (unregistering): Released all slaves
[  422.951382][ T5230] usb 5-1: USB disconnect, device number 10
[  422.983027][ T5230] qcserial 5-1:0.49: device disconnected
[  422.994908][T10909] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.008014][T10909] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.032492][T10909] bridge_slave_0: entered allmulticast mode
[  423.063888][T10909] bridge_slave_0: entered promiscuous mode
[  423.107949][T10989] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1589'.
[  423.186320][T10909] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.229286][T10909] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.268337][T10909] bridge_slave_1: entered allmulticast mode
[  423.290462][T10909] bridge_slave_1: entered promiscuous mode
[  423.506077][T10909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  423.677670][T10909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  424.048930][T11017] input: syz1 as /devices/virtual/input/input13
[  424.262647][ T5106] Bluetooth: hci3: command tx timeout
[  424.416661][T10909] team0: Port device team_slave_0 added
[  424.460199][T10909] team0: Port device team_slave_1 added
[  424.712299][   T12] hsr_slave_0: left promiscuous mode
[  424.807028][   T12] hsr_slave_1: left promiscuous mode
[  424.869254][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  424.922179][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  425.453556][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  425.654672][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  425.817680][   T12] veth1_macvtap: left promiscuous mode
[  425.845570][T11035] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  425.862137][   T12] veth0_macvtap: left promiscuous mode
[  425.892292][   T12] veth1_vlan: left promiscuous mode
[  425.897660][   T12] veth0_vlan: left promiscuous mode
[  426.352600][ T5106] Bluetooth: hci3: command tx timeout
[  427.225691][ T5106] Bluetooth: hci6: unexpected event for opcode 0x2039
[  427.359676][   T12] team0 (unregistering): Port device team_slave_1 removed
[  427.457103][   T12] team0 (unregistering): Port device team_slave_0 removed
[  428.427904][T10909] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.443392][T10909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.512653][T10909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  428.534717][T10909] batman_adv: batadv0: Adding interface: batadv_slave_1
[  428.543323][T10909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.569737][T10909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  428.840459][T10909] hsr_slave_0: entered promiscuous mode
[  428.898449][T10909] hsr_slave_1: entered promiscuous mode
[  428.938010][T10909] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  428.982777][T10909] Cannot create hsr debugfs directory
[  429.241737][T11064] loop4: detected capacity change from 0 to 1024
[  429.316183][T11064] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  430.228143][T11064] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 40 with max blocks 4 with error 28
[  430.250647][T11064] EXT4-fs (loop4): This should not happen!! Data will be lost
[  430.250647][T11064] 
[  430.261082][T11064] EXT4-fs (loop4): Total free blocks count 0
[  430.384040][T11064] EXT4-fs (loop4): Free/Dirty block details
[  430.390178][T11064] EXT4-fs (loop4): free_blocks=0
[  430.436347][T11064] EXT4-fs (loop4): dirty_blocks=0
[  430.446947][T11064] EXT4-fs (loop4): Block reservation details
[  430.472139][T11064] EXT4-fs (loop4): i_reserved_data_blocks=0
[  431.305153][   T54] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[  431.314686][   T54] Bluetooth: hci6: Injecting HCI hardware error event
[  431.326185][   T54] Bluetooth: hci6: hardware error 0x00
[  431.380653][T11091] netlink: 'syz.2.1615': attribute type 1 has an invalid length.
[  431.389979][T11091] netlink: 9372 bytes leftover after parsing attributes in process `syz.2.1615'.
[  431.399664][T11091] netlink: 'syz.2.1615': attribute type 1 has an invalid length.
[  431.493074][ T9303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.552720][T11088] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  431.567459][T11088] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  431.581486][T11088] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  431.594568][T11088] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  431.605482][T11088] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  431.619367][T11088] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  431.763523][   T12] bridge_slave_1: left allmulticast mode
[  431.769279][   T12] bridge_slave_1: left promiscuous mode
[  431.776030][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.829631][   T12] bridge_slave_0: left allmulticast mode
[  431.852227][   T12] bridge_slave_0: left promiscuous mode
[  431.858039][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.268781][T11088] Bluetooth: hci5: command 0x0406 tx timeout
[  433.314400][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  433.332357][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  433.376445][   T12] bond0 (unregistering): Released all slaves
[  433.469361][   T54] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  433.702254][   T54] Bluetooth: hci4: command tx timeout
[  435.630572][   T12] hsr_slave_0: left promiscuous mode
[  435.672995][   T12] hsr_slave_1: left promiscuous mode
[  435.683421][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.683795][T11120] ==================================================================
[  435.698883][T11120] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0
[  435.706829][T11120] Read of size 8 at addr ffff88802cead020 by task syz.2.1622/11120
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  435.706843][T11120] 
[  435.706860][T11120] CPU: 0 UID: 0 PID: 11120 Comm: syz.2.1622 Not tainted 6.10.0-next-20240717-syzkaller #0
[  435.706875][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  435.706883][T11120] Call Trace:
[  435.706889][T11120]  <TASK>
[  435.706893][T11120]  dump_stack_lvl+0x241/0x360
[  435.706914][T11120]  ? __pfx_dump_stack_lvl+0x10/0x10
[  435.706930][T11120]  ? __pfx__printk+0x10/0x10
[  435.706945][T11120]  ? _printk+0xd5/0x120
[  435.706958][T11120]  ? __virt_addr_valid+0x183/0x530
[  435.706969][T11120]  ? __virt_addr_valid+0x183/0x530
[  435.706980][T11120]  print_report+0x169/0x550
[  435.706992][T11120]  ? __virt_addr_valid+0x183/0x530
[  435.707002][T11120]  ? __virt_addr_valid+0x183/0x530
[  435.707012][T11120]  ? __virt_addr_valid+0x45f/0x530
[  435.707022][T11120]  ? __phys_addr+0xba/0x170
[  435.707032][T11120]  ? handle_mm_fault+0x14f0/0x19a0
[  435.707044][T11120]  kasan_report+0x143/0x180
[  435.707056][T11120]  ? handle_mm_fault+0x14f0/0x19a0
[  435.707068][T11120]  handle_mm_fault+0x14f0/0x19a0
[  435.707085][T11120]  ? __pfx_handle_mm_fault+0x10/0x10
[  435.707100][T11120]  ? __pfx___up_read+0x10/0x10
[  435.707153][T11120]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  435.707164][T11120]  exc_page_fault+0x2b9/0x8c0
[  435.707180][T11120]  asm_exc_page_fault+0x26/0x30
[  435.707197][T11120] RIP: 0010:fault_in_readable+0x165/0x2b0
[  435.707211][T11120] Code: b4 ff 4c 8d b3 ff 0f 00 00 48 89 d8 4d 01 e6 49 81 e6 00 f0 ff ff 49 39 c6 72 6b e8 65 a9 b4 ff 4c 39 f3 74 6e 4c 89 64 24 10 <44> 8a 23 43 0f b6 04 2f 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10
[  435.707220][T11120] RSP: 0018:ffffc9000359fa20 EFLAGS: 00050287
[  435.707232][T11120] RAX: ffffffff81df2f77 RBX: 0000000020012000 RCX: 0000000000040000
[  435.707240][T11120] RDX: ffffc90017801000 RSI: 000000000000732a RDI: 000000000000732b
[  435.707248][T11120] RBP: ffffc9000359fad8 R08: ffffffff81df2ee8 R09: ffffffff84ae6b09
[  435.707256][T11120] R10: 0000000000000002 R11: ffff88802a1d0000 R12: 000000000020002d
[  435.707264][T11120] R13: dffffc0000000000 R14: 0000000020201000 R15: 1ffff920006b3f4c
[  435.707274][T11120]  ? fault_in_iov_iter_readable+0x49/0x280
[  435.707287][T11120]  ? fault_in_readable+0xf8/0x2b0
[  435.707297][T11120]  ? fault_in_readable+0x187/0x2b0
[  435.707311][T11120]  ? __pfx_fault_in_readable+0x10/0x10
[  435.707323][T11120]  ? inode_to_bdi+0x69/0xf0
[  435.707335][T11120]  fault_in_iov_iter_readable+0x229/0x280
[  435.707348][T11120]  generic_perform_write+0x29f/0x840
[  435.707365][T11120]  ? __pfx_generic_perform_write+0x10/0x10
[  435.707378][T11120]  ? mnt_put_write_access_file+0xc2/0x100
[  435.707393][T11120]  ? file_update_time+0x3b8/0x430
[  435.707408][T11120]  shmem_file_write_iter+0xfc/0x120
[  435.707422][T11120]  vfs_write+0xa72/0xc90
[  435.707439][T11120]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  435.707453][T11120]  ? __pfx_vfs_write+0x10/0x10
[  435.707466][T11120]  ? do_futex+0x33b/0x560
[  435.707486][T11120]  ksys_write+0x1a0/0x2c0
[  435.707502][T11120]  ? __pfx_ksys_write+0x10/0x10
[  435.707517][T11120]  ? do_syscall_64+0x100/0x230
[  435.707532][T11120]  ? do_syscall_64+0xb6/0x230
[  435.707547][T11120]  do_syscall_64+0xf3/0x230
[  435.707561][T11120]  ? clear_bhb_loop+0x35/0x90
[  435.707574][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.707587][T11120] RIP: 0033:0x7fd22e575a99
[  435.707601][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  435.707610][T11120] RSP: 002b:00007fd22f353048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  435.707622][T11120] RAX: ffffffffffffffda RBX: 00007fd22e704110 RCX: 00007fd22e575a99
[  435.707630][T11120] RDX: 000000000208e24b RSI: 0000000020000240 RDI: 0000000000000005
[  435.707637][T11120] RBP: 00007fd22e5e4e5d R08: 0000000000000000 R09: 0000000000000000
[  435.707645][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  435.707652][T11120] R13: 000000000000006e R14: 00007fd22e704110 R15: 00007ffdf32c8a58
[  435.707664][T11120]  </TASK>
[  435.707668][T11120] 
[  435.707671][T11120] Allocated by task 8456:
[  435.707676][T11120]  kasan_save_track+0x3f/0x80
[  435.707686][T11120]  __kasan_slab_alloc+0x66/0x80
[  435.707695][T11120]  kmem_cache_alloc_noprof+0x135/0x2a0
[  435.707708][T11120]  vm_area_dup+0x27/0x290
[  435.707719][T11120]  copy_mm+0xc7b/0x1f30
[  435.707731][T11120]  copy_process+0x186b/0x3d90
[  435.707743][T11120]  kernel_clone+0x226/0x8f0
[  435.707756][T11120]  __x64_sys_clone+0x258/0x2a0
[  435.707770][T11120]  do_syscall_64+0xf3/0x230
[  435.707783][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.707794][T11120] 
[  435.707797][T11120] Freed by task 5845:
[  435.707802][T11120]  kasan_save_track+0x3f/0x80
[  435.707810][T11120]  kasan_save_free_info+0x40/0x50
[  435.707823][T11120]  poison_slab_object+0xe0/0x150
[  435.707832][T11120]  __kasan_slab_free+0x37/0x60
[  435.707841][T11120]  kmem_cache_free+0x145/0x350
[  435.707853][T11120]  rcu_core+0xafd/0x1830
[  435.707866][T11120]  handle_softirqs+0x2c4/0x970
[  435.707879][T11120]  __irq_exit_rcu+0xf4/0x1c0
[  435.707890][T11120]  irq_exit_rcu+0x9/0x30
[  435.707902][T11120]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  435.707914][T11120]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  435.707929][T11120] 
[  435.707932][T11120] Last potentially related work creation:
[  435.707936][T11120]  kasan_save_stack+0x3f/0x60
[  435.707945][T11120]  __kasan_record_aux_stack+0xac/0xc0
[  435.707957][T11120]  call_rcu+0x167/0xa70
[  435.707966][T11120]  do_vmi_align_munmap+0x155c/0x18c0
[  435.707977][T11120]  do_vmi_munmap+0x261/0x2f0
[  435.707987][T11120]  mmap_region+0x72f/0x2090
[  435.707996][T11120]  do_mmap+0x8f9/0x1010
[  435.708005][T11120]  vm_mmap_pgoff+0x1dd/0x3d0
[  435.708014][T11120]  ksys_mmap_pgoff+0x4f1/0x720
[  435.708023][T11120]  do_syscall_64+0xf3/0x230
[  435.708036][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.708047][T11120] 
[  435.708050][T11120] The buggy address belongs to the object at ffff88802cead000
[  435.708050][T11120]  which belongs to the cache vm_area_struct of size 184
[  435.708060][T11120] The buggy address is located 32 bytes inside of
[  435.708060][T11120]  freed 184-byte region [ffff88802cead000, ffff88802cead0b8)
[  435.708071][T11120] 
[  435.708074][T11120] The buggy address belongs to the physical page:
[  435.708082][T11120] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cead
[  435.708093][T11120] memcg:ffff88802474e801
[  435.708098][T11120] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  435.708114][T11120] page_type: 0xfdffffff(slab)
[  435.708128][T11120] raw: 00fff00000000000 ffff888015eefb40 ffffea00015ea2c0 dead00000000000d
[  435.708138][T11120] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88802474e801
[  435.708144][T11120] page dumped because: kasan: bad access detected
[  435.708154][T11120] page_owner tracks the page as allocated
[  435.708159][T11120] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9303, tgid 9303 (syz-executor), ts 403880266521, free_ts 403806683153
[  435.708177][T11120]  post_alloc_hook+0x1f3/0x230
[  435.708192][T11120]  get_page_from_freelist+0x2ccb/0x2d80
[  435.708202][T11120]  __alloc_pages_noprof+0x256/0x6c0
[  435.708212][T11120]  alloc_slab_page+0x5f/0x120
[  435.708221][T11120]  allocate_slab+0x5a/0x2f0
[  435.708229][T11120]  ___slab_alloc+0xcd1/0x14b0
[  435.708241][T11120]  __slab_alloc+0x58/0xa0
[  435.708253][T11120]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  435.708265][T11120]  vm_area_dup+0x27/0x290
[  435.708275][T11120]  copy_mm+0xc7b/0x1f30
[  435.708287][T11120]  copy_process+0x186b/0x3d90
[  435.708299][T11120]  kernel_clone+0x226/0x8f0
[  435.708311][T11120]  __x64_sys_clone+0x258/0x2a0
[  435.708325][T11120]  do_syscall_64+0xf3/0x230
[  435.708337][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.708348][T11120] page last free pid 10603 tgid 10603 stack trace:
[  435.708355][T11120]  free_unref_folios+0x103a/0x1b00
[  435.708364][T11120]  folios_put_refs+0x76e/0x860
[  435.708375][T11120]  free_pages_and_swap_cache+0x2ea/0x690
[  435.708389][T11120]  tlb_flush_mmu+0x3a3/0x680
[  435.708401][T11120]  tlb_finish_mmu+0xd4/0x200
[  435.708414][T11120]  exit_mmap+0x44f/0xc80
[  435.708424][T11120]  __mmput+0x115/0x390
[  435.708435][T11120]  exit_mm+0x220/0x310
[  435.708443][T11120]  do_exit+0x9b2/0x27f0
[  435.708451][T11120]  do_group_exit+0x207/0x2c0
[  435.708460][T11120]  __x64_sys_exit_group+0x3f/0x40
[  435.708470][T11120]  x64_sys_call+0x26c3/0x26d0
[  435.708483][T11120]  do_syscall_64+0xf3/0x230
[  435.708496][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.708507][T11120] 
[  435.708509][T11120] Memory state around the buggy address:
[  435.708515][T11120]  ffff88802ceacf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  435.708523][T11120]  ffff88802ceacf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  435.708530][T11120] >ffff88802cead000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.708536][T11120]                                ^
[  435.708541][T11120]  ffff88802cead080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc 00
[  435.708549][T11120]  ffff88802cead100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  435.708554][T11120] ==================================================================
[  435.708568][    C0] vkms_vblank_simulate: vblank timer overrun
[  435.719960][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  435.721000][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  435.721031][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  435.803052][   T54] Bluetooth: hci4: command tx timeout
[  435.836978][   T12] veth1_macvtap: left promiscuous mode
[  436.702387][T11120] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  436.709713][T11120] CPU: 1 UID: 0 PID: 11120 Comm: syz.2.1622 Not tainted 6.10.0-next-20240717-syzkaller #0
[  436.719800][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  436.729878][T11120] Call Trace:
[  436.733184][T11120]  <TASK>
[  436.736128][T11120]  dump_stack_lvl+0x241/0x360
[  436.740835][T11120]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.746120][T11120]  ? __pfx__printk+0x10/0x10
[  436.750742][T11120]  ? preempt_schedule+0xe1/0xf0
[  436.755702][T11120]  ? vscnprintf+0x5d/0x90
[  436.760044][T11120]  panic+0x349/0x870
[  436.763938][T11120]  ? check_panic_on_warn+0x21/0xb0
[  436.769040][T11120]  ? __pfx_panic+0x10/0x10
[  436.773465][T11120]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  436.779477][T11120]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  436.785829][T11120]  ? print_report+0x502/0x550
[  436.790544][T11120]  check_panic_on_warn+0x86/0xb0
[  436.795496][T11120]  ? handle_mm_fault+0x14f0/0x19a0
[  436.800621][T11120]  end_report+0x77/0x160
[  436.804882][T11120]  kasan_report+0x154/0x180
[  436.809415][T11120]  ? handle_mm_fault+0x14f0/0x19a0
[  436.814554][T11120]  handle_mm_fault+0x14f0/0x19a0
[  436.819543][T11120]  ? __pfx_handle_mm_fault+0x10/0x10
[  436.824860][T11120]  ? __pfx___up_read+0x10/0x10
[  436.829643][T11120]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  436.834946][T11120]  exc_page_fault+0x2b9/0x8c0
[  436.839664][T11120]  asm_exc_page_fault+0x26/0x30
[  436.844542][T11120] RIP: 0010:fault_in_readable+0x165/0x2b0
[  436.850373][T11120] Code: b4 ff 4c 8d b3 ff 0f 00 00 48 89 d8 4d 01 e6 49 81 e6 00 f0 ff ff 49 39 c6 72 6b e8 65 a9 b4 ff 4c 39 f3 74 6e 4c 89 64 24 10 <44> 8a 23 43 0f b6 04 2f 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10
[  436.870127][T11120] RSP: 0018:ffffc9000359fa20 EFLAGS: 00050287
[  436.876223][T11120] RAX: ffffffff81df2f77 RBX: 0000000020012000 RCX: 0000000000040000
[  436.884229][T11120] RDX: ffffc90017801000 RSI: 000000000000732a RDI: 000000000000732b
[  436.892219][T11120] RBP: ffffc9000359fad8 R08: ffffffff81df2ee8 R09: ffffffff84ae6b09
[  436.900203][T11120] R10: 0000000000000002 R11: ffff88802a1d0000 R12: 000000000020002d
[  436.908188][T11120] R13: dffffc0000000000 R14: 0000000020201000 R15: 1ffff920006b3f4c
[  436.916172][T11120]  ? fault_in_iov_iter_readable+0x49/0x280
[  436.921980][T11120]  ? fault_in_readable+0xf8/0x2b0
[  436.927004][T11120]  ? fault_in_readable+0x187/0x2b0
[  436.932134][T11120]  ? __pfx_fault_in_readable+0x10/0x10
[  436.937586][T11120]  ? inode_to_bdi+0x69/0xf0
[  436.942087][T11120]  fault_in_iov_iter_readable+0x229/0x280
[  436.947804][T11120]  generic_perform_write+0x29f/0x840
[  436.953085][T11120]  ? __pfx_generic_perform_write+0x10/0x10
[  436.958882][T11120]  ? mnt_put_write_access_file+0xc2/0x100
[  436.964595][T11120]  ? file_update_time+0x3b8/0x430
[  436.969614][T11120]  shmem_file_write_iter+0xfc/0x120
[  436.974807][T11120]  vfs_write+0xa72/0xc90
[  436.979140][T11120]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  436.984944][T11120]  ? __pfx_vfs_write+0x10/0x10
[  436.989732][T11120]  ? do_futex+0x33b/0x560
[  436.994063][T11120]  ksys_write+0x1a0/0x2c0
[  436.998394][T11120]  ? __pfx_ksys_write+0x10/0x10
[  437.003238][T11120]  ? do_syscall_64+0x100/0x230
[  437.008002][T11120]  ? do_syscall_64+0xb6/0x230
[  437.012670][T11120]  do_syscall_64+0xf3/0x230
[  437.017166][T11120]  ? clear_bhb_loop+0x35/0x90
[  437.021834][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.027719][T11120] RIP: 0033:0x7fd22e575a99
[  437.032139][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.051744][T11120] RSP: 002b:00007fd22f353048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  437.060255][T11120] RAX: ffffffffffffffda RBX: 00007fd22e704110 RCX: 00007fd22e575a99
[  437.068234][T11120] RDX: 000000000208e24b RSI: 0000000020000240 RDI: 0000000000000005
[  437.076207][T11120] RBP: 00007fd22e5e4e5d R08: 0000000000000000 R09: 0000000000000000
[  437.084260][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  437.092320][T11120] R13: 000000000000006e R14: 00007fd22e704110 R15: 00007ffdf32c8a58
[  437.100309][T11120]  </TASK>
[  437.103568][T11120] Kernel Offset: disabled
[  437.108061][T11120] Rebooting in 86400 seconds..